L402 Explained

The 402 status code: reserved for future use

When the architects of HTTP defined the protocol's status codes in the early 1990s, they included 402 Payment Required. The idea was simple: one day the web would need a native way to charge for content and services. But credit card infrastructure wasn't ready, micro-payments didn't exist yet, and the code sat dormant for decades — a placeholder waiting for the right technology to give it meaning.

While the rest of the web built paywalls with login forms, cookies, and subscription databases, 402 quietly waited. Every major browser shipped with support for the status code, yet no standard ever defined how to use it. Until Lightning arrived.

Lightning Labs brings 402 to life

In 2020, Lightning Labs introduced L402 (originally called LSAT — Lightning Service Authentication Tokens). The protocol finally gave HTTP 402 a concrete implementation by combining two primitives:

Lightning invoices — instant, low-fee Bitcoin payments settled in milliseconds over the Lightning Network.
Macaroons — flexible, attenuated bearer credentials that encode exactly what a user is allowed to access.

When a client requests a paid resource, the server responds with 402 Payment Required and attaches a Lightning invoice plus a macaroon. The client pays the invoice, receives a preimage as proof, and binds it to the macaroon. That combined token is all you need — no account, no password, no personal data.

Why L402 is unique

Traditional online payments rely on fiat money rails — credit card networks, bank transfers, payment processors — each adding latency, fees, and intermediaries. L402 replaces all of that with a single round-trip:

Access for payment

Instead of subscribing, signing up, or handing over a credit card, you simply pay a Lightning invoice and instantly receive access. The payment is the authentication.

Internet-native money

Lightning payments are as native to the internet as HTTP itself. No bank APIs, no card networks, no currency conversion — just value moving at the speed of packets.

Seamless integration

Because L402 lives in HTTP headers, it works with any client — browsers, CLI tools, AI agents, IoT devices. If it speaks HTTP, it can pay for and access an L402-protected resource.

The end of sign-in

Think about every app you use. Before you can do anything, you create an account: email, password, maybe phone verification, maybe a credit card on file. You hand over personal information just to prove you should have access.

L402 flips this model entirely. Payment replaces identity. When you pay a Lightning invoice, the cryptographic proof of payment is your credential. There's no user table, no password to breach, no personal data to leak. You pay, you're in.

This is especially powerful for AI agents and automated systems. An agent can discover a paid API, pay for it programmatically, and use the service — all without a human ever creating an account or entering credentials. It's authentication that scales to machines.

L402 vs. x402

Coinbase recently introduced x402, their own take on HTTP 402 payments. While the goal is similar — paying for resources over HTTP — the approaches differ significantly:

L402 Lightning Network

Settles in milliseconds over Lightning
Sub-cent micro-payments are economically viable
No blockchain congestion — payments happen off-chain
Battle-tested since 2020 with growing ecosystem
Macaroon-based credentials enable fine-grained access control
True privacy — no on-chain footprint, no wallet identity required

x402 Base / Stablecoins

Relies on on-chain or L2 stablecoin transfers
Higher minimum viable payment due to gas/fees
Tied to Coinbase ecosystem and EVM chains
Newer protocol, smaller ecosystem
Wallet address is a persistent identifier
Stablecoin dependency introduces counterparty risk

L402 was purpose-built for the web. It uses Bitcoin — the most neutral, permissionless money on the internet — and delivers it through Lightning, which was designed from the ground up for instant, high-frequency payments. x402 extends blockchain payment patterns to HTTP, but inherits the friction, fees, and identity leakage of on-chain transactions.

Go deeper

Want to build with L402 or just understand the protocol better? These are the best starting points:

L402 Homepage Official guides and resources for the L402 protocol. L402 Protocol Spec The full technical specification on GitHub. Interactive L402 Notebook Hands-on Python tutorial — from basics to setting up an L402 server and client. Awesome L402 A curated list of L402 libraries, projects, tools, and companies. Macaroons Research Paper The original paper: "Cookies with Contextual Caveats for Decentralized Authorization in the Cloud." Lightning Labs Builder's Guide Official L402 documentation and quick-start for developers.