AP2: The Agent Payments Protocol for AI Commerce
As of 2024, AP2 (Agent Payments Protocol) is an open specification for cryptographically signed mandates that allow AI agents to pay on behalf of users. Introduced by Google and an industry working group, it leverages the W3C Verifiable Credentials data model to provide auditable, verifiable intent. AP2 ensures transaction validity by defining spending limits and categories, significantly reducing fraud risks across card networks and payment service providers (PSPs).
What is the AP2 Protocol?
AP2 is a standardized framework for enabling AI agents to execute financial transactions with verifiable user authorization. It creates a bridge between an agent’s autonomous actions and existing payment networks like card networks and merchants.
* Introduced by Google in collaboration with an industry working group.
* Uses cryptographically signed mandates to prove user intent.
* Compatible with existing Payment Service Providers (PSPs).
* Built on the W3C Verifiable Credentials data model.
* Detailed in the official GitHub specification.
What problems does AP2 solve?
The protocol addresses the lack of verification mechanisms in agentic commerce that currently lead to blocked payments or chargebacks.
* Authorization Verification: Confirms if the user actually authorized the specific purchase.
* Scope Definition: Clarifies item categories, price ceilings, and recurring vs. one-time payments.
* Liability Attribution: Establishes a clear audit trail to determine responsibility for disputed transactions.
* Fraud Reduction: Prevents AI "hallucinations" from being processed as legitimate financial intent.
How does the AP2 mandate system work?
AP2 works by issuing a "mandate," which is a structured, cryptographically signed statement from a user defining the agent's permissions.
1. Creation: The user signs a mandate naming the specific AI agent.
2. Scoping: The mandate defines permissions, such as spending limits or expiration dates.
3. Presentation: The agent presents this mandate to the merchant during a transaction.
4. Verification: The merchant or PSP verifies the signature against the W3C Verifiable Credentials standards.
5. Audit: The signed mandate remains as a permanent audit trail for any future disputes.
How does AP2 compare to UCP and Visa TAP?
AP2 operates as the authorization layer within a three-part protocol stack for AI commerce.
| Protocol | Layer | Primary Function |
|---|---|---|
| UCP | Commerce Layer | Defines catalogs, carts, and discovery. |
| AP2 | Payment Layer | Provides cryptographic proof of user authorization. |
| Visa TAP | Identity Layer | Verifies the identity and trust level of the agent. |
What are the benefits of AP2 for merchants?
For most merchants, AP2 functions as an invisible backend improvement handled by their existing payment infrastructure.
* Reduced Fraud: Transactions are pre-verified against cryptographically signed user mandates.
* Lower Chargebacks: Auditable mandates provide concrete evidence of user intent during disputes.
* Increased Reach: Merchants can safely accept automated buyers without bespoke integrations.
* Seamless Integration: PSPs handle the technical verification, similar to modern card tokenization.
Learn more about related protocols:
* UCP (Universal Commerce Protocol) explained