explainer

What is HTTP 402? How PEAC uses 402 for agent payments

HTTP 402 Payment Required was reserved in 1997 for digital payments. With the rise of AI agents needing machine-readable payment signals, it is finally being activated.
Jithin Raj, Founder2025-12-032 min read

The history of HTTP 402

  • 1997. HTTP 402 defined in RFC 2068, marked as "reserved for future use" for digital payments.
  • 1997 to 2023. Status code sits unused while web payments evolve through separate channels.
  • 2024 and beyond. AI agents need machine-readable payment signals. HTTP 402 finally sees production use through layered specifications such as x402.

HTTP 402 is currently documented by MDN as nonstandard: reserved for future use with no agreed convention for how clients and servers exchange payment data. Specifications layered on top of 402 (such as x402) define their own headers and bodies above the bare status code.

Why HTTP 402 matters now

The rise of AI agents changes everything. Unlike human users who can navigate payment forms, AI agents need machine-readable payment signals.

  • Clear signal. HTTP 402 unambiguously signals "payment required".
  • Payment instructions. Structured data: what to pay, how much, where.
  • Proof of payment. Receipt proving payment occurred.

How PEAC uses HTTP 402

PEAC Protocol builds on HTTP 402 with additional structure for AI access control, payments, and receipts. When a PEAC-enabled endpoint receives a request without valid payment:

HTTP/1.1 402 Payment Required
Content-Type: application/json

{
  "type": "payment_required",
  "message": "Access requires payment",
  "payment": {
    "amount": "0.01",
    "currency": "USD",
    "methods": ["x402", "stripe"]
  },
  "policy_url": "https://example.com/.well-known/peac.txt"
}

Response fields explained:

  • Payment methods. x402 for crypto, Stripe for fiat.
  • Amount and currency. Clear pricing in machine-readable format.
  • AI policy URL. Link to crawling policy and usage terms.

x402: the payment extension

x402 is an extension that adds structured payment descriptions to HTTP 402 responses. It works with PEAC to provide:

  • Payment negotiation. Agents can query acceptable payment methods.
  • Receipt return. Successful payments return PEAC receipts.
  • Verification. Receipts can be verified at the domain's verify endpoint.

See the PEAC Protocol overview for the verifiable interaction-record format.

Testing HTTP 402

You can test a PEAC-enabled 402 endpoint with curl:

curl -i https://example.com/api/gated

# Response:
# HTTP/2 402
# content-type: application/json

Beyond payments: access control

HTTP 402 in PEAC is not only about money. It can gate access based on:

  • AI bot policy. Require agents to comply with crawling policy.
  • Attribution. Require agreement to attribution terms.
  • Consent. Proof of user consent for training use.
  • Rate limiting. Premium access for paying agents.

Getting started

  1. Define your AI access policy with Originary Downloads.
  2. Add 402 responses to your API endpoints.
  3. Integrate x402 or Stripe for payment processing.
  4. Return signed receipts on successful payment.

See Add HTTP 402 to your API in 15 minutes for a step-by-step guide.

related