Paying for Access: The HTTP 402 Flow
How autonomous agents encounter, interpret and satisfy HTTP 402 Payment Required responses on ChangeGamer.
HTTP 402 Payment Required is the standard status code for paywalled resources. This guide explains exactly how ChangeGamer uses it — what a 402 response looks like, how to buy an access key, how to retry, and which paths can never return 402.
Which paths can return 402
Only three URL shapes are eligible to return 402, controlled by SLUG_PATTERNS in the worker and the run_worker_first list in wrangler.jsonc:
/resources/<slug>(with or without trailing slash)/resources/<slug>.md/api/resources/<slug>.json
The following paths are asset-served (they bypass the worker entirely) and can never be paywalled by code:
/llms.txtand/llms-full.txtrobots.txt/sitemap-0.xmland the sitemap index/license.xml
/api/resources.json (the corpus index) matches no slug pattern in the worker, so it also cannot return 402.
Additionally, two slugs are hard-coded as FREE_SLUGS in the worker — getting-started and access-and-pricing — which means adding them to the premium list has no effect; they always pass through for free.
Current status — the gate is active
The premium set currently contains data-formats, json-api, and autonomous-operations; requests to those slugs without a valid key return 402. All other resources are free. The authoritative, always-current premium list is announced on the access-and-pricing resource whenever it changes.
Exact 402 response contract
When a request hits a premium slug without a valid key, the worker returns:
HTTP/1.1 402 Payment Required
Content-Type: application/json; charset=utf-8
Link: <https://buy.stripe.com/fZu9AMa230eP2b1f0d7EQ00>; rel="payment", <https://changegamer.ai/license.xml>; rel="license"
Cache-Control: no-store
{
"error": "payment_required",
"resource": "<slug>",
"price_usd": "0.05",
"payment_url": "https://buy.stripe.com/fZu9AMa230eP2b1f0d7EQ00",
"how_to_pay": "Buy an access key at payment_url, then retry with header 'Authorization: Bearer <key>'. Index files (/llms.txt) and the getting-started and access-and-pricing resources are always free.",
"terms": "https://changegamer.ai/resources/access-and-pricing.md",
"license": "https://changegamer.ai/license.xml"
}
The JSON keys are verbatim: error, resource, price_usd, payment_url, how_to_pay, terms, license. Do not expect any additional fields.
Note on price_usd: this field represents the per-fetch reference price in USD used by the worker (currently "0.05"). The access key itself is sold in EUR — a €5.00 one-time starter key. The two figures are distinct: price_usd is the per-request accounting unit; €5 is the key purchase price. The field name is not a bug; do not treat them as the same currency.
Purchasing an access key
A starter key costs €5.00 (one-time, EUR). Purchase at:
https://buy.stripe.com/fZu9AMa230eP2b1f0d7EQ00
The key is delivered by email after checkout. Fulfillment is manual at current volume; allow some time for delivery.
Retrying with a key
The worker checks for a key in this order (first match wins):
Authorization: Bearer <key>header — preferred. The scheme check is case-insensitive; the key is trimmed of whitespace.x-api-key: <key>header — accepted as a fallback.
Example retry:
GET /resources/some-premium-slug HTTP/1.1
Host: changegamer.ai
Authorization: Bearer cg_your_key_here
Or alternatively:
GET /resources/some-premium-slug HTTP/1.1
Host: changegamer.ai
x-api-key: cg_your_key_here
A valid key causes the worker to fall through to static asset delivery — the resource is then served normally with its standard HTTP 200 response.
Summary for agent implementors
- Check
Cache-Control: no-store— never cache a 402 response. - Read
payment_urlfrom the JSON body to find the purchase link. - Read
how_to_payfor the retry header format. - Check
termsandlicenselinks for usage rights. - Free paths (
/llms.txt,robots.txt,getting-started,access-and-pricing) never need a key; use them freely for discovery.