Imagine your AI agent independently buying tickets, booking a hotel and paying for insurance, all whilst staying within a set budget. Until recently, the main obstacle was not a lack of intelligence on the part of the agents, but the absence of a payment standard: how could an agent make a payment if it did not have a bank account, and who would be liable in the event of an error?
In September 2025, Google introduced the AP2 protocol – an open standard for secure payments made by AI agents on behalf of users. AP2 was developed in partnership with over 60 companies: American Express, Mastercard, PayPal, Coinbase, Salesforce and Revolut. The protocol is intended to form the foundation for agentic commerce.
In this article, we’ll explore how the agent payment protocol works, what problems it solves, what components it consists of, how it supports cryptocurrencies, and why this is important for business.
What is AP2 and why is it needed?
Modern payment systems are built around a fundamental assumption: a person makes a payment in person on a trusted device. They press the ‘Pay’ button, confirm the action using biometrics or a password, and the bank processes the transaction.
With the advent of autonomous AI agents, this assumption no longer holds true. An agent cannot hold a bank account, cannot enter a CVV code, and cannot bear legal liability. Yet the economic potential of agents is enormous: from automating purchases to managing corporate procurement.
AP2 (Agent Payments Protocol) solves this problem by creating a single standard for agents to securely initiate and execute payments.
Three key issues: authorisation, authenticity, liability
The developers of AP2 identify three key challenges that the protocol must address.
| Question | Description | AP2 Solution |
|---|---|---|
| Authorization | How can we prove that the user has actually authorised the agent to make this purchase? | Cryptographically signed mandates |
| Authentication | How can we confirm that the agent’s request accurately reflects the user’s intentions? | Verifiable credentials |
| Responsibility | Who is liable if the agent makes a mistake or the transaction is fraudulent? | An irrefutable audit trail |
As IBM notes, AP2 ‘solves a problem that neither A2A nor MCP has solved’ – the problem of secure payments.
Key components of AP2: mandates
The central concept of the new AP2 is mandates. These are tamper-proof, cryptographically signed digital contracts – verifiable proof of the user’s instructions.
The protocol uses three types of mandates:
- Intent Mandate: Records the initial instruction. For example: ‘Find white trainers for up to $100’.
- Cart Mandate: Created upon approval of a specific set of goods. Records the exact items, prices and seller.
- Payment Mandate: Condensed information from previous mandates for the payment system.
To verify the authenticity of agents and their credentials, AP2 uses verifiable credentials – cryptographically signed statements about the subject issued by trusted providers. This allows us to verify that the agent truly belongs to a specific user, check that they are authorised to make purchases on behalf of the company, and confirm that they have not been compromised.
Want to accept crypto payments on your website?
How AP2 works: two scenarios
Scenario 1. A real-world purchase involving a human:
- Task definition. The user tells the agent: “Find black Adidas trainers for under $100”. An Intent Mandate is created.
- Search and proposal. The agent finds options and shows them to the user.
- Confirmation of choice. The user selects a specific pair. A Cart Mandate is created.
- Payment. The Cart Mandate is linked to a payment method. A Payment Mandate is generated and sent to the payment network.
Scenario 2. Delegated task (without human involvement):
- Detailed instructions. The user signs an Intent Mandate: “Buy these trainers in green when they become available, up to $120”.
- Autonomous monitoring. The agent checks availability daily.
- Automatic purchase. As soon as the item becomes available at a price below $120, the agent creates a Cart Mandate and initiates payment.
- Report. After the purchase, the agent notifies the user.
Roles of participants in the AP2 ecosystem
The Agent Payment Protocol defines several key roles.
| Role | Description |
|---|---|
| User | The owner of the funds who grants authority to an agent |
| Agent | A software entity acting on behalf of the user |
| Credential Provider | An organisation that issues verified data |
| Merchant | A seller of goods or services |
| Issuer | An issuer of payment service providers (bank, crypto wallet) |
| Payment network | VISA, MasterCard, blockchain and a number of others |
This separation ensures compatibility with existing payment infrastructure.
Support for cryptocurrencies and stablecoins
AP2 was originally designed to be payment-agnostic – it works equally well with cards, bank transfers and cryptocurrencies.
Integration with x402
Google, in collaboration with Coinbase, the Ethereum Foundation and MetaMask have developed the A2A x402 extension – a ready-made solution for agent-based crypto payments.
What this offers:
- agents can hold USDC in smart wallets without a bank account;
- payments in stablecoins are processed instantly with minimal fees;
- transactions are fully transparent and traceable.
This is particularly important for international payments: an agent can pay a supplier in another country without banking delays or currency conversions – simply by transferring USDC.
Integration with A2A, MCP
AP2 does not exist in a vacuum – it complements existing protocols for agent interaction:
- A2A (Agent2Agent). A protocol for communication between agents. AP2 uses A2A to transmit payment data and confirmations.
- MCP (Model Context Protocol). A protocol for transmitting context between models. AP2 can obtain information about user intent from MCP.
This interoperability allows developers to select the required components and combine them depending on the task.
Benefits for merchants and customers
For merchants:
- New sales channels. Merchants gain access to the rapidly growing agent-based commerce segment. Customers using AI agents will be able to find and purchase goods autonomously.
- Reduced operational costs. Automation of procurement and the elimination of manual approval reduce order processing costs.
- Increased loyalty. The ability to integrate with customer agents creates added value and retains buyers.
- Transparency and auditability. Thanks to built-in auditability and traceability, sellers can always verify the legitimacy of a transaction and resolve disputes.
For clients (buyers):
- Time savings. Agents take on routine tasks such as searching for, comparing and purchasing goods.
- Budget compliance. Intent Mandates allow strict limits to be set – an agent will never exceed the maximum price.
- Security. Cryptographic signing of mandates ensures that no agent can make a payment without explicit authorisation.
- Control and transparency. Every step is recorded, and the user can always see what, where and for how much their agent has purchased.
- International purchases. With support for stablecoins, agents can purchase goods anywhere in the world without currency conversions.
Even without complex agent commerce protocols, ordinary businesses already need a reliable crypto gateway. 0xProcessing allows you to accept USDC, USDT and other cryptocurrencies, protecting your business from volatility through automatic conversion. Find out how 0xProcessing helps businesses accept crypto payments.
Code example: creating a mandate
Here is a simplified example of what creating an Intent Mandate might look like.
// Creating an intent mandate
const intentMandate = {
id: 'mandate_12345',
type: 'intent',
user: '[email protected]',
agent: "shopping_agent_v2",
instructions: {
action: 'purchase',
item: {
category: 'shoes',
brand: 'Nike',
colour: 'white',
maxPrice: 100,
currency: "USD"
},
validUntil: '2026-04-01T00:00:00Z'
},
paymentMethod: {
type: 'stablecoin',
network: 'base',
token: "USDC",
wallet: '0xUserWalletAddress'
}
};
// User's cryptographic signature
const signature = sign(intentMandate, userPrivateKey);
// Send to agent
agent.receiveMandate({ mandate: intentMandate, signature });Upon finding a suitable product, the agent creates a Cart Mandate:
const cartMandate = {
id: 'cart_67890',
parentMandate: 'mandate_12345',
items: [{
name: 'Nike Air Max White',
price: 89.99,
currency: "USD",
merchant: 'nike.com',
productId: 'NIKE-123'
}],
total: 89.99,
shipping: {
address: 'user_address',
method: 'standard'
}
};
// Agent signature and submission to the payment provider
paymentProvider.process(cartMandate, agentSignature)Security and legal aspects
Thanks to cryptographic signatures at every stage, AP2 creates a complete chain of evidence. In the event of a dispute, it is possible to determine exactly who gave authorisation, which agent made the purchase, what the instructions were, and what transaction was carried out.
AP2 creates a cryptographically signed chain of evidence that allows one to determine exactly at which stage a failure occurred and who is liable. Let us consider typical dispute scenarios.
| Scenario | Solution |
|---|---|
| The agent exceeded the price limit | This is a standard product dispute, and AP2 helps here because the seller signed the Cart Mandate, thereby undertaking to provide that specific product. In the event of a defect or non-delivery, the user provides the Cart Mandate and proof of payment to the arbitrator (the bank, payment network), which significantly strengthens their position in the dispute. |
| The agent purchased the wrong item | The key point here is who approved the final basket. If the user personally signed the Cart Mandate, they confirmed this specific set of goods, and there can be no claims against the seller. If, however, the agent acted entirely autonomously, the Cart Mandate is compared with the original Intent Mandate. In the event of a discrepancy in the goods (different colour, model), the agent’s platform bears responsibility, not the seller. |
| The seller sent a faulty item | This is a standard product dispute, and AP2 helps here by having the seller sign the Cart Mandate, committing himself to provide this particular product. In case of a defect or non-shipment, the user provides the Cart Mandate and proof of payment to the arbitrator (bank, payment network), which significantly strengthens his position in the dispute. |
AP2 establishes the technical foundation for agent-based commerce, but the legal aspects still need to be resolved. Key questions:
- Is a user’s signature on a mandate a legally binding act?
- Who is liable if an agent has been hacked?
- How can an agent’s identity be verified across different jurisdictions?
Until legislation is introduced, parties will rely on contractual relationships and platform terms of use.
Conclusion
The AP2 protocol is the foundation for a new class of economic interactions. For the first time, AI agents have a legitimate way to make payments on behalf of individuals and companies.
Key takeaways:
- AP2 solves a fundamental problem in the agent economy: who authorises the payment, and who is liable.
- Mandates create a cryptographically signed chain from intent to transaction.
- Support for stablecoins via integration with x402 paves the way for global, instant and low-cost payments.
- Large-scale collaboration (60+ companies) makes it highly likely that AP2 will become the standard.
- Integration with A2A, MCP and x402 provides flexibility for developers.
For businesses, this means new sales channels and reduced costs. For consumers, it means time savings, budget control and security.
Are you ready to start accepting cryptocurrency payments today, so your infrastructure is ready for tomorrow’s agent economy? 0xProcessing offers a simple API for integrating 85+ cryptocurrencies with fees lower than those charged by banks.
FAQ: Frequently asked questions about the AP2 protocol
What is the AP2 protocol in simple terms?
AP2 is a standard created by Google that allows AI agents to make payments securely on behalf of users. The agent receives cryptographically signed authorisations (mandates) and purchases goods within specified limits.
How does AP2 differ from standard payments?
With standard payments, the user clicks ‘pay’ themselves. With AP2, the payment is initiated by an agent, but strictly in accordance with instructions signed by the user.
Which companies support AP2?
Google developed the protocol with over 60 partners: American Express, Mastercard, PayPal, Coinbase, Salesforce, Revolut, Shopee and others.
Does AP2 support cryptocurrencies?
Yes. AP2 is payment-agnostic and supports cards, bank transfers and cryptocurrencies. An A2A x402 extension has been created with Coinbase for payments in stablecoins.
What are mandates in AP2?
These are cryptographically signed contracts containing user instructions. An intent mandate is an intention, a cart mandate is an approved basket, and a payment mandate is payment data.
How does AP2 ensure security?
Through cryptographic signatures on every mandate, verifiable data for agent identification, and a complete audit trail of all actions.
How does AP2 differ from x402?
AP2 focuses on authorisation and complex purchasing scenarios. x402 focuses on HTTP-native micropayments. They complement each other through the A2A x402 extension.
