The Code That Waited
How HTTP 402 sat reserved for thirty years, and what finally switched it on

Every web developer has met the famous HTTP status codes. 200 OK when a request succeeds. 404 Not Found when a page is gone. 500 Internal Server Error when something breaks on the far side. They are the vocabulary of the web, memorized without effort because we see them every day.
Almost nobody has seen 402 Payment Required.
It is in the spec. It has been in the spec since the earliest drafts of HTTP. And for three decades it did nothing at all. This is the story of the one status code that was written for a future that took a very long time to arrive.
A reservation, not a feature
When the HTTP status codes were first laid out, the authors were describing a document network for humans. But they left a deliberate gap. Sitting between 401 Unauthorized and 403 Forbidden was a code with a suggestive name and no definition: 402 Payment Required.
The current standard, RFC 9110, still describes it in almost the same words it has always used:
The 402 (Payment Required) status code is reserved for future use.
That is the entire specification. No header schema. No payment format. No handshake. The authors knew that money would eventually need to move across HTTP, and rather than guess at how, they marked a seat and left it empty. 402 was a promissory note written into the protocol itself: someday, this will mean something.
The trouble with a reservation is that everyone can see the empty seat, and nobody agrees on who should sit in it.
Thirty years of failed attempts
402 was not ignored for lack of trying. It was ignored because every attempt to give it meaning ran into the same wall.
The first problem was that there was no money on the web that a machine could actually send. Card networks were built for humans typing digits into a form, with chargebacks, fraud teams, and per-transaction fees measured in cents plus a percentage. You cannot charge a third of a cent on a card; the fee eats the payment several times over. A status code that says "pay me" is useless if the smallest amount you can charge is a hundred times larger than what a single API call is worth.
The second problem was standardization. For 402 to mean something, the server saying "pay" and the client hearing it had to agree on how to pay: what currency, what proof, what header carries the receipt. Dozens of proprietary metering and paywall schemes were built over the years, each defining its own private version of "payment required". None of them interoperated. A code that everyone implements differently is not a standard; it is a hundred incompatible dialects wearing the same number.
The third problem was that, until recently, nobody was in a hurry. Subscriptions and ad revenue paid for the web well enough. The buyer was always a human, and humans are patient enough to make an account, enter a card once, and forget about it. There was no pressure to make a machine pay a machine, because machines were not the ones reaching for their wallets.
All three problems had to move at once for the empty seat to fill. Around 2025, they did.
What changed
Two things arrived at roughly the same time, and together they made 402 finally worth defining.
The first was money a machine can actually move. Stablecoins on fast chains made micropayments mechanically possible: a settlement that finalizes in under a second and costs a fraction of a cent to submit. At that cost, charging two-tenths of a cent per request stops being absurd and starts being ordinary arithmetic. The floor under a payment dropped far enough that a single API call could carry its own price.
The second was a buyer with no patience for forms. Autonomous software — agents calling APIs, tools, and other models on their own — needed to pay for what it consumed, per call, with no human in the loop to click a checkout button. For that buyer, a subscription is the wrong shape and a card form is a dead end. What it needs is exactly what 402 always described: ask, get a price, pay, retry, receive.
Into that gap came x402: a convention that finally gives 402 Payment Required a concrete meaning. It defines three headers — a server's price demand, a client's signed payment, and the server's settlement receipt — and a simple flow that connects them. The server answers a request with a price. The client signs a payment and asks again. It gets its response. The empty seat, reserved since the last century, finally had someone sitting in it.
Why this is not a violation
It is worth being precise, because precision is the whole point of a payment standard. x402 does not break the HTTP specification. 402 was explicitly reserved for future use, which is an invitation, not a prohibition. x402 accepts the invitation. It layers a payment negotiation on top of the reserved code using custom headers, exactly the kind of extension the reservation anticipated. Nothing about it contradicts RFC 9110; it fills the space the RFC intentionally left open.
That distinction matters for anyone building on it. A rail that respects the standard inherits the standard's durability. A rail that quietly redefines the standard inherits nothing but the obligation to explain itself forever.
Where Otomat fits
Otomat is a payment rail that implements this exchange on Solana. It takes the x402 convention at its word: 402 on the wire, a signed payment in the header, a settlement receipt on the way back — and it does the settlement on chain, where the finality and the fees make the whole thing practical.
That is the reason the 1950s Automat is the right image for it. The Automat put a wall of coin-operated glass doors in a diner and removed the cashier: you dropped a coin, the door clicked open, the dish was yours. Money in, door open. That is 402, drawn as a machine. A code that waited thirty years for a coin small enough and a buyer fast enough to make the door worth opening.
The seat is no longer empty. And it turns out the thing that finally sat down in it was never a person at all.