Google’s Agent Payments Protocol (AP2): The New Way AI Agents Pay for You

Google has recently introduced a new open standard for its online payments with the Agent Payments Protocol (AP2). AP2 is a long-awaited initiative that enables AI-assisted secure payments for users. AP2 builds on the existing agent communication protocols of Agent2Agent (A2A) and Model Context (MCP) to produce a transaction-agnostic layer. In short, AP2 is a common trust layer where users, merchants, and payment networks can settle using cryptographic proof of intent and authorization. 

But there is even more! AP2 is not restricted to a single type of payment. It works with credit/debit cards, real-time bank-to-bank options, stablecoins, and other forms of payment without sacrificing the unitary trust structure. In this guide, we’ll try to understand how the AP2 works and where it can be used.

What is Agent to Payment Protocol

AP2 is a publicly available protocol that was built in collaboration with leading payment and technology companies to securely initiate and transact agent-led payments across platforms. This protocol is also appropriate for supplementing the Agent2Agent (A2A) protocol and Model Context Protocol (MCP). Together with existing industry rules and standards, this protocol will also serve as a payment-agnostic framework that provides users, merchants, and payment providers the ability to transact with confidence across all payment methods.

Why AP2 is Needed

Modern payment systems assume a human is clicking “buy” at checkout. So, to resolve and streamline this, Google comes up with the AP2. It uses numerous autonomous AI agents to disrupt that presumption. But along with this, they raise important challenges related to trust and authorization.

Questions like: Who proves an agent had the user’s permission? How can a merchant trust that an agent’s order represents the user’s intent? And if something goes wrong, who is liable? AP2 directly addresses these challenges by establishing a clear digital “rulebook” for agent payments.

• Authorization: AP2 asks for proof that the user provided the AI agent with the precise authority to carry out the purchase (not merely a general right to spend).
• Authenticity: Merchants receive cryptographic proof that an agent’s request conveys the user’s true intention, eliminating mistakes or “hallucinated” orders.
• Accountability: Every AP2 transaction is referenced in an immutable audit trail so that the intent, error, or fraud can be tracked and resolved, determining who (user, agent developer, or bank) is accountable.

By solving this triad of authorization, authenticity, and accountability, AP2 creates confidence in agentic commerce. 

How AP2 Works: Mandates and Trust

AP2 establishes trust via digital mandates and verifiable credentials. Once an agent has obtained a mandate, the entire transactional flow is tethered to the user’s intent. In the end, AP2 essentially creates an audit trail from intent to shopping cart to payment. A real-time purchase of an item (human present), the transaction will follow:

• Intent Mandate: It captures the user’s initial request (e.g., “Find me new running shoes”).
• Cart Mandate: When the agent builds a shopping cart, the user approves it. This event results in a Cart Mandate that secures the exact items and their price.
• Payment: The method of payment chosen by the user is cryptographically connected to the Cart Mandate based on “what you see is what you pay for.”

In the case of delegated tasks (user is not present), the flow would be similar, but assuming conditions: the user has pre-signed with rules in an Intent Mandate (price limits, timing, etc). 

For instance, the user’s request, whether spoken or typed, is recorded in an Intent Mandate. When the agent presents the user with a proposed cart, the user clicks “confirm,” and the Cart Mandate is executed to memorialize exactly what was ordered. The Cart Mandate ensures that the final purchase cannot be different from what was proposed. 

In the case of Real-time Purchase(User Present), an Intent Mandate with rules is pre-approved by the user.

For Example, if the user says “Buy concert tickets only if seats are together and do not exceed $200”. The agent then automatically produces a Cart Mandate once it locates tickets that satisfy the user’s specifications.

Mandates: A mandate is an immutable, cryptographically signed contract that represents the user’s instructions. Mandates are supported by Verifiable Credentials (VCs) to assure all parties that the signatures are evidence of consent.

Steps to use it on your own system.

1. Prerequisites

• Python 3.10 or higher is installed.
• A Google API key or access to Vertex AI for authentication.
• Basic knowledge of running Python scripts and shell commands.

2. Clone the Repository

git clone https://github.com/google-agentic-commerce/AP2.git

cd AP2

3. Set Up Authentication

Option 1: Google API Key

• Export your API key as an environment variable:

export GOOGLE_API_KEY="YOUR_API_KEY"

Option 2: Vertex AI: Set credentials via your Google Cloud SDK configuration.

4. Install Dependencies:

pip install -r requirements-docs.txt

5. Explore Samples

• Navigate to sample scenarios:
  • Python scenarios: samples/python/scenarios
  • Android scenarios: samples/android/scenarios
    
• Each scenario has a README.md explaining the workflow and a run.sh to start the demo.

cd samples/python/scenarios/<chosen_scenario>

bash run.sh

• This launches the agents and simulates the AP2 transaction flow.
  

7. Understand the Flow

• Intent Mandate: Records the user’s initial direction.
• Cart Mandate: Holds the specific items within the cart that the user has approved.
• Payment: Safely processes the payment using the selected payment type (cards, transfers, or crypto).

8. Customize Your Agents: 

• Modify the Python or Android agent code in src to experiment with different shopping behaviors.
• Agents can do price monitoring, bundle up shopping together, or make delegated purchases.

9. Experiment with Payments

• AP2 supports credit/debit cards, real-time bank transfers, and crypto (using A2A x402 integration).
• You are welcome to test crypto transactions with stablecoin (like USDC) in the sample scenarios.

New Commerce Models Enabled by AP2

The adaptable model of AP2 helps to create entirely different purchasing experiences. It makes it possible for agents to negotiate, bundle, and coordinate purchases on behalf of the user. A few examples include:

• Smarter Shopping: An agent is monitoring the price and availability of a product. If a user desires a rare green jacket that is maybe 20% above the line price, the agent will monitor the price and availability. When that product pops up, the agent will automatically place the order immediately and complete the sale that could have been missed.
• Personalized Offers: An agent approaches a shopper and records, “I need a new bicycle by July 4th.” The agent communicates this intent with merchant agents. A merchant agent could then create a custom bundle of a bike, helmet, and rack at a discount received by the shopper.
• Coordinated Travel: A user says, “Book me a flight and hotel to Bali this weekend under $1,500.” An agent communicates with the corresponding airline and hotel agents (and/or booking platform). Once that combination is determined, the agent books the trip to simplify the process for the user.

Supporting Crypto and Web3 Payments

AP2 does not rely on any one payment method, and supports established rails and newer payment methods from stablecoins to cryptocurrencies. To expedite Web3 development, Google and partners rolled out A2A x402, an option to plug crypto into AP2. With the x402 option, agents are able to process microtransactions at computer speed. 

For instance, Coinbase demonstrated an AI agent using stablecoin to pay pennies for document crawls, and Lowe’s showcased instant check-out using USDC for home-improvement purchases. A blockchain receipt can also serve as proof of purchase. The key takeaway is that crypto payments inherit AP2’s security model, where mandates and verifiable credentials wrap around stablecoin transactions the same way they do traditional transactions. 

This allows AI agents to not just become crypto agents, but to become wallet-compliant agents that can make payments seamless across all forms of currency on all networks.

Industry Collaboration and Ecosystem

AP2 is the result of collaboration with over 60 organizations from around the world, like Mastercard, American Express, PayPal, Alibaba, Coinbase, Etsy, Salesforce, and Adyen, to name a few. Partner organizations shaped AP2 to focus on three key areas: trust, interoperability, and security.

As an open and platform-agnostic protocol with reference code available on GitHub, AP2 also has standards organizations involved to ensure widespread adoption. This collaborative approach means that AP2 will be ubiquitous, appearing in wallets, payment gateways, and commerce platforms – not just in the Google ecosystem.

Conclusion

AP2 provides a functional and interoperable trust layer for agent-driven commerce obstacles by combining signed mandates, verifiable credentials, and standardized message flow. 

It is still in development, so there are no entirely consumer apps for AP2 payments yet. It is an experimental space for building new user experiences and models of trust, but it represents the start of a new era of AI-powered commerce. 

Innovative businesses (especially in fintech and e-commerce, as it has collaborated with over 60 businesses) have begun developing pilot projects or B2B uses. For example, companies could enable agents to autonomously procure software or scale cloud licenses, triggering secure transactions through AP2.

Frequently Asked Questions