HTTP 402 — the one that’s never quite shown up at the party****What it is
402 Payment Required is an experimental 4xx client-error status that tells the user-agent: “pay first, then I’ll hand over the resource.” It’s in every modern HTTP spec, but the spec also immediately adds: “reserved for future use.” developer.mozilla.orgdatatracker.ietf.org
Why it has sat on the shelf
| Roadblock | Result |
|---|---|
| No standard payment mechanism when the Web was designed (digital cash, micropayments, wallets—all unsolved). | Browser vendors and server stacks had nothing concrete to implement. |
| Security came later (SSL/TLS wasn’t baked in until mid-90s). | Early payment ideas weren’t safe enough for production. |
| Easier work-arounds such as 401/403 + HTML paywall pages, or just a normal 200 that shows a Stripe checkout. | Devs never needed a bespoke 402 flow. |
| Payments moved up the stack (JavaScript, tokens, OAuth, etc.). | 402 stayed theoretical. |
“Blueprint for decades” — receipts
| Year | Proof it existed |
|---|---|
1992-1994 – Tim Berners-Lee’s draft lists PaymentRequired 402 with a ChargeTo header. www.w3.org | |
| 1999 – RFC 2616 (HTTP/1.1) keeps 402, but marks it reserved. datatracker.ietf.org | |
| 2014 – RFC 7231 (current semantics) repeats the reservation. developer.mozilla.org | |
| 2020s – Docs like MDN still call it “non-standard, rarely used.” developer.mozilla.org |
So yes: the code has been part of the Web’s blueprint for 30-plus years, mostly unused.
Is anyone finally using it?
- Micropayment APIs & metered SaaS – a few REST APIs (e.g., some Microsoft Graph “metered” endpoints) now return 402 when the account is out of credit. learn.microsoft.com
- Web-monetization/crypto experiments – projects in the Interledger/Web-Monetization community occasionally use 402 for pay-per-article proofs of concept. www.techdirt.com
- 2025: “402Pay” from BitGPT – brand-new stack that stuffs a signed on-chain payment into the HTTP headers so AI agents can buy compute in one round-trip. First real attempt to standardize a 402 workflow. decrypt.co None of this is formalized yet—browsers still treat 402 like any other unknown status—but the renewed push for machine-to-machine micropayments (crypto, API quotas, agent economies) is giving 402 its first real prospects.