HTTP 402

Last updated

HTTP Status Code 402, also known as "Payment Required," is a standard response code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1.1 protocol defined by the Internet Engineering Task Force (IETF) in the RFC 7231 [1] specification.

Contents

Description

The HTTP 402 status code indicates that the client must make a payment to access the requested resource. [2] It is typically used in situations where the server requires payment before granting access to the content or service. This code serves as a reminder that financial transaction or authorization is needed to proceed further.

The 402 status code is considered non-standard and was introduced to extend the HTTP protocol's capabilities beyond the standard set of status codes. It provides a clear indication to the client that they need to take action to complete the payment process before they can access the requested resource.

Examples

Client request:

GET/index.phpHTTP/1.1Host:www.example.org

Server response: [3] 

HTTP/1.1402Payment RequiredLocation:https://www.example.org/index.asp

Usage

The HTTP 402 status code is typically used in e-commerce and subscription-based systems where access to content or services is restricted until the user completes a payment. It can be employed in various scenarios, such as:

Experimental

The HTTP status code 402 is currently classified as an experimental code within the HTTP protocol. Such experimental codes are introduced to assess new features or ideas and determine their practical application. The designation of the 402 status implies that a payment is mandated to obtain a particular resource or service. However, its tentative status indicates limited mainstream adoption. Web developers and institutions are advised to adhere to recognized HTTP norms and employ stable, thoroughly documented status codes. Even though the 402 code might be used on an experimental basis, caution is recommended because of potential discrepancies and compatibility challenges. [5]

Response representation

The HTTP 402 response is accompanied by an entity body that provides additional information to the client regarding the payment requirements. This entity body can be in various formats, including HTML, XML, or JSON, and typically includes details such as the payment amount, payment methods accepted, and instructions on how to complete the transaction. [6]

The server may also include relevant headers in the response, such as Retry-After, which indicates the time duration the client should wait before retrying the request after completing the payment process. [6]

Relationship with other status codes

The HTTP 402 status code should not be confused with the more commonly used 403 Forbidden status code. [7] While both codes indicate that access to a resource is restricted, the distinction lies in the reason for the restriction. The 402 code specifically implies that payment is required, whereas the 403 code implies that access is forbidden due to other reasons, such as insufficient permissions or authentication failure.

In cases where the server requires payment but also wants to convey additional information about why access is denied, it is common to include the 402 status code alongside a 403 status code. This combination helps communicate the payment requirement while providing more context to the client. [8]

Related Research Articles

<span class="mw-page-title-main">HTTP</span> Application protocol for distributed, collaborative, hypermedia information systems

The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

<span class="mw-page-title-main">Web server</span> Computer software that distributes web pages

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

In computing, the User-Agent header is an HTTP header intended to identify the user agent responsible for making a given HTTP request. Whereas the character sequence User-Agent comprises the name of the header itself, the header value that a given user agent uses to identify itself is colloquially known as its user agent string. The user agent for the operator of a computer used to access the Web has encoded within the rules that govern its behavior the knowledge of how to negotiate its half of a request-response transaction; the user agent thus plays the role of the client in a client–server system. Often considered useful in networks is the ability to identify and distinguish the software facilitating a network session. For this reason, the User-Agent HTTP header exists to identify the client software to the responding server.

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where <credentials> is the Base64 encoding of ID and password joined by a single colon :.

<span class="mw-page-title-main">Digest access authentication</span> Method of negotiating credentials between web server and browser

Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user's web browser. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of hashing, making it non-secure unless used in conjunction with TLS.

<span class="mw-page-title-main">HTTP referer</span> HTTP header field

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page, from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

<span class="mw-page-title-main">HTTP 403</span> HTTP status code indicating that access is forbidden to a resource

HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if it was correct.

<span class="mw-page-title-main">HTTP 301</span> HTTP response status code


On the World Wide Web, HTTP 301 is the HTTP response status code for 301 Moved Permanently. It is used for permanent redirecting, meaning that links or records returning this response should be updated. The new URL should be provided in the Location field, included with the response. The 301 redirect is considered a best practice for upgrading users from HTTP to HTTPS.

<span class="mw-page-title-main">HTTP 302</span> HTTP Status Code

The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".

<span class="mw-page-title-main">HTTP 303</span> HTTP response status code

The HTTP response status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since RFC 2616.

The 502 Bad Gateway error is an HTTP status code that occurs when a server acting as a gateway or proxy receives an invalid or faulty response from another server in the communication chain. This error indicates a problem with the communication between the involved servers and can result in disruption of internet services. The 502 Bad Gateway error is considered one of the most common error codes on the internet and can occur in various scenarios.

HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls, NATs and ACLs, among other restrictions. The tunnel is created by an intermediary called a proxy server which is usually located in a DMZ.

<span class="mw-page-title-main">HTTP location</span> Instruction by web server containing the intended location of a web page.

The HTTP Location header field is returned in responses from an HTTP server under two circumstances:

  1. To ask a web browser to load a different web page. In this circumstance, the Location header should be sent with an HTTP status code of 3xx. It is passed as part of the response by a web server when the requested URI has:
  2. To provide information about the location of a newly created resource. In this circumstance, the Location header should be sent with an HTTP status code of 201 or 202.
<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing simultaneous two-way communication channels over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

<span class="mw-page-title-main">HTTP/1.1 Upgrade header</span> HTTP header field introduced in HTTP/1.1

The Upgrade header field is an HTTP header field introduced in HTTP/1.1. In the exchange, the client begins by making a cleartext request, which is later upgraded to a newer HTTP protocol version or switched to a different protocol. A connection upgrade must be requested by the client; if the server wants to enforce an upgrade it may send a 426 Upgrade Required response. The client can then send a new request with the appropriate upgrade headers while keeping the connection open.

HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the HTTP Working Group of the Internet Engineering Task Force (IETF). HTTP/2 is the first new version of HTTP since HTTP/1.1, which was standardized in RFC 2068 in 1997. The Working Group presented HTTP/2 to the Internet Engineering Steering Group (IESG) for consideration as a Proposed Standard in December 2014, and IESG approved it to publish as Proposed Standard on February 17, 2015. The initial HTTP/2 specification was published as RFC 7540 on May 14, 2015.

HTTP/3 is the third major version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web, complementing the widely-deployed HTTP/1.1 and HTTP/2. Unlike previous versions which relied on the well-established TCP, HTTP/3 uses QUIC, a multiplexed transport protocol built on UDP. On 6 June 2022, IETF published HTTP/3 as a Proposed Standard in RFC 9114.

References

  1. Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. IETF. sec. 6.5.2. doi: 10.17487/RFC7231 . RFC 7231.
  2. HTTP status code 402 Payment Required
  3. developer.mozilla.org Example response
  4. HTTP status code 402 General explanation of the 402 status code
  5. developer.mozilla.org Experimental
  6. 1 2 Fielding, R., Gettys, J., Mogul, J., et al. (1999). "[rfc:2616 Hypertext Transfer Protocol -- HTTP/1.1]". RFC 2616. IETF.
  7. stackoverflow.com Difference between http response status code 402 and 403
  8. The difference between HTTP status code 402 and 403
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.