bolthub
PricingBlogDocs
bolthub

Lightning pay-per-call for MCP tools and APIs. Agents pay per call and you keep custody, straight to your wallet. Built for tool builders and AI teams.

contact@bolthub.ai

Product

All productsbolthub Pay SDKHosted platformToolClientAPI HubNode LauncherPricingFor tool buildersFor agent buildersCharge for your toolsDocs

Legal

Terms of ServicePrivacy PolicySecurityAcceptable Use

Resources

API HubBlogWhat is L402?L402 vs x402RSS feed

Packages

npm

@bolthub/​payPayments SDK@bolthub/​mcpMCP server@bolthub/​cliCLI@bolthub/​verifyOrigin verifier

PyPI

bolthubPython SDKbolthub-verifyPython verifier
bolthub

© 2026 Signal Tech Pty Ltd. All rights reserved.

Comparison

L402 vs API keys.

API keys were built for a web of human developers signing up for plans. They carry real overhead, and an autonomous AI agent can’t request one on its own. L402 takes a different path: any client pays per request and is granted access, with no account and no key to issue, store, or rotate.

The hidden cost of API keys.

A key is a long-lived shared secret. Someone has to sign up, you have to approve and provision them, they have to store the secret safely, and both sides have to rotate it when it leaks. The key itself carries no price, so charging for usage means bolting on a separate billing system. None of that works for an agent that shows up, needs one call, and leaves.

L402 vs API keys, side by side.

L402
Onboarding
None; pay and go
Per-call pricing
Native, sub-cent per call
Secret to manage
No long-lived shared secret
Works for AI agents
Yes, agents pay at runtime
Access scope
Earned per payment, capability-scoped
Revocation
Expires with the payment or terms
Settlement
To your wallet, per call
API keys
Onboarding
Sign up, get approved, receive a key
Per-call pricing
Not built in; needs a separate billing system
Secret to manage
Store, rotate, and revoke keys
Works for AI agents
Agent can't self-serve a key
Access scope
Per-key, provisioned by hand
Revocation
Manual; a leaked key is a standing liability
Settlement
Invoiced or subscribed out of band
L402API keys
OnboardingNone; pay and goSign up, get approved, receive a key
Per-call pricingNative, sub-cent per callNot built in; needs a separate billing system
Secret to manageNo long-lived shared secretStore, rotate, and revoke keys
Works for AI agentsYes, agents pay at runtimeAgent can't self-serve a key
Access scopeEarned per payment, capability-scopedPer-key, provisioned by hand
RevocationExpires with the payment or termsManual; a leaked key is a standing liability
SettlementTo your wallet, per callInvoiced or subscribed out of band

When API keys still make sense.

Keys are not the enemy. For a free tier, an internal service, or a trusted partner where you want one stable identity with its own quotas and dashboards, a key is the simplest thing that works. L402 earns its keep the moment access becomes paid, per-call, or open to clients you have never onboarded, especially AI agents. Most APIs end up using both: keys for trusted first-party access, L402 for paid and agent traffic.

Add L402 without rebuilding your API.

Two ways in. Point the hosted gateway at an endpoint you already run and it adds the 402 paywall in front, or add the paywall in code with the bolthub Pay SDK. Either way you can charge per call and let any AI agent pay at runtime. Keep your existing keys for the routes that should stay free. New to the protocol? Read what is L402 or see how it compares to x402.

Charge for your tools

L402 vs API keys FAQ

No. L402 and API keys coexist. Keep keys for free tiers and trusted first-party clients, and add an L402 paywall on the endpoints you want to charge for or open up to agents. bolthub adds the 402 layer without touching the auth you already have.

Not really, and that is the core problem. An API key assumes a human signed up, was approved, and pasted a secret into a config. An autonomous agent can't fill in that form. With L402 the agent simply pays the 402 invoice at runtime and retries, no provisioning step required.

It is the credential, but it differs in two ways. It is earned by paying rather than provisioned out of band, and it is a macaroon, so it is capability-scoped, short-lived, and can be narrowed offline for delegation, unlike a long-lived shared secret. You are not maintaining a database of issued keys.

start selling

Start earning from your tools today

Self-host the SDK free, or start on the hosted platform: 1-month free trial, usage-based billing after that.

Start your free trialStart free with the SDK

hub / btc-intel

  • GET /v1/derivatives/cme-basis3 sats/req
  • GET /v1/market/multi_exchange3 sats/req

LIVE32 endpoints · btc-intel.gw.bolthub.ai

browse the hub →