Tools · Agent-integration primitives

L402

Name: L402
Author: Lightning Labs

The HTTP-native payment protocol — pay a Lightning invoice to unlock an API, with a reusable credential proving you paid.

protocol Lightning Labs MIT Links verified 2026-06-02

Repo Docs Site X @lightning

What it is

L402 (formerly LSAT) is an open protocol for paying for API access over plain HTTP, using the long-dormant 402 Payment Required status code. The server answers a request for a paid resource with a macaroon (a bearer credential that carries its own embedded rules) and a Lightning invoice. The client pays the invoice; the payment preimage authenticates the macaroon; the client retries with an Authorization: L402 <macaroon>:<preimage> header and gets the resource. Because the macaroon’s caveats can encode expiry, rate limits, and spend scope, an agent can pay once and reuse the credential across many calls.

It is the layer an autonomous agent touches first when it buys a service — no account, no card, no human pressing approve.

When to use it

Gating any HTTP or gRPC API behind pay-per-call or pay-per-session access.
Letting agents purchase compute, data feeds, or inference without a pre-provisioned account.
Metering access with scoped, expiring credentials rather than long-lived API keys.

Quick start

L402 is a protocol, so you deploy an implementation. The reference proxy is Aperture (Lightning Labs) — it sits in front of any HTTP/gRPC service and handles the 402 challenge, invoice issuance, and verification, backed by a funded Lightning node. On the client side, lnget (part of lightning-agent-tools) is an L402-aware HTTP client that pays and retries automatically. The protocol spec lives in the L402 repo and is also being standardized as bLIP-0026.

Gotchas

It is a spec, not a product — you run an implementation (Aperture, or a third-party kit) and still need a funded Lightning node behind it to issue and settle invoices.
The macaroon is a bearer token: anyone holding the macaroon + preimage can use the credential within its caveats. Scope it tightly and treat it as a secret.
Caveats are only as good as the verifier that enforces them — the gating service is responsible for checking expiry, rate, and spend limits on every request.