Every year the internet absorbs more of the value transfer of the world; eCommerce has exploded today billions of people worldwide purchase physical or digital goods and services online without a second thought. This rapid growth has only been limited by the fiat banking system that clearly cannot keep up with all the possible business models and monetisation methods the internet could offer.
The bitcoin network has given us a secure method of value transfer along with a native asset; this forms the basis of a new standard for internet interaction. If a network can transfer value in real-time, it should be able to perform other secure actions too, and this is where the Lightning network and its ever-expanding toolset come into play.
When we browse the internet or conduct online commerce, authentication and authorisation are required for many web and mobile applications. Authentication establishes who is making a request, and authorisation sets the permissions for each user.
These are two fundamental parts of anyone’s internet experience, yet the solutions we have today offer notable downsides in their implementation.
- First, they rely on third parties to store sensitive information. This information is frequently stolen or leaked, putting you at risk.
- Second, users’ real-world identities are often linked to authentication and being anonymous becomes harder and has its limitations.
Tying your real identity to a third-party authentication service, such as Google or Facebook, reveals information about which services you use and how often you use them. Creating this massive data footprint not only leaves you open to possible threats but also monetisation tactics through manipulation and resale of that data to third parties.
So what does this have to do with bitcoin? Well, plenty, the Lightning network is not only a method of transferring value instantly in real-time, but it can pass data too. With its LSAT protocol, it aims to decouple authentication and authorisation from big tech and offer users a convenient alternative.
What is an LSAT?
An LSAT is an HTTP header that encodes a macaroon and corresponding lightning invoice. This proof of payment is the baseline requirement to produce a valid LSAT. LSAT, a new standard for authentication and paid APIs for the web.
LSATs use the Lightning Network for payments and a combination of HTTP-402 and macaroons for authentication and forgery resistance. The LSAT protocol gives us an opportunity to use Lightning with the native web.
The forgotten HTTP error code
HTTP uses several error codes to allow developers to consume APIs created by service providers easily. For example, the well-known
200 OK error code indicates a successful HTTP response. The
401 Unauthorized is sent when a client attempts to access a page or resource that requires authentication.
But these header statuses are not the only codes; many other error codes exist, with some more commonly used than others. One error code which has widely been underutilised is:
402 Payment Required.
As the name entails, this code is returned when a client attempts to access a resource that they haven’t paid for yet. In most versions of the HTTP specification, this code is marked as being “reserved for future use”. Many speculate that it was intended to be used by some sort of digital cash or micropayment scheme, which didn’t yet exist at the time of the initial HTTP specification drafting.
That is no longer a dream now that we have bitcoin and the Lightning network; this header status can now be used using the LSAT token.
What is the LSAT Token?
Before you get triggered by the word token, let me get it out of the first, this is NOT a tradable token but only a method of transferring data between two parties. An LSAT token is made up of two parts: a macaroon and a proof of payment.
Lightning payments provide a cryptographically secure way to prove payment. Each invoice generated has an associated 32-byte payment hash. To generate this hash, a random 32-byte string, known as a preimage, is hashed using the SHA-256 algorithm.
This preimage is only revealed upon successful payment of a lightning invoice. While it’s impossible to guess the preimage, it’s trivial to prove that only that preimage could have been used to generate the invoice’s payment hash.
By attaching a preimage, which can only be known by paying the corresponding invoice, to your LSAT, you have satisfied the proof of payment required for a valid LSAT.
Get an overview of LSATs in action
If you want a detailed overview of LSATs and how they work, we recommend checking out the following video by Lightning Labs.
What can you do with LSATs?
LSAT can be used by almost any online service based on HTTP/2 or gRPC that means most web developers can use the tool. LSATs can help to make the average users’ internet more accessible, private, and global by tackling pain points like:
- Removing authentication via email addresses and passwords or centralised login services Facebook sign-ins & Google sign-ins
- Allowing for trustless recurring payments, which make it possible to make subscriptions without credit cards
- New micropayment monetisation with metered APIs, so users can pay for API service when they need to rather than tiered or upfront pay plans.
- Reduce online spam by acting as an identifier and discard bots from social media sites by using LSAT and payments to authenticate any unusual activity
- Services can leverage LSAT to manage different tiers of service or preferential access. That means they could provide premium users with special features without having those users navigate to a premium page or request form.
Bitcoin is often referred to as magic internet money, and it sure is making strides to become the dominant method of value transfer online. Adding improvements like LSATs only continues to make interacting with value on the internet a seamless process.
In the near future, we could have Lightning wallets set up with only a set of private keys that you hold; you could use this Lightning wallet to sign in and out of applications, visit websites that will remember you, pay for applications and services with a single click, set up recurring payments or stream payments for what you consume online with all the details kept in your wallet.
Does that not sound like magic internet money to you?
If you’re keen to learn more about LSATs in detail, we recommend checking out the following resources.
Are you a bitcoin and lightning fan?
Have you been using Lightning to make micro-payments? Stream sats or engage with apps? Which app is your favourite? Have you tried all the forms of Lightning payments? Which one do you prefer? Let us know in the comments down below.