stripe402 — HTTP 402 Payments with Stripe

2 min read Original article ↗

Agentic Payments Made Easy

Payment is the
authentication.

An open standard for API & agentic payments using HTTP 402 and Stripe. No signup. No API keys. No OAuth. Just pay and use — AI agents pay for APIs on their first request, no human in the loop.

Get startedHow it works

Overview

The 402 status code, finally realized.

Reserved since 1997 for 'Payment Required' but never standardized. stripe402 puts it to work — a machine-readable payment protocol between clients and servers, powered by credit cards.

Protocol

Five steps. Fully automatic.

After the first payment, subsequent requests re-use the client ID until the balance runs out.

Micropayments

Sub-cent pricing, without the fee problem.

Stripe charges $0.30 + 2.9% per transaction with a $0.50 minimum. stripe402 batches charges into credit top-ups, making per-request pricing at fractions of a cent economically viable.

Credits system

Unit
1/10,000 of a dollar (1 basis point)

Example
100 units = $0.01 per request

Top-up
$5.00 = 50,000 units = 500 requests at $0.01

Storage
Redis (Lua atomics) or PostgreSQL (WHERE clause)

Client identity

HMAC-SHA256(card_fingerprint, server_secret)

  • Deterministic — same card on the same server always produces the same ID
  • Private — the card fingerprint cannot be recovered from the client ID
  • Isolated — different servers produce different IDs for the same card

Comparison

Familiar payment rails, modern protocol.

How stripe402 stacks up against traditional API monetization and crypto-native alternatives.

Trade-offs

What you should know.

No protocol is perfect. stripe402 optimizes for low adoption friction at the cost of statefulness.

Strengths

  • Uses credit cards — the existing payment rail for 99% of the internet
  • Zero adoption barrier for end users
  • Self-describing protocol — the 402 response tells clients exactly what to pay and how
  • AI agents can pay for APIs autonomously on their first request
  • Low regulatory complexity compared to crypto-based alternatives

Limitations

  • Stateful — server maintains credit balances (vs. x402's stateless on-chain settlement)
  • 3D Secure — EU cards may require interactive authentication, breaking headless flows
  • $0.50 minimum charge — top-ups should be $5+ for efficiency
  • PCI scope — server-side tokenization requires SAQ-D; browser-based Stripe.js keeps you at SAQ-A
  • Single currency — one currency per route (for now)

Packages

Install only what you need.

Quick start

Running in under a minute.