NUT-24 / HTTP 402 + Cashu

402 for dummies

Everything you need to master HTTP 402 micropayments without the headaches. Your server responds with a standard 402 Payment Required, the client decodes the payment request, retries with cashuB, and unlocks access after validation.

Try Interactive Demo
For Dummies logo
5-step handshake

Flow that falls into place

Scroll through the request/response lifecycle used by NUT-24.

Read NUT-24 SpecJump to Demo
1Client requests protected resource
A normal HTTP request is sent without payment headers.
GET /premium/guide
Host: 402fordummies.com
2Server returns HTTP 402 + X-Cashu
The response contains a NUT-18 encoded payment request in a header.
HTTP/1.1 402 Payment Required
X-Cashu: creqAo2F0gaNhdGVub3N0cmFheM9ucHJvZmlsZTFxeTI4d3VtbjhnaGo3dW45ZDNzaGp0bnl2OWtoMnVld2Q5aHN6OW1od2RlbjV0ZTB3ZmprY2N0ZTljdXJ4dmVuOWVlaHFjdHJ2NWhzenJ0aHdkZW41dGUwZGVoaHh0bnZkYWtxejluaHdkZW41dGUwd2Zqa2NjdGU5ZWM4eTZ0ZHY5a3p1bW45d3NxenF0ajRzaDZkajA0dTluazRkOGpyZ3Y1Y3pscDdneDVnM3M2cjNqZHF3YTJ5OXl2ZGprNWgydjc0N3ZhZ4GCYW5iMTdhaWg3NDBmNDgxOGF1Y3NhdA==
What is HTTP 402? It's a status code reserved for "Payment Required" — and NUT-24 finally gives it a real purpose!
3Client decodes and evaluates request
The wallet checks amount, unit, accepted mints, and optional NUT-10 lock conditions.
decode(X-Cashu) -> { a, u, m, nut10 }
4Client retries with cashuB token
Token is built from a valid mint and sent in X-Cashu.
GET /premium/guide
X-Cashu: cashuB...
5Server validates payment
Mint, unit, amount, and lock conditions are checked before serving content.
HTTP/1.1 200 OK
(or 400 Bad Request on failure)

Interactive multi-step demo

Walk through the actual lifecycle: 402 header issuance, client-side decode, retry with payment token, and final server validation.

Step 1

Resource requested

Step 2

402 with X-Cashu

Step 3

Header decoded

Step 4

cashuB retry sent

Step 5

Server validation

Client Controls
Configure the client token before running validation.

1 click = next protocol phase.

Protocol Inspector
Server headers, decoded payload, and validation decisions.

Request log

No requests sent yet

Response log

Awaiting first request

Server header (raw)

Run step 1 to receive a response

Decoded on client

Run step 2 to decode X-Cashu

Validation checks

Run until final step to evaluate checks.

Final status

No final status yet

This demo follows NUT-24 expectations: 402 with encoded request, client decode, token retry, then strict server-side checks.

Required amount: 21 satAccepted mints: 2NUT-10 lock checkHeader + token flow