diff --git a/README.md b/README.md
index e171a16..866087f 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ See the [BUDs](./buds) folder and specifically [BUD-01](./buds/01.md) and [BUD-0
 - [BUD-03: User Server List](./buds/03.md)
 - [BUD-04: Mirroring blobs](./buds/04.md)
 - [BUD-06: Upload requirements](./buds/06.md)
+- [BUD-07: Paid upload and download](./buds/07.md)
 - [BUD-08: Nostr File Metadata Tags](./buds/08.md)
 
 ## Event kinds
diff --git a/buds/07.md b/buds/07.md
new file mode 100644
index 0000000..58a97c4
--- /dev/null
+++ b/buds/07.md
@@ -0,0 +1,36 @@
+BUD-07
+======
+
+Paid upload and download
+------------------------
+
+`draft` `optional`
+
+Cashu payments for uploads and downloads
+
+## Paid Upload
+
+The server may require payment for uploading blob by returning a `402` status code the `PUT /upload` endpoint (and `HEAD /upload` if [BUD-06](./06.md) is supported)
+
+## Paid Downloads
+
+The server may also require payment for downloads by responding with a `402` status code for `GET /<sha256` and `HEAD /<sha256>` endpoints
+
+## Payment Flow
+
+When the server is requesting payment for an endpoint it MUST respond with `402` and a `X-Cashu` header containing a base64 encoded json object (payment request)
+
+The payment request should contain an `amount`, `mints`, `unit`, and `pubkey` fields
+
+ - `amount` The amount of ecash being requested
+ - `mints` An array of mints that this server uses
+ - `unit` The cashu `unit` from the `mints`
+ - `pubkey` (optional) a 33 byte pubkey to lock the tokens too. see [NUT-11](https://github.com/cashubtc/nuts/blob/main/11.md)
+
+When the client receives a `402` response and with a `X-Cashu` header it may retry the request with a payment
+
+The payment should be a serialized cashu token according to [NUT-00](https://github.com/cashubtc/nuts/blob/main/00.md#v4-tokens)
+
+## Payment Checks
+
+Optionally a server may respond with `402` to the `HEAD /upload`, `HEAD /<sha156>` if it supports [BUD-06](./06.md)