Chapter 07

Agent Payments Protocol

AP2 enables AI agents to initiate and complete payments securely with verifiable user intent and clear accountability.

As agents gain autonomy to act on behalf of users, the question of financial transactions becomes critical. The Agent Payments Protocol (AP2) extends A2A and pairs with MCP to carry cryptographically signed "mandates" that prove what the user authorized.

AP2 is an open, interoperable standard that lets AI agents initiate and complete payments securely and compliantly across merchants and payment rails, with verifiable user intent and clear accountability.

What AP2 Solves

🔐

Authorization

Cryptographic proof that a user empowered an agent to purchase specific items under specific constraints, replacing fragile "assume-the-human-clicked" flows.

✅

Authenticity

Merchants get signed evidence that the basket and price the agent presents match the user's intent, mitigating hallucinations or cart tampering risks.

📋

Accountability

A non-repudiable audit trail clarifies responsibility across user, agent developer, merchant, PSP, issuer, and network in case of error or fraud.

Payment Flows

👤 Human-Present (HP)

User Request → Intent Mandate

↓

Agent presents cart → User approves

↓

Cart Mandate → Merchant co-signs

↓

Authorization Complete

🤖 Human-Not-Present (HNP)

User pre-issues Intent Mandate with constraints

↓

Agent executes under constraints

↓

Emits Payment Mandate signal

↓

Authorization Complete

Supporting Companies

Major technology, financial, and e-commerce companies are backing AP2:

Visa

Mastercard

Stripe

PayPal

Square

Shopify

Amazon

Google

Microsoft

OpenAI

Anthropic

Adyen

Key Concepts

Intent Mandate

A cryptographically signed declaration of what the user authorizes the agent to do. Includes constraints like maximum spend, allowed merchants, product categories, and time limits.

Cart Mandate

Generated after the agent assembles a cart. The merchant co-signs to confirm the exact items and prices, creating a binding agreement between all parties.

Payment Mandate

The final authorization signal that triggers actual fund transfer. Contains references to both Intent and Cart Mandates for audit purposes.

AP2 transforms agent commerce from a trust problem into a verification problem—every transaction has cryptographic proof of authorization.