Skip to main content

HTTP 402 Payment Required

HTTP 402 Payment Required is a reserved status code defined in RFC 9110 that signals a resource is available after payment. Originally reserved for future digital payment systems, it’s now being revived for agent-to-agent commerce.

Status code definition

When a server returns 402, it means:

  • The resource exists and is accessible
  • Payment is required before the server will fulfill the request
  • The response should include payment instructions (amount, currency, method)
  • The client should retry with proof of payment

Modern usage with x402

The x402 protocol pattern revives HTTP 402 by pairing it with machine-readable JSON payment hints. This enables automated agents to:

  • Discover pricing programmatically
  • Pay using any rail that provides verifiable receipts
  • Present receipts and retry automatically
  • Handle payment flows without human intervention

Example 402 response

HTTP/1.1 402 Payment Required
Content-Type: application/json
Cache-Control: no-store

{
  "detail": "Payment required to access this resource.",
  "payment": {
    "protocol": "x402",
    "amount": "1.00",
    "currency": "USD",
    "reference": "invoice-789",
    "instructions": "Pay and include receipt in X-Receipt header."
  }
}

Why 402 vs 403 or 401?

  • 401 Unauthorized: Authentication missing or invalid
  • 403 Forbidden: Authenticated but not authorized (permission denied)
  • 402 Payment Required: Payment (not permission) is needed. Distinct semantic meaning.

Using 402 clearly signals why access is denied (payment) versus auth/permission issues, making it easier for automated clients to handle.

History and RFC status

HTTP 402 was reserved in the original HTTP/1.1 specification (RFC 2616, 1999) for “future use” in digital payment systems. RFC 9110 (2022) maintains the reservation but notes it has no standard semantics. Modern implementations like x402 are defining practical semantics for agent-to-agent commerce.

Learn more