In 1997, the HTTP spec defined status code 402 Payment Required. It was reserved "for future use," a placeholder for a payment layer. Bitcoin developers at Lightning Labs pioneered the first robust solution for the 402 payment layer in 2020, with the introduction of the L402 protocol, which Coinbase followed with the x402 protocol in May 2025. These 402 implementations provide a standardized mechanism to request payment over HTTP in a way that browsers and AI agents can facilitate without manual human interaction.
We believe 402 payment protocols are an important infrastructure development for the agentic internet. Payment as a meter for access solves many use cases, but there are many other scenarios where the decision to allow access to Web content, APIs, or app flows is gated on who the person or entity is.
Payments is one of the two primary ways apps and services gate access to their resources, the other is permitting access based on the identity of the user controlling an agent. There are two major points of evaluation involved in an identity-based access evaluation: does the user possess the identity attributes the app requires, and is the agent authorized to present the required identity proofs on behalf of the user? Today there is no HTTP protocol layer for challenging a caller to present identity credentials for accessing a gated resource. This is what x401 brings to the party.
x401 extends HTTP with a cryptographic identity assertion layer. It’s a standard way for servers to require verified identity before granting access, and for agents to prove that a real, verified human authorized their action.
For decades, this worked well enough. Fraud was possible, but it took real effort — time, social engineering, physical access. Basic deterrents were sufficient. We’re living in a world where foundational trust assumptions are rapidly breaking down:
AI made synthetic impersonation trivially cheap. A face, a voice, a writing style are now all replicable in seconds. Every day it gets harder to authenticate activities in our digital world. There’s now uncertainty as to whether it's your colleague on the other end of a call, or an AI, or whether a document signed in someone’s name was really signed by them.AI agents are now transacting on people's behalf. Agentic traffic on the Web has nowsurpassed human traffic. Agents are browsing websites, completing purchases, signing agreements, and processing payments. Every one of those actions raises the same unanswered questions: who authorized this? How can I gate who or what is performing actions in my apps and services? What does liability look like if an agent does something wrong?
What is x401?
x401 is an open protocol that extends HTTP with a standard identity challenge-response flow. It follows a similar pattern as x402: a server responds with a structured challenge, a client fulfills it cryptographically, and the transaction proceeds. This all happens at the HTTP layer, invisible to the application behind it.
The flow is simple:
- Agent makes a request to an endpoint, such as GET /api/payments/initiate
- Server responds with an identity challenge in the 401 response, which includes a header describing the verifiable identity requirements the agent must present to access the resource.
- Agent produces a presentation of Verifiable Credentials that fulfills the requirements, often in coordination with an identity wallet that holds the credentials and signing keys of the user.
- Agent retries the request with the credential presentation, passed via a standard header.
- Server verifies the credentials to ensure they contain the correct values and are signed by the Issuer(s) they claim to be from, then permits the action and/or returns the protected content.
The keyword in step 3 is Verifiable Credentials. These aren’t session tokens or ordinary account-based JWTs. They are cryptographically-signed assertions from an Issuer that a real, verified human is making the request, and that the agent is operating within the scope the controlling human explicitly authorized. In addition to identity claims, the presentation of credentials may include signed proof that the user has authorized the agent to use the identity information it contains.
No shared secrets, no API keys that can be stolen and sensitive PII (like photos of a driver’s license) being transmitted on the internet. Verification is fast and deterministic; the credential either validates against the valid keys of the Issuer, or it doesn't.
The agentic web needs this now
The practical urgency of x401 is being surfaced in agentic flows. AI agents are beginning to transact on the open web on people's behalf by buying products, booking services, signing agreements and processing payments. The infrastructure for agentic transactions is being built right now, and the identity component needs to be part of the foundation, not retrofitted in three years when fraud is endemic.
x402 introduced an HTTP native payment flow, where a server says "pay me X amount, in Y or Z currencies," but what about other flows that are gated on who is allowed to interact, and whether the party interacting is authorized to do so? The x401 protocol is the identity-centric complement to x402, solving for how to gate resources based on the caller satisfying identity requirements and possession of authorization to present satisfying proof.
Without x401, the answer is ambiguous. With x401, an agent can present cryptographic proof that traces back to a real person who has explicitly provided scoped access to their identity for use by the agent.
U.S. law already supports this model: the ESIGN Act and UETA explicitly permit contracts formed by electronic agents, provided the action is "legally attributable to the person to be bound." x401 provides a standards-based mechanism to fulfill this legal attribution requirement.
Your agent acts in your name
When a person enrolls with an x401-compatible identity provider, they receive a cryptographic credential bound to their verified identity. When a person chooses to delegate authority to their agent, they sign an authorization mandate specifying exactly what the agent can do: what actions are permitted, how much it can spend, which services it can interact with, and for how long.
x401 solves the authorization gap in agentic transactions that require identity. Any transaction gated by identity can now be verified and completed by an agent on your behalf. x401 supports either personal or organizational identity. This includes transactions like prescription refills, consumer memberships, age-restricted purchases, licensed professionals, season ticket holders, students and many other use cases.
The identity provider issues a verifiable credential to the agent that names the human as the principal and encodes the approved scope. When the agent makes a request to an x401-enabled server, it attaches this credential. The server verifies the credential was indeed signed by the issuing entity. If it checks out, the server knows:
- A real, verified human authorized this action
- The action falls within the explicitly-approved scope
- The delegation has not been revoked
- The signature is mathematically bound to the request — it cannot be replayed or forged
Agents don't get their own independent identity. They inherit the identity of the human who authorized them. That's the right model for accountability — and it works with any PKI infrastructure that is able to support the x401 spec (the CA-based ecosystem, decentralized identity implementations, etc.).
Join the x401 community
x401 is an emerging standard under collaborative development by a range of contributors and companies. The full technical specification including the challenge format, credential requirements, signature schemes and revocation handling is available at x401.id. It's designed to be implementable by anyone, against any PKI infrastructure without lock-in to Proof.
We're building x401 as an open standard because identity infrastructure only works when it's ubiquitous. A protocol adopted by one company is a proprietary lock-in mechanism. A protocol adopted by the industry is infrastructure.
We're actively seeking companies to join the x401 community — AI platforms, agent infrastructure teams, relying parties who want their services to be verifiably safe for agentic commerce. If you're building agent infrastructure, operating a platform where agents transact on users' behalf, or running a service that needs to verify human authorization at scale, we want to work with you.
We would like to thank the following individuals for their contributions to this open community effort: Bhushit Agarwal (Circle), Lee Campbell (Google), Nick Steele (OpenAI), Tim Cappalli (Okta), Oliver Terbu (EU Commission / MATTR), Reema Bajwa (Google), Jacky Lao (Lightspark), Tobias Looker (MATTR), Gareth Oliver (Google), Jasper Kim (Circle).
The internet got its payment layer, thirty years late. Let's not make the internet wait that long for the HTTP-native identity mechanism it needs in this age of AI. Join the community here: https://x401.id/
Want to see what Proof enables for AI agents? Join us July 8 for a live demo of an agent completing a real transaction, secured authorized with cryptographic identity.