How HTTP 402 Is Turning APIs Into Vending Machines

The payment status code that sat unused for 30 years is finally getting its moment. When Tim Berners-Lee and Roy Fielding designed HTTP in the early 1990s, they reserved status code 402 for "Payment Required." The spec was vague — it was meant for future micropayment schemes that never materialized. For three decades, 402 has been a historical footnote, occasionally used by SaaS products as a 403 substitute for "you need to upgrade your plan." That's about to change. The Problem with API Keys Every API I've used in the last ten years follows the same pattern: Sign up for an account Generate an API key Choose a pricing plan ($49/mo, $199/mo, enterprise) Store the key in .env , hope you don't accidentally commit it Get an email when you exceed your quota This works fine at scale. But it's terrible for small workloads. I was building an influencer discovery tool. My use case: a few hundred searches per month, each returning a list of Instagram accounts matching a niche. The cheapest plan