HTTP 402 Payment Required: The Web's Forgotten Status Code Is Finally Useful

The 402 Story: A Decade of Waiting

In 1997, the HTTP Working Group designed 402 Payment Required into RFC 2068. It was a forward-looking decision: the web was growing, commerce was inevitable, and a standardized way to signal that a resource required payment seemed prudent.

The problem: nothing implemented it.

Browsers didn't know what to do with a 402. Payment processors didn't exist at the protocol level. There was no standard way for a client wallet to receive and process a payment challenge from a server. Websites that wanted to monetize went to PayPal, Stripe, or put their content behind a subscription wall instead.

HTTP 402 lived in the spec, ignored by the entire web, reserved "for future use."

Then micropayments happened. Bitcoin solved the double-spend problem. Ethereum brought smart contracts. The tools existed to build a protocol-native payment layer. But no one connected them to HTTP.

Until now.

Why HTTP 402 Matters Now

The web's payment layer was always supposed to be at the protocol level, not bolted on top as a SaaS subscription. Vlexivo makes it possible to use HTTP 402 for real. No middleware, no walled gardens—just a 4-step cryptographic exchange that proves payment happened.

How Vlexivo Implements HTTP 402

A Vlexivo payment happens in 4 steps, all at the HTTP level:

CLIENT REQUEST (unauthenticated) ↓ SERVER ISSUES 402 CHALLENGE (includes nonce, expiry, price, scope) ↓ CLIENT PAYS ON-CHAIN (consumer wallet submits transaction) ↓ SERVER VERIFIES + UNLOCKS (returns 200 + content, issues JWT)

Step 1: Client requests a protected resource

A reader visits a publisher's site and clicks an article. The article costs $0.25.

GET /articles/wp-content/uploads/my-article.md
Host: publisher.com
User-Agent: vlx-consumer-v1

Step 2: Server returns HTTP 402 with challenge

The server doesn't send the article. Instead, it sends a payment challenge:

HTTP/1.1 402 Payment Required
Content-Type: application/json

{
  "challenge": {
    "nonce": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "price": "250000000000000000",        /* wei */
    "currency": "eth",
    "scope": "per-article",
    "expires": 1746348249,
    "merchant": "0x1234567890123456789012345678901234567890"
  }
}

Step 3: Consumer wallet submits payment

The Vlexivo browser extension or mobile wallet detects the 402. The user clicks "Pay" and signs a transaction on-chain (Ethereum, Base, Solana, or another network).

POST /v1/unlock
Content-Type: application/json

{
  "proof": {
    "challenge_nonce": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "transaction_hash": "0x123456...",
    "signature": "0x987654...",
    "payer": "0xabcdef...",
    "amount": "250000000000000000"
  }
}

Step 4: Server verifies and unlocks

The server verifies the transaction on-chain, consumes the nonce to prevent replay attacks, and issues a short-lived JWT. The client can now access the article.

HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: vlx_access=eyJhbGc...; HttpOnly; Secure

{
  "success": true,
  "access_token": "eyJhbGc...",
  "expires_in": 3600
}

From the reader's perspective: click → approve transaction → read article. No account signup, no password, no card on file.

Why This Beats Subscriptions

The subscription model works fine for heavy users (Netflix, Spotify, The Athletic). But most internet usage is low-frequency: you read one Medium post, one Substack issue, one research article every few days.

Subscriptions break when marginal value is low.

Model	Subscriber Pays	Publisher Earns	User Value
Subscription (NYT)	$10/month	$8/month × 30% = $2.40	3 articles read = $3.33/article
Ad-supported (Medium)	$0 (free)	$0.0001/view	Free but tracked, slow, noisy
Pay-per-use (Vlexivo)	$0.25/article	$0.20/article (80%)	$0.25/article (fair price)

In this example:

Subscriber: Pays $10/month but only reads 3 articles. Each article costs them $3.33 in subscription value, but they only valued each at $1.
Ad-supported: Free, but 30% of your time is loading ads. Your attention is the product.
Pay-per-use (Vlexivo): You pay exactly what you value: $0.25. The publisher earns 80% of that. No middle-man tax. No subscription fatigue.

The Math That Flips

Subscriptions assume you'll read 10+ articles/month to justify the cost. Pay-per-use assumes you won't. For the 95% of articles you read once and never revisit, Vlexivo is cheaper. For the 5% you subscribe to, subscriptions are still better. The web should support both, and HTTP 402 does.

Protecting an Endpoint in 15 Lines

Here's a working Express.js middleware that paywalls an endpoint with Vlexivo HTTP 402:

import express from 'express';
import { VlexivoServer } from 'vlexivo';

const app = express();
const vlx = new VlexivoServer({
  apiSecret: 'vlx_sec_...',
  mode: 'live'
});

// Middleware: Require payment for /premium/* routes
app.use('/premium', vlx.paywall({
  price: '0.25',        // USD equivalent
  currency: 'eth',
  scope: 'per-article',
  onChallenge: (req) => ({
    articleId: req.params.id,
    title: req.query.title
  })
}));

// Protected route
app.get('/premium/article/:id', (req, res) => {
  res.json({ content: 'This article was paid for.' });
});

That's it. When a client requests GET /premium/article/123 without a valid payment token, the middleware returns HTTP 402 with a challenge. The client's wallet handles the rest.

The middleware automatically:

Generates cryptographically secure nonces
Verifies signatures against your merchant wallet
Checks on-chain transactions in real-time
Issues short-lived JWTs
Prevents replay attacks

Three Real Use Cases

Use Case 1: API Billing (Pay Per Call)

An AI provider charges for API calls. Traditional model: generate a bill at month-end, charge a credit card, send an invoice.

Vlexivo model: Each API call returns HTTP 402 if the consumer's balance is too low. The consumer's wallet auto-funds itself (optional auto-top-up feature). No invoices, no billing disputes, no "bill shock" from unexpected usage spikes.

// AI provider API
POST /api/v1/inference
Authorization: Bearer token
Body: { model: 'gpt-4-turbo', prompt: '...' }

// Response: 402 if wallet balance < price
HTTP/1.1 402 Payment Required
{
  "challenge": { /* nonce, price, scope: 'per-call' */ }
}

Use Case 2: Content Paywalls (Pay Per Article)

A journalist wants to monetize their newsletter without forcing a subscription. Each article is $0.10. A reader pays $1 to unlock 10 articles. No paywall complexity, no "5 free articles/month" frustration.

// Journalist site
GET /articles/investigation-2026
→ HTTP 402: $0.10 unlock
→ Consumer pays
→ HTTP 200: Full article + 7 day access token

Use Case 3: AI Agent Payments (Pay Per Task)

An AI agent is running autonomous tasks on behalf of a user (managing email, scheduling meetings, writing summaries). Each task incurs a cost in API calls, storage, compute time.

Traditional model: The user pre-funds a platform account. The agent charges against that account. If it runs out, tasks fail silently.

Vlexivo model: The agent requests a task, gets a 402 if the user's wallet is empty, and the wallet auto-tops up or prompts the user to fund it. No surprise failures, transparent costs.

// Agent SDK
const agent = new VlexivoAgent({
  wallet: userWallet,
  onPaymentRequired: (challenge) => {
    // Auto-top-up or notify user
    return userWallet.pay(challenge);
  }
});

// Task execution auto-charges per step
await agent.composeEmail(draftSpec);

Getting Started

Ready to implement HTTP 402 for your use case? Here's the path:

1. Review the Documentation

Head to Vlexivo Docs for full API reference, SDKs (JavaScript, Python), and integration guides for different platforms.

2. Read the Integration Guide

The Integration Guide is a narrative walkthrough of common payment flows: subscriptions, one-time purchases, recurring charges, and complex entitlements.

3. Start Building

Create a free account at vlexivo.online/onboard. You'll get an API secret, a publishable key, and a sandbox mode to test payments against Ethereum Sepolia or Base Testnet before going live.

The Web Deserves a Better Payment Layer

HTTP 402 has been in the spec for 29 years. It was always meant to be here. Subscriptions work for some use cases, but they're a band-aid on a protocol that was never designed for them.

Pay-per-use is better than ad-supported. Micropayments are fairer than subscriptions. And HTTP 402 is the standard way to do it.

Vlexivo brings it to life. No custody, no middleman, no friction. Just a 4-step cryptographic proof that payment happened, built into the HTTP status codes your APIs already use.

The web's payment layer was always supposed to be at the protocol level. We're finally making it possible.