Google Cloud has announced the Agent Payments Protocol (AP2), an open protocol developed with payments and technology companies to securely initiate and transact agent-led payments across platforms.
AP2 can be used as an extension of the Agent2Agent (A2A) protocol and Model Context Protocol (MCP). In concert with industry rules and standards, it establishes a payment-agnostic framework for users, merchants, and payments providers to transact with confidence across all types of payment methods.
With AP2, Google Cloud is now collaborating with a diverse group of more than 60 organisations to help shape the future of agentic payments.
Why is a Protocol Needed?
AI agents are capable of transacting on behalf of users, which creates a need to establish a common foundation to securely authenticate, validate, and convey an agent’s authority to transact. While today’s payment systems generally assume a human is directly clicking “buy” on a trusted surface, the rise of autonomous agents and their ability to initiate a payment breaks this fundamental assumption and raises critical questions that AP2 helps to address, including:
- Authorisation: Proving that a user gave an agent the specific authority to make a particular purchase.
- Authenticity: Enabling a merchant to be sure that an agent’s request accurately reflects the user’s true intent.
- Accountability: Determining accountability if a fraudulent or incorrect transaction occurs.
Rao Surapaneni, vice president and general manager, Business Applications platform, Google Cloud, said, “AP2 is an open, shared protocol that provides a common language for secure, compliant transactions between agents and merchants, helping to prevent a fragmented ecosystem. It also supports different payment types – from credit and debit cards to stablecoins and real-time bank transfers. This helps ensure a consistent, secure, and scalable experience for users and merchants, while also providing financial institutions with the clarity they need to effectively manage risk.”
How it Works: Establishing Trust Via ‘Mandates’ and Verifiable Credentials
AP2 builds trust by using Mandates, which are tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of a user’s instructions. These Mandates are signed by verifiable credentials (VCs) and act as the foundational evidence for every transaction.
Mandates address the two primary ways a user will shop with an agent:
- Real-time purchases (human present): When you ask an agent, “Find me new white running shoes,” your request is captured in an initial Intent Mandate. This provides the auditable context for the entire interaction in a transaction process. After the agent presents a cart with the shoes you want, your approval signs a Cart Mandate. This is a critical step that creates a secure, unchangeable record of the exact items and price, ensuring what you see is what you pay for.
- Delegated tasks (human not present): When you delegate a task like, “Buy concert tickets the moment they go on sale,” you sign a detailed Intent Mandate upfront. This mandate specifies the rules of engagement: price limits, timing, and other conditions. It serves as verifiable, pre-authorised proof that can allow the agent to automatically generate a Cart Mandate on your behalf once your precise conditions are met.
In both scenarios, this chain of evidence culminates in securely linking a user’s payment method to the verified contents of the Cart Mandate. This complete sequence – from intent, to cart, to payment – creates a non-repudiable audit trail that answers the critical questions of authorisation and authenticity, providing a clear foundation for accountability.
