## What is L402?

L402 (formerly LSAT) uses Bitcoin's Lightning Network for instant API payments. The server issues a macaroon (a bearer token) paired with a Lightning invoice — once the agent pays the invoice, the macaroon becomes valid.

## How it works

1. Agent sends a request to a paid endpoint
2. Server returns **HTTP 402** with `WWW-Authenticate: L402 macaroon="...", invoice="..."`
3. Agent pays the Lightning invoice
4. Agent retries with the paid macaroon as proof (`Authorization: L402 macaroon:preimage`)
5. Server verifies the macaroon and responds

## Key concepts

- **Macaroon**: A cryptographic bearer token that becomes valid once its paired invoice is paid
- **Lightning invoice**: A one-time BOLT11 payment request on Bitcoin's Lightning Network
- **Preimage**: The proof-of-payment revealed when a Lightning invoice is settled
- **Instant settlement**: Lightning payments confirm in milliseconds
- **Bitcoin-native**: Payments are in satoshis (1 sat = 0.00000001 BTC)

## How to add L402 to your service

1. Run a Lightning node (LND, CLN) or use a Lightning Service Provider
2. For each paid request, generate a macaroon + Lightning invoice pair
3. Return 402 with `WWW-Authenticate: L402 macaroon="<base64>", invoice="<bolt11>"`
4. On retry, verify the macaroon and check the invoice preimage

## Spec maturity

**Established.** Originally developed by Lightning Labs as LSAT, renamed to L402. Used in production by multiple Lightning-powered APIs.

## Learn more

- [L402 spec](https://docs.lightning.engineering/the-lightning-network/l402) — Lightning Labs documentation
- [Aperture](https://github.com/lightninglabs/aperture) — L402 reverse proxy by Lightning Labs

## Related

- [OpenAPI](/kb/openapi)