L402 is an open protocol that uses the long-dormant HTTP 402 “Payment Required” status code to let any API charge per request, and lets any client, including an autonomous AI agent, pay programmatically over the Lightning Network.
When HTTP was designed, status code 402 was reserved for “Payment Required” and left for a future digital-cash system that never arrived. For decades the web routed around it with subscriptions, ads, and API keys. Lightning micropayments finally make 402 usable: payments small enough, and fast enough, to attach to a single request. L402 is the standard that puts the status code to work.
A client requests a protected endpoint.
The server responds 402 Payment Required with a Lightning invoice and a macaroon.
The client pays the invoice, typically a few sats, in under a second.
The client retries the request with the paid token attached, and the server returns the response.
$ curl https://api.example.com/v1/data HTTP/1.1 402 Payment Required WWW-Authenticate: L402 macaroon="MDAxM…" invoice="lnbc50n1…"
$ wallet pay lnbc50n1… # 5 sats, settles in <1s SETTLED · preimage 9f86d081…
$ curl https://api.example.com/v1/data \ -H "Authorization: L402 MDAxM…:9f86d081…" HTTP/1.1 200 OK| L402 | Keys & card processors | |
|---|---|---|
| Minimum charge | 1 sat (sub-cent) | ~$0.50 (card floor) |
| Account required | No | Yes |
| API keys to manage | None, the token is the credential | Issue, store, rotate |
| Pays programmatically | Yes, built for agents | Human checkout flow |
| Settlement | Instant, non-custodial | Days, via processor |
Go deeper: L402 vs x402 · L402 vs API keys
bolthub implements L402 so you don’t have to. Providers point at an endpoint and charge for it per call; builders give an agent pay-per-call access to every API in the hub. Settlement is instant, sub-cent, and non-custodial. Prefer code? The bolthub Pay SDK adds the same L402 paywall to any MCP tool or endpoint you run yourself.
Browse the API HubL402 is the current name for the protocol that was originally introduced as LSAT (Lightning Service Authentication Token). The mechanism is the same: an HTTP 402 challenge paired with a Lightning invoice and a macaroon.
Payments settle in sats over the Lightning Network, so a Lightning wallet is involved. As a provider you receive sats directly to your wallet; as a builder your agent spends from a Lightning budget. No exchange account or card processor is required.
No. Payments settle in sats straight to your wallet, and what you hold afterward is your call. bolthub runs the metering and never touches the funds, so any conversion is yours to make. If your books run in dollars, you can sweep sats to a stablecoin or cash on your own schedule through your own wallet or exchange. If you're stacking, keep the sats. The rail underneath stays Lightning either way.
Yes. That is the point. Because the 402 challenge and payment are programmatic, an autonomous agent can discover a paid endpoint, pay the invoice, and retry with the token at runtime, with no human and no API-key provisioning.
Both revive the HTTP 402 status code for machine payments. L402 settles in bitcoin over the Lightning Network and uses macaroons; x402 is a newer scheme that settles USD stablecoins on-chain through a facilitator. bolthub is Lightning-only: for the sub-cent, high-frequency payments agents make, off-chain Lightning settlement is cheaper and faster, which is why we chose it.
start selling
Self-host the SDK free, or start on the hosted platform: 1-month free trial, usage-based billing after that.