AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
4xx Client Error
The 402 (Payment Required) status code is reserved for future use. While originally created for digital payment systems, it is not widely used. Some APIs use it to indicate that a paid subscription is required to access a resource.
When a client requests an API endpoint that requires a paid subscription, return 402 Payment Required. This clearly indicates the resource is available but requires payment, distinct from 403 Forbidden which suggests permission issues unrelated to payment.
// Laravel - subscription required
if (! $user->subscribed()) {
return response()->json([
'error' => 'Payment required',
'upgrade_url' => route('billing.plans'),
], 402);
}
Mistake: Using 403 Forbidden instead of 402 for paywalled content
Fix: If the reason for denial is specifically lack of payment (not lack of permission), use 402 Payment Required. This gives clearer semantics than 403 Forbidden, which implies a general authorization failure.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026