HTTP Status Code 402, also known as "Payment Required," is a standard response code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1.1 protocol defined by the Internet Engineering Task Force (IETF) in the RFC 7231 [1] specification.
The HTTP 402 status code indicates that the client must make a payment to access the requested resource.[2] It is typically used in situations where the server requires payment before granting access to the content or service. This code serves as a reminder that financial transaction or authorization is needed to proceed further.
The 402 status code is considered non-standard and was introduced to extend the HTTP protocol's capabilities beyond the standard set of status codes. It provides a clear indication to the client that they need to take action to complete the payment process before they can access the requested resource.
Client request:
GET /index.php HTTP/1.1
Host: www.example.org
Server response:[3]
HTTP/1.1 402 Payment Required
Location: https://www.example.org/index.asp
The HTTP 402 status code is typically used in e-commerce and subscription-based systems where access to content or services is restricted until the user completes a payment. It can be employed in various scenarios, such as:
The HTTP status code 402 is currently classified as an experimental code within the HTTP protocol. Such experimental codes are introduced to assess new features or ideas and determine their practical application. The designation of the 402 status implies that a payment is mandated to obtain a particular resource or service. However, its tentative status indicates limited mainstream adoption. Web developers and institutions are advised to adhere to recognized HTTP norms and employ stable, thoroughly documented status codes. Even though the 402 code might be used on an experimental basis, caution is recommended because of potential discrepancies and compatibility challenges.[5]
The HTTP 402 response is accompanied by an entity body that provides additional information to the client regarding the payment requirements. This entity body can be in various formats, including HTML, XML, or JSON, and typically includes details such as the payment amount, payment methods accepted, and instructions on how to complete the transaction.[6]
The server may also include relevant headers in the response, such as Retry-After, which indicates the time duration the client should wait before retrying the request after completing the payment process.[6]
The HTTP 402 status code should not be confused with the more commonly used 403 Forbidden status code.[7] While both codes indicate that access to a resource is restricted, the distinction lies in the reason for the restriction. The 402 code specifically implies that payment is required, whereas the 403 code implies that access is forbidden due to other reasons, such as insufficient permissions or authentication failure.
In cases where the server requires payment but also wants to convey additional information about why access is denied, it is common to include the 402 status code alongside a 403 status code. This combination helps communicate the payment requirement while providing more context to the client.[8]
