HTTP Status Code 402, also known as "Payment Required," is a standard response status code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1.1 protocol defined by the Internet Engineering Task Force (IETF) in the RFC 7231  specification.
The HTTP 402 status code indicates that the client must make a payment to access the requested resource. It is typically used in situations where the server requires payment before granting access to the content or service. This code serves as a reminder that financial transaction or authorization is needed to proceed further.
The 402 status code is considered non-standard and was introduced to extend the HTTP protocol's capabilities beyond the standard set of status codes. It provides a clear indication to the client that they need to take action to complete the payment process before they can access the requested resource.
GET /index.php HTTP/1.1 Host: www.example.org
HTTP/1.1 402 Payment Required Location: https://www.example.org/index.asp
The HTTP 402 status code is typically used in e-commerce and subscription-based systems where access to content or services is restricted until the user completes a payment. It can be employed in various scenarios, such as:
- Subscription Renewal: When a user's subscription plan expires, and they attempt to access premium content, the server may respond with a 402 status code to prompt the user to renew their subscription.
- Paywalls: Websites that require users to make a payment to access specific articles, news content, or premium features can utilize the 402 status code to indicate that payment is required to proceed.
- Digital Products: Online platforms selling digital goods, software licenses, or digital media downloads may employ the 402 status code to enforce payment before granting access to the purchased item.
The HTTP status code 402 is currently classified as an experimental code within the HTTP protocol. Such experimental codes are introduced to assess new features or ideas and determine their practical application. The designation of the 402 status implies that a payment is mandated to obtain a particular resource or service. However, its tentative status indicates limited mainstream adoption. Web developers and institutions are advised to adhere to recognized HTTP norms and employ stable, thoroughly documented status codes. Even though the 402 code might be used on an experimental basis, caution is recommended because of potential discrepancies and compatibility challenges.
The HTTP 402 response is accompanied by an entity body that provides additional information to the client regarding the payment requirements. This entity body can be in various formats, including HTML, XML, or JSON, and typically includes details such as the payment amount, payment methods accepted, and instructions on how to complete the transaction.
The server may also include relevant headers in the response, such as Retry-After, which indicates the time duration the client should wait before retrying the request after completing the payment process.
Relationship with other status codes
The HTTP 402 status code should not be confused with the more commonly used 403 Forbidden status code. While both codes indicate that access to a resource is restricted, the distinction lies in the reason for the restriction. The 402 code specifically implies that payment is required, whereas the 403 code implies that access is forbidden due to other reasons, such as insufficient permissions or authentication failure.
In cases where the server requires payment but also wants to convey additional information about why access is denied, it is common to include the 402 status code alongside a 403 status code. This combination helps communicate the payment requirement while providing more context to the client.
- Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. IETF. sec. 6.5.2. doi:10.17487/RFC7231. RFC 7231.
- HTTP status code 402 Payment Required
- developer.mozilla.org Example response
- HTTP status code 402 General explanation of the 402 status code
- developer.mozilla.org Experimental
- Fielding, R., Gettys, J., Mogul, J., et al. (1999). "Hypertext Transfer Protocol -- HTTP/1.1". RFC 2616. IETF.
- stackoverflow.com Difference between http response status code 402 and 403
- The difference between HTTP status code 402 and 403