Secure agent commerce with the Agent Payments Protocol
Agent Payments Protocol (AP2) is an open protocol for the emerging Agent Economy. It enables secure, reliable, and interoperable agent commerce for developers, merchants, and the payments industry.
Open and interoperable
AP2 extends the open Agent2Agent and Model Context protocols so any compliant agent can transact with any compliant merchant.
User control and privacy
Role-based architecture and payload encryption keep sensitive payment data private while preserving end-user authority.
Verifiable intent
Intent and cart mandates provide tamper-evident, user-signed proof that an agent is acting on explicit instructions.
Clear accountability
Cryptographic audit trails help issuers, merchants, and networks resolve disputes with transparent evidence.
Payment-method agnostic
The protocol supports today’s card-based pull payments and is designed to add real-time and digital currency rails.
Reference implementations
Python and Android samples demonstrate AP2 roles interacting end-to-end without requiring live payment providers.
🎬 Watch AP2 Demo Video
Learn about Agent Payments Protocol core concepts and real-world use cases in under 7 minutes
What is AP2?
Agent Payments Protocol (AP2 Protocol) is an open protocol launched by Google in collaboration with Coinbase and over 60 organizations, specifically addressing core challenges of AI agents safely participating in commercial transactions.
Through verifiable credentials and multi-layer authorization mechanisms, AP2 Protocol enables agents to safely complete AP2 payments, AP2 wallet management, and asset transactions on behalf of users while ensuring users always maintain ultimate control.
AP2 Protocol builds trust through three core mandate types: Intent Mandates, Cart Mandates, and Payment Mandates.
As an extension to the Agent2Agent (A2A) protocol, AP2 Protocol combines x402 stablecoin rail technology to provide complete payment infrastructure for the emerging agent economy and machine economy. Through smart payments capabilities, supporting full-scenario applications from enterprise procurement and consumer shopping to AI service transactions.
Technical Deep Dive
Understand AP2's technical architecture, working principles, and implementation details
Read Technical DocsBusiness Value Analysis
Explore AP2's practical significance and application prospects for enterprises and consumers
Read In-Depth AnalysisCore Value
Through verifiable credentials, role separation, and encrypted audit chains, AP2 provides a unified trust framework for agents, merchants, and payment services, enabling any protocol-compliant participant to discover, negotiate, and settle in a trusted environment.
Why agents need AP2
Today's payment infrastructure assumes a human is present to approve every purchase. When autonomous agents act on a user's behalf, the ecosystem must answer:
Authorization
What verifiable proof shows the user empowered the agent for a specific purchase?
Authenticity
How can merchants be sure an agent's order reflects the user's true intent instead of a model hallucination?
Accountability
If something goes wrong, who is responsible—the user, the agent developer, the merchant, or the issuer?
Without a common standard, solutions fragment into proprietary flows that are hard for merchants to integrate and confusing for users. AP2 addresses this trust gap with shared mandates and audit evidence.
Core principles
Openness & interoperability
AP2 stays vendor-neutral so agents, merchants, and payment providers can compose solutions without lock-in.
User control & privacy
Role separation plus encrypted payloads keep sensitive credentials protected while preserving user agency.
Verifiable mandates
Transactions carry user-signed mandates so agents prove intent instead of inferring it.
Clear accountability
Tamper-evident audit trails give issuers, merchants, and networks shared evidence for disputes.
Global roadmap
Cards come first, with real-time transfers and digital currency rails close behind.
Ecosystem collaboration
Alignment with A2A and MCP keeps agents, merchants, and service providers innovating together.
How AP2 works with A2A and MCP
AP2 builds on the communication layers established by A2A and the Model Context Protocol (MCP):
Explore additional ecosystem resources such as Agent2Agent.Info and the Chinese-language A2A hub at A2Acn.com.
Verifiable credentials in AP2
Verifiable Credentials (VCs) are tamper-evident, cryptographically signed data objects that agents exchange to build trust. AP2 defines three primary mandates:
Cart Mandate
Used in human-present flows; merchants assemble final cart details and the user signs them.
User-Signed Intent Mandate
Used in human-not-present scenarios, giving an agent clear authority bounded by explicit parameters.
Payment Mandate
Shared with networks and issuers to highlight agent participation and communicate risk signals.
🔗 Complete Audit Trail
Together these credentials form a portable audit trail across implementations
The three types of mandates in AP2 protocol work together to ensure verifiability and security of agent payments
Run the samples
Digital Payment Credentials (Android)
Highlights the Android experience for signing mandates.
Go to sampleRelated resources
AP2 documentation
Complete technical documentation and usage guides.
AP2 protocol specification
Detailed definitions, capability models, and compliance expectations.
AP2 GitHub samples
Runnable end-to-end demos across issuer, agent, and merchant roles.
Agent2Agent community
Stay close to the broader A2A ecosystem and partner updates.
A2A Chinese
A community-maintained Chinese localization of A2A content.
MCP Info
Model Context Protocol(MCP).info, The resource hub for the Model Context Protocol (MCP).
ACP Commerce
Agentic Commerce Protocol Chinese technology community.
ChatGPT Chinese
ChatGPT Chinese technology community.