What is the AP2 agentic payments protocol? A guide for AI commerce

AI assistants are getting ridiculously good at their jobs. They can hunt down the best flight deal, find that one product you've been looking for, or even haggle a price down. But for the longest time, they’ve stumbled at the finish line: the actual purchase. They could fill up your shopping cart, but they couldn't hit 'pay'.

And it's not a tech issue, it's a trust issue.

That gap is finally starting to close with something called "agentic commerce," an economy where AI agents can securely make purchases on our behalf.

This guide is going to walk you through the new AP2 agentic payments protocol, an open standard being developed by Google and over 60 partners like PayPal and Mastercard. We’ll get into what it is, how it works, and what it really means for the future of AI in business.

This video from Google provides an introduction to the AP2 agentic payments protocol and the emerging Agent Economy.

What is the AP2 agentic payments protocol?

So, what exactly is the AP2 agentic payments protocol? Put simply, it’s an open-source rulebook that creates a secure, universal language for AI agents to make payments. Think of it as the set of instructions that lets all the different AIs, online stores, and payment systems talk to each other safely.

The payment systems we use today are built on a simple idea: a human is the one clicking the buttons. When an autonomous agent steps in, that whole model kind of falls apart and brings up some big questions that AP2 is designed to solve:

• Authorization: How can we be 100% sure a user actually gave their AI permission to make a specific purchase?

• Authenticity: How does a merchant know that the agent's request is what the user really wanted, and not some weird AI "hallucination"?

• Accountability: If a purchase goes wrong or turns out to be fraudulent, who’s on the hook? The user, the AI's developer, or the store?

AP2 is being built on top of existing open standards, like the Agent2Agent (A2A) protocol for communication, to create a complete system for AIs to work together securely.

How the AP2 agentic payments protocol builds trust: Mandates and verifiable credentials

The whole system hinges on building a rock-solid, verifiable trail of evidence for every single purchase. AP2 does this with two main tools: verifiable credentials and mandates.

The role of verifiable credentials (VCs)

The secret sauce here is something called Verifiable Credentials (VCs). Think of them as digital, tamper-proof contracts that are cryptographically signed. They serve as the undeniable proof for every step of a transaction, making sure what the user asked for is exactly what the agent does.

The three core mandates explained

AP2 uses these VCs to create three different kinds of "Mandates," which together form a clear, auditable trail for every transaction.

• Intent Mandate: This one is for situations where you’re not actively involved. You sign this mandate ahead of time, giving your agent a clear set of rules. For example, "Buy tickets for this concert the second they're released, but don't go over $200." It's like giving pre-approval with very specific limits.

• Cart Mandate: This is for when you are present. After your AI assistant puts together a final shopping cart, you cryptographically sign this mandate to approve the specific items and price. It’s that final, secure "go ahead" that can't be messed with later.

• Payment Mandate: This is a separate credential that gets shared with the payment network (like Mastercard or PayPal). It lets them know that an AI agent was part of the transaction and whether a human was there to approve it. This helps financial institutions get a better read on the risk without having to overhaul their existing payment systems.

The AP2 agentic payments protocol ecosystem in action: Roles and use cases

AP2 can work because it gives everyone involved a clearly defined role, making sure data stays secure and everyone knows their responsibilities. This includes you (the User), your Shopping Agent, the Merchant Endpoint (the store's agent), and the Credentials Provider (like PayPal, which manages the payment details).

graph TD A[User issues command to AI] --> B(Shopping Agent); B --> C{Merchant Endpoint}; C --> B; B --> D[User confirms cart]; D -- Cart Mandate --> C; C --> E[Credentials Provider]; E -- Payment Mandate --> C; C --> F[Order Fulfilled];

This all sounds great in theory, but what does it actually allow us to do? AP2 opens the door to some cool new ways of shopping and doing business that just weren't possible before.

• Smarter E-commerce: Imagine telling your AI, "I want this specific jacket in green, and I’m willing to pay up to 20% more if it comes back in stock." Your agent can then keep an eye on the inventory and automatically, and securely, make the purchase the moment it’s available. That's a sale that would have probably been lost otherwise.

• Coordinated Travel Booking: You could say, "Book me a round-trip flight and a hotel in Palm Springs for the first weekend of November, and keep the total under $700." Your agent can then talk to different airline and hotel agents, find a combo that fits your budget, and book both at the same time.

• Autonomous B2B Procurement: Think about a business setting. An agent could monitor a company's cloud server usage and automatically buy more or fewer software licenses based on real-time demand, all while sticking to a pre-approved budget set in an Intent Mandate.

Beyond payments: The future of secure AI actions

Here's the interesting part: the ideas behind the AP2 agentic payments protocol, proving what you want, controlling what the AI does, and having a clear record, aren't just for buying things. They’re essential for trusting an AI with any important job, especially in something as sensitive as customer support.

Customers have to be confident that an AI support agent will protect their data and actually solve their problem correctly. A generic chatbot that just pulls from a FAQ page isn’t going to build that confidence. This is where the idea of trusted, "agentic" support becomes so important.

Enabling trusted actions in customer support

The most helpful AI support agents do more than just recite answers. They need to take action, whether that's looking up an order status in Shopify, updating a ticket in Zendesk, or flagging an urgent problem for the right human team member. Every one of those actions requires a serious level of trust and control.

That’s why tools like eesel AI are built from the ground up on this idea of controlled, trustworthy actions. With eesel AI’s custom "AI Actions" feature, you get to decide exactly what your support agent is allowed to do. You can set it up to securely ping an external service to get live order information or to update ticket details, giving you fine-grained control over what it can and can’t do, a lot like how AP2 mandates set spending limits.

Building confidence before going live

With AP2, trust comes from cryptographic proof. In customer support, trust comes from making sure your AI is reliable and accurate before it ever talks to a real customer.

You shouldn't have to just flip a switch on a new AI agent and cross your fingers. Using eesel AI’s simulation mode, you can test your AI on thousands of your company's past support tickets. This gives you a really accurate picture of how well it will perform and shows you precisely how it will handle real-world questions, letting you tweak its behavior before you set it live. It solves that accountability problem by letting you prove the agent's value and safety right from the start.

While the wider industry is working on standardizing payment protocols, you can bring these core principles of control and confidence into your support team right now. Platforms like eesel AI give you the self-serve tools you need to build, test, and launch powerful support agents in minutes, not months.

The AP2 agentic payments protocol: A new standard for AI commerce is here

The AP2 agentic payments protocol isn't just another piece of tech. It’s laying the groundwork for a whole new era of commerce run by AI. By creating clear standards for authorization, authenticity, and accountability, AP2 is building the trust this new ecosystem needs to grow.

And as we've seen, these core ideas of trust and control are vital for any AI you bring into your business. Whether you're getting ready for the future of agentic commerce or looking to give your support teams a boost today, the solution is a platform that puts you in complete control and gives you total confidence.

See how you can build, test, and deploy secure, customizable AI support agents with eesel AI.