Patrick WoodheadA new business model for the internet is exploding onto the scene: x402.
For decades, the web has been built on an architectural gap: the inability to pay for resources directly within the protocol itself. When HTTP was designed, status code 402 - Payment Required - was reserved for a future in which paying for digital resources might be possible.
That future never arrived.
In the 1990s, online payments were slow, fragmented, and manual. There were no digital wallets, no stablecoins, no cryptographic attestations. The idea of embedding payments into HTTP was conceptually elegant but technologically impossible.
Until now.
x402 revives the dormant 402 vision by enabling payments to travel with the HTTP request. This may seem like a small technical change. But in reality, it has the potential to reconfigure the web’s fundamental business models, and solve long-standing problems in identity, privacy, and monetisation.
The Web We Inherited
Today’s internet is shaped by two dominant models:
- Subscriptions, predictable for businesses but often misaligned with user behaviour.
- Advertising, which has become synonymous with surveillance, data harvesting, and user profiling.
Both models are so imbalanced in favour of the provider - often a business - over the client. You get tied in to pay-monthly subscriptions for services you barely use, with it often impossible to cancel your subscription without spending hours on the phone. Or you can’t access your account without a 2FA which never sends you the passcode.
Or you are faced with adverts and your every movement is tracked and recorded.
Subscriptions and surveillance weren’t inevitable, but with no easy way to pay for things online, they were the workarounds that emerged. Subscriptions and surveillance certainly weren’t the original vision of the web.
x402 offers a completely new paradigm, a completely new business model for the web. One where you own your own data and identity. Privacy & control of spending. Why so much more privacy? When the service rails and the payments rails are separate, you need to create an account, add credit card details, get KYC checked in the background, choose a pricing plan, get a JWT, make a request with the JWT, get authenticated and authorised and finally get the service. So many steps just to tie the users to the payment method to the pricing plan to get the service.
With x402 all this goes away. You can just attach payment directly to the request and get back the service/resource. Payment rail and service rail are the same thing - all over the same HTTP request. The provider then gets paid and no personal information is shared aside from your wallet address for payment. But what if the provider does need to do some extra checks on who exactly is paying them? A provider doesn't just want to accept payments from anyone. What if the client behind that wallet address is sanctioned or from a sanctioned geography? What if they are underage for using the service? This is where we see a huge opportunity. If we can add KYC evidence to the very same HTTP request, then we have everything we need to get access to a service or resource in one HTTP round trip. Whats more, these KYC credentials can be shared in zero knowledge. They can give the provider only the proof that the required checks have been passed and no other information. And here we have the answer to how we can use services without sharing any personal information with the service provider. Pay per request with ZK KYC included in the request. Now in a completely x402 world, I think some people may be concerned about actually paying for every single request. How much is this really going to cost? Here, I am reminded of the pricing model for phone users where you can buy data. One can buy say 4GB of data to use on their phone. Then as people use their phone this allowance goes down, until the user is warned that they are running out of data and should buy some more. This is the same thing. Essentially, internet usage will all be metered and users will need to top up their wallet. Another really cool thing about x402 is that it fits so well with the agentic web. Agents don't need adverts and advertisers don't want to advertise to agents. And having everything in the same request is so much easier than buying or sharing subscriptions with agents. A final concern for providers is that they wont know who their customers are. Traditionally, they could learn about their customer base by looking at the personal details that have been shared. They could understand their audience. But again I think this has been such an imbalance towards the providers at the expense of the clients. If a clients data is used to help a provider understand their audience, then the client should be rewarded for this. Instead of just buying a service, they have actually bought a service and helped the provider understand who else might be a client. They should be rewarded for this. x402 with additional identity and KYC credentials could allow the client to opt in to what it wants to share with providers, perhaps leading to a discount or other benefits. Once you start to image a web where every transaction is x402, you realise that the subscription and advertising based business models are actually so complex and imbalanced. x402 brings back simplicity, privacy and ownership to the web. The pay directly web is the only business model that favours the individual over the company.
How x402 Re-imagines the Stack
x402 offers a new approach. One where payment, access control and data all flow over the same rails, in the same HTTP request.
Instead of stitching together OAuth flows, JWT tokens, subscriptions, billing systems, pricing plans, and user accounts, x402 lets each request pay for itself. So simple.
Yet aside from this simplicity, the x402 model leads to other meaningful implications when it comes to privacy and security. When each request pays for itself, you don’t need to have these endless accounts on endless online providers. You don’t need to perform endless 2FAs to verify that you are you and that you are linked to the account you created with each provider.
Minimal, user-controlled identity
For some services, a wallet address with enough funds is sufficient. There is no need to share endless personal information. But surely providers will need to know that their clients are not sanctioned entities? Well, when additional checks are needed, such as age restrictions, geographic eligibility, KYC screening, we believe they can be delivered as zero knowledge cryptographic attestations that reveal only the fact of compliance. This is the missing piece of x402 that Space Meridian is working on.
The Agentic Web Changes Everything
As autonomous agents begin performing tasks on behalf of users, advertising becomes ineffective and subscriptions become cumbersome. Agents don’t watch ads, don’t respond to dark patterns, and don’t want account setup flows.
They simply need:
- a resource
- a price
- a way to pay
x402 is tailored for this world.
Rethinking Customer Insight
Providers traditionally learn about their audience through the data users are forced to provide. This is asymmetrical: users surrender data, providers capture value.
In an x402 world, identity can become a negotiated resource. Users can choose to share verified attributes in exchange for better pricing or benefits. Customer understanding becomes consensual rather than extracted.
Future Work: Adding Privacy-Preserving Credentials
Today, x402 solves the payment layer: you attach value to the request.
The next evolution - one your company is actively pursuing - is the ability to attach zero-knowledge credentials in the same request. This would allow providers to verify attributes like age or jurisdiction without ever handling personal data.
This capability is not part of the current x402 spec, but it is a natural and important extension. It completes the vision of a web where authorization and payment are both privacy-preserving and protocol-native. With this in place, you have everything you need to access a resource attached in one HTTP request, one round trip. We are calling this the everything protocol.
Conclusion: A More Balanced Self-sovereign Internet
x402 provides the web with a native economic primitive that eliminates the need for account silos, subscription traps, and data extraction as a business model.
A protocol-level payment mechanism unlocks a web that:
- treats identity as something owned by the individual
- defaults to privacy
- aligns cost with consumption
- works seamlessly for humans and agents alike
The internet has been missing this for 30 years. x402 fills the gap.