200Lab
In 1997, HTTP reserved a status code almost nobody ever used: 402 Payment Required. Thirty years later, AI agents brought it to life: a machine requests, gets billed, settles on its own, and receives 200 OK— that five-character flip is the entire story of the agent economy, and the origin of this lab's name. We don't paraphrase protocol docs. We build them.
Demo #1 · The Agent That Pays
Click run: an agent with a wallet is born in your browser and buys a piece of paid content from this site — every round-trip and signature actually happens. Open DevTools (F12 → Network) and watch the 402 with your own eyes.
What just happened
The agent requests a resource. The server doesn't ask who you are — it sends a bill: HTTP 402 with amount, payee, and a one-time nonce. No signup, no API key.
The agent signs an EIP-712 payment authorization with its own wallet — cryptographically unforgeable, and the key never leaves the agent.
The agent retries the same request with the signed credential in an X-PAYMENT header. To the server, this is money arriving.
The server verifies the signature, checks the quote, burns the nonce (single-use), releases the content and settles. 402 becomes 200. Done.
Lab roadmap
- ✅
Live protocol demo — Real 402 round-trips + real EIP-712 signatures, simulated settlement (this page)
- ◻️
Real testnet settlement — Full x402 flow with test USDC on Base Sepolia, open source
- ◻️
Adversarial testing — Prompt-injection attacks against paying agents, published as research notes
- ◻️
Facilitator economics — Cost and business-model breakdown of the settlement layer