agentgrade

← Knowledge Base

What is L402?

L402 (formerly LSAT) uses Bitcoin's Lightning Network for instant API payments. The server issues a macaroon (a bearer token) paired with a Lightning invoice — once the agent pays the invoice, the macaroon becomes valid.

How it works

Agent sends a request to a paid endpoint

Server returns HTTP 402 with WWW-Authenticate: L402 macaroon="...", invoice="..."

Agent pays the Lightning invoice

Agent retries with the paid macaroon as proof (Authorization: L402 macaroon:preimage)

Server verifies the macaroon and responds

Key concepts

• Macaroon: A cryptographic bearer token that becomes valid once its paired invoice is paid
• Lightning invoice: A one-time BOLT11 payment request on Bitcoin's Lightning Network
• Preimage: The proof-of-payment revealed when a Lightning invoice is settled
• Instant settlement: Lightning payments confirm in milliseconds
• Bitcoin-native: Payments are in satoshis (1 sat = 0.00000001 BTC)

How to add L402 to your service

Run a Lightning node (LND, CLN) or use a Lightning Service Provider

For each paid request, generate a macaroon + Lightning invoice pair

Return 402 with WWW-Authenticate: L402 macaroon="", invoice=""

On retry, verify the macaroon and check the invoice preimage

Spec maturity

Established. Originally developed by Lightning Labs as LSAT, renamed to L402. Used in production by multiple Lightning-powered APIs.

Learn more

• L402 spec — Lightning Labs documentation
• Aperture — L402 reverse proxy by Lightning Labs