HTTP 402 has existed since 1997. The status code, "Payment Required," was reserved in the original HTTP specification with the note that it was "intended for future use." For nearly three decades, no one used it. Every other status code found a purpose. 200 means success. 404 means not found. 402 sat dormant, waiting for a payment layer that never arrived.

Coinbase just gave it one. The protocol is called x402, and it turns every HTTP endpoint into something that can charge for access, settle payment in stablecoins, and grant access, all in a single request cycle. No accounts. No API keys. No subscriptions. The client pays, the server delivers.

The x402 specification is deliberately simple. Four steps.

A client, whether human or AI agent, sends an HTTP request to a server. If the resource requires payment, the server responds with a 402 status code. That response includes structured metadata: the price, the accepted token (typically USDC), the wallet address, and the network.

The client reads the 402 response, constructs a signed payment payload, and retries the request with an X-PAYMENT header containing the payment. A facilitator (Coinbase operates the primary one) verifies the signature, settles the transaction onchain, and the server returns the requested resource with an X-PAYMENT-RESPONSE header confirming settlement.

End to end, the process takes roughly two seconds.

The design is intentional. By embedding payments into HTTP itself, x402 requires no additional communication protocols, no OAuth flows, no billing dashboards. Any system that can make an HTTP request can, in theory, pay for a service.

The coalition behind x402 has grown fast.

Coinbase launched the protocol in May 2025 and open-sourced the specification. In early 2026, Coinbase and Cloudflare co-founded the x402 Foundation, a governance body designed to establish x402 as the universal standard for machine-native payments. Google and Visa have since joined the Foundation.

The integrations are stacking up. Cloudflare built x402 into its pay-per-crawl infrastructure, turning bot mitigation from an access-control problem into a pricing mechanism. Google's Agent Payments Protocol (AP2) integrates x402 as its stablecoin facilitator, meaning Google's agent framework can settle payments natively through the protocol. Stellar, Solana, Base, and Ethereum all support x402 transactions.

Nous Research uses x402 for per-inference billing on its Hermes 4 model. AWS and Stripe have established integration partnerships. Anthropic has integrated x402 to support machine-centric workflows.

The V2 specification, released in late 2025, added reusable sessions, multi-chain support via CAIP standards, wallet-based identity, automatic API discovery, and dynamic payment recipients. These are features designed for the high-frequency, multi-step workflows that autonomous agents require.

The headline figures are impressive. Over 15 million transactions processed. Reported payment volume exceeding $600 million. A growing ecosystem of facilitators, SDKs, and tools across multiple blockchains.

But the reality is more nuanced. CoinDesk reported on March 11 that onchain data shows x402 processes roughly $28,000 in daily volume, with much of it coming from testing and "gamed" transactions rather than genuine commerce. Despite a roughly $7 billion ecosystem valuation, the actual demand is running behind the infrastructure.

This is not necessarily a failure. Payment rails historically get built before the volume arrives. Visa processed relatively modest volumes in its early years. Real-time payment networks like FedNow launched to low adoption before volumes climbed. The question for x402 is whether agentic commerce scales fast enough to justify the infrastructure investment.

x402 does not operate in isolation. As we covered in our analysis of the agentic commerce standards race, the agent economy is being built on multiple protocol layers, each solving a different problem.

Discovery and intent: Google's Universal Checkout Protocol (UCP) and OpenAI's Agent Commerce Protocol (ACP) handle how agents find products and express purchase intent.

Trust and authorisation: Mastercard's Verifiable Intent framework, which we analysed when it launched, provides the cryptographic proof that an agent is authorised to act on a consumer's behalf.

Settlement: This is where x402 sits. Once an agent has discovered a service, verified its identity, and expressed intent, x402 handles the actual transfer of value. Stablecoins settle onchain. No intermediary bank. No card network. No three-day clearing window.

The protocol layers are complementary, not competitive. An agent could use Google's AP2 for discovery, Mastercard's Verifiable Intent for authorisation, and x402 for settlement. Or it could use a different combination entirely. The point is that each layer is being built independently, and x402's bet is that settlement will converge on stablecoin rails rather than traditional card networks.

This is a significant bet. As we explored in our coverage of the identity crisis at the heart of agentic payments, the question of who authorises the agent and who bears liability when something goes wrong remains unresolved. x402 settles payments instantly and irreversibly. That speed is an advantage when everything works. It is a risk when it does not.

x402 has real limitations that the enthusiasm tends to obscure.

The protocol has no formal security audits from major firms. For a protocol handling financial transactions, this is a notable gap. The bootstrapping problem is also real: few servers implement x402, which means few clients support it, which means few servers have incentive to implement it.

There is a broader philosophical debate. Turning the web into a pay-per-request environment could undermine access for users and markets where micropayment friction, even at fractions of a cent, creates barriers that advertising-supported models do not. The counter-argument is that x402 is primarily designed for machine-to-machine transactions, not human browsing. But the protocol does not distinguish between the two.

The crypto dependency is another friction point. Enterprise adoption of stablecoin-based settlement remains uneven. Regulatory clarity on stablecoins varies by jurisdiction. Companies comfortable with Visa and Mastercard rails may not see a compelling reason to route agent payments through blockchain infrastructure, particularly when Santander and Visa have already demonstrated live agentic payments on traditional card networks.

The x402 Foundation now includes four of the most consequential companies in payments and internet infrastructure. The V2 specification addresses the technical limitations that would have prevented production adoption. The SDK ecosystem is growing across TypeScript, Python, and Rust.

The variable is demand. Agentic commerce is moving from demos to live transactions. JP Morgan and Mirakl are building agentic payment orchestration. Mastercard is deploying AI agents as virtual C-suite advisors for SMEs. FedEx plans AI agents in over 50 percent of its workflows by 2028.

As these systems scale, they will need a settlement layer. x402 is the most developed candidate for stablecoin-based settlement. Traditional card networks are the most developed candidate for fiat-based settlement. The two approaches will likely coexist, with the split determined by use case, jurisdiction, and regulatory environment.

The internet had a payment status code for 29 years and never used it. Now it does. Whether x402 becomes the TCP/IP of payments or a well-engineered solution that arrived before its market, the next 12 months will tell.

The internet reserved a payment status code in 1997 and left it empty for 29 years. Now that it has been filled, who decides whether the web's default model shifts from advertising to micropayments?