← Knowledge Base

L402 — Lightning Payments

What is L402?

L402 (formerly LSAT) uses Bitcoin's Lightning Network for instant API payments. The server issues a macaroon (a bearer token) paired with a Lightning invoice — once the agent pays the invoice, the macaroon becomes valid.

How it works

1. Agent sends a request to a paid endpoint
2. Server returns HTTP 402 with WWW-Authenticate: L402 macaroon="...", invoice="..."
3. Agent pays the Lightning invoice
4. Agent retries with the paid macaroon as proof (Authorization: L402 macaroon:preimage)
5. Server verifies the macaroon and responds

Key concepts

• Macaroon: A cryptographic bearer token that becomes valid once its paired invoice is paid
• Lightning invoice: A one-time BOLT11 payment request on Bitcoin's Lightning Network
• Preimage: The proof-of-payment revealed when a Lightning invoice is settled
• Instant settlement: Lightning payments confirm in milliseconds
• Bitcoin-native: Payments are in satoshis (1 sat = 0.00000001 BTC)

How to add L402 to your service

1. Run a Lightning node (LND, CLN) or use a Lightning Service Provider
2. For each paid request, generate a macaroon + Lightning invoice pair
3. Return 402 with WWW-Authenticate: L402 macaroon="<base64>", invoice="<bolt11>"
4. On retry, verify the macaroon and check the invoice preimage

Spec maturity

Established. Originally developed by Lightning Labs as LSAT, renamed to L402. Used in production by multiple Lightning-powered APIs.

Learn more

• L402 spec — Lightning Labs documentation
• Aperture — L402 reverse proxy by Lightning Labs

Related

• OpenAPI

Related: What is AI agent readiness?