Agent Payments Protocol (AP2)
Agent Payments Protocol (AP2) is Google's cryptographic trust layer for agentic transactions. AP2 mandates use of W3C Verifiable Credentials to prove payment intent, authorize cart checkouts, and create audit trails — establishing non-repudiation for AI-initiated commerce.
What is AP2?
Agent Payments Protocol (AP2) solves the hardest problem in agentic commerce: trust. When a human clicks "Place Order," there is an implicit, legally understood act of authorization. When an AI agent places an order on your behalf, how does the merchant know you actually authorized it? How does your finance team verify the purchase was within policy? How does the court determine liability if something goes wrong?
AP2 answers these questions with cryptography. Specifically, AP2 mandates the use of W3C Verifiable Credentials — the open standard for machine-verifiable, cryptographically signed attestations — to govern every AI-initiated transaction. Before an agent can shop on your behalf, you issue it a signed Intent Mandate credential that encodes exactly what it's allowed to purchase: categories, spending limits, merchant whitelist, and time window. Before any checkout completes, the agent must present a signed Cart Mandate that records exactly what was purchased, from whom, for how much, and where it ships.
These credentials create non-repudiation — the legal and cryptographic certainty that a transaction occurred and was authorized exactly as recorded. This is not just a technical nicety: enterprise procurement departments, SOX compliance auditors, GDPR data controllers, and accounts payable systems all require this audit trail before they can accept AI-initiated purchases. Without AP2, agentic commerce is a consumer feature. With AP2, it becomes enterprise infrastructure.
AP2 also defines the trust architecture for multi-agent systems. When a shopping agent delegates payment to a payment agent, which delegates delivery tracking to a logistics agent, the entire chain of authority must be cryptographically traceable. AP2's Verifiable Credential framework provides exactly this — a chain of signed mandates that any auditor or system can verify without calling back to any central authority.
AP2 Mandate Types
AP2 defines two mandate types that work together to authorize and document every AI-initiated transaction.
Intent Mandate
Pre-shopping authorization
Issued by the user (or enterprise identity system) to the AI agent before shopping begins. Defines the scope of authorization: which merchant categories the agent can purchase from, maximum transaction and monthly spend limits, which agents are authorized, and how long the mandate is valid.
- Merchant category restrictions
- Per-transaction spend cap
- Monthly cumulative limit
- Agent identity binding
- Time-bound validity window
Cart Mandate
Per-transaction authorization
Issued at checkout time for each specific transaction. The Cart Mandate is a Verifiable Credential that cryptographically records the exact items purchased, total amount, merchant identity, shipping address, and timestamp. This is the legal record of the transaction — the AP2 receipt.
- Exact items and quantities
- Final price including tax and shipping
- Merchant DID (cryptographic ID)
- Delivery address hash
- Timestamp and block reference
Intent Mandate Credential Example
// AP2 Intent Mandate — Verifiable Credential
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.ap2.google.com/v1"
],
"type": ["VerifiableCredential", "AP2IntentMandate"],
"id": "urn:ap2:mandate:intent:7a4f9c2b",
"issuer": "did:web:identity.google.com:users:user_abc",
"issuanceDate": "2026-02-28T10:00:00Z",
"expirationDate": "2026-03-28T10:00:00Z",
"credentialSubject": {
"id": "did:web:chatgpt-agent.openai.com:agents:shopping-v2",
"type": "AP2IntentAuthorization",
"authorizedFor": {
"categories": ["electronics", "software", "office-supplies"],
"maxTransactionAmount": { "amount": 500000, "currency": "USD" },
"monthlySpendLimit": { "amount": 2000000, "currency": "USD" },
"requireCartMandate": true
}
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2026-02-28T10:00:00Z",
"verificationMethod": "did:web:identity.google.com:users:user_abc#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z4pQkU3..."
}
}Verifiable Credentials in AP2
AP2 builds on the W3C Verifiable Credentials (VC) standard — the same technology used in digital identity systems worldwide. This choice is deliberate: VCs are cryptographically verifiable without calling back to any central issuer, which means merchants, auditors, and regulators can verify AP2 mandates offline.
Decentralized Verification
AP2 credentials can be verified by any party with access to the public key — no central authority required. Merchants verify mandates locally using the issuer's DID document.
Tamper Evidence
Ed25519 signatures make any modification to a mandate immediately detectable. A Cart Mandate that has been altered since signing is cryptographically invalid — protecting both merchants and buyers.
Selective Disclosure
AP2 supports zero-knowledge proofs, allowing agents to prove they hold a valid mandate without revealing the full credential contents — protecting buyer privacy while satisfying merchant verification requirements.
AP2 + x402: Crypto-Native Agentic Payments
AP2 is designed to interoperate with x402 — Coinbase's HTTP payment protocol for blockchain-based transactions. Together, they enable a complete crypto-native agentic commerce stack.
AP2 provides:
- Identity and authorization (who is buying and why)
- Mandate credentials (what they're allowed to buy)
- Audit trail (cryptographic receipt)
- Dispute evidence (non-repudiation)
x402 provides:
- HTTP-native payment protocol (402 Payment Required)
- Stablecoin settlement (USDC on Base, ETH mainnet)
- Micropayment support (sub-cent transactions)
- Programmable payment conditions
Combined, AP2 + x402 allows AI agents to make crypto-native purchases with full cryptographic authorization trails — opening agentic commerce to DeFi protocols, tokenized asset markets, and global B2B settlement without traditional banking rails.
Benefits of AP2 Implementation
Enterprise Compliance
AP2 mandate credentials satisfy enterprise audit requirements. Finance teams, compliance officers, and external auditors can verify every AI-initiated purchase without manual invoice reconciliation.
Dispute Resolution
Chargebacks and purchase disputes are resolved with cryptographic mandate evidence. AP2 Cart Mandates prove authorization — eliminating the ambiguity that makes AI-initiated chargebacks expensive.
Multi-Agent Trust
AP2 enables auditable trust chains across multi-agent systems. Delegation authority flows from user → orchestrator → specialist agents, all verifiable with credential signatures.
Build Your AP2 Trust Layer
Adam Silva Consulting implements the complete AP2 trust layer — DID document setup, Intent and Cart Mandate credential infrastructure, Verifiable Credential issuance APIs, mandate verification middleware, and audit trail storage. We also integrate AP2 with x402 for crypto-native payment flows when required. Implementation typically completes in 6-8 weeks as part of the Agentic Readiness program.
Agent Payments Protocol FAQ
What is Agent Payments Protocol (AP2)?+
Agent Payments Protocol (AP2) is Google's cryptographic trust layer for agentic transactions. AP2 mandates the use of W3C Verifiable Credentials to prove payment intent, authorize cart checkouts, and create audit trails — establishing non-repudiation for AI-initiated commerce.
What are AP2 mandate types?+
AP2 defines two core mandate types: Intent Mandates and Cart Mandates. An Intent Mandate is a Verifiable Credential signed by the user's identity wallet that authorizes an AI agent to negotiate and shop on their behalf within defined parameters (merchant categories, spending caps, time windows). A Cart Mandate is a second credential issued at checkout time that authorizes the specific transaction — item list, total amount, merchant identity, and shipping address — creating a cryptographic record of exactly what was purchased and by whom.
What is non-repudiation in agentic commerce?+
Non-repudiation means that once an AI agent completes a purchase with AP2 mandate credentials, neither the buyer nor the merchant can deny that the transaction occurred or was authorized. The Verifiable Credentials are cryptographically signed and timestamped — they create an immutable audit trail that satisfies enterprise procurement requirements, regulatory compliance (SOX, GDPR), and dispute resolution. Without AP2, AI-initiated transactions lack the legal standing that human-authorized transactions have.
How does AP2 relate to x402 and crypto payments?+
AP2 is designed to work alongside x402, the HTTP payment protocol developed by Coinbase for blockchain-based transactions. When AP2 is paired with x402, AI agents can execute crypto payment flows — stablecoin settlements on Base or Ethereum mainnet — with the same Verifiable Credential trust layer that governs fiat AP2 transactions. This enables agents to autonomously handle both traditional card payments (via ACP/SPT) and crypto settlements within the same commerce flow.
Is AP2 required for enterprise B2B agentic commerce?+
For enterprise B2B use cases — particularly procurement, resupply, and contract purchasing — AP2 is effectively mandatory. Enterprise procurement systems require audit trails, approval chain documentation, and spend authorization proofs that only AP2 Verifiable Credentials provide. Consumer-facing agentic commerce (ChatGPT Instant Checkout) can function with ACP alone, but enterprise contexts require the full UCP + ACP + AP2 stack for compliance, risk management, and accounts payable integration.
Make Every AI Transaction Trustworthy
AP2 is the difference between consumer-grade and enterprise-grade agentic commerce. Build the trust layer that lets your organization accept AI-initiated purchases with confidence.
Talk to Adam About AP2