Skip to main content

โ€‹
l402-kit White Paper

Version 1.0 โ€” April 2026

โ€‹
Abstract

l402-kit is an open-source middleware library that enables any HTTP API to accept Bitcoin Lightning micropayments using the L402 protocol. Developers add a paywall to any endpoint in 3 lines of code, across TypeScript, Python, Go, and Rust. Payments settle in under one second, fees are 0.3% with no monthly subscription, and no bank account or account creation is required from the end user.

โ€‹
1. Problem

The current API monetization stack is broken for small-value, high-frequency access patterns:
  • Credit cards: Minimum viable transaction is ~0.30.Charging0.30. Charging 0.001 per API call is economically impossible.
  • Account walls: Creating an account reduces conversion by 60โ€“80%. AI agents cannot create accounts.
  • Monthly subscriptions: Wrong pricing model for pay-per-use APIs. Developers pay for capacity they donโ€™t use.
  • Geographic exclusion: 1.4 billion adults are unbanked. Bitcoin has no geography.
The result: developers give away high-value API access for free because charging is too expensive or too complex.

โ€‹
2. Solution: L402 + Bitcoin Lightning

The L402 protocol (HTTP 402 Payment Required) enables a native payment handshake at the HTTP layer:
  1. Client calls an endpoint without payment proof
  2. Server returns 402 Payment Required with a BOLT11 Lightning invoice
  3. Client pays the invoice (~300ms, any wallet)
  4. Client re-calls with Authorization: L402 <token>:<preimage>
  5. Server verifies SHA256(preimage) == paymentHash cryptographically
  6. Server returns 200 OK
The preimage โ€” the cryptographic secret released when Lightning payment settles โ€” is the proof of payment. No session, no JWT, no database lookup on the hot path.

โ€‹
3. Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                    Developer's API                       โ”‚
โ”‚                                                          โ”‚
โ”‚   app.use('/endpoint', l402Middleware({                  โ”‚
โ”‚     priceSats: 100,                                      โ”‚
โ”‚     lightningAddress: 'you@blink.sv'                     โ”‚
โ”‚   }))                                                    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                   โ”‚ 402 on first call
                   โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚              ShinyDapps Backend (managed)                โ”‚
โ”‚                                                          โ”‚
โ”‚   POST /api/invoice  โ†’  Blink API (BOLT11 creation)      โ”‚
โ”‚   POST /api/webhook  โ†  Blink callback (settlement)      โ”‚
โ”‚   GET  /api/stats    โ†’  Supabase (payment history)       โ”‚
โ”‚   GET  /api/pro-check โ†’  Supabase (tier verification)    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                   โ”‚
          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
          โ–ผ                 โ–ผ
   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
   โ”‚    Blink    โ”‚   โ”‚   Supabase     โ”‚
   โ”‚  Lightning  โ”‚   โ”‚  PostgreSQL    โ”‚
   โ”‚   Network   โ”‚   โ”‚  (payments +   โ”‚
   โ”‚             โ”‚   โ”‚   pro_access)  โ”‚
   โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
The middleware is stateless on the verification path. Invoice creation and webhook processing happen asynchronously through the managed backend. Developers who prefer full custody can self-host by pointing the middleware at their own Lightning node (LNbits, OpenNode, or direct LND/CLN).

โ€‹
4. Economic Model

TierCostWhat you get
Free0.3% of payments receivedUnlimited calls, 7-day history, 1D/7D charts, all SDKs
Pro9,000 sats/month ($9)Full history, 30D/1Y/ALL charts, CSV export, priority support
Founder1,000,000 sats one-time ($999)Lifetime Pro, founder badge, direct access
The 0.3% fee is structurally aligned with developer success: ShinyDapps earns only when developers earn. No payments, no fee. There is no base cost, no credit card required, and no minimum revenue threshold. At scale:
  • **1,000/monthโˆ—โˆ—inAPIrevenueโ†’1,000/month** in API revenue โ†’ 3/month fee
  • **10,000/monthโˆ—โˆ—โ†’10,000/month** โ†’ 30/month fee
  • **100,000/monthโˆ—โˆ—โ†’100,000/month** โ†’ 300/month fee

โ€‹
5. SDKs

l402-kit ships native libraries for all major backend runtimes:
LanguagePackageInstall
TypeScript / Node.jsl402-kit on npmnpm install l402-kit
Pythonl402kit on PyPIpip install l402kit
Gogithub.com/shinydapps/l402-kit/gogo get ...@v1.0.1
Rustl402kit on crates.iocargo add l402kit
All SDKs implement the same interface: a single middleware function that takes priceSats and lightningAddress, returns a standard middleware compatible with Express, FastAPI, net/http, and axum.

โ€‹
6. AI Agents & LLMs

l402-kit is natively compatible with the emerging AI agent economy. LLMs and autonomous agents can:
  • Call L402-gated APIs without human intervention
  • Pay for exactly the data or compute they need
  • Use any Lightning wallet or custodial account
  • Operate across borders with zero friction
The llms.txt file at the repository root provides machine-readable integration instructions for AI systems.

โ€‹
7. Security

  • Replay prevention: preimage has a UNIQUE constraint in Supabase โ€” each proof can only be used once.
  • Cryptographic verification: SHA256(preimage) == paymentHash is verified in the middleware without any external call.
  • Webhook integrity: Blink callbacks are verified via HMAC-SHA256 before any database write.
  • RLS hardening: The Supabase anon key has zero access to pro_access (Lightning addresses are PII). Payments are filtered by owner_address.
  • No private keys in code: All secrets are environment variables; the BOLT11 preimage never leaves the verification layer.

โ€‹
8. Decentralization Roadmap

The current managed backend (ShinyDapps-hosted) is a pragmatic starting point. The roadmap toward full decentralization:
  1. v1.0 โ€” Managed mode: developer provides only a Lightning address, ShinyDapps handles invoice creation and settlement (current)
  2. v1.5 โ€” Self-hosted mode: developers point the SDK at their own LNbits or OpenNode instance
  3. v2.0 โ€” Direct Lightning: SDK creates invoices and verifies payments directly against LND/CLN via gRPC, no intermediary
  4. v3.0 โ€” Multi-provider routing: payment routing optimized for fees and reliability across multiple Lightning nodes

โ€‹
9. Open Source

l402-kit is MIT-licensed. Packages on npm, PyPI, pkg.go.dev, and crates.io. Contributions welcome. Issues and pull requests are reviewed within 48 hours.
ShinyDapps ยท l402kit.vercel.app ยท thiagoyoshiaki@gmail.com