LSAT
. LSAT
stands for Lightning Service Authentication Token. LSATs are a new standard protocol for authentication and paid APIs developed by Lightning Labs. LSATs can serve both as authentication, as well as a payment mechanism (one can view it as a ticket) for paid APIs. By leveraging the LSATs, a service or business is able to offer a new tier of paid APIs that sit between free, and subscription: pay as you go.HTTP
as well as the Lightning Network to create a seamless end-to-end payment+authentication flow for the next-generation of paid APIs built on top of the Lightning Network.aperture
, a reference LSAT aware reverse-proxy used in production for all our systems. In the remainder of this section, we'll explore the motivation, lineage, and workflow of LSATs at a high level. For a more detailed speciation, please see the later sections of this specification.200 OK
error code indicates a successful HTTP response. The 401 Unauthorized
is sent when a client attempts to access a page or resource that requires authentication, and so on. A large number of other error code exist, with some more commonly used than others. One error code which has widely been underutilized is: 402 Payment Required
. As the name entails, this code is returned when a client attempts to access a resource that they haven't paid for yet. In most versions of the HTTP specification, this code is marked as being "reserved for future use". Many speculate that it was intended to be used by some sort of digital cash or micropayment scheme, which didn't yet exist at the time of the initial HTTP specification drafting.lnd
as its default authentication mechanism. The LSAT protocol allows a user to atomically purchase one of these tickets for sats over the Lightning Network. Partial LSATs are served over HTTP (or HTTP/2) when a user attempts to access a resource that requires payment (402 Payment Required
) along with a Lightning invoice. This partial LSAT can then be converted into a complete LSAT by paying the invoice, and obtaining the payment pre-image (the invoice pays to a payment hash: payment_hash = sha256(pre_image)
).