Article

402 “Payment Required”: The HTTP Code That Waited 30 Years and Why It Matters Today

AEIdeas

By Shane Tews

March 17, 2026

There is a line of code that has been part of the internet’s architecture since 1997, waiting for a reason to exist. HTTP status code 402—”Payment Required”—was included in the original web specification as a placeholder for a future micropayment layer that never materialized. It sat dormant, a forward-looking bet that the internet would one day need a native payment mechanism built directly into the protocol.

That day has arrived. Not because the underlying technology is entirely new, but because AI agents want to make transactions autonomously, in real time, at scale, and the payment infrastructure we built for humans needs an upgrade.

Websites’ original use of digital payment infrastructure was primitive, the ad-supported web model overtook micropayments as the dominant business logic, and no standards body ever coalesced around a shared implementation. So, 402 remained in every HTTP specification ever written, annotated simply: “Reserved for future use.”

When the web was created in the 1990s, there was no built-in protocol for transferring money, sodevelopers improvised, but none of these methods were standardized. Each implementation is custom, and together they highlight the same fundamental issue: The web was never designed with a payment primitive, and the core architecture of the internet does not include a native way to send money the same way it transmits information.

The rise of AI agents as economic participants has emphasized the need for an agentic commerce protocol. Current payment systems expect someone to read a CAPTCHA, go through a checkout process, and manage an account with a payment provider. But when an agent needs to buy an API call, license a data feed, or pay for compute during a task, the existing infrastructure often causes delays that weaken the agentic value proposition.

The response from the private sector has been fast and fractured. Two distinct camps have emerged, each with a different theory of how machine-to-machine payments should work.

On one side is x402—an open-source protocol supported by Coinbase that uses stablecoins on blockchain rails to directly implement the 402 standard. The idea is simple; a server responds with a 402 status, the client pays a small fee via a crypto wallet and then retries. No API keys, monthly subscriptions, or minimum transaction amounts. It’s a programmable, low-cost micropayments system that works as naturally for an AI agent as an HTTP request does.

On the other side are the card network incumbents. Mastercard’s Agent Pay, introduced in April 2025, takes a different approach: Building agentic payments on top of the existing tokenization infrastructure that already supports global commerce. The core architecture relies on “Mastercard Agentic Tokens,” extending the same trust layer that underpins contactless payments and secure card-on-file transactions to include AI-initiated transactions. Visa is developing a parallel framework through its Intelligent Commerce APIs, which enable users to specify exactly what an agent can purchase and the limits on it.

Mastercard and Google announced a partnership on what they are calling “Verifiable Intent,” a standardized trust layer that creates verifiable authorization records for AI agent payments. This will be compatible with Google’s Universal Commerce Protocol (UCP), an open-source standard that Google developed with over 60 partners. The practical result: When an AI agent books a flight or buys a data license, the merchant and issuer can verify that a human authorized that agent to act.

Both Visa and Mastercard have announced that their agent-based payment standards will be mandatory for any AI agent transactions processed on their networks. This statement indicates that the card networks plan to regulate machine-to-machine commerce similarly to how they currently oversee human transactions, including all compliance requirements, fraud liability structures, and chargeback mechanisms involved.

The card network model provides proven fraud protection, consumer recourse, and regulatory accountability. The x402 crypto model offers censorship resistance, low transaction minimums, and programmability that legacy rails truly cannot match. These are not simple trade-offs.

After three decades, we now see how quickly the industry is creating a de facto standard without an engineering standards body involved in establishing the 402 standard. The question is whether this is the right time to observe how the new AI-structured economy develops solutions by letting market forces lead, or whether issues of interoperability and liability for unauthorized purchases should be addressed through network operating standards. 

The market is filling a decades-long gap in the legacy system for internet payments. Today, companies are shaping how AI agents authenticate, authorize, and settle payments, impacting the competitive landscape of the agentic economy for years to come. 

HTTP 402’s moment has finally arrived. Discussions about managing financial transactions for Web 4.0 and understanding the invisible infrastructure behind the new AI economy, as well as the intense behind-the-scenes battles to control it, are crucial for policymakers to stay ahead of what this enables in the next-generation digital economy.