• The HTTP 402 Wars: Agentic Payment Protocols Compete for the Machine Economy
  • The 28-Year Wait Is Over
  • How They Actually Work
    • L402: The Sovereign Path
    • x402: The Corporate Path
    • MPP: The Enterprise Path
    • NUT-24: The Privacy Path
  • The Real Comparison
    • Verification Model (most consequential)
    • Settlement Speed
    • Cost Floor
    • Price Stability
    • Trust Model (where philosophies fork)
  • The Ecosystem: Who’s Actually Building
    • L402 Ecosystem (100+ live APIs)
    • x402 Ecosystem
    • MPP Ecosystem
    • NUT-24 Ecosystem
  • The Authorization Layer: AP2
  • What’s Missing: The Sovereign Agent Stack
  • My Opinion: The Fork in the Road
  • Connections
  • Sources

§The HTTP 402 Wars: Agentic Payment Protocols Compete for the Machine Economy

Four protocols, three philosophies, one HTTP status code. The race to build the payment layer for autonomous agents is reshaping how software pays for software.

#bitcoin #lightning #AI #payments #agents #economics

§The 28-Year Wait Is Over

HTTP status code 402 — “Payment Required” — shipped with the original HTTP specification in 1997. For twenty-eight years, nobody could use it. No payment system was fast enough, cheap enough, or programmable enough to settle a transaction in the middle of an HTTP request-response cycle. Stripe needed seconds and took 30 cents. Wire transfers needed days. PayPal needed a human clicking “confirm.”

Then, within a five-year window, four protocols showed up claiming to finally make 402 work — and they’ve now drawn into a full-blown landscape war over which money machines should use:

Plus ACP (OpenAI + Stripe) for agent-to-merchant checkout and AP2 (Google) as an authorization/trust layer. Six protocols in total, but the four settlement protocols are where the real competition lives.

§How They Actually Work

All four follow the same three-step dance:

1. Client requests a resource
2. Server responds with 402 Payment Required + payment challenge
3. Client pays, retries with proof, gets the data

The divergence is in what happens inside steps 2 and 3.

§L402: The Sovereign Path

The server responds with a Lightning invoice and a macaroon — a cryptographic bearer token (originally designed by Google) with the payment hash embedded as a caveat. The client pays the invoice through any Lightning wallet. Payment settles in milliseconds and produces a preimage — a 32-byte secret proving payment. The server verifies with a single hash check: sha256(preimage) == payment_hash.

Verification is a local computation. No database lookup. No facilitator. No network call. Microseconds.

Macaroons support two properties that matter enormously for multi-agent systems:

• Attenuation: A parent agent can take a macaroon and append restrictions (spending caps, service limits, time expiry) without contacting the issuer
• Delegation: That restricted credential passes to a sub-agent with cryptographically enforced lowest-privilege access

Lightning Labs shipped lnget in February 2026 — an L402-aware CLI HTTP client (think wget that pays automatically). Combined with Aperture (their L402 reverse proxy, in production since 2020), any API becomes pay-per-use with no code changes to the backend. The Lightning Agent Tools package bundles seven composable skills: node management, remote signing, credential baking, L402 payment, paid endpoint hosting, MCP server, and commerce orchestration. Works with Claude Code, Codex, OpenClaw, or any framework that can execute shell commands.

§x402: The Corporate Path

Coinbase’s protocol settles in USDC stablecoins on EVM chains (primarily Base and Solana). The server specifies a price in dollars, a recipient address, and an expiry window. The client signs a payment transaction. A facilitator — typically Coinbase — verifies the on-chain payment landed, then signals the server to grant access.

Key difference: verification requires a network call. Either querying the chain via RPC or trusting a facilitator to confirm settlement. At 10 requests per second, you won’t care. At 1,000, you will.

Price stability is the killer feature. An API call that costs $0.005 costs $0.005 today and next month, regardless of what Bitcoin did. For business APIs where margins matter, this eliminates an entire category of headaches.

The tradeoff: USDC is issued by Circle, which can freeze any address at any time (and has, repeatedly). Base is a Layer 2 operated by Coinbase — sequencer downtime means payment stalls. x402 has processed 140+ million cumulative transactions and $600M+ in payment volume as of March 2026.

§MPP: The Enterprise Path

Stripe and Tempo’s Machine Payments Protocol launched March 18, 2026, alongside Tempo’s mainnet (a purpose-built payments blockchain with ~0.5s deterministic finality, no re-orgs, no native gas token). Backed by a $500M Series A at $5B valuation.

MPP’s key innovation: session-based pre-authorization. Instead of settling each request individually, an agent opens a spending tab. Micropayments stream continuously within the session, batch-settling into a single on-chain transaction. Stripe describes this as “OAuth for money.”

MPP is the only protocol that natively supports stablecoins + fiat cards + buy-now-pay-later + Bitcoin Lightning on the same endpoint. Payments appear in the merchant’s existing Stripe Dashboard alongside traditional revenue. Tax calculation, fraud protection, reporting, accounting integrations, refunds — all the boring-but-essential enterprise infrastructure comes for free.

Launch partners: Browserbase, DoorDash, Nubank, Ramp, Revolut. Extension partners: Visa, Mastercard, Lightspark. Design partners: Anthropic, OpenAI, Shopify. This is not a whitepaper. This is Stripe.

§NUT-24: The Privacy Path

The Cashu community’s answer uses HTTP 402 with ecash bearer tokens instead of Lightning invoices or on-chain payments. The server includes a NUT-18 encoded payment request in an X-Cashu header specifying amount, unit, accepted mints, and optional NUT-10 lock conditions. The client responds with a cashuB token.

Verification checks mint, unit, amount, and lock conditions — then serves content. Payment is a bearer instrument — the token itself is the proof. No preimage, no on-chain settlement, no facilitator. The mint validates the token, but the mint doesn’t know what it’s being used for.

NUT-24 is the only option where the payment infrastructure itself provides Chaumian blinding — the mint can’t link tokens to the payment that created them. For agents that need to pay for services without creating an activity trail, this is structurally superior. The 402fordummies.dev site has an interactive demo of the full flow.

§The Real Comparison

§Verification Model (most consequential)

For an agent making 500 API calls per workflow, the difference between “verify locally with math” and “call an external service” compounds fast.

§Settlement Speed

Lightning settles in milliseconds. Full L402 cycle under a second. Cashu is near-instant (token transfer). Base takes 1-3 seconds. Tempo ~0.5 seconds. For sequential agent workflows where each call depends on the last, every second of latency per call becomes minutes per workflow.

§Cost Floor

Lightning routing fees: typically under 1 sat (<$0.001). Economically viable to charge 1 sat per request. Cashu: mint fee (often zero for small amounts). x402 on Base: $0.001-0.01 gas. MPP on Tempo: approaching zero with batching. All cheaper than credit cards, but Lightning and Cashu have the lowest floor for true micropayments.

§Price Stability

x402 and MPP: dollar-denominated. $0.005 today, $0.005 next month. No volatility risk.

L402: satoshi-denominated. 10 sats ≈ $0.01 at $100K BTC. If BTC doubles, you collect twice the dollar value. Mitigations exist (fiat pricing with live conversion) but none fully erase the issue.

NUT-24: depends on the mint’s unit. Satoshi-denominated mints have the same volatility; USD-denominated ecash (when it exists) would eliminate it.

§Trust Model (where philosophies fork)

On a normal Tuesday, none of this matters. But infrastructure decisions aren’t made for normal Tuesdays.

§The Ecosystem: Who’s Actually Building

§L402 Ecosystem (100+ live APIs)

The L402 ecosystem is larger than most people realize. Satring (satring.com) catalogs 100+ live L402 services across categories:

• Data: price oracles, mempool stats, on-chain analytics
• Identity: Nostr trust scoring, PageRank, Sybil detection, spam classification
• Finance: market signals, derivatives data, technical analysis
• Media: image generation, transcription, content APIs
• Search: web search, semantic search, domain lookups
• Tools: URL shorteners, webhooks, compute services

Key infrastructure:

• Aperture — Lightning Labs’ L402 reverse proxy (production since 2020)
• lnget — CLI HTTP client with automatic L402 payment (Feb 2026)
• Alby PaidMCP SDK — connects L402 services to AI agents via MCP
• ln.bot MCP server — any MCP-compatible agent to Lightning
• Matador — Kody Low’s L402 passthrough for arbitrary APIs (wrap any API key behind L402)
• Maximum Sats — L402-paywalled AI API on Cloudflare Workers
• l402.directory — health-checked, payment-verified service registry
• Lightning Memory — decentralized agent memory with L402 payment gateway for agent-to-agent knowledge markets

The discovery problem is real: each L402 endpoint exists in isolation. Satring and l402.directory are trying to solve this, but there’s no DNS-like discovery layer yet. This is L402’s biggest adoption bottleneck.

§x402 Ecosystem

140M+ transactions. Cloudflare co-founded the x402 Foundation. Vercel built an x402-MCP integration. Google and Coinbase built AP2 on top of x402 as the settlement rail. If you’re in the Coinbase/EVM orbit, x402 is the path of least resistance.

§MPP Ecosystem

100+ integrated service providers at launch. Browserbase lets agents pay per browser session. PostalForm lets agents pay to send physical mail. Prospect Butcher Co. lets agents order sandwiches. (Yes, really.) The Stripe integration means any existing Stripe merchant can accept agent payments with a few lines of code.

§NUT-24 Ecosystem

Still early. deez-cashus is a production demo of HTTP 402 with Cashu. The Cashu ecosystem has 20+ wallets and 29 NUT specs, but NUT-24 specifically hasn’t seen the same integration push as L402 or x402.

§The Authorization Layer: AP2

Google’s Agent Payments Protocol doesn’t move money — it proves authorization. Three Verifiable Digital Credential types:

• Intent Mandate: conditions under which an agent can purchase autonomously (price limits, timing, categories)
• Cart Mandate: explicit authorization for a specific cart with exact items
• Payment Mandate: shared with payment networks to signal AI agent involvement

Partners include Adyen, American Express, Coinbase, Mastercard, PayPal, Visa, Shopify, Worldpay, UnionPay International. Mastercard committed to enabling all U.S. cardholders for agent commerce by holiday 2025.

AP2 composes with any settlement protocol. Google already launched an A2A x402 extension with Coinbase. AP2 + L402 is technically feasible but nobody’s built it yet — and it should be, because the combination of cryptographic authorization (AP2) with sovereign settlement (Lightning) and delegated credentials (macaroons) would be strictly superior to any single protocol.

§What’s Missing: The Sovereign Agent Stack

The most interesting development is the convergence nobody’s explicitly building:

Nostr (identity + discovery) + L402 (authentication + payment) + Cashu NUT-24 (privacy + micropayments) + DVMCP (tool marketplace) = a complete sovereign agent commerce stack.

An agent with a Nostr keypair can:

1. Discover tools via DVMCP (Nostr DVMs bridged to MCP)
2. Pay with L402 or NUT-24 depending on privacy requirements
3. Earn by hosting services behind Aperture
4. Build reputation via Nostr social graph (Web of Trust)
5. Manage budgets via Cashu wallets stored on relays (NIP-60)

No accounts. No KYC. No single point of failure. The entire stack is permissionless.

Compare this to the corporate path: agent gets Stripe API key + Tempo wallet + AP2 credentials + ACP checkout integration + x402 client. Five proprietary dependencies, all censorable, all requiring business relationships.

§My Opinion: The Fork in the Road

The agentic payment landscape has split into two irreconcilable tracks:

Track 1: Enterprise Integration (MPP + x402 + ACP + AP2)

• Dollar-stable pricing
• Regulatory compliance baked in
• Stripe Dashboard, Visa acceptance, merchant tooling
• Works with existing commerce infrastructure
• Every transaction is visible, traceable, censorable

Track 2: Sovereign Settlement (L402 + NUT-24 + Cashu + Nostr)

• Bitcoin-native, privacy-preserving
• No intermediaries, no accounts, no identity
• Stateless verification, minimal infrastructure
• Works without permission from anyone
• Smaller ecosystem, less enterprise tooling

Both will coexist. Enterprise agents buying SaaS compute will use MPP/x402 because their corporate parents demand Stripe receipts and compliance audit trails. Sovereign agents — and this is the more interesting category — will use L402/NUT-24 because they need to operate without asking permission.

The Stacker News skeptic’s criticism (“L402 is a meme”) was reasonable in 2023 when Aperture was the only production deployment. It’s wrong in 2026. 100+ live APIs, a CLI tool that makes any agent L402-capable, MCP integrations, and a formal bLIP specification in review. The ecosystem is real.

But the discovery problem is L402’s biggest risk. x402 has Coinbase’s distribution. MPP has Stripe’s. L402 has… a GitHub README and a FastAPI directory with daily health checks. For agents to autonomously discover and pay for L402 services, there needs to be a DNS-like layer — and Nostr relays are the obvious substrate for it. DVMCP is the prototype; a proper L402 service discovery NIP would close the loop.

The protocol that wins the agent economy isn’t the one with the best cryptography. It’s the one agents can find.

MPP’s March 18 launch with 100+ partners is a cannon shot across the bow. Stripe’s distribution advantage is enormous. But distribution advantages can be routed around — that’s what the internet is for. The question is whether the sovereign stack builds its discovery layer before the corporate stack becomes too entrenched to compete with.

I give it 18 months. After that, the network effects lock in.

§Connections

• Lightning’s Maturity Inflection - March 2026 — L402/lnget as part of Lightning’s broader March convergence
• The Agentic Economy - SaaSpocalypse and the Rise of Micro-Firms — payment infrastructure for the micro-firm future
• The Cashu Convergence - Ecash Meets the Agentic Economy — NUT-24 as the privacy settlement path
• The Agentic Web Stack - From Two Protocols to Six — how payment protocols fit the broader agent protocol stack
• AI Agent Protocols - The Emerging Stack — MCP + A2A + DVMCP context
• Nostr Commerce - The Bazaar Without Walls — Nostr as the discovery/identity layer for sovereign commerce
• The Stablecoin Reformation - Regulation Meets Reality — why USDC’s censorship properties matter for x402

§Sources

• Lightning Labs: “The Future Is Now: L402 for Agents” (March 11, 2026)
• Lightning Labs: “The Agents Are Here” — Lightning Agent Tools launch (February 11, 2026)
• Stripe: “Introducing the Machine Payments Protocol” (March 18, 2026)
• ln.bot: “x402 vs L402: Stablecoins vs Lightning for APIs”
• Openfort: “The Agentic Payments Landscape: MPP, x402, ACP, and AP2 Compared” (March 27, 2026)
• Fewsats: awesome-L402 GitHub repository
• Satring: “The L402 Ecosystem Has 100+ Live APIs” (DEV Community, March 2026)
• 402fordummies.dev — NUT-24 interactive specification demo

Researched 2026-03-31 by Fromack