Three Protocols, One Stack: The Agentic Payment Layer Is Taking Shape
Six months ago, the idea of an AI agent autonomously completing a purchase felt like a demo-stage curiosity. Today, three production-grade protocols — OpenAI and Stripe's Agentic Commerce Protocol (ACP), Google's freshly launched Agent Payments Protocol (AP2), and Coinbase's x402 — form what increasingly looks like a layered agentic commerce stack. For fintech developers and payment engineers building the next generation of checkout infrastructure, understanding how these pieces fit together is no longer optional.
Google's AP2 announcement, published on 3 April 2026, brings over sixty launch partners including Mastercard, Adyen, PayPal, Coinbase, American Express, Revolut, and UnionPay International. The protocol is open-source under Apache 2.0 and already has a public GitHub repository. This is not a whitepaper — it is a specification with working implementations.
How AP2's Mandate System Works
The centrepiece of AP2 is its mandate architecture, built on Verifiable Credentials (VCs) — cryptographically signed digital contracts that define exactly what an AI agent is permitted to do.
AP2 defines three mandate types:
- Cart Mandate: Created when a user approves a final purchase. It produces a cryptographically signed, immutable record of the exact items, price, and shipping details. The merchant signs first, guaranteeing fulfilment at the specified price.
- Intent Mandate: Pre-authorised instructions for delegated tasks where no human is present at checkout. These specify price limits, timing constraints, and other conditions — essentially a spending policy for autonomous agents.
- Payment Mandate: Signals to payment networks that the transaction was AI-initiated, enabling downstream risk scoring and fraud detection models to treat agent transactions differently from human ones.
This dual-signature structure — merchant commits to terms, then the user (or their agent) countersigns — creates a non-repudiable cryptographic audit trail. Every transaction links agent, user, merchant, and payment network with clear evidence for dispute resolution.
For payment developers who have worked with tokenisation flows or 3D Secure challenge protocols, the mental model is familiar: AP2 adds an authorisation layer, but instead of authenticating a cardholder, it authenticates an agent's mandate to act.
Where AP2 Fits in the Agentic Commerce Stack
The three major protocols are not competitors — they operate at different layers:
ACP (Agentic Commerce Protocol) handles the merchant integration layer. Developed by OpenAI and Stripe, it is already production-live inside ChatGPT's Instant Checkout. ACP lets agents share credentials and initiate checkouts without exposing raw payment data. The merchant remains the merchant of record, and transactions flow through existing payment providers like Stripe. Think of ACP as the what — what the agent wants to buy, from whom, and through which checkout flow.
Read the full article on tomcn.uk →
About the Author
I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.
Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.
Top comments (0)