Skip to content
UCP
Menu

Protocol · Agentic Payments

Agent Payments Protocol (AP2): how AI agents pay without your card details

The Agent Payments Protocol (AP2) is the payment layer of the Universal Commerce Protocol. It enables an AI agent to initiate financial transactions on behalf of a user, without ever accessing real banking credentials. Here's how it works and why it's central to secure agentic commerce.

Updated : April 2026 · Primary query : agent payments protocol AP2

What is the Agent Payments Protocol (AP2)?

AP2 is the payment standard defined within the Universal Commerce Protocol, launched January 11, 2026. It solves a fundamental problem in agentic commerce: how to enable an AI agent to complete a purchase without the user needing to manually validate the payment each time, and without the agent having access to sensitive banking data.

AP2's answer relies on tokenization: the user authorizes an AI agent once to make payments within defined limits (maximum amount, product categories, approved merchants). This authorization generates a cryptographic token. During a purchase, the agent transmits this token to the payment processor, which executes the transaction without ever exposing the user's card number or bank account.

AP2 founding partners

AP2 was co-developed by the world's largest payment players, all UCP founding partners: Stripe, Adyen, Mastercard, Visa, and American Express. This coalition ensures near-universal adoption from launch.

How AP2 works technically

Step 1: Initial user authorization

The user configures their agentic payment settings in the AI agent's interface (ChatGPT Shopping, Gemini Shopping, etc.). They define:

  • Maximum amount per transaction (e.g. $150)
  • Maximum monthly amount (e.g. $500)
  • Authorized product categories
  • Approved or blocked merchants
  • Whether manual confirmation is required above a certain amount

Step 2: AP2 token generation

The payment processor generates a cryptographically signed AP2 token associated with the defined parameters. This token is stored by the AI agent, never by the merchant. It has a configurable validity period and can be revoked at any time.

Step 3: Payment during an agentic purchase

When the AI agent selects a product and triggers a purchase via POST /ucp/v1/checkout, the merchant receives the order details and the AP2 token. The merchant forwards the token to their payment processor, which verifies validity, confirms the amount respects defined limits, then executes the transaction. The merchant receives payment confirmation without ever seeing actual banking data.

Security and user control

No banking data exposed. The AP2 token is an abstract identifier, it contains no card number, expiry date, or CVV. If intercepted, it's useless without the processor's cryptographic key.

Granular limits. Unlike a traditional credit card, AP2 enables fine-grained authorization. A user can authorize their agent to buy books up to $30 but require manual confirmation for any electronics purchase.

Instant revocability. The user can revoke AP2 authorization at any time from the agent interface or directly in their banking app.

AP2 for merchants: what to implement

As a merchant, your AP2 responsibility is limited. You must:

  • Accept the AP2 token in your POST /ucp/v1/checkout endpoint
  • Forward it to your payment processor (Stripe or Adyen handle the rest)
  • Handle AP2 error codes: AP2_LIMIT_EXCEEDED, AP2_TOKEN_EXPIRED, AP2_CATEGORY_BLOCKED
  • Return an order confirmation with tracking number

Enabling AP2 on Stripe

In your Stripe Dashboard: Settings → Payments → Agentic Payments → Enable AP2. Configure product categories and transaction limits you accept on the merchant side.

Enabling AP2 on Adyen

Contact your Adyen account manager to enable the AP2 profile. Adyen validates your UCP endpoints (catalog, inventory) before activating agentic payments, allow 5 to 10 business days.

Further reading