Over the past few years, AI has evolved from a standalone chatbot to entire fleets of autonomous agents. Industries have been using these AI agents extensively, each agent acting as an individual process that generates, edits, and aggregates data according to its system prompts.

These agents have been force multipliers for domains such as research and coding, which benefit greatly from iteration and feedback. However, both developers and consumers have been skeptical of letting AI agents take the wheel for tasks that involve more finality, such as monetary transactions.

With so much friction in day to day financial payments, and the allure of autonomous AI, it was only a matter of time before we started seeing the discussions that we’re having today surrounding the “agent economy.” Can we trust AI to handle our money? How can we ensure a secure chain of custody when machines are talking to each other?

In response to these hurdles, Google has released the Agents Payment Protocol, or AP2, to enable agentic commerce with inherent guardrails and accountability. This development protocol offers consumers, merchants, and developers a process for ensuring that agents transact money with verifiable and auditable intent.

How Does It Work?

Let’s consider the questions you'd ask when making a purchase at any store:

• What do you want to buy?
• How much do the items cost?
• What payment methods are available at the store?
• What payment methods do you personally have on-hand?

The AP2 creates a framework to package this information and to enforce trust at every layer. It achieves this through the use of verifiable digital credentials (VDCs). These VDCs are cryptographically secure Mandates, objects that contain relevant transactional data and are signed by the party responsible for providing them. In turn, parties that are on the receiving end of this sensitive information can determine if these mandates are legitimate by verifying the signatures with asymmetric encryption.

The Flows

The AP2 supports two primary payment flows, depending on the user’s level of involvement:

• “Human-present” flow
  • The user communicates what they intend to buy
  • Agents compile a cart and payment information
  • The user has the chance to review the final bill of goods before submitting the transaction
• “Human-not-present” flow
  • The user communicates what they intend to buy
  • The agent clarifies the intent verbally, because this will act as an authorization for future browsing and purchasing steps
  • Once the user confirms, the agents are then empowered to complete the transaction autonomously

While the Agent Payments Protocol presents these as two different flows, they are really two different approaches to the same flow, since both share the two core Mandates (for cart and payment information), which we will discuss below.

The Mandates

AP2 Mandates capture a user's specific instructions to their agents. Throughout the flow, various agents compile data such as the user's verbal intent, a cart of products, and payment information. The user then cryptographically signs these mandates, empowering the agents to act on them like digital court orders.

• The Intent Mandate
  • Sets the guidelines on what product you want, how much you are willing to pay for it, and how you are planning to pay for it
  • Contains the natural language intent of the human user, e.g. “I want to buy the first Harry Potter book with my Visa card for no more than $12.”
  • Optional for “human-present” flows, but critical in “human-not-present” flows, since it will be the only user-signed mandate, while the rest of the flow will be autonomous
• The Cart Mandate
  • Represents the list of products a consumer is intending to buy. It ultimately needs to be signed by both the merchant and the consumer, to commit to a specific listing at a specific price, and to signal consent for purchasing those items, respectively.
  • Mandatory in all flows, user-signed in “human-present” flows
• The Payment Mandate:
  • Contains the financial data surrounding the transaction, such as the total price and payment methods, and is compiled and signed by the user’s agent. This is sent to payment processors to financially commit to a purchase.
  • Mandatory in all flows, user-signed in “human-present” flows

All of these mandates are cryptographically signed to ensure that the correct parties approve of the mandates’ contents. They leverage asymmetric encryption, where each agent uses its private key to sign a mandate, and then any receiving agent can decrypt the mandate with the original agent’s public key.

For example, a merchant agent will sign a CartMandate full of goods at a certain price point. Your shopping agent can then decrypt that CartMandate and verify that signature came from the correct merchant, and that it will honor that price. You, in turn, will sign that CartMandate as well with your own credentials. This process allows all future parties in the transaction to verify that both the buyer and seller are committed to the same CartMandate. This form of encryption applies to all of the mandates in the AP2 flow, and is the same way that sensitive data is transferred between merchants and financial institutions on the internet today.

The Payment Flow

The AP2 payment flow revolves around four primary entities, which communicate to build, sign, and communicate the VDC mandates.

• User Agent (UA) / Shopping Agent (SA): The AI interface that the user interacts with (e.g., Gemini, ChatGPT). It understands the user's needs, builds a cart, and obtains authorization.
• Credentials Provider (CP): A specialized entity (e.g., a digital wallet) that securely manages the user's payment credentials and methods.
• Merchant Endpoint (ME): An interface or agent representing the merchant to showcase products and negotiate a cart.
• Merchant Payment Processor Endpoint (MPP): The entity that constructs the final transaction authorization message for the payment network.

The full AP2 flow outlined here, optionally covering both flows by leveraging the Intent Mandate in this case, paints a full picture of the lifecycles of the VDC mandates as the transaction progresses.

The steps in the diagram above are explained more deeply below:

• Steps 1-5
  • The end user starts a conversation with the primary Shopping Agent
  • Optional “human-not-present” flow: For an even more autonomous and frictionless experience, in these first steps you can define your intent upfront. By working with the Shopping Agent to build an IntentMandate, you can enter the “human-not-present” flow. You can set guidelines on what product you want, how much you are willing to pay for it, and how you are planning to pay for it. Upon creating a populated IntentMandate, the Shopping Agent is then empowered to fulfill the entire transaction without any more explicit confirmations. It will leverage your upfront directives to build and circulate the CartMandate and PaymentMandate as needed. Without the IntentMandate, the user is in the “human-present” flow, and will explicitly sign off on the finalized CartMandate and PaymentMandate.
• Steps 6-12
  • The Shopping Agent works with the Merchant Agent to compile and mutually agree on a cart, which becomes the CartMandate
• Steps 13-20
  • The Shopping Agent works with the Credentials Provider (the user’s digital wallet) and the merchant to compile financial information, and then create the PaymentMandate
    • Contains information like total price and available payment methods from both the merchant and the consumer
  • Steps 15-16, where the CartMandate and payment options are presented to the user, are skipped in the “human-not-present” flow
• Steps 21-22
  • The user is presented with the relevant CartMandate and PaymentMandate information, and verifies it
    • Note: If the user opted into the “human-not-present” flow by generating and signing an IntentMandate, then this step is skipped, since the intent has been pre-approved
• Steps 23-26
  • The PaymentMandate goes to the Credentials Provider to disburse funds for the purchase
  • The CartMandate goes back to the merchant for auditing purposes (implied, any time after step 22)
• Steps 27-32
  • Once funds are disbursed, the product is processed and a receipt is communicated back to the end user

In this payment flow, whether “human-present” or “human-not-present”, browsing and payment processing are delegated off to agents that are uniquely suited to aggregate resources, present information, and execute secure financial transactions.

Conclusion

The frontier of agentic payments is just beginning, and industry leaders are coming together to build a scalable framework to empower both consumers and developers and keep our data safe in an increasingly autonomous world. The AP2 protocol is a foundation that is being built upon by partners like Mastercard, Coinbase, and Cloudflare, and is using input from experienced developers all over the world. The core implementation and initial proof-of-concept examples can be found in the AP2 GitHub repo for further exploration.

About SZNS Solutions

Here at SZNS Solutions, we have extensive experience building out agentic solutions, from data pipelines to cryptocurrency analysis, that help our clients automate and process their tasks faster and more reliably.

For more information on how SZNS Solutions can help you and your business, reach out to us here: https://szns.solutions/contact