In January 1997, five engineers shipped RFC 2068. Roy Fielding, Jim Gettys, Jeff Mogul, Henrik Frystyk Nielsen, Tim Berners-Lee. The first formal specification of HTTP/1.1. Eighty-five pages of plumbing for the web that was about to swallow the world.
Buried in the status code section, between 401 Unauthorized and 403 Forbidden, they added a new line.
402 Payment Required. This code is reserved for future use.
That’s the entire definition. The future use the authors had in mind never showed up. The line sat there for twenty-nine years. Every HTTP library on every server in every data centre has been carrying a stub for a payment system that had no customer. A road built before there were vehicles.
I’ve been thinking about how agents pay for things for almost as long as I’ve been working with them. Not in a research-paper way. In a “this is going to bite us soon” way. You can build the smartest agent in the world, plug it into a hundred APIs, give it the right prompts and the right tools, and the moment it needs to pay for something its hands are tied. It has no wallet, no bank, no card. You can hand it a credit card number, but that isn’t autonomy. That’s a Trojan horse with a human inside.
The web wasn’t built for this. That’s why 402 sat in the spec for three decades doing nothing.
Why the rail went dormant
When Fielding’s team drafted 402, the obvious use case was digital cash. Micropayments, content paywalls, pay-per-API. The actors on the network were humans, and humans already had banks, credit cards, ATM networks. The friction of a thirty-cent minimum on a Visa transaction was fine when the thing on the other side cost ten dollars. Nobody bought a paragraph for a cent. Nobody tried.
The ad model ate the rest. Once Google figured out that attention monetises better than transactions, the entire web economy reorganised around it. Free content, free email, free everything, paid for in pixels and attention. 402 became a vestigial line.
Then the actors changed.
The agent’s problem
An agent does not have a bank account. It cannot pass KYC. It has no address, no tax ID, no face on file with a regulator. It is not a person. It is a process, instantiated, spawned for a task, often killed within minutes.
But it needs to pay for things. It needs to query a market data API for half a cent. It needs to license a piece of research for forty cents. It needs to call a translation service, a satellite image, a model inference, a database query, and it needs to do all of this in seconds, sometimes in parallel, sometimes thousands of times.
Visa cannot help here. The cheapest credit card transaction in the world costs about thirty cents in fees, and the merchant of record needs to be a registered entity. Bank transfers take days. ACH takes longer. The whole human payment stack assumes a human at one end with a stable identity, a phone number, a postal code, a willingness to wait.
The agent has none of that. The agent has a key, a task, and a clock.
So when Coinbase revived 402 in May 2025 and called the protocol x402, what they actually did was finish a sentence the IETF started in 1997. The flow is small. An agent makes a request. The server replies with a 402 and a payment quote. The agent signs a stablecoin transaction. The server returns the data. Same trip, no human, no card, no bank, no waiting.
Fees run at about one-tenth of a cent. Roughly three hundred times cheaper than the cheapest credit card transaction. Settlement is sub-second on the right chain.
Coin Bureau covered this in a recent video and laid out the stack clearly. By the end of 2025, x402 had moved around seventy-five million transactions and twenty-four million dollars in value, and the V2 spec had shipped. The backers are not a fringe list. Google, Stripe, AWS, Cloudflare, Solana, Visa, Mastercard. Stripe runs a parallel system called the Machine Payments Protocol.
Tokens, all the way down
There is a word that has been quietly waiting for this convergence.
Token.
The blockchain world has used it for fifteen years, often without a use case worth mentioning. Thousands of chains have issued tokens out of thin air, most of them representing nothing, settling no transaction worth settling. The word picked up a bad reputation. Token meant scam in a lot of rooms, and not unfairly.
The AI world started using the same word independently, for a different thing, and it stuck. Tokens are the unit of consumption inside a language model. You pay for tokens. You generate tokens. You context-load tokens. Anthropic charges per token. OpenAI charges per token. Every model API in the world meters by token.
APIs more broadly use the word too. API tokens, bearer tokens, the small string of bytes that grants access.
So now you have an industry that genuinely needs a metered, divisible, programmable unit of consumption, sitting next to an industry that has been minting metered, divisible, programmable units for years without anywhere meaningful to spend them. The vocabulary was already aligned. The puzzle pieces were sitting on the same table.
x402 is the click.
The natural fit, with a disclaimer
I have a blockchain background. I worked in DeFi before I worked in agents. So when I say agent payments will run on chains, I am aware I am biased. That said, the math is the math. No bank-backed rail can settle sub-cent transactions in under a second across borders without paperwork. Stablecoins on a fast chain can.
Solana settles around twenty-five billion transactions a quarter at sub-second confirmation. Base, Coinbase’s own L2, currently handles around ninety percent of x402 dollar volume. Tron holds roughly forty-seven billion dollars in USDT and quietly became one of the largest dollar-settlement networks on the planet without most people noticing.
In another universe, the AI labs themselves might issue tokens on chain that represent real metered consumption. Compute tokens, inference tokens, capability tokens. That is not what x402 is, and I am not predicting it. But the bridge is sitting right there. Whether anyone walks across it is a different question.
There is one piece of this that deserves a flag, briefly. Both USDC and USDT have blacklist functions written into their contracts. Tether can freeze any wallet, instantly, no due process, and they have done it over two thousand times. The most permissionless payment network ever built, sitting on top of two of the most controllable assets in crypto. That tension is real, and I will come back to it. For now it is enough to note that the rail is not as decentralised as the marketing implies.
The agent economy starts here
Citi estimates one and a half trillion dollars in agent-driven commerce by 2030. Bain expects agents to handle a quarter of US online shopping by the same year. Forrester sees human visits to bank sites dropping twenty percent this year alone, while machine traffic climbs forty percent. Whether you trust the exact numbers or not, the direction is obvious.
Agents that can pay can do things agents that cannot pay cannot. They can subscribe to data feeds on the fly. They can buy a single API call instead of pre-negotiating a contract. They can compose services from a dozen providers in one chain of work and settle every leg before the user has refreshed the screen. The friction that has kept agent autonomy in a sandbox is mostly financial friction. Remove it and the sandbox dissolves.
That is the economy I think we are walking into, and I have been waiting for it for years.
The interesting thing is not that crypto finally found a use case. That is a side effect, not the story. The story is that the web’s founding spec already had a placeholder for this moment. The line was sitting in every server, every library, every browser, dormant since the Clinton administration. Waiting.
The rail was always there. The vehicles just took a while to arrive.
Leave a Reply