Building a Content Distribution Proxy Implementing the LSATs spec | Summer Of Bitcoin’22 at Alby

About the project

The main goal of the project is to build a solution that leverages the widely underused HTTP 402 (payment required) status code and LSAT (Lightning Service Authentication Token — a new protocol standard for authentication and paid APIs) to make microtransactions possible to get access to ad-free content or any paid APIs. It includes developing tools that integrate LSAT in the content distribution process and allow the delivery of specific content based on the provided payments. The solution will allow the client to indicate if they support LSAT or not and then the server can decide which content to deliver based on it. It also focuses on ease of use and deployment and giving the users the flexibility of optionally enabling the paywall if the client prefers.

A good use case can be:- A podcast service delivering ad-free audio files to players that support lightning payments and ad-version to others ensuring a smooth upgrade path to lightning payments without breaking the audio players (clients) that do not support lightning yet.

The complete architecture looks like this:-

Detailed authentication flow:-

  1. Authentication of resources using LSAT:-
LSAT Authentication flow diagram (taken from

A typical LSAT macaroon and invoice wrapped inside the WWW-Authenticate field will look like:-

LSAT authentication scheme

A typical macaroon and preimage wrapped inside the Authorization field will look like:-

LSAT authorization scheme

2. Authentication for users requesting free content or not having enough funds:-

The client can indicate to the server that it prefers LSAT payments for the resources and the server can then respond with LSAT if supported. The client will send the accept type with the header as shown below:-

{"Accept-Authenticate": "LSAT"}

Project Progress

I have implemented the LSAT proxy server demonstrating all of the above handshakes. The request-response flow looks like this:-

Request-response flow

It currently supports LND (Lightning Network Daemon) and LNURL for generating invoices but it will be extended to support Core-lightning and Eclair to make the solution node independent.

Upcoming project goals

  1. Add support for other nodes like Core-lightning and Eclair.
  2. Implement the proxy as a middleware.
  3. Implement a dynamic module for NGINX.
  4. Develop client-side SDKs and libraries in popular languages like Golang and Python.

Thanks to my mentors Michael and Kwinten for helping me with the project. You can learn more about the project from the repo.

You can connect me on LinkedIn or Twitter. Looking forward to delivering more good things in the future.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhananjay Purohit

Dhananjay Purohit

Summer Of Bitcoin’22 @Alby | GSoC'21 @Orcasound | LFX’21 CNCF- @LitmusChaos | Full Stack Developer | Open-source contributor