Draft Specification v0.1

Portable subscriptions for the open web

OPE is a portable entitlement layer that lets users access gated content across any app, any feed format, any browser, and any platform. Subscribe once, read anywhere — articles in your feed reader, podcasts in your player, video in your app, or content on the web. No lock-in. No walled gardens.

Read the Spec View on GitHub

Entitlement, not payments

OPE proves you're allowed in. Payment processors handle money. Clean separation.

Truly portable

Your subscription works in any OPE-compatible app — feed reader, podcast player, or browser. No platform lock-in.

Works with any feed

RSS, Atom, JSON Feed, AT Protocol. OPE extends what you already use.

Publisher-controlled

Publishers issue grants and control access. Their content, their rules.

Design Philosophy

Four layers, cleanly separated

OPE occupies the space between content distribution and payment processing. Each concern stays independent.

Layer 1

Content

Articles, podcasts, video, courses, and more. Created and hosted by the publisher.

Layer 2

Distribution

Feed formats (RSS, Atom, JSON Feed, ATProto) that catalog and deliver previews.

Layer 3 — OPE

Entitlement

Verification that a user has the right to access content. Portable across apps.

Layer 4

Payments

How money changes hands. Stripe, x402, Lightning, or anything else. Out of scope.

The Flow

From feed to full content

Five steps from discovering content in your app to accessing the full thing.

Feed

Client fetches a feed and finds OPE-gated items with preview content or trailer clips.

Discovery

Client fetches /.well-known/ope to learn the publisher's capabilities.

Authenticate

Client initiates OAuth 2.0 with PKCE. User logs in with the publisher.

Grant

Publisher issues a signed grant token proving entitlement.

Access

Client presents the token and retrieves full content — article, episode, or video. Done.

See It In Action

How OPE works for real people

Two people, two apps, one protocol. Flip through to see how it actually works.

1 of 6

Alice adds a feed

Alice opens her favorite feed reader and subscribes to The Cosmic Courier, a space and science publication. Most articles show full content, but one piece — "The Hidden Cost of Walled Gardens" — shows only a preview. The teaser says: 4,500 words · 18 min read. Intriguing.

2 of 6

Her reader discovers OPE

The feed reader spots the ope extension in the JSON Feed and fetches the publisher's /.well-known/ope endpoint. One tiny JSON file tells it everything: OAuth server, content API, grant types, and pricing. No special integration required.

3 of 6

Alice taps 'Subscribe'

The gated article shows a rich preview with word count, estimated read time, and a clear call-to-action. Alice taps "Subscribe for $5/month" and her reader opens the publisher's OAuth login. Quick and familiar.

4 of 6

Authentication & grant

Alice logs in with The Cosmic Courier. After a quick consent screen, the publisher issues a signed grant token — a portable JWT that proves Alice is a subscriber. Her reader stores it securely. That's it.

5 of 6

Full content, instantly

Her reader presents the token to the content API and pulls down the full 4,500-word article. Alice reads it right where she is — no browser switch, no paywall interstitial, no friction. Just the article.

6 of 6

It just keeps working

Every future gated article from The Cosmic Courier is automatically accessible. The token refreshes silently in the background. Alice can also read on the publisher's website — same token, works via a browser cookie. One subscription, every surface.

1 of 6

Bob subscribes to a podcast feed

Bob adds "Sound and Signal" — a music and culture podcast — to his podcast player via its RSS feed. Most episodes play fine. But Episode 12, "Why Vinyl Sounds Better (And Why It Doesn't)," only has a 2-minute teaser. The feed says: 57 min · Season 2, Episode 12.

2 of 6

Preview clip plays, full episode is gated

Bob listens to the teaser from the RSS <enclosure>. His player detects OPE metadata on the episode and shows: "Subscribe for $3/month for ad-free and bonus episodes." The full episode is behind entitlement. Fair enough — he's hooked.

3 of 6

Bob taps Subscribe

His podcast player opens the publisher's OAuth login. Bob signs up and subscribes. It's the same OAuth + PKCE flow every OPE client uses — the player doesn't need any special deal with this particular show.

4 of 6

Grant token issued

Sound and Signal verifies Bob's subscription and issues a portable grant token. It includes an access grant that covers all premium episodes — not just this one. His player stores it alongside tokens from other publishers.

5 of 6

Full episode downloads

The player calls the content API with the grant token. Back comes a signed media URL for the full ad-free MP3 (54.8 MB, 57 min). Bob downloads it for his commute. Show notes arrive as HTML. Nice.

6 of 6

Every premium episode, any app

New premium episodes are automatically unlocked. Signed URLs expire with the token, so links can't be shared. And here's the kicker: because the grant token is portable, Bob could switch to any other OPE-compatible podcast player without re-subscribing. His entitlement follows him.

Simple discovery, powerful access

Publishers expose a single well-known endpoint. Reader apps handle the rest — OAuth, token management, content retrieval — all standardized.

Discovery: JSON manifest at a well-known URL
Auth: OAuth 2.0 with PKCE, consent, dynamic registration
Tokens: JWT, PASETO, or Macaroons — API or cookie transport
Content: Single item or batch retrieval, HTTP 402 signaling
Web: Cookie-based grants, browser unlock, cross-publisher SSO
Feeds: Non-breaking extensions with unlock URLs

/.well-known/ope

{
  "version": "0.1",
  "oauth_server": "https://example.com/.well-known/oauth-authorization-server",
  "entitlement": {
    "grant_url": "https://example.com/api/entitlement/grant",
    "token_format": "jwt",
    "token_mode": "portable",
    "default_ttl_seconds": 3600
  },
  "content": {
    "endpoint_template": "https://example.com/api/content/{id}",
    "batch_endpoint": "https://example.com/api/content/batch",
    "formats_available": ["html", "markdown"]
  },
  "grants_supported": ["access", "limit", "signal"]
}

Who It's For

Built for the entire ecosystem

Publishers

Keep full control of your content and subscriptions while making them work everywhere.

· Add OPE metadata to your existing feeds
· Works for articles, podcasts, video, courses, and more
· Expose a single discovery endpoint
· Use the reference gateway or build your own
· Support any payment processor you want
· WordPress, Ghost, Substack, podcast host migration paths

Apps & Browsers

Give your users seamless access to gated content from any OPE-enabled publisher — in feed readers, podcast players, video apps, or on the web.

· Detect OPE extensions in any feed format
· Manage per-publisher OAuth sessions
· Show rich previews: word count, duration, artwork
· Retrieve full articles, media files, or streaming URLs
· Batch retrieval for fast offline sync
· Browser unlock via cookies and HTTP 402

Brokers

Create subscription bundles across multiple publishers. Like cable bundles, but for the open web.

· Aggregate entitlements across publishers
· Issue broker grant tokens with Macaroons
· Capability attenuation for scoped access
· Single sign-on for multi-publisher access
· Enable new business models

Flexible Access

Three simple grants, powerful access

OPE doesn't prescribe how entitlements are earned — it standardizes how they're proven. Every grant in the protocol is one of three primitives, each with a small set of composable fields. Fourteen common patterns (subscription, gift, trial, etc.) are named aliases — but the protocol itself only validates three types.

access

The reader may view this content. Access grants cover subscriptions, per-item purchases, gifts, trials, rentals, bundles, and broker access — anything where the core question is "can this person see this?"

scope · duration · transferable · source

limit

The reader may view up to a threshold. Limit grants handle metered paywalls and locale-gated access — situations where entitlement is conditional on a quota or region rather than a binary yes/no.

kind · quota · period · source

signal

The reader has a status that unlocks treatment. Signal grants communicate things like ad-free eligibility, institutional affiliation, patron status, or family-plan membership — the content is accessible, but the experience changes.

kind · source

Grant Builder

Pick a preset to see how named grant types decompose into primitives, or build a custom grant and copy the JSON.

Compatibility

Works with what you already use

OPE is a purely additive extension. Readers without OPE support simply see previews as usual.

RSS 2.0 Atom JSON Feed AT Protocol OAuth 2.0 PKCE JWT PASETO Macaroons DPoP PAR / RAR HTTP 402 RFC 7591 x402 Stripe WordPress Ghost

Start building with OPE

The spec is open. The demo runs locally in one command. Read it, build on it, and help shape portable entitlements for the open web.

Read the Specification Try the Demo Contribute on GitHub