DE
Home Definition ACP UCP AP2 MCP All Protocols For Merchants Glossary Legal Notice Privacy Policy
Table of Contents

Agent Payments Protocol (AP2)

The Agent Payments Protocol (AP2) is an open framework that standardizes secure payments by AI agents. Developed by Google in collaboration with Mastercard, PayPal, and American Express, AP2 defines "Mandates" — digitally signed authorizations that specify what an agent is allowed to spend.

What Is AP2?

The Agent Payments Protocol (AP2) is an open standard for automated payments by AI agents. It defines "Mandates" — digitally signed authorizations that set amount limits, merchant categories, time periods, and conditions for agent transactions.

While the Agentic Commerce Protocol (ACP) standardizes the entire checkout process — including product search and cart management — AP2 focuses exclusively on the payment layer. The central question AP2 answers: How does a user authorize an AI agent to pay on their behalf?

The Partners Behind AP2

AP2 is backed by a consortium that unites the most important players in global payment processing:

  • Google: Initiator and architect of the protocol. Integration into Google products and the Universal Commerce Protocol (UCP).
  • Mastercard: Brings its global payment network. Has also introduced "Agent Pay" as its own product in parallel.
  • PayPal: Integration of digital wallet payments into the AP2 framework.
  • American Express: Enterprise and premium payment integration.
  • Salesforce: Integration into Commerce Cloud for B2B scenarios.

This breadth is deliberate: AP2 is not intended to be a proprietary Google product but an open standard that the entire payment ecosystem can use.

Mandates: Digital Authorizations

The core concept of AP2 is Mandates — digitally signed documents that define a payment authorization. A Mandate contains:

  • Amount limit: Maximum amount per transaction or time period (e.g., "up to $500 per month")
  • Merchant categories: What types of merchants the agent may pay (e.g., "groceries and drugstores only")
  • Time period: Validity duration of the authorization (e.g., "until 12/31/2026")
  • Conditions: Additional rules (e.g., "only at merchants with at least 4-star ratings")
  • Cryptographic signature: Tamper-proof evidence that the user granted the authorization

A Mandate is like a digital power of attorney: the user precisely defines what the agent may do on their behalf — and what it may not. This is more granular than SharedPaymentTokens in ACP, which are created per transaction.

Example of a Mandate

Authorization: AI agent "MyAssistant" may act on behalf of John Smith

  • Spend up to $200 per individual transaction
  • Up to $500 per calendar month
  • Only at merchants in the categories "Groceries," "Household," "Office Supplies"
  • Valid until: 12/31/2026
  • Payment method: Mastercard ****4567

Digitally signed on 03/15/2026 — Revocable at any time

Broader Than Shopping

A key difference from ACP: AP2 is not limited to e-commerce. Mandates can be defined for any type of agent payment:

  • Purchases: Agent buys products on behalf of the user
  • Services: Agent books a contractor, orders food, reserves a table
  • Subscriptions: Agent manages and pays recurring payments
  • B2B transactions: Agent orders office supplies or renews software licenses
  • API access: Agent pays for premium data sources or AI services

This broad scope makes AP2 complementary to ACP and UCP: while those protocols define the commerce workflow, AP2 provides the payment layer.

Security Model

AP2 was designed for security from the ground up:

  • Tamper-proof: Mandates are cryptographically signed. Any modification after creation is detectable and invalid.
  • Revocable: The user can revoke a Mandate at any time — immediately, with no waiting period.
  • Auditable: Every transaction is logged and traceable to its Mandate. The user has full visibility at all times.
  • Least Privilege: A Mandate grants only the minimum necessary permissions. An agent authorized to buy groceries cannot order electronics.

Relevant for European users: the Mandate model is compatible with PSD2 requirements (Strong Customer Authentication), since creating a Mandate qualifies as a deliberate authorization.

AP2 vs. ACP

Aspect ACP AP2
Scope Checkout + Payment Payment only
Authorization Per transaction (SharedPaymentToken) Persistent (Mandates)
Use cases E-commerce Universal (shopping, services, B2B)
Granularity Transaction Rules, limits, categories
Initiators OpenAI + Stripe Google + Mastercard + PayPal

More details: ACP vs. UCP vs. AP2 Comparison.

Frequently Asked Questions

What is a Mandate in AP2?

A Mandate is a digitally signed authorization that defines what an AI agent is allowed to spend on your behalf — how much, with whom, for what, and for how long. It is essentially a digital power of attorney for payments.

Is AP2 a competitor to ACP?

Not directly. AP2 focuses on the payment layer, while ACP covers the entire checkout process. AP2 could be used as the payment layer within an ACP or UCP workflow.

Which payment methods does AP2 support?

AP2 is designed as a universal framework. Through partners Mastercard, PayPal, and American Express, credit cards, debit cards, and digital wallets are supported. Additional methods can be added via the open protocol.

Further Reading

ACP vs. UCP vs. AP2

All protocols in direct comparison.

Payment in Agentic Commerce

How AI agents pay securely.

Protocols Overview

All standards at a glance.
A powered by AGENTICAL