A lot of people are talking about x402 and EVMAuth right now, but similar protocols have been around for a while. Google introduced Macaroons back in 2014. Lightning Network released L402 in 2020.
So, why have none of them become the de facto standard for the web?
The Forgotten Error Code
HTTP 402 "Payment Required" has been sitting in the spec since the early days of the web, reserved for future use. It was supposed to enable micropayments—imagine paying a few cents to read an article or access an API, rather than being endlessly assailed by advertisements.
Why did HTTP 402 fall by the wayside? Primarily, two reasons:
- Technical hurdles: No practical way to handle tiny payments without massive transaction fees
- Visa/Mastercard duopoly: Credit card processors had no interest in micropayments at the time
Marc Andreessen famously called it the "original sin of the internet"—the web's inability to handle native payments. Instead of micropayments, we got ads. Lots and lots of ads.
Bitcoin and Lightning
Fast forward to 2009. Bitcoin shows up, and suddenly we have programmable money. This was groundbreaking technology, but very slow. Ten-minute block times are too long for buying a coffee, let alone making an API call.
Then came Lightning Network, which was a vast improvement in terms of speed. Built on top of Bitcoin, it enabled:
- Near-instant payments
- Fees measured in fractions of a cent
- Millions of transactions per second
This is where things started getting interesting...
Macaroons and L402
In 2014, Google researchers introduced Macaroons—bearer tokens that can be verified without hitting a database. Think cookies with built-in permissions that you can delegate, and that can be verified using only a root key and basic cryptography.
In 2020, Lightning Labs had the brilliant idea of combining Macaroons with Lightning payments. The result? L402 (formerly LSAT).
Here's how it works:
- Service gives you a Macaroon + Lightning invoice
- You pay the invoice and get proof of payment
- Present both together and gain authenticated access
No usernames. No passwords. No credit card forms.
And nobody uses it.
Ethereum Virtual Machines
While Bitcoin and Lightning were focused on payments, Ethereum took a different path—smart contracts. These self-executing programs opened up a world of new possibilities:
- ERC-20 tokens and stablecoins (USDC, Tether, DAI)
- NFTs and digital ownership
- DAOs and on-chain governance
- DeFi protocols and automated market makers
Unlike Bitcoin's simple transaction fees, Ethereum uses 'gas'—a fee system that compensates validators for running smart contract code. The more complex the operation, the more gas it costs. This makes sense for security, but creates an economic challenge.
During crypto bull markets, speculative trading and DeFi activity drove gas fees to unpredictable heights—sometimes $50 or more for a simple transaction.
The popularity of Ethereum sparked a wave of alternative networks and Layer 2 solutions, all trying to bring costs down. While these other EVMs helped, gas fees still made micropayments unviable. Even on cheaper networks, paying $0.10 to charge $0.01 for an API call just doesn't make cents. (See what I did there?)
x402 and EVMAuth
Today, we're seeing a resurgence of HTTP 402 with two new open-source protocols:
x402: A modern interpretation that bridges traditional payment rails with crypto infrastructure, developed by Coinbase.
EVMAuth: An extension of the ERC-1155 token standard that turns a deployed smart contract into a secure authorization system, developed by Radius.
What sets EVMAuth apart:
- Granular revocation: Unlike Macaroons (where revoking access means rotating keys), EVMAuth enables you to easily revoke tokens and blacklist accounts
- Built-in expiration: Tokens can be configured with an optional time-to-live (TTL) and will expire automatically, making them ideal for subscription models
- Flexible payment options: Tokens can be purchased directly on-chain OR issued automatically upon receipt from an external payment system (x402, L402, traditional payments)
But here's the kicker—EVMAuth deployed on the Radius network completely changes the economics:
- Sub-second transaction finality
- Negligible gas fees (we're talking tiny fractions of a cent)
- Millions of transactions per second (TPS)
- Read-only verification of token ownership (no gas fees)
Radius achieves this by ditching the traditional blockchain architecture entirely. Instead of waiting for consensus, Radius uses a high-performance distributed system that processes transactions in parallel, making microtransactions economically viable—something that's never been done before.
Why This Time Is Different
We're entering the age of agentic AI—autonomous programs that need to pay for services without human intervention. An AI agent can't fill out a credit card application or verify its identity.
What it can do:
- Hold crypto tokens
- Make Lightning payments
- Interact with smart contracts
- Decide which APIs and services it should use
The payment infrastructure that never made sense to human users is ideal for machines. Autonomous AI agents are going to choose to interface with systems designed specifically for them.
An EVM Without a Blockchain
Radius abandons the traditional blockchain structure in favor of parallel processing—think of it as running the EVM without the consensus bottleneck.
What does this mean in practice? Gas fees still exist, but they're predictable and minimal. Instead of competing with DeFi traders for block space, you get:
- Stable transaction costs (fractions of a cent)
- Parallel processing for massive throughput
- Sub-second finality without waiting for blocks
- The full EVM toolkit without the economic volatility
For EVMAuth, this architecture makes all the difference. Minting a thousand access tokens costs about the same as a few API calls. Revoking access happens in milliseconds, not minutes. Selling granular access to data and web resources with micropayments finally makes sense.
The Bottom Line
HTTP 402 is finally having its moment, 30+ years after it was introduced.
Platforms like Radius make EVM-based authorization fast and cheap, eliminating the need to build, operate, and maintain auth servers and databases.
The future we were promised in the '90s is finally here. It just took a few decades and some next-gen infrastructure to make it happen.
