How AI agents are unlocking HTTP 402 as a payment standard

Additional contributions from Konstantina Tyrali
Every second, 80+ million HTTP requests cross the internet. In that same second, Visa handles at most 65,000 payments. HTTP 402 was designed to close that gap. After 30 years dormant, AI agents are the first realistic use case it has ever had.
HTTP 402 was always designed for machine payments
HTTP status codes tell clients what happened to their request: 200 (success), 404 (not found), 401 (unauthorized). Code 402 (Payment Required) was included in the original 1990s HTTP spec to signal one specific condition: pay first, then get the resource.
The mechanism is simple:
- Client requests a gated resource.
- Server responds 402 with price, payment method, and recipient.
- Client pays and retries with proof of payment in the header.
- Server verifies, delivers.
It was never formally standardised. Humans got comfortable with credit cards, and the friction was never acute enough to force a solution. Then AI agents arrived.
The Ad-subsidized web was built for humans. Agents don't work that way
The internet runs on advertising because human behaviour is unpredictable. The gap between what someone intends to do and what they actually do is worth trillions annually. All Google, Meta, Youtube etc are built on is monetising that gap.
Agents have no gap. They arrive with a task, call APIs, query data, and pay only when necessary to complete the job. No browsing. No persuadable. No limbic system to target.
They also consume resources differently, not per-seat or per-month, but per-call, per-token, per-request.
A single debugging session can consume 50,000–200,000 tokens across dozens of API calls. A research agent might hit a financial data API, a news archive, and a document index in one workflow, each at a different price point.
This describes the intention economy (Simon Taylor, Fintech Brainfood, "The Intention Layer"): the consumer arrives with intent, pays only to fulfil it, and moves on.
The ad-subsidised web was built for uncertainty. Agents need different infrastructure and HTTP 402 is the most direct expression of what that looks like.
Thirty years of false starts: why this time is different
2011–2015: Bitcoin experiments
Bitcoin developers immediately saw the connection. In 2011, Matt Corallo proposed 402 responses with Bitcoin address headers and browser plugins paying automatically. In 2014, Benedict Chan demoed Zero Click, a Chrome extension that intercepted 402s, paid automatically, and retried. The most serious attempt was Balaji Srinivasan's 21co, which shipped a Raspberry Pi with a mining ASIC and a Python decorator (@payment.required(price)) you could place in front of any API route. Rising Bitcoin fees through 2016–17 killed it economically.
2020: L402
Lightning Labs launched the first production HTTP 402 implementation, pairing 402 status codes with Lightning Network invoices and cryptographic bearer tokens. Client pays a Lightning invoice, receives a cryptographic preimage as proof, presents it to the server. Pay-per-credential rather than pay-per-call, where one payment grants cached access until the token expires. Live since 2020, now primarily used by AI agents.
2025: x402
Coinbase published the x402 whitepaper in May 2025. Same 402 handshake, but settling onchain in stablecoins (USDC and ERC-20 tokens across Base, Solana, Polygon, and others).
Each request is a standalone payment with no account, no API key, no prior relationship needed. An agent can hit a cold endpoint and pay. Contributed to the Linux Foundation in April 2026 ("4/02 Day"), now co-governed by Coinbase, Cloudflare, and Stripe, with backing from AWS, Google, Mastercard, Microsoft, Visa, and others.
2026: MPP
Tempo and Stripe launched the Machine Payments Protocol in March 2026. The key innovation is session-based streaming: an agent locks funds once to open a session, then subsequent requests use signed offchain vouchers instead of an onchain transaction per call.
Rail-agnostic: supports stablecoins on Tempo, credit cards via Stripe, and Lightning. Also, the first to submit a formal IETF Internet-Draft (draft-ryan-httpauth-payment), the first attempt to give 402 standardized semantics through the official web standards body.
How an HTTP 402 payment actually works, step by step
- Step 1 (Discovery): The agent initiates a GET request.
- Step 2 (Challenge): The server returns an HTTP 402 Payment Required status code, injecting payment parameters directly into the response payload (amount, network, destination address).
- Step 3 (Settlement): The agent reads the response, executes an onchain transaction on the network, and secures a deterministic token, while settling the transaction.
- Step 4 (Access): The agent attaches the token to the header of a renewed GET request. The server verifies it and serves the requested data payload under an HTTP 200 OK status.
Replay attack prevention: To maintain an exact pay-per-call system, tokens are designed for one-time use. When the agent attempts a token reuse, the server identifies the spent token and denies entry, returning to 402 status code. This forces a fresh settlement cycle for every new data pull.
Practical Examples of the x402 payment flow

The headless merchant: No UI, no friction, no human in the loop
There are no redirect screens, captcha checks, or human checkouts - the merchant is entirely headless. The agent loop runs at bare metal: one request, one payment, one result.
L402, x402, and MPP: Three protocols, three different bets on how agents pay
Comparison of HTTP 402 payment protocols by rail, model, onchain frequency, and production maturity:

L402 vs MPP: Both avoid per-call onchain transactions, which makes them look similar. The difference is what you're actually paying for. L402 is binary access: pay once, receive a token, reuse it until it expires, so 1 call costs the same as 100. MPP is metered consumption: each call sends a signed voucher encoding the exact cost, the server settles the accumulated total periodically. MPP also enforces a session spending cap and supports variable per-call pricing within a session; L402 does neither.
L402 is a day pass. MPP is an open tab.
Beyond these three, others are building on the same primitive:
- Cloudflare pay-per-crawl: charges AI crawlers per page; currently in closed beta.
- H402 (BitGPT): forks x402 to add Bitcoin and Lightning with a 0.25% fee.
- x402z (Mind Network + Zama): FHE-encrypted agent-to-agent payments; in testnet.
- EVMAuth: issues onchain access tokens gated behind 402.
x402 in Crypto: The x402 protocol now spans 15+ chains though activity and infrastructure support are heavily concentrated. Base is the clear frontrunner: x402 agentic payments on Base crossed 100 million transactions within three quarters of launch (from 3Q25 to 2Q26, Chainalysis), driven initially by speculative meme coin activity and increasingly by genuine agent-to-agent and API commerce use cases. Coinbase operates a free public facilitator on Base (settling in USDC and EURC with ~2 second finality), making it the lowest-friction on-ramp and the default reference network. Solana is the second most active deployment, with Coinbase also providing a free facilitator there and finality of ~400ms (the fastest of any supported chain) along with support for USDC and SPL tokens; Solana has additionally built out its own x402 product page, signalling ecosystem-level commitment. Beyond those two, Polygon, Arbitrum, and Ethereum L1 are live as EVM-compatible (Ethereum Virtual Machine - the shared technical standard that lets different blockchains run the same smart contracts) options, with Coinbase CDP supporting Polygon, while Arbitrum and Ethereum rely on other facilitators, the latter carrying ~12 second finality and meaningfully higher gas costs that constrain micropayment viability.
Stellar is also supported via an OpenZeppelin Relayer, catering to use cases requiring USDC on a non-EVM settlement layer. More recently, Ripple added x402 support to the XRP Ledger, enabling AI agents to pay for API calls and digital services without API keys or custodial wallets. The pattern is clear: major chains are enabling x402 first, and smaller networks are following.
From attention to outcome: how machine payments reshape the economics of the web
The structural shift: AI agents don't need a landing page, a sign-up flow, or a Stripe dashboard with monthly tiers. They need an endpoint, a price, and a payment method. This gives rise to the headless merchant - a server with priced API endpoints and HTTP 402 handling collection, with no frontend, no UX, and no ads.
The economics move from attention to outcome. Monthly subscriptions become per-request consumption. Human-pace billing cycles become real-time settlement at the speed of a function call. Revenues that currently flow through advertising - paid for by human distraction - move to direct micro-transactions between machines.
The major card networks are also building agent payment infrastructure (Visa's Trusted Agent Protocol, Mastercard Agent Pay, Stripe's full agentic stack). HTTP 402 and traditional payment rails are competing for the same real estate. Today's numbers - $50.7M for x402, $103k for MPP (as of May 28, 2026, Shoal Research) - are experiments, not infrastructure. But the direction is clear: if agents become primary web clients at scale, the payment layer needs to be machine-native.
If the AI agent economy manages to scale into a multi-trillion-dollar engine over the next decade, the implications for blockchain networks are huge. A booming machine-to-machine economy will result in an explosion of onchain activity and high frequency transaction fees, restoring immense network revenue and economic value to the leading blockspace ecosystems.
HTTP 402 has been waiting 30 years for a compelling use case. It may finally have one.
FAQ
Q: What is HTTP 402 and why does it matter for crypto?
A: HTTP 402 is a status code built into the original web specification in the 1990s, designed to signal that a resource requires payment before access is granted. It matters for crypto because AI agents - which pay per API call rather than per monthly subscription - are the first web clients that genuinely need a machine-native payment layer, and crypto protocols like x402 and L402 are the first practical implementations of that layer.
Q: What is the difference between L402, x402, and MPP?
A: L402 is a pay-per-credential model using Bitcoin's Lightning Network - one payment grants token-based access until it expires. x402 settles each individual API call onchain in stablecoins such as USDC, with no account or prior relationship required. MPP (Machine Payments Protocol) uses session-based streaming: an agent locks funds once, then subsequent calls use signed offchain vouchers, enabling metered consumption with a spending cap.
Q: How do AI agents actually pay for API access using HTTP 402?
A: The agent sends a standard GET request; the server responds with a 402 status and payment details (amount, network, address); the agent executes the payment onchain and receives a cryptographic token as proof; it then retries the request with that token in the header, and the server delivers the resource. The entire cycle is automated - no human interaction required.
Q: Which blockchain networks support x402 payments?
A: x402 is live on 15+ chains, with Base (operated by Coinbase) as the most active network, having processed over 100 million transactions. Solana is the second most active deployment, with ~400ms finality. Polygon, Arbitrum, Ethereum L1, Stellar, and the XRP Ledger are also supported, though gas costs and finality speeds vary significantly between them.
Q: Are traditional payment networks like Visa and Mastercard competing with crypto in agent payments?
A: Yes. Visa (Trusted Agent Protocol), Mastercard (Agent Pay), and Stripe (full agentic stack) are all building infrastructure for AI agent payments alongside crypto protocols. HTTP 402 and traditional payment rails are competing for the same real estate. Today's crypto volumes ($50.7M for x402 as of May 28 2026) represent early experiments rather than established infrastructure, but both tracks are moving quickly.
References
a16z Crypto - The Headless Merchant
Adrian Hope-Bailie - HTTP Payments IETF Draft (2017)
Agentic Market - x402 Service Tracker
American Express - ACE Toolkit
Chainalysis - Inside x402: 100M Agentic Payments on Base
Circle - Enabling Machine-to-Machine Micropayments with Gateway and USDC
Cloudflare - Pay-Per-Crawl
Coinbase - x402 Documentation
Eco - x402 Protocol Explained: How AI Agents Pay Onchain
Galaxy Research - Agentic Payments: x402 and AI Agents in the AI Economy
IETF - IETF Internet-Draft: HTTP Authentication Payment Scheme
L402 - L402 Protocol Specification
Liam Horne - State Channels
Lightning Labs - L402 for Agents
Mastercard - Agent Pay
Matt Corallo - HTTP 402 Payment Proposal (Bitcointalk, 2011)
Messari - x402: How Messari Is Opening Its Data Layer to Autonomous Agents
MPP - Machine Payments Protocol - Overview
Nevermined - 35 Crypto Settlements in Agentic Economy Statistics
Santander + Mastercard - Europe's First AI Agent Payment
Satring - L402 Service Tracker
Shoal Research - HTTP 402: How Machines Move Money
Simon Taylor - The Intention Layer
Solana / Talking Tokens - What You Need To Know About x402 And How It Impacts Payments
Stripe - Agentic Commerce
two1 - two1 Python Library (PyPI)
U.Today - AI Agents Can Now Pay With XRP and RLUSD via x402 on XRP Ledger
Visa - Trusted Agent Protocol
x402 - x402 Whitepaper
x402 Foundation - x402 Foundation GitHub Repository
This report has been prepared and issued by 21Shares AG for publication globally. All information used in the publication of this report has been compiled from publicly available sources that are believed to be reliable, however we do not guarantee the accuracy or completeness of this report. Crypto asset trading involves a high degree of risk. The crypto asset market is new to many and unproven and may have the potential to not grow as expected.
Currently, there is relatively small use of crypto assets in the retail and commercial marketplace in comparison to relatively large use by speculators, thus contributing to price volatility that could adversely affect an investment in crypto assets. In order to participate in the trading of crypto assets, you should be capable of evaluating the merits and risks of the investment and be able to bear the economic risk of losing your entire investment.
Nothing in this email does or should be considered as an offer by 21Shares AG and/or its affiliates to sell or solicitation by 21Shares AG or its parent of any offer to buy bitcoin or other crypto assets or derivatives. This report is provided for information and research purposes only and should not be construed or presented as an offer or solicitation for any investment. The information provided does not constitute a prospectus or any offering and does not contain or constitute an offer to sell or solicit an offer to invest in any jurisdiction.
Readers are cautioned that any such forward-looking statements are not guarantees of future performance and involve risks and uncertainties, and that actual results may differ materially from those in the forward-looking statements as a result of various factors. The information contained herein may not be considered as economic, legal, tax, or other advice and users are cautioned against basing investment decisions or other decisions solely on the content hereof.

.png)





.svg.png)