Artificial intelligence has already transformed how we search, chat, and even create content, but one of the most exciting frontiers is shopping. Imagine telling your AI assistant, “Find me the best white running shoes under $120, delivered within three days” and it does everything for you, from comparing prices to checking stock to making the purchase. This isn’t science fiction anymore. It’s exactly what Google’s newly launched Agent Payments Protocol (AP2) aims to make possible.
Traditional payment flows weren’t built for autonomous AI agents. They assume a human is clicking the “Buy” button, entering credit card numbers, and confirming transactions. But with AI agents acting on behalf of people, the rules change dramatically. How do we make sure the agent buys exactly what the user wanted? How do merchants know the purchase was truly authorized by the human? How do payment providers prevent fraud in such a system?
That’s where AP2 steps in. It is designed to bridge the trust gap between humans, their AI agents, merchants, and payment providers. Think of it as a universal language that lets agents shop securely, with user-approved boundaries and verifiable proof of authorization. If successful, this could fundamentally reshape e-commerce as we know it.
What Is AP2 (Agent Payments Protocol)?
AP2, short for Agent Payments Protocol, is Google’s new open standard for purchases initiated by AI agents. At its core, AP2 provides a framework for how agents interact with merchants and payment providers in a secure, transparent, and auditable way.
Unlike existing online checkout systems, AP2 doesn’t just assume a human is pushing the buttons. Instead, it recognizes that agents themselves are acting as digital buyers, sometimes under direct supervision and sometimes autonomously within predefined limits.
Google describes AP2 as an extension of its earlier work on A2A (Agent-to-Agent communication) and MCP (Model Context Protocol). While A2A allows agents to talk to each other, and MCP allows them to interact with tools and data, AP2 specifically focuses on the transaction layer; how an agent actually pays for something on behalf of its user.
To make this work, AP2 introduces a mandate system that captures both the user’s intent and the specifics of the transaction. These mandates serve as digital contracts between the human, the agent, and the merchant. They ensure that the purchase is not only technically authorized but also aligned with what the user actually wanted.
In other words, AP2 is not just a payment tool, it’s a trust protocol that enables agent-driven commerce without opening the door to chaos or fraud. It’s the missing puzzle piece that makes agent-based shopping realistic at scale.
The Core Components of AP2
For AP2 to function smoothly, it relies on three building blocks: Intent Mandates, Cart Mandates, and Verifiable Credentials. Each plays a unique role in making sure purchases are accurate, authorized, and trustworthy.
Intent Mandates
The Intent Mandate is where everything begins. It captures what the user wants the agent to do. For example, if you say:
“Find me a green winter jacket, but don’t spend more than $250, and make sure it’s waterproof.”
That instruction gets formalized into an Intent Mandate. It doesn’t lock in the purchase yet but sets the boundaries the agent must follow. Think of it as a shopping mission with clear rules.
Intent Mandates can also include timing conditions, delegation rules, and fallback options. For example, you might tell your agent: “If you can’t find my preferred brand, get the closest alternative with at least a 4-star rating.” These conditions are stored securely, so when the agent takes action later, there’s proof that it was acting within your authorized scope.
Cart Mandates
Once the agent finds a specific product that matches your intent, the process moves to the Cart Mandate. This is like the final shopping cart you’d normally see at checkout: the product, price, merchant, and other details are confirmed.
The Cart Mandate is where you, or in some cases, your delegated agent sign off to lock in the transaction. If the purchase requires your explicit approval, you’ll get a prompt: “Your agent found a North Face waterproof jacket for $199. Do you approve?”
In other cases, if your Intent Mandate allowed it, the agent can finalize the purchase without bothering you. For example, if you told it “Buy concert tickets as soon as they go on sale for up to $150 each,” the agent can execute the Cart Mandate instantly when the tickets become available.
Verifiable Credentials
Both the Intent and Cart Mandates are backed by Verifiable Credentials. These are cryptographically signed digital proofs that show who authorized what, when, and under what conditions.
This system ensures:
- Merchants can trust that the purchase is legitimate
- Users can audit what their agents did on their behalf
- Payment providers have a record to resolve disputes if something goes wrong
In short, verifiable credentials make agent-driven shopping not just convenient but also traceable and accountable.
Why Google Created AP2
So why did Google bother to build AP2 in the first place? The answer lies in the limitations of current e-commerce systems and the unique risks of letting AI agents handle purchases.
Problems with Current E-Commerce Flows
Today’s online checkout process is built around direct human interaction: searching, clicking, adding to cart, typing in payment details. But as more people rely on AI assistants, this model doesn’t hold up. Agents can’t “click” like humans, and merchants need a standardized way to handle automated interactions.
Without a common protocol, every merchant would need custom integrations for agents, creating a fragmented mess. AP2 solves this by acting as a universal translator between agents, merchants, and payment processors.
Risks of AI-Driven Purchases Without Safeguards
Imagine an AI agent that accidentally buys the wrong product, overspends, or falls victim to fraud. Without clear safeguards, both users and merchants would be exposed to massive risks. Disputes would skyrocket, trust would erode, and adoption of agent-driven shopping would stall.
AP2 mitigates these risks by putting mandates and verifiable credentials in place. It ensures that every purchase is traceable to the user’s original instructions.
The Trust Gap Between Users, Agents, and Merchants
The biggest challenge is trust. Users need to trust their agents, merchants need to trust that the agents are acting legitimately, and payment providers need to trust that funds are being authorized correctly. AP2 bridges this gap by making trust explicit, verifiable, and auditable at every step of the process.
In essence, Google created AP2 because without it, agent-driven commerce could never scale safely.
How AP2 Works in Practice
Let’s break down a real-world example of AP2 in action to see how all these pieces come together.
Imagine you’re shopping for running shoes. You tell your agent: “Find me the best white running shoes under $120, available in my size, with at least a 4.5-star rating.”
- Creating an Intent Mandate:
Your instructions are converted into a mandate: price limit, color, size, rating requirement. - Agent Searches and Compares:
The agent browses across merchants, pulling data via APIs and protocols, until it finds a match. - Forming a Cart Mandate:
Once it selects a pair from Nike.com for $115, it creates a Cart Mandate with all the details. - User Approval (or Automatic Execution):
If your mandate requires approval, you’ll get a notification. If not, the purchase executes automatically. - Payment & Verification:
The merchant receives verifiable credentials that prove the purchase was authorized under your mandate. - Audit Trail:
Later, you can check your transaction log and see exactly what conditions were set, what your agent did, and how the purchase was executed.
This flow isn’t limited to shoes. It can work for everything from groceries to event tickets to complex bundled offers. And because it’s open protocol, it works across merchants, payment providers, and even crypto networks.
