Skip to main content

Install

npm install @foldset/nextjs

Setup

1

Get your API key

Copy your API key from the Foldset dashboard.
2

Set the environment variable

The SDK reads your API key from the FOLDSET_API_KEY environment variable.Local development: add it to .env.local (gitignored by default in Next.js):
FOLDSET_API_KEY=sk_live_...
Production: set it in your hosting provider’s environment variable settings (e.g. Vercel, AWS, Railway). Never commit API keys to your repository.
Do not use .env for secrets. .env is often committed to git. Use .env.local for local development and your hosting provider’s secrets management for production.
3

Create the middleware file

Create middleware.ts in the root of your project:
middleware.ts
import { foldset } from "@foldset/nextjs";

export default foldset({
  apiKey: process.env.FOLDSET_API_KEY!,
});
If you need to compose Foldset with your own middleware logic, use withFoldset. Your function only runs if payment is satisfied:
middleware.ts
import { withFoldset } from "@foldset/nextjs";
import { NextResponse, type NextRequest } from "next/server";

export default withFoldset(
  { apiKey: process.env.FOLDSET_API_KEY! },
  async function middleware(request: NextRequest) {
    // Your own logic here (auth, redirects, headers, etc.)
    return NextResponse.next();
  }
);
Next.js 16 renames middleware.ts to proxy.ts and the exported function to proxy. If you’re on Next.js 16 or later, name the file proxy.ts instead.
4

Configure routes

Head to the rules page to choose which paths to protect and set prices.

How it works

The Foldset middleware runs on every incoming request to your Next.js app:
  1. Checks the request path against your configured rules
  2. If no payment is required, the request passes through normally
  3. If payment is required and no valid x402 payment header is present, returns a 402 Payment Required response with payment instructions
  4. If a valid payment is attached, the request passes through and settlement completes after your route handler responds

MCP server protection

If your Next.js app hosts an MCP server (Streamable HTTP), Foldset can gate individual tool calls and resource reads. Configure MCP rules in the dashboard by specifying the endpoint path, method, and tool or resource name. Discovery methods like tools/list pass through for free with payment metadata attached.

Update your robots.txt

Once Foldset is active, you want AI agents visiting your site so they can pay for access. If your robots.txt blocks AI crawlers, remove those rules. Foldset handles gating at the payment layer. 
# Remove rules like these:
User-agent: GPTBot
Disallow: /

User-agent: ClaudeBot
Disallow: /