HTTP 402 is listed in the original spec as "Payment Required" and marked reserved for future use. It has been sitting there, unused, since 1991.
The reason it was never implemented is not that the idea was bad. It is that the internet had no native payment primitive. Every payment system that got built on top of the web was bolted on: accounts, API keys, OAuth flows, card networks, checkout pages. All of it designed for humans, optimised for human interaction, and requiring human approval somewhere in the loop.
Coinbase's x402 protocol is a direct answer to why HTTP 402 sat idle for 35 years. And the reason it is being built now, at this specific moment, is that the entity most likely to use machine-native payments at scale is no longer theoretical. It is a software agent.
What x402 Actually Does
The spec is intentionally minimal. An AI agent makes a standard web request to a service. The server responds with HTTP 402 and specifies a payment amount and a stablecoin address. The agent pays, the server verifies the transaction on-chain, and delivers the response. No accounts. No API keys. No OAuth handshake. No human in the loop.
Jesse Pollak, co-founder of Base, framed the design philosophy in terms of what agents actually are: "Agents are defined by software and operating systems; they want funds in software form." Traditional payment infrastructure assumes a person who can log in, verify identity, and authorise transactions. An autonomous agent cannot do any of those things natively. Stablecoins on a programmable blockchain can be held, transferred, and verified entirely in software without any of the human-facing abstraction layers.
The $48 million processed through x402 so far is modest. About 95% of it has run on Base, Coinbase's Ethereum L2. The protocol is early. But the infrastructure decisions being made around it are not modest at all.
Why the Linux Foundation Matters Here
On April 2, the Linux Foundation announced the x402 Foundation with more than 20 founding members: Google, Microsoft, AWS, Visa, American Express, Stripe, Shopify, Circle. Coinbase contributed the protocol as a neutral open-source standard.
That list is not a crypto-native coalition. It is the payments and cloud infrastructure industry signalling that it considers machine-to-machine payments a real category worth standardising now. Visa and American Express are not joining open-source foundations for technology they think is speculative. Stripe and Shopify are not co-developing protocols they do not expect to route significant volume through.
The Linux Foundation governance model is important here too. By contributing x402 to a neutral foundation rather than keeping it proprietary, Coinbase is making a bet that the protocol wins by becoming the default, not by being locked to Base. Pollak said the $48 million figure nine months ago "was almost impossible." The foundation structure is how you get the next nine months to look different.
The Infrastructure Stack Coinbase Is Building
x402 is one layer of a broader stack Coinbase has been assembling.
In February, the company launched Agentic Wallets: purpose-built wallet infrastructure for AI agents to hold funds, trade tokens, and earn yield on Base without human intervention. Private keys are isolated in trusted execution environments. Programmable spending limits and built-in compliance screening sit at the wallet level, which means individual applications using the wallet do not need to implement their own.
The trusted execution environment detail matters for anyone thinking about the security model. The private key never exists in plaintext in a context accessible to the agent's general computation. The agent can instruct the wallet to sign transactions within defined parameters, but cannot exfiltrate the key itself. It is a meaningful constraint on the blast radius of a compromised agent.
In April, Coinbase launched Agentic.Market, a service directory where agents can discover and pay for external services using x402 rails. Bloomberg data feeds, Google Flights, and similar data services are available. Nick Prince, Coinbase's product lead, described the goal as giving "humans and their agents access to thousands of services, with zero API keys required." From a developer perspective, this collapses the integration model considerably. The current paradigm for connecting an agent to an external service involves obtaining an API key, managing credentials, handling rate limits, and building authentication logic. x402 replaces most of that with a payment.
The Broader Ecosystem Signal
The week's related announcements fill in the picture.
MakeInfinite Labs launched Dreamspace on Base: an AI no-code app builder backed by Microsoft's venture arm M12, where users describe an application in plain language, and it gets built, deployed onchain, and monetised. The monetisation layer runs over x402. The implication is that AI-generated software can be economically self-sustaining from the moment it deploys, collecting payments from the agents or humans that use it.
Brian Armstrong is testing AI agents at Coinbase that are modelled on former executives, including co-founder Fred Ehrsam and former CTO Balaji Srinivasan, deployed internally through Slack and email. The stated goal is preserving institutional knowledge. The more interesting implication is that Coinbase is treating the agent as a software artefact that can encode expertise and act on it autonomously in internal workflows.
Joseph Lubin, Ethereum co-founder and Consensys CEO, said this week that he is "sympathetic to the idea that blockchain is for machine intelligences." His framing was that AI agents will transact, coordinate, and verify one another on decentralised networks using crypto infrastructure as the foundation for what he called a "machine economy."
What Builders Should Pay Attention To
The x402 model has a few properties worth thinking through if you are building on Base or evaluating agent infrastructure.
- The payment-as-authentication model is genuinely novel. Current API security assumes that the right credential grants access. x402 assumes that the right payment grants access. For many use cases, particularly read-only data services with variable demand, this is a simpler and more composable model. There is no credential to rotate, no rate limit tier to negotiate, and no account to provision.
- The spending limit architecture in Agentic Wallets is the correct design pattern for agent autonomy. Giving an agent unrestricted wallet access is the agentic equivalent of giving a new contractor root access on day one. Programmable limits scoped to specific services or transaction types allow meaningful autonomy without unlimited liability. Build this constraint in from the start, not as a retrofit.
- The composability question is open. An agent using x402 to pay for Bloomberg data, which it uses to make a trade through another x402-connected service, which triggers a payment to a third service, creates chains of micropayment-linked computation. Base's throughput and finality times become hard engineering constraints on how fast and how deeply those chains can run.
Coinbase has said the agentic economy could eventually surpass the human economy in scale. That claim is worth neither dismissing nor accepting uncritically. What is already clear is that the infrastructure layer for machine-to-machine commerce is being standardised now, with backing from the institutions that run the existing payments and cloud infrastructure. The HTTP 402 spec waited 35 years for the right primitive to exist. The build-out of what comes next is happening considerably faster.
