Agentic payments are the mechanisms that move money when an autonomous AI agent buys something on a user's behalf. The agent does not type a card number into a checkout form. It presents a scoped credential (a token, a signed mandate, or a wallet signature) that the merchant or counterparty can verify, redeem against a settlement rail, and reconcile back to a specific user, agent, and transaction. Two rail families have emerged in production. Card networks ship agentic payments through tokenization plus cryptographic mandates: OpenAI's Agentic Commerce Protocol, Mastercard's Agentic Tokens, Visa's Trusted Agent Protocol, and Google's AP2 mandate scheme. Onchain rails ship them through stablecoin settlement: Coinbase's x402 protocol revives HTTP 402 to let an agent pay a server in USDC over standard HTTP, and Stripe's machine payments stack wraps the same primitives with recurring billing and dispute machinery. This article maps the payment-flow mechanics step by step: who signs what, who verifies what, and where the dollars actually settle.
​

Agentic payments move money when an autonomous AI agent buys on a user's behalf, using scoped credentials rather than typed card numbers. The agent presents a token, signed mandate, or wallet signature that a merchant verifies, redeems against a card or stablecoin rail, and reconciles back to the user. Two rail families dominate 2026 deployments.
​

An agentic payment is a payment authorized, initiated, or executed by an autonomous AI agent acting under delegated authority from a human user or a business. The agent runs a four-step lifecycle for each transaction: discover the merchant or counterparty, prove the user authorized the purchase, transmit funds, and reconcile the result. The primitives that live inside step three (the actual money movement) are what define an agentic payment system. They differ from human checkout primitives in three concrete ways: the credential is scoped per-purchase rather than a long-lived saved card, the consent is cryptographically signed rather than implied by a click, and the agent's identity is a separate verification step from the buyer's identity.
​

The category breaks into three working buckets. Consumer agent payments power purchases inside chat surfaces (ChatGPT, Perplexity Comet, Amazon Rufus) and almost always settle on card rails. Enterprise agent payments cover internal procurement, SaaS renewals, and invoice payments routed by Microsoft Copilot, Salesforce Agentforce, or custom internal agents. Machine-to-machine payments cover sub-cent transactions for API calls, data feeds, and compute, where card interchange economics break down and stablecoins take over.
​

The market sizing is early-stage but converging. Juniper Research's April 2026 forecast projects $8 billion in global agentic spend in 2026, scaling to $1.5 trillion by 2030. McKinsey's QuantumBlack practice puts the 2030 number at $3 trillion to $5 trillion in orchestrated retail spend. Both forecasts are five-to-six-year curves. The current footprint is smaller and more visible: x402 alone has roughly 69,000 active agents and 165 million transactions in its first months, per Coinbase's reported numbers, with about $50 million in cumulative volume at an average ticket of $0.31.
​

Every agent purchase runs a four-step lifecycle: discovery of merchant and payment options, authorization through scoped credentials or signed mandates, payment via card or stablecoin settlement, and reconciliation back to the agent, user, and original consent record. The four steps compose across protocols rather than ship as a single vertical stack, so production agents typically mix and match primitives.
​

Every agent purchase moves through the same four steps regardless of rail. The mechanics inside each step shift across card and stablecoin paths, but the sequence does not.
​

Step 1: Discovery. The agent learns what merchant exists, what it sells, and what payment methods it accepts. On consumer surfaces, discovery uses Anthropic's Model Context Protocol (MCP) for tool calls and Google's UCP for capability negotiation. On machine-to-machine surfaces, discovery is implicit: the server returning HTTP 402 advertises its payment requirements in the response header.
​

Step 2: Authorization. The agent has to prove the user delegated this purchase, and the merchant has to prove the agent is legitimate. This is where most of the new primitives sit. Card rails issue a Shared Payment Token bound to a specific merchant and amount. Google's AP2 issues a cryptographic mandate signed by the user or the user's identity provider. Visa TAP signs the agent's identity into HTTP request headers. Stablecoin rails compress authorization into a wallet signature on a transfer authorization payload (EIP-3009) or a signed approval (Permit2).
​

Step 3: Payment. Funds move. On card rails, the merchant runs the SPT through a processor (typically Stripe), the network authorizes against the issuer, and settlement runs through normal interchange. On stablecoin rails, the agent's signed payload is submitted to the chain through a facilitator, settlement is final at block confirmation, and there is no separate clearing window.
​

Step 4: Reconciliation. The merchant or counterparty records the transaction with enough metadata to attribute it back to the agent, the user, and the original mandate or token. Card networks store the SPT plus AP2 mandate as evidence for chargeback adjudication. Stablecoin rails record the onchain transaction hash plus any off-chain context (invoice ID, agent ID, x402 facilitator log).
​

The composition matters. A single purchase can use MCP for tool discovery, AP2 for the consent signature, an SPT for the payment credential, and a Stripe processor for settlement. The four steps are designed to plug together across protocols rather than ship as a vertical stack. Most production agents in 2026 mix card-rail authorization (TAP, AP2) with stablecoin settlement (x402) only in research deployments. Production volume splits cleanly: consumer purchases ride card rails end-to-end, machine-to-machine traffic rides stablecoins end-to-end.
​

Card-rail agentic payments use Visa, Mastercard, and Amex networks plus existing acquirer relationships, layered with agent-specific cryptography: ephemeral Shared Payment Tokens, AP2 mandates, and signed identity headers. Four primitives dominate as of April 2026: OpenAI's ACP/SPT, Mastercard's Agentic Tokens (Agent Pay), Visa's Trusted Agent Protocol, and Google's AP2 mandates. They compose with one another rather than compete.
​

Card-rail agentic payments inherit the existing payment networks (Visa, Mastercard, Amex), the existing acquirer-merchant relationships, and the existing chargeback rules. What gets added is a layer of agent-specific cryptography on top: ephemeral tokens, mandates, and signed identity headers. The four primitives below are the dominant ones in production as of April 2026.
​

OpenAI's Agentic Commerce Protocol, co-developed with Stripe, is built around the Shared Payment Token. When a user agrees to a purchase inside ChatGPT, the buyer's payment provider issues a token bound to four properties: the merchant's identifier, a maximum amount, an expiry (usually minutes), and a single-use flag. The token is what the agent passes to the merchant. The merchant runs it through its normal processor (Stripe in the launch case), the network authorizes against the underlying card, and the token expires whether or not it is consumed. Card data never reaches the agent or the agent surface.
​

The protocol launched September 29, 2025 with Etsy as the first integrated merchant. About a dozen Shopify merchants went live alongside the original Etsy integration before OpenAI retired ChatGPT Instant Checkout in March 2026. The retirement did not retire ACP; the protocol is still maintained, and the SPT primitive shows up in dedicated retailer apps (Walmart, Target, Instacart) that ChatGPT now hosts inside the conversation surface. ACP's value to the broader ecosystem is the SPT pattern itself: a scoped, observable, single-merchant credential that lets a card-rail agent transact without exposing the buyer's saved payment method.
​

Mastercard's Agent Pay was announced April 29, 2025. The technical primitive is the Agentic Token: a tokenized credential bound to a specific Agent Pay session, with the agent identity, user-defined permissions, and spend limits encoded into the token. Each Agentic Token carries the agent identity into the transaction record, so the issuer can attribute disputes back to the agent and the user can see, per session, what the agent paid and where.
​

The rollout schedule is concrete. Citi and US Bank cardholders gained first access in September 2025. Mastercard then announced full US availability for cardholders in November 2025, with global expansion underway through 2026. PayPal joined the acceptance side October 27, 2025 with a Mastercard partnership covering PayPal-accepting merchants. The merchant side does not need to change much: an Agentic Token presents to the merchant's existing Mastercard processor the way a normal card does, with new transaction metadata flagging it as agent-initiated.
​

TAP solves the merchant-side question. Given an inbound HTTP request from an agent, the merchant has to decide whether the agent is a legitimate buyer or a scraper, a bot, or a competitor's price-checker. Visa launched TAP on October 14, 2025 with Cloudflare as the reference bot-management implementation. The mechanism is straightforward: the agent signs its identity (and a session-bound nonce) into HTTP request headers using public-key cryptography. The merchant fetches Visa's directory key, verifies the signature, and either honors the request or rejects it. The specification is public on GitHub.
​

Early implementers include Adyen, Ant International, Checkout.com, Coinbase, Fiserv, Microsoft, Shopify, Stripe, and Worldpay. TAP is not a payment rail in itself; it is the identity gate that sits in front of one. A typical flow is: agent request arrives at merchant; Cloudflare checks the TAP header; merchant accepts the request; agent then presents an SPT or AP2 mandate for the actual payment. TAP and ACP compose. So do TAP and AP2.
​

The Agent Payments Protocol (AP2) takes a different angle: instead of tokenizing the credential, it cryptographically signs the consent. AP2 mandates are tamper-proof digital receipts where the user (or the user's wallet or AP2-compatible identity provider) signs an explicit transaction intent. The mandate carries: merchant identifier, transaction amount, expiry, and any line-item constraints. The agent presents the mandate at checkout. The merchant verifies the signature against the user's known public key, runs the payment through whatever rail (card or stablecoin), and stores the mandate as non-repudiable proof of consent. Disputes after the fact attach to the mandate signature.
​

AP2 was developed alongside Google's Universal Commerce Protocol and ships as the default payment-authorization layer for UCP. PayPal was the first major payment partner to integrate. The mandate primitive is rail-agnostic by design: the same AP2 signature can authorize a card payment, a stablecoin transfer, or a bank-rail ACH pull, depending on what the merchant accepts.
​

Agents pay in stablecoins when card-rail economics break down: card interchange floors near $0.50, settlement runs T+1 to T+3, and chargeback rules assume a human dispute filer. Machine-to-machine traffic averages roughly $0.31 per transaction (x402 data), settles in seconds, and runs 24/7 across borders. Stablecoins fit that load profile; cards do not.
​

Card rails were designed for human-scale transactions. Interchange floors out somewhere around $0.50, chargebacks assume a person filing a dispute, and settlement runs on banking hours. None of those constraints fit an agent that needs to pay fractions of a cent for an API call ten thousand times an hour, or settle in seconds across borders. Stablecoin agentic payments fill the gap. Three pieces of infrastructure define the regime: x402 as the protocol, USDC on Base as the dominant settlement pair, and EIP-3009 / Permit2 as the wallet-signature primitives.
​

HTTP 402 has been reserved for "Payment Required" since the original spec without ever shipping in production. Coinbase's x402 protocol is the operational revival. The flow runs in one HTTP roundtrip from the agent's perspective. A server protecting a paid resource returns HTTP 402 with a payment-required header listing four fields: the chain identifier (CAIP-2 format, for example eip155:8453 for Base), the token contract address (USDC, in most live deployments), the amount, and the recipient address. The agent constructs an EIP-3009 transferWithAuthorization payload, signs with its private key, and replays the original request with an X-PAYMENT header carrying the signed payload. The server hands the signed message to a facilitator (Coinbase Developer Platform runs the reference facilitator), the facilitator submits the transfer onchain, and the server returns the requested resource once settlement is confirmed.
​

The protocol was open-sourced and donated to the Linux Foundation, joining MCP and A2A in the same governance home. Per Cryptonews coverage of Coinbase's reported numbers, x402 reached 69,000 active agents and 165 million transactions in its first months, with about $50 million in cumulative volume. The math: $50 million across 165 million transactions is roughly $0.31 per call, sized for API metering and machine-to-machine billing rather than retail purchases. Agent.market, Coinbase's app store for autonomous agents, launched April 2026 on top of x402 settlement.
​

Stripe's machine payments stack adds a familiar layer to onchain rails: invoicing, retries, dispute logs, and developer-grade analytics, applied to stablecoin transfers rather than card transactions. The machine payments documentation covers two primary flows. The first is a one-shot HTTP 402 flow that mirrors x402: server returns 402, agent signs and pays, server confirms. The second is recurring billing, where Stripe's existing subscription primitives sit on top of x402 settlement so a developer can charge an agent $0.001 per inference call without rebuilding the metering layer.
​

Stripe's x402 integration shipped February 2026 with USDC on Base as the launch settlement pair. The choice was deliberate: USDC's supply (about $77.3 billion as of late April 2026 per DeFiLlama) and Base's gas economics give Stripe the same dollar-denominated semantics as a normal Stripe charge, with finality in seconds rather than days. Stripe has signaled support for additional chains and tokens through 2026.
​

The reason an agent can pay without holding native gas tokens or running a long ERC-20 approval cycle is a pair of signature standards. EIP-3009 is a stablecoin-transfer authorization: the token holder signs an off-chain message with a nonce, an amount, a recipient, and a valid window. Anyone with the signed message can submit the transfer and pay the gas. USDC, PYUSD, and several other major stablecoins implement EIP-3009 natively, which is why x402 facilitators can submit transfers on behalf of paying agents. The agent never has to hold ETH, SOL, or any other gas token to make a payment.
​

Permit2, the Uniswap-authored approval primitive, plays a different role. Where EIP-3009 authorizes one transfer, a Permit2 signature can authorize a stream of transfers within a deadline. An agent that runs many micropayments to the same counterparty signs once and the spender (the merchant or facilitator) can pull repeatedly within the limit. Combined, EIP-3009 covers one-shot payments, and Permit2 covers metered or streaming payments. Both standards predate agentic commerce, but they fit the use case naturally.
​

Three structural properties make stablecoins the default settlement currency for machine-to-machine agent payments. First, the unit of account is dollars, which lets agents reason about cost in the same currency the human reasons about. Second, settlement is final at block time (sub-second on Solana, two seconds on Base), so an agent does not have to manage a clearing window. Third, the gas cost on a layer-2 like Base is fractions of a cent per transfer, which lets the economics work even at $0.31 average ticket sizes. The total stablecoin market sits around $318 billion as of late April 2026 (DeFiLlama), with USDC at $77.3 billion and USDT at $189.5 billion, so liquidity is not a constraint at the volumes agentic payments produce today.
​

Authorization, identity, and spend controls are the three engineering layers that keep agent purchases inside user intent: consent proves the user signed off on the transaction, identity proves the agent is legitimate (not a bot or scraper), and spend caps prove the amount stays inside the user's budget. Production deployments stack issuer-side, wallet-side, and policy-engine controls.
​

The hardest engineering problem in agentic payments is not moving the money. It is making sure the right user authorized this specific transaction, the merchant is talking to a legitimate agent rather than a bot, and the agent's spending stays inside the user's intent. Three layers of control are visible in production deployments.
​

Consent: did the user authorize this? The card-rail answer is the SPT plus the AP2 mandate. The SPT proves the buyer's payment provider scoped a credential to this merchant and amount; the AP2 mandate proves the user (or the user's wallet) signed an explicit consent message that the agent then presented. Together they create a non-repudiable record: the merchant has cryptographic evidence of consent, and the network has a token that can only be redeemed within its scoped parameters. The stablecoin-rail answer is simpler: the wallet signature on the EIP-3009 payload is itself the consent record. If the agent holds the user's signing key directly, the signature attests to user consent. If the agent holds a delegated key (via account abstraction, a session key, or an AP2 mandate), the delegation chain is what gets verified.
​

Identity: is this agent legitimate? Visa TAP is the production answer for card rails. Agents register with Visa's directory; the merchant fetches the public key and verifies the signed HTTP header on every request. Cloudflare's bot-management layer integrates TAP as part of its ruleset, which extends agent verification to anything sitting behind Cloudflare's edge. On stablecoin rails, identity is a wallet address plus whatever off-chain attestations the agent provides (ENS name, Worldcoin proof of personhood, Coinbase Verified credential). The verification model is opt-in rather than mandatory, but x402 facilitators can require attestations before settling.
​

Spend caps: how does the agent stay inside intent? Three control points compose. Issuer-side caps live inside the SPT: the token's amount and expiry are network-enforced, so the agent cannot spend more than the token allows. Wallet-side caps live inside AP2 mandates: the mandate's amount and merchant scope are signed by the user, so a merchant outside the mandate's scope cannot redeem it. Policy-engine caps live in the agent runtime: rate limits, allow-listed merchants, time-of-day rules, and daily totals applied before any payment primitive fires. Most production deployments use all three. Agent spend controls get a deeper treatment in a sibling article.
​

Card rails fit consumer purchases, regulated merchants, and dispute-sensitive flows where chargebacks and network finality matter. Stablecoin rails fit machine-to-machine billing, micropayments, and cross-border B2B where sub-cent tickets and seconds-to-finality matter. The split is not zero-sum: AP2 mandates and Visa TAP gates apply equally to both rails, and Stripe settles stablecoins under card-style reporting surfaces.
​

The two rail families serve different transaction profiles. The table below summarizes the tradeoffs for engineering and product teams choosing where to integrate.

The split is not zero-sum. AP2 mandates can authorize either rail. Stripe's machine payments stack settles in stablecoins under the hood while exposing the same dispute and reporting surfaces as card payments. Visa's TAP gates apply equally well to a stablecoin-settled flow as a card-settled one, because TAP signs the agent identity into HTTP headers regardless of what payment primitive comes next. Production agents in 2026 typically run card rails for consumer-side purchases, stablecoin rails for the infrastructure layer (compute, data, model inference), and AP2 mandates as a common authorization layer where the user's consent has to persist across both.
​

Sources and methodology. Stablecoin supplies and TVL pulled from DeFiLlama on April 30, 2026. Protocol launch dates verified against issuer press releases linked inline. x402 transaction stats from Cryptonews' April 2026 reporting. Figures refresh quarterly.
​

Eco operates as a stablecoin execution network across 15 chains, providing the cross-chain settlement layer that agentic payment protocols (x402, Stripe MPP, AP2) rely on when a single agent transacts across multiple chains. The agent submits a stablecoin payment intent; Eco selects a solver, sources liquidity, and settles to the recipient regardless of where the agent's balance currently lives.
​

When agentic payments span multiple chains, the cross-chain settlement layer becomes load-bearing. An agent paying for video generation on Base, a data feed on Solana, and a compute provider on Arbitrum cannot assume the dollars sit on the right chain at the right time. Eco operates as a stablecoin execution network across 15 chains, with cross-chain messaging via Hyperlane and CCTP as the live transport rails. The agent presents a stablecoin payment intent (pay X USDC to address Y on chain Z); Eco selects a solver, sources liquidity, and settles to the recipient address regardless of which chain the agent's balance currently lives on. For x402, MPP, and AP2 deployments that need to settle across more than one chain, the chain-agnostic execution surface is what keeps the agent's payment logic from collapsing into per-chain branches. Companion reading: stablecoin developer tools and stablecoin swap aggregators for the adjacent surfaces.
​

The mechanics covered in this article (SPT, AP2 mandates, TAP, x402, EIP-3009) are the primitives that authorize and verify a payment. The settlement layer is what makes the dollars actually arrive. For agent operators building beyond a single chain, the two halves compose: the agentic commerce primer covers the broader category, the x402 protocol deep-dive covers the stablecoin-rail specifics, and agent wallets covers the key-management primitives that hold the signing material on the agent side.
​