Agent payment protocols are open specifications that define how AI agents communicate with merchants, payment networks, and other agents during the purchase lifecycle. Six dominate the agentic commerce stack as of April 2026: OpenAI's ACP, Google's UCP, Google's AP2, Anthropic's MCP, Google's A2A, and Visa's TAP. Each protocol covers a different slice of the discovery-authorization-payment-fulfillment flow, and most production deployments use two or three together. This guide compares all six side by side: who backs each one, what part of the flow it covers, how the mechanism actually works, what its current status is, and how the protocols compose in real systems. The headline finding is that the protocols are largely complementary, not competitive — a working agent commerce stack typically blends MCP with one commerce protocol, one authorization protocol, and a settlement rail.
​

Agent payment protocols are open wire-format specifications that let autonomous AI agents transact with merchants and other agents without a human pressing a button. Six dominate the agentic commerce stack as of April 2026: ACP, UCP, AP2, MCP, A2A, and Visa TAP. Each covers a different slice of the discovery, authorization, payment, and fulfillment lifecycle, and most production deployments combine two or three.
​

Agent payment protocols are the wire-format specifications that let an autonomous AI agent transact with a merchant or another agent without a human pressing a button. They cover four pieces of the purchase lifecycle. Discovery is how the agent learns what merchants exist and what they sell. Authorization is how the merchant verifies that a real user delegated the purchase. Payment is how the funds actually move. Fulfillment is how the order moves through the merchant's existing pipeline. Most protocols address one or two of these pieces; only Google's UCP attempts to cover the full journey in a single specification.
​

The category exists because traditional e-commerce APIs assume a human at the keyboard. A REST endpoint that returns HTML, a checkout form that expects a browser, a card field that posts back a CSRF token — none of those compose cleanly with an agent that has to decide between forty merchants in three seconds. The protocols below replace those assumptions with machine-readable equivalents: capability profiles instead of HTML pages, scoped payment tokens instead of saved cards, cryptographic mandates instead of click-throughs, signed identity headers instead of CAPTCHAs.
​

For broader background on why this category emerged in 2025-2026 and how the protocols relate to the rest of the agentic commerce stack, see the pillar guide on what agentic commerce is and the deep-dive on agentic payments mechanics.
​

The six dominant protocols split across three vendor camps. OpenAI backs ACP. Google backs UCP, AP2, and A2A. Anthropic backs MCP. Visa backs TAP. Five are open-licensed under Apache, MIT-style, or Linux Foundation governance; one is Visa's open ecosystem spec. Scope ranges from narrow checkout calls (ACP) to full purchase journeys (UCP).
​

The table below summarizes each protocol's backer, scope, mechanism, current status, and license. Read it as a map: every cell is a deliberate choice that shapes how a merchant or agent platform integrates.

Two patterns are visible in the table. First, three of the six come from Google in some form (UCP, AP2, A2A), reflecting Google's strategy of fielding a multi-protocol stack rather than a single vertical solution. Second, the protocols mostly do not overlap on scope. ACP and UCP both touch the checkout call and are the closest to direct competitors; the rest occupy distinct slices of the lifecycle. That separation is why composition, not selection, is the more relevant question for production teams.
​

Each protocol gets a dedicated subsection covering the same five questions: who built it, what it does, how the mechanism works, where it stands today, and when to use it. Order follows public launch chronology, starting with MCP (Nov 2024), then ACP (Sept 2025), Visa TAP (Oct 2025), AP2 (Oct 2025), A2A (2025), and UCP (Jan 2026).
​

Each subsection below covers the same five questions: who built it, what it does, how the mechanism actually works, where it stands today, and when to use it. The order follows a rough chronology of public launches.
​

Anthropic open-sourced MCP in November 2024. The protocol defines a JSON-RPC 2.0 wire format that lets an AI agent connect to a server and discover three resource types: tools (functions the agent can call), resources (read-only data the agent can fetch), and prompts (parameterized templates the agent can use). The transport runs over stdio, HTTP, or WebSocket. The design borrows the request-response shape of Microsoft's Language Server Protocol, which solved a similar plurality problem for code editors.
​

Anthropic, Google, Microsoft, OpenAI, Visa, and Mastercard committed to MCP within roughly six months of release, making it the most-adopted protocol on this list. Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation in December 2025, co-founded with Block and OpenAI. The donation moved governance out of any one vendor's hands and is part of why MCP became the default upstream tool layer that other commerce protocols compose with rather than against.
​

MCP is not a payment protocol on its own. It is the data plane that every payment protocol assumes. A shopping agent uses MCP to read a merchant's product catalog, query inventory, or call a search tool; it then calls ACP, UCP, or AP2 for the checkout step. The official documentation lives at modelcontextprotocol.io, with reference implementations on GitHub for Slack, GitHub, Postgres, Drive, Stripe, and Block.
​

When to use MCP. Always. If a team is building any agent that interacts with external tools or data, MCP is the closest thing to a default. If the agent also transacts, MCP runs underneath the commerce protocol of choice.
​

ACP is OpenAI's protocol, co-developed with Stripe. The core primitive is the Shared Payment Token (SPT): a single-use, time-bounded token issued by the buyer's payment provider, scoped to a specific merchant and a maximum dollar amount. The agent receives the SPT from the buyer's wallet, passes it to the merchant during checkout, and the merchant runs it through its standard card processor. The buyer's card credentials never reach the agent. The specification is published under Apache 2.0.
​

OpenAI launched ACP on September 29, 2025 as the protocol behind ChatGPT Instant Checkout, with Etsy as the first integrated merchant and a Shopify integration announced shortly after. Stripe processed the payment-side flow. Adoption stayed thin: only about a dozen Shopify merchants ever went live alongside Etsy before OpenAI retired Instant Checkout in March 2026 and replaced it with dedicated retailer apps inside ChatGPT (Walmart, Target, and Instacart were the launch partners). PayPal subsequently adopted ACP as one of the rails inside its broader agentic commerce framework with Mastercard.
​

Even with Instant Checkout retired, the ACP specification persists. Stripe continues to support SPT minting through its Agentic Commerce Suite, and any merchant that wants the SPT pattern can implement it independently of OpenAI's surface.
​

When to use ACP. When the agent platform is OpenAI's surface or any compatible chat surface, the merchant accepts cards, and the team wants a minimal specification rather than a full discovery-to-fulfillment protocol. ACP is narrowly the checkout call.
​

UCP is Google's answer to ACP, with a much wider scope. Sundar Pichai announced UCP at NRF 2026 in his January keynote. Backing partners include Shopify, Walmart, Target, Best Buy, Etsy, PayPal, Visa, Stripe, and American Express. The technical specification is public, with implementation guidance on the Google Developers blog.
​

The mechanism runs in three phases. First, an agent fetches a merchant's capability profile, a JSON document that declares which services the merchant exposes (product search, checkout, returns, subscriptions). Second, the agent calls the merchant's checkout endpoint, optionally chaining AP2 for the payment authorization step. Third, post-purchase events (order updates, dispute workflows, refund requests) flow over the same channel back to the agent. UCP composes natively with AP2 for payments, MCP for tool discovery, and A2A for cross-vendor agent delegation. Google positions UCP as a "universal" rather than a competitor to ACP because the chaining works.
​

When to use UCP. When a merchant wants one protocol covering the full purchase journey rather than three. UCP is the closest thing to a complete commerce specification on the list, and the launch-partner roster (Shopify, Walmart, Target, Visa, Stripe) suggests it will become the default for large retailers.
​

AP2 separates two questions that card-rail processors normally bundle: did the user authorize this purchase, and is the payment instrument valid. Each AP2 authorization is a cryptographic mandate signed by the user, typically through the user's wallet or an AP2-compatible identity provider. The mandate carries the merchant identifier, the transaction amount, an expiry, and a unique mandate ID. The agent presents the mandate at checkout. The merchant verifies the signature against the user's public key, runs the payment, and stores the mandate as a non-repudiable receipt.
​

Google built AP2 with payment partners and made it the default authorization layer in UCP's reference flow. PayPal is the most public AP2 partner, integrating it as part of the Mastercard and PayPal Agent Pay Acceptance Framework announced October 27, 2025. The protocol is production-ready, with the GitHub repo at google-agentic-commerce/AP2.
​

Compared to the SPT pattern in ACP, AP2 mandates are user-signed rather than provider-issued. That difference matters for dispute attribution: a mandate produces a tamper-evident artifact tied to the user's keypair, whereas an SPT produces a token issued by the user's wallet provider. AP2 is closer to a digital signature on a cheque; SPT is closer to a single-use prepaid card.
​

When to use AP2. When the implementation needs cryptographic non-repudiation for user consent, the agent surface supports a wallet or identity provider that can sign, and the merchant integrates UCP or another protocol that calls AP2 for the payment step.
​

A2A is the protocol for one agent delegating to another. Google released A2A in 2025 and donated it to the Linux Foundation, which now governs the project. The mechanism is an envelope format: an initiating agent sends a task envelope to a worker agent, containing the task description, parameters, a callback URL, and an authentication token. The worker processes the task and posts the result back to the callback. A2A is designed for cross-vendor delegation — an OpenAI-built agent can hand work to a Salesforce-built agent without a custom bilateral integration.
​

By April 2026, A2A had reached production deployment at over 150 organizations, per the Linux Foundation's April 9 release. Major cloud platforms wired A2A into their agent runtimes: Microsoft Azure AI Foundry, Amazon Bedrock AgentCore, and Salesforce all surface A2A as a first-class capability for enterprise agent workloads. The reference repository is at github.com/google/A2A.
​

A2A is not a payment protocol. It is the inter-agent transport that makes payment-protocol composition possible across vendors. A shopping agent on one platform might delegate price comparison to a specialist agent on another, or delegate the checkout call itself to a merchant-side agent that runs UCP. Without A2A, every cross-vendor handoff requires a custom adapter.
​

When to use A2A. When the agent system spans more than one vendor or runtime, particularly enterprise systems where Microsoft, Amazon, and Salesforce agents need to interoperate without a bilateral integration per pair.
​

Visa launched TAP on October 14, 2025 with Cloudflare. TAP solves a problem the merchant side cares about most: distinguishing a legitimate AI agent from a scraper, a bot, or a fraudster. TAP signs the agent's identity and the user authorization claims into HTTP request headers using JSON Web Signature (JWS), with optional JSON Web Encryption (JWE) wrapping for confidential payloads. The merchant fetches Visa's directory key, verifies the signature, and confirms both the agent identity and the user authorization in a single step.
​

TAP is not a payment protocol. No money moves over TAP. It is an identity and consent layer that sits in front of whatever payment rail the merchant runs. The specification is on GitHub, published as an open ecosystem-led standard. Early implementers include Adyen, Ant International, Checkout.com, Coinbase, Fiserv, Microsoft, Shopify, Stripe, and Worldpay — a list that overlaps heavily with UCP launch partners, suggesting TAP is being positioned as the identity wrapper around UCP and other commerce protocols rather than a substitute for them.
​

When to use TAP. When merchant-side fraud and bot detection are first-order concerns, the merchant accepts Visa rails, and the team wants a cryptographic answer to "is this agent legitimate" that does not depend on heuristic bot-detection vendors. TAP layers cleanly on top of ACP or UCP.
​

The protocols are largely complementary, not competitive. ACP and UCP are the only pair that overlaps directly on scope (both cover the checkout call). Everywhere else, the six occupy distinct lifecycle slices that compose cleanly. Two reference stacks dominate production today: an OpenAI ACP stack and a Google UCP stack, each layered on MCP underneath.
​

The most common mistake new teams make is treating the six protocols as competitors. The exception is ACP and UCP, which both cover the checkout call and overlap on scope. Everywhere else, the protocols are designed to compose. Two reference stacks dominate production deployments today.
​

The OpenAI / ACP stack: MCP for tool discovery, ACP for the checkout call, optional Visa TAP for identity headers, plus a card processor (Stripe in the canonical implementation) for settlement. This was the stack behind ChatGPT Instant Checkout. After the March 2026 retirement, it persists for any merchant integrating the SPT pattern outside the original OpenAI surface.
​

The Google / UCP stack: MCP for tool discovery, UCP for the merchant journey, AP2 for the payment-authorization step inside UCP, A2A for cross-vendor agent delegation, and a payment rail (card networks via Visa or PayPal, or stablecoins via x402) for settlement. This is the stack the NRF 2026 launch partners are integrating.
​

A typical UCP-stack purchase flows through the protocols in this order. The user issues a goal to an agent ("buy a backup hard drive under $200"). The agent uses MCP to read merchant tool catalogs and product listings. The agent calls UCP capability-profile endpoints on candidate merchants, picks one, and triggers UCP checkout. UCP requests an AP2 mandate from the user's wallet for the proposed amount. The user signs the mandate. UCP forwards the signed mandate to the merchant. The merchant verifies and either runs the payment on its existing card processor or, for crypto-native flows, settles in stablecoins. If any step requires a specialist agent (price comparison, shipping calculation), A2A handles the delegation. If the merchant requires Visa-verified agent identity, TAP signs the HTTP headers throughout.
​

For B2B and machine-to-machine flows, a third stack is forming: MCP plus x402 for stablecoin settlement, with TAP optionally signing identity. That stack is documented in detail in the sibling article on agentic payments.
​

The right framing is rarely "which protocol" but "which combination, given my role in the stack." Merchants typically need MCP plus UCP or ACP plus optional Visa TAP. Agent platforms need MCP plus A2A plus one commerce protocol. Payment processors need ACP plus AP2 plus TAP. The five role-based recommendations below cover most production decisions in 2026.
​

The right question is rarely "which protocol" but "which combination, given my role in the stack." Five role-based recommendations cover most production decisions.
​

If you are a merchant. Implement MCP for any agent-readable surfaces (search, inventory, returns). Adopt UCP if your customer base skews toward Google, Shopify, and large-retailer agent platforms; adopt ACP if your customer base skews toward OpenAI's surface or PayPal's checkout flow. The two are not mutually exclusive — most large retailers are integrating both in parallel. Layer Visa TAP if Visa is a major rail and merchant-side bot/fraud detection matters more than the integration cost.
​

If you are an agent platform. Build on MCP as the tool layer regardless. Pick UCP or ACP based on which merchant base your users transact with most. Implement A2A if your platform expects to interoperate with enterprise agents from Microsoft, Amazon, or Salesforce. Implement AP2 if your platform supports user-signed wallets or identity providers and your merchants demand non-repudiable consent.
​

If you are a payment processor or issuer. Stripe and Adyen have already implemented ACP and TAP. PayPal has implemented ACP, AP2, and the joint framework with Mastercard. The minimum viable protocol set for a payment processor in 2026 is ACP plus AP2 plus TAP, with UCP optional depending on the merchant relationship.
​

If you are an enterprise running internal agents. A2A is the protocol that matters most. Internal agent fleets at scale require cross-vendor delegation, and the 150-plus organizations in production with A2A by April 2026 reflect that demand. MCP is also non-negotiable for tool access. ACP, UCP, AP2, and TAP only enter the picture if the agents transact externally.
​

If you settle in stablecoins rather than cards. The protocol set narrows. MCP, A2A, and optionally AP2 still apply. ACP and UCP technically support stablecoin settlement under their abstractions but are designed primarily for card flows. The protocols built specifically for crypto-native agent payments are x402 (Coinbase + Linux Foundation) and Stripe's Machine Payments Protocol. TAP can layer on top for identity if Visa-verified agents are required.
​

Sources and methodology. Protocol details verified against primary sources: OpenAI, Google UCP, Anthropic MCP, Visa TAP, and the Linux Foundation for A2A. Launch dates verified against issuer press releases linked inline. Figures refresh quarterly.
​

Eco operates as a stablecoin execution network across 15 chains, complementing the six agent payment protocols rather than competing with them. The protocols define how the agent talks to the merchant; Eco defines how the dollars actually settle when an agent paying USDC on one chain transacts with a counterparty whose treasury sits on another. The two layers compose.
​

The six protocols above handle the agent-to-merchant communication layer. They define how the agent speaks to the counterparty, how user consent gets attested, and how the payment instrument gets passed across the wire. None of them solves the problem of where the dollars actually settle when the merchant accepts payment in stablecoins on a different chain than the agent's wallet. Eco operates as a stablecoin execution network across 15 chains, abstracting routing, solver selection, and finality so that an agent paying in USDC on Base can transact with a counterparty whose treasury sits on Solana, Arbitrum, or Tron without writing the bridging logic itself. For teams composing one of the agent payment protocols above with stablecoin settlement, Eco handles the cross-chain orchestration that the commerce protocol does not. The same logic applies to cross-chain messaging and intent-based settlement: protocols define the agent-side conversation, orchestration networks define where the money lives.
​

The six questions below address the most common confusion points teams hit when evaluating agent payment protocols. They cover ACP versus UCP scope, MCP's payment role, AP2 versus shared payment tokens, Visa TAP's relationship to card processors, the right starting point for small merchants, and how A2A connects to commerce protocols.
​

ACP is OpenAI's narrower checkout protocol, built around the Shared Payment Token. UCP is Google's broader specification covering discovery, checkout, and post-purchase across the journey. ACP is one phase of the lifecycle; UCP attempts to cover the whole thing and chains AP2 for payment authorization. Most large retailers integrate both in parallel rather than choosing.
​

No. MCP is the agent-to-tool data plane. Agents use MCP to read merchant catalogs, query inventory, and call functions. Payment happens through ACP, UCP, AP2, or a stablecoin settlement protocol. MCP runs upstream of every commerce protocol; it is not a substitute for any of them.
​

AP2 mandates are signed by the user's wallet or identity provider, producing a tamper-evident receipt of consent. ACP's SPT is a single-use token minted by the buyer's payment provider, scoped to a merchant and amount. AP2 gives stronger non-repudiation; SPT gives a simpler integration. UCP composes AP2 for the payment-authorization step in Google's reference flow.
​

No. TAP is an identity and consent wrapper, not a payment rail. TAP signs HTTP request headers so the merchant can verify the agent is legitimate and the user authorized the purchase. The actual payment runs on whatever rail the merchant uses — typically Visa, Mastercard, or PayPal. The TAP specification explicitly does not move funds.
​

Start with MCP for any agent-readable surfaces (catalog, search, inventory). Then adopt either UCP or ACP based on which agent platform your customers use most. Most retailers integrating in 2026 are doing both in parallel because the cost is small relative to the addressable agent traffic. Visa TAP is optional unless fraud risk dominates the integration decision.
​

A2A is the inter-agent transport layer. It does not handle merchant communication or payment. Instead, A2A lets one agent delegate work to another agent across vendors. A shopping agent on OpenAI's surface might delegate price comparison to a specialist agent on Salesforce, then call UCP at the chosen merchant. By April 2026, more than 150 organizations deploy A2A in production.
​