What is the difference between HTTP 401 and 402?

A 401 Unauthorized response means 'who are you?' (authentication required), while a 402 Payment Required response means 'I know who you are, but you need to pay to access this resource.'

Is HTTP 402 officially supported by browsers?

All modern browsers recognize 402 as a valid client error, but they do not have a built-in payment handling UI. The x402 protocol provides the necessary client-side logic to handle these responses automatically.

Why was HTTP 402 reserved for so long?

It was reserved for future digital payment systems. Until the advent of cryptocurrency and programmable money like USDC, there was no standardized way to implement cross-platform payments natively in the HTTP layer.

HTTP 402 Payment Required Status Code Guide

Understanding HTTP 402: The Complete Guide

HTTP 402 Payment Required is one of the most mysterious and underutilized status codes in the HTTP specification. Unlike its well-known siblings like 404 (Not Found) or 401 (Unauthorized), the 402 status code was designed with a forward-thinking vision: to enable native payment mechanisms on the web.

When a server returns a 402 response, it's communicating a clear message: "This resource exists, you have the right credentials, but you need to pay to access it." This is fundamentally different from other 4xx client error codes, which typically indicate authentication or authorization problems.

The History of HTTP 402

The 402 status code has a fascinating history that reflects the early optimism about web commerce:

1990s: The Original Vision

HTTP 402 was included in the original HTTP/1.1 specification (RFC 2068, published in 1997) with the explicit note that it was "reserved for future use." The idea was that as e-commerce evolved, a standardized way to request payment would become essential. The architects of HTTP anticipated that digital micropayments would become commonplace.

2000s-2010s: The Dormant Period

Despite being part of the specification for over two decades, 402 remained largely unused. The lack of standardized digital payment systems and the complexity of implementing cross-platform payment flows meant that websites developed their own proprietary solutions instead.

2020s: The Renaissance

With the rise of cryptocurrency, stablecoins like USDC, and protocols like x402, the 402 status code is finally finding its purpose. Modern blockchain technology provides the missing piece: a standardized, programmable payment layer that can work seamlessly with HTTP.

How is HTTP 402 Different from 401, 403, and 404?

Understanding the differences between these status codes is crucial for proper web development and API design:

Status	Meaning	Common Scenario	User Action Required
401 Unauthorized	Authentication required	Not logged in, expired token	Log in or refresh credentials
403 Forbidden	Authenticated but not allowed	Account lacks permission	Request access from admin
402 Payment Required	Payment is required	Pay-per-view, micro-payments	Complete payment transaction
404 Not Found	Resource doesn't exist	Broken link, content removed	Check URL or contact support

Key Distinctions

401 vs 402: A 401 means "who are you?" while 402 means "I know who you are, but this costs money."
403 vs 402: A 403 indicates a permanent access restriction based on roles/permissions, while 402 indicates access can be granted immediately upon payment.
404 vs 402: A 404 means the resource doesn't exist; 402 confirms the resource exists but requires payment.

Why Has HTTP 402 Been Rarely Used?

Despite being part of the HTTP specification since 1997, the 402 status code has seen minimal adoption. Here's why:

1. No Standard Payment Protocol

The HTTP specification defined the status code but didn't specify HOW payments should work. Without a standardized payment header, request format, or response structure, each implementation was incompatible with others.

2. Traditional Payment Complexity

Credit card payments require complex integrations with payment processors, PCI compliance, recurring billing logic, and fraud prevention systems. This overhead made 402 impractical for small transactions.

3. Micropayment Friction

Traditional payment systems have minimum transaction fees that make micropayments (under $1) economically unfeasible. A $0.05 article access fee doesn't work when the transaction cost is $0.30.

4. Workaround Solutions

Companies developed alternatives: subscription models, ad-supported content, OAuth-based access tokens, or custom paywall overlays that return 200 OK with JavaScript-based access control.

Technical Specification of HTTP 402

According to RFC 9110 (the current HTTP specification), the 402 status code is defined as follows:

RFC 9110 Section 15.5.3:
"The 402 (Payment Required) status code is reserved for future use."

Response Headers

While not officially standardized, implementations typically include:

X-Payment-Required: Information about the required payment
X-Price: The amount to be paid
X-Currency: The currency for payment (USD, USDC, etc.)
X-Payment-Address: Where to send the payment

x402 Protocol Headers

The x402 protocol standardizes these headers with a comprehensive payment negotiation system. When you receive a 402 response from an x402-enabled server, the response includes all the information needed to complete the payment automatically.

Real-World Use Cases for HTTP 402

The 402 status code is particularly well-suited for several emerging use cases:

1. API Monetization

Pay-per-call APIs can use 402 to charge for each request. AI services, data APIs, and premium features can be accessed without subscriptions—pay only for what you use.

2. Content Micropayments

News articles, research papers, and premium content can be unlocked with small payments. No subscriptions required—just pay for individual pieces of content.

3. Machine-to-Machine Payments

Autonomous agents and bots can access paid resources without human intervention. The 402 response provides everything needed for automatic payment processing.

4. Decentralized Services

Web3 applications can use 402 to gate access to decentralized resources, with payments settled on-chain in USDC or other stablecoins.

5. Gaming and Digital Goods

In-game purchases, digital assets, and premium features can be unlocked with instant payments triggered by 402 responses.

Browser and Platform Support

All modern browsers recognize 402 as a valid HTTP status code, though they don't have built-in handling for it:

Platform	Status	Notes
Chrome/Edge	✅ Recognized	Displays as client error
Firefox	✅ Recognized	Displays as client error
Safari	✅ Recognized	Displays as client error
Node.js/fetch	✅ Fully Supported	Can be handled programmatically
cURL	✅ Fully Supported	Returns status code 402

While browsers don't automatically handle 402 payments, client-side libraries and browser extensions can intercept 402 responses and trigger payment flows.

What Turns 402 Into a Real Payment Experience?

This is exactly what x402 solves: converting the "payment required" signal into an automatic, seamless checkout experience.

How x402 Works with HTTP 402

Request: Client requests a protected resource
402 Response: Server returns 402 with payment details in headers
Payment: Client wallet signs a USDC payment transaction
Retry: Client resends request with payment proof in headers
Access: Server verifies payment and returns the resource

The entire flow happens in seconds, often without any user interaction required. This is the vision that HTTP 402 was designed for, finally realized through modern cryptocurrency infrastructure.

Learn More About x402 →

Implementing HTTP 402 in Your Application

If you're a developer looking to implement 402 in your application, here's a quick overview:

Server-Side (Returning 402)

// Express.js example
app.get('/premium-content', (req, res) => {
  if (!isPaid(req)) {
    return res.status(402).json({
      error: 'Payment Required',
      price: '0.10',
      currency: 'USDC',
      paymentAddress: '0x...'
    });
  }
  res.json({ content: 'Premium data here' });
});

Client-Side (Handling 402)

// JavaScript example
const response = await fetch('/premium-content');
if (response.status === 402) {
  const paymentInfo = await response.json();
  // Trigger payment flow
  await processPayment(paymentInfo);
  // Retry with payment proof
  return fetch('/premium-content', {
    headers: { 'X-Payment-Proof': proof }
  });
}

The Future of HTTP 402

With protocols like x402, the future of HTTP 402 looks bright:

Standardization: x402 V2 provides a complete specification for 402 payment flows
Multi-chain Support: Payments can be made on Ethereum, Base, Polygon, and more
Wallet Integration: Browser wallets can detect and handle 402 responses automatically
AI Agent Compatibility: Autonomous agents can pay for resources without human intervention

The web's original vision of native payments is finally becoming reality, and HTTP 402 is at the center of this transformation.

What is HTTP 402 (Payment Required)?

Understanding HTTP 402: The Complete Guide

The History of HTTP 402

1990s: The Original Vision

2000s-2010s: The Dormant Period

2020s: The Renaissance

How is HTTP 402 Different from 401, 403, and 404?

Key Distinctions

Why Has HTTP 402 Been Rarely Used?

1. No Standard Payment Protocol

2. Traditional Payment Complexity

3. Micropayment Friction

4. Workaround Solutions

Technical Specification of HTTP 402

Response Headers

x402 Protocol Headers

Real-World Use Cases for HTTP 402

1. API Monetization

2. Content Micropayments

3. Machine-to-Machine Payments

4. Decentralized Services

5. Gaming and Digital Goods

Browser and Platform Support

What Turns 402 Into a Real Payment Experience?

How x402 Works with HTTP 402

Implementing HTTP 402 in Your Application

Server-Side (Returning 402)

Client-Side (Handling 402)

The Future of HTTP 402

Further Reading

Official Documentation

Background & History

x402 Protocol