Agent Payments Protocol (AP2)

The core problem AP2 addresses is the trust gap in agent-initiated payments. Current financial systems are built on the assumption of direct human involvement, an assumption that breaks when an autonomous agent makes a purchase. This creates critical unanswered questions regarding authorisation (is the agent acting on genuine instructions?), authenticity of intent (does the transaction reflect the user's true goal?), and accountability (who is liable for errors or fraud?). Without a common protocol to solve this, the industry would face a chaotic landscape of siloed, incompatible payment systems, locking out smaller merchants and creating inconsistent user experiences.

To solve this, AP2 introduces a role-based architecture that clearly defines the responsibilities of five key actors: the User, the User Agent, the Merchant Agent, the Credential Provider, and the Payment Network. This separation of concerns, enforced by cryptographic boundaries, ensures that each participant has a verifiable identity and a bounded scope of authority. This structure prevents any single actor from impersonating another and provides the payment network with explicit signals to assess risk more accurately. This architectural precision transforms the opaque nature of agent transactions into a transparent, auditable process where accountability is engineered into the system from the ground up.

The protocol's most significant innovation is its use of Verifiable Digital Credentials (VDCs), which are tamper-evident, cryptographically signed digital objects that serve as provable fact. AP2 defines three types: the Intent Mandate, which captures user-defined constraints for autonomous (human-not-present) transactions like spending limits and approved merchants; the Cart Mandate, which captures explicit user approval for a specific cart in a human-present scenario; and the Payment Mandate, which signals agent involvement to the payment network for better risk modeling. This VDC framework provides the non-repudiable, mathematical proof of human intent required to make agentic commerce secure and scalable.

The adoption of the Agent Payments Protocol (AP2) means that trust in agentic commerce is no longer an inferred quality but an engineered component of the financial infrastructure. For designers and product leaders, this shifts the focus from merely designing agent capabilities to designing the trust architecture that governs them. The primary task becomes creating interfaces for delegation design, allowing users to construct, understand, and modify the Intent Mandates that define the scope of an agent's financial autonomy. This requires building legible and intuitive controls for setting constraints on spending, merchants, and product categories.

Furthermore, organizations must now design for two distinct user flows: human-present and human-not-present transactions. The former requires clear, interrupt-driven interfaces for final user approval, ensuring informed consent before a purchase. The latter demands robust absent-state audit systems that allow users to easily review and reconcile transactions their agents made autonomously. This also necessitates a new approach to dispute resolution. Designers must create experiences that help users distinguish between protocol failures (an agent exceeding its mandate) and preference failures (an agent acting within its mandate but making a suboptimal choice), as each requires a different accountability model and recovery path. Ultimately, AP2 forces the entire industry to treat user intent not as a suggestion, but as a cryptographically verifiable and enforceable contract.