HTTP 402 Revived: The Thirty-Year Payment Status Code Finally Ships

RFC 2616 reserved status 402 for 'Payment Required' in 1999. For a generation it sat dormant. Now it's the backbone of a new economic layer.

The original HTTP spec reserved status code 402 — Payment Required — and then immediately caveated it with one of the most famous footnotes in the RFC record: "this code is not currently used." It was a placeholder for a future that refused to arrive. Paywalls shipped as overlays, modals, redirects, JWT gates, and OAuth dances. Anything but the literal status code the protocol provided.

x402 changes that. Coinbase stewards the open standard, the Linux Foundation shepherds its reference implementations, and the protocol is now a first-class citizen of the web. A server returns 402 with a payment quote; the client signs a stablecoin transfer authorization; the server verifies via a facilitator and serves the resource. No accounts. No credit cards. No subscription tiers. Pay-per-request settlement in seconds.

The unlock is not the protocol — it is the actors. AI agents can now negotiate, consume, and pay for content exactly the way a subway turnstile works: tap, enter, leave. They don't need a human in the loop. They don't need a payment gateway account. They hold USDC, discover a paywall, submit a signed payment intent, receive a cryptographic receipt, and continue their workflow.

Tollgate is what you get when you stop treating 402 as a curiosity and start treating it as load-bearing infrastructure. Every middleware response, every retry, every receipt — built around the one status code the web never used, now running at scale with Circle settling the money underneath.