Quick answer: HTTP 402 "Payment Required" means the server is refusing your request until money changes hands. In practice you see it when an API's free quota is exhausted, a subscription has lapsed, an account has an unpaid balance, or a paywalled resource needs purchase. The fix is almost always on the billing side: check your plan, quota, and payment method with the service returning it, then retry.
The 402 has one of the stranger histories of any status code, and knowing it helps you interpret what a given service actually means by it.
A Code Reserved for a Future That Took 25 Years
402 was defined in the original HTTP specs of the 1990s and marked "reserved for future use." The web's designers anticipated native micropayments: your browser would pay a fraction of a cent to read an article, with the protocol handling the transaction. That future didn't arrive, so for decades 402 sat officially meaningless, with no standard semantics for what a client should do when receiving it.
Because it was unclaimed, services adopted it informally, and that's the 402 you meet today. It has recently gotten a second life in machine-to-machine payments, where AI agents pay per-request for APIs and content (the x402 pattern built on stablecoin payments is the most visible example). For the first time, some 402 responses now come with machine-readable payment instructions attached.
Who Actually Sends 402, and Why
When you hit a 402 in the wild, it's usually one of these:
| Source | What it means | Fix |
|---|---|---|
| API providers | Free tier or prepaid credits exhausted | Upgrade plan or top up credits |
| SaaS platforms | Subscription expired, invoice unpaid | Update payment method |
| Cloud services | Billing account in bad standing | Settle the balance |
| Paywalled content | Resource requires purchase | Buy access |
| Payment-native APIs | Pay-per-request, payment details in response | Complete the payment flow |
The common thread: unlike a 401 (who are you?) or a 403 (you may not), a 402 says "we know exactly who you are, and your money situation is the problem."
Debugging a 402, Step by Step
- Read the response body. Most services return JSON explaining precisely what's owed or exhausted. This usually ends the investigation.
- Check your usage dashboard. If you're on a metered API, you've likely burned through the month's quota. Usage-based services (including link.sc) show exactly where you stand.
- Check the payment method. Expired cards are the silent killer of production integrations. The service kept charging, the card stopped working, and three weeks later every request 402s.
- Look for plan-feature mismatches. Some APIs return 402 when you call an endpoint your tier doesn't include, even with quota remaining.
Handling 402 in Code
A 402 is not retryable in the way a 429 or 503 is. No amount of waiting makes money appear. Retrying it on a loop just burns requests and pollutes logs, so treat it as terminal and alert a human:
resp = requests.get(url, headers=headers)
if resp.status_code == 402:
# Not transient. Do not retry. Escalate.
alert_billing_issue(service=url, detail=resp.text)
raise PaymentRequiredError(resp.text)
resp.raise_for_status()
That alert_billing_issue line matters more than it looks. In my experience, a 402 in production is a billing problem that has existed quietly for days; the code path that surfaces it loudly is the difference between a five-minute fix and a weekend outage.
If you operate an API yourself, return 402 for money problems instead of a generic 403. Clients can then route billing failures to the person with the credit card rather than the person with the debugger.
402 vs. 401 vs. 403
These three get confused constantly, and the distinction is the whole diagnostic:
- 401 Unauthorized: the server doesn't know who you are. Fix your credentials.
- 402 Payment Required: the server knows you and wants payment. Fix your billing.
- 403 Forbidden: the server knows you and the answer is no. Fix your permissions, or accept the no.
If you're scraping and suddenly seeing 403s rather than 402s, that's a different problem entirely: you've been identified as a bot, not as a debtor.
The Bottom Line
A 402 is the web's bluntest status code: pay up. Read the body, check the dashboard, fix the billing, and never put it in a retry loop. And if you're building agents or pipelines that consume paid APIs, budget monitoring is part of the architecture, because the 402 always arrives at the least convenient moment otherwise.
Metered web data without billing surprises: start free with link.sc and watch usage live in the dashboard before a cent is due.