Agent Payments Protocol (AP2)
Type: full-code · Vendor: Google (with 60+ payment and commerce partners) · Language: Python, TypeScript · License: Apache-2.0 · Status: active · Status in practice: emerging
Open protocol for agent-led payments in which the user's authorization is carried as cryptographically signed Mandates that merchants and payment networks can independently verify.
Description. AP2 is a Google-led open protocol (Apache-2.0) extending A2A and MCP to payments. Its core construct is the Mandate: a tamper-proof, cryptographically signed verifiable digital credential that proves a user's instructions. It defines Intent Mandates (the conditions under which an agent may purchase, signed upfront for delegated autonomous spend), Cart Mandates (explicit authorization of exact items and price in real time), and Payment Mandates (shared with networks to signal agent involvement). Launched with 60+ partners including Mastercard, PayPal, American Express, Adyen, and Coinbase.
Agent loop shape. Payment-authorization protocol rather than a single agent loop. Step 1: the user signs a Mandate — an Intent Mandate stating conditions for delegated spend, or a Cart Mandate approving exact items and price. Step 2: the agent builds a transaction and attaches the covering mandate. Step 3: the merchant verifies the signature and that the charge falls within the mandate. Step 4: the Payment Mandate is shared with the network, which re-verifies and settles, leaving a non-repudiable trail.
Primary use cases
- agent-initiated checkout with verifiable user authorization
- delegated autonomous purchasing under a signed Intent Mandate
- cross-network payment with non-repudiable proof for dispute resolution
Key concepts
- Mandate → verifiable-purchase-mandate (docs) — A tamper-proof, cryptographically signed verifiable digital credential that proves the user's payment instructions.
- Intent Mandate → session-scoped-payment-authorization (docs) — Signed upfront, states the conditions under which an agent may purchase for delegated autonomous spend.
- Cart Mandate → verifiable-purchase-mandate (docs) — Explicit real-time user authorization of specific items and prices.
- Payment Mandate (docs) — Shared with payment networks to signal agent involvement in the transaction.
Patterns this full-code implements —
- ★Verifiable Purchase Mandate
AP2's central construct is exactly this pattern: signed Intent/Cart/Payment Mandates as verifiable proof of user authorization.
- ★Agent-Initiated Payment
Under a valid mandate the agent settles the payment itself; AP2 carries the charge plus the signed authorization.
- ·Session-Scoped Payment Authorization
An Intent Mandate bounds delegated spend by signed conditions (for example a merchant and a maximum amount), scoping the agent's autonomous purchasing.
- ★Delegated Agent Authorization
Mandates delegate scoped, verifiable authority to the agent rather than handing it the user's standing payment secret.
References
Provenance
- Last analyzed:
- Last updated:
- Verification status: partial