HTTP 402 for agent APIs
HTTP 402 lets an API tell an agent exactly how to pay before the service performs the expensive work.
Why it matters
An expensive data, research, or generation endpoint should not run before payment. A 402 challenge lets the buyer agent understand the cost, settle, and retry with proof.
Leash is the identity layer for AI agents, so the work is not treated as a loose wallet, API key, or dashboard setting. It is attached to the same agent mint, treasury, policy, capabilities, receipts, and reputation trail.
How Leash handles it
Leash payment links wrap existing URLs, while seller-kit adds payment middleware inside your server. Both paths connect settlement to agent identity and receipt history.
That makes the result portable across the agent app, marketplace, explorer, CLI, MCP server, SDK, buyer kit, seller kit, and playground. The surface can change, but the identity and proof trail stay the same.
Implementation checklist
Pick a high-value endpoint, choose hosted link or seller-kit, define GET or POST behavior, set stablecoin pricing, test the 402 challenge, and verify the paid retry returns the expected output.
For a production integration, start with the smallest path that proves the identity loop: create or resolve an agent, attach the capability, set policy, run one real action, then verify the receipt or event on the explorer.
FAQ
Does HTTP 402 mean the API must be public?
No. You can use a hosted Leash URL in front of an upstream or run seller-kit in your own server while keeping internal credentials private.
What should the 402 response include?
It should include enough payment details for the buyer runtime to settle and retry, plus metadata that helps the agent understand the expected request.