HTTP 402 Payment Required

HTTP 402 is a client-error status code meaning the request cannot be fulfilled until the caller pays. It has been part of the HTTP specification since 1997, explicitly marked "reserved for future use" — the web's authors anticipated native payments but never standardized how they would work.

For nearly three decades the code sat dormant, occasionally repurposed by individual APIs to mean "quota exceeded" or "upgrade your plan". The x402 protocol is the first widely adopted attempt to give 402 the meaning it was reserved for.

Why did 402 go unused for so long? Because in 1997 there was no payment instrument a machine could use autonomously. Cards require a human, minimum fees made small payments absurd, and chargebacks made instant digital delivery risky for sellers.

Stablecoins on low-fee networks removed each blocker: USDC gives a digital dollar, Base brings transaction costs down to a fraction of a cent, and on-chain settlement is final. Once a wallet could pay $0.01 programmatically in about two seconds, 402 finally had a payment rail worthy of it.

In the x402 flow, a client requests a paid resource with no payment attached. The server responds 402, and the response body carries machine-readable payment requirements: the amount, the currency (USDC), and the address to pay.

The client's wallet signs a payment authorization and retries the same request with a payment header. The server verifies the payment — typically via a facilitator — settles it on Base, runs the handler, and returns the result, often with an Ed25519-signed receipt. The whole round trip completes in seconds with no account, no API key, and no human involved.

The three client-error codes are easy to conflate but mean different things. 401 Unauthorized says "I don't know who you are — authenticate." 403 Forbidden says "I know who you are, and the answer is no." 402 says "anyone can have this — pay first."

That distinction matters for agents: 401 and 403 are dead ends without pre-provisioned credentials, while 402 is an invitation any funded wallet can act on immediately.

Monetized MCP servers and pay-per-call APIs are the main places 402 shows up today. When an agent calls a paid tool listed on Loomal's index, the 402 exchange happens inside the tool call: payment is required and settled before the handler executes, so the seller never does work it hasn't been paid for.