AP2: The Agent Payments Protocol for Verifiable AI Transactions
AP2 (Agent Payments Protocol) is an open specification that enables AI agents to execute payments on behalf of users through cryptographically signed mandates. Introduced by Google in collaboration with an industry working group, the protocol ensures that agentic transactions are verifiable, auditable, and compatible with existing payment networks. By utilizing the W3C Verifiable Credentials standard, AP2 provides an audit trail that reduces fraud flags and chargebacks for merchants.
What is the AP2 protocol?
AP2 is a standardized framework for authorizing AI agents to handle financial transactions with verifiable user intent.
* Uses cryptographically signed mandates to define agent permissions.
* Built on the W3C Verifiable Credentials data model.
* Compatible with existing PSPs, card networks, and digital wallets.
* Designed to work alongside UCP and Visa TAP.
What problems does AP2 solve?
AP2 addresses the lack of verification in automated commerce, where merchants currently struggle to confirm the legitimacy of agent-initiated purchases.
* Authorization Verification: Confirms whether a user actually authorized the agent to make a specific purchase.
* Scope Definition: Specifies if an authorization is for a one-time purchase, a recurring payment, or a specific price ceiling.
* Liability Assignment: Establishes a clear audit trail to determine liability between the user, agent, and merchant.
* Fraud Reduction: Prevents transaction blocks by providing proof of intent that satisfies fraud detection systems.
How does an AP2 mandate work?
The protocol functions through a "mandate," which is a structured, signed statement from the user defining the agent's boundaries.
* Mandate Contents: Includes the agent’s name, spending limits, item categories, and expiration dates.
* Signature Process: The user signs the mandate using existing identity infrastructure like hardware-backed keys or OIDC providers.
* Transaction Flow: The agent presents the mandate to the merchant’s Payment Service Provider (PSP) during checkout.
* Verification: The PSP verifies the cryptographic signature and confirms the purchase remains within the user-defined scope.
The technical specification is maintained on GitHub, with further details available in the Google announcement post.
How does AP2 compare to UCP and TAP?
A complete agentic transaction requires three distinct layers of protocol support to manage discovery, authorization, and trust.
| Protocol | Function | Purpose |
|---|---|---|
| UCP | Universal Commerce Protocol | Defines what is for sale and how to buy it (catalog and cart). |
| AP2 | Agent Payments Protocol | Provides proof that the user authorized the specific transaction. |
| Visa TAP | Trust & Identity | Verifies that the agent making the request is a trusted entity. |
What are the benefits of AP2 for merchants?
For most merchants, AP2 functions as an invisible backend layer handled by their acquirer or PSP, similar to card tokenization.
* Reduced Chargebacks: Signed mandates provide a definitive audit trail to resolve user disputes.
* Lower Fraud Rates: Agent-driven purchases are recognized as legitimate transactions rather than suspicious activity.
* Market Access: Merchants can accept automated buyers without building bespoke integrations for every AI platform.
* Infrastructure Reuse: Reuses existing W3C standards, requiring no new custom cryptographic systems.
Related Standards
* UCP: The Universal Commerce Protocol