NUT-24 / HTTP 402 + Cashu

Stop hard-coding paywalls. Ship HTTP-native micropayments.

402forDummies is a practical entry point to the NUT-24 flow. Your server responds with a standard 402 Payment Required, the client decodes the payment request, retries with cashuB, and unlocks access after validation.

Give me the TL;DR Try Interactive Demo

NUT-24

HTTP 402 payment negotiation

NUT-18

Encoded request structure

NUT-12

Token handling for clients

Flow that falls into place

Scroll through the request/response lifecycle used by NUT-24.

5-step handshakeRead NUT-24 Spec

1Client requests protected resource

A normal HTTP request is sent without payment headers.

GET /premium/guide
Host: 402fordummies.com

2Server returns HTTP 402 + X-Cashu

The response contains a NUT-18 encoded payment request in a header.

HTTP/1.1 402 Payment Required
X-Cashu: eyJhIjoyMSwidSI6InNhdCIsIm0iOlt...

3Client decodes and evaluates request

The wallet checks amount, unit, accepted mints, and optional NUT-10 lock conditions.

decode(X-Cashu) -> { a, u, m, nut10 }

4Client retries with cashuB token

Token is built from a valid mint and sent in X-Cashu.

GET /premium/guide
X-Cashu: cashuB...

5Server validates payment

Mint, unit, amount, and lock conditions are checked before serving content.

HTTP/1.1 200 OK
(or 400 Bad Request on failure)

Interactive multi-step demo

Walk through the actual lifecycle: 402 header issuance, client-side decode, retry with payment token, and final server validation.

Current step: Ready

Step 1

Resource requested

Step 2

402 with X-Cashu

Step 3

Header decoded

Step 4

cashuB retry sent

Step 5

Server validation

Client Controls

Configure the client token before running validation.

Token amount

Unit

Mint URL

Include proof for required NUT-10 lock condition

Protocol Inspector

Server headers, decoded payload, and validation decisions.

Request log

No requests sent yet

Response log

Awaiting first request

Server header (raw)

X-Cashu: eyJhIjoyMSwidSI6InNhdCIsIm0iOlsiaHR0cHM6Ly9taW50Lm1pbmliaXRzLmNhc2gvQml0Y29pbiIsImh0dHBzOi8vbWludC5jb2lub3MuaW8iXSwibnV0MTAiOnsia2luZCI6IlAyUEsiLCJwdWJrZXkiOiIwM2I0Li4uN2U5In19

Decoded on client

Run step 2 to decode X-Cashu

Validation checks

Run until final step to evaluate checks.

Final status

No final status yet

This demo follows NUT-24 expectations: 402 with encoded request, client decode, token retry, then strict server-side checks.

Required amount: 21 satAccepted mints: 2NUT-10 lock checkHeader + token flow