The Agentic Commerce Protocol (ACP) is an open standard for agent-initiated checkout, co-developed by OpenAI and Stripe and released under Apache 2.0 on September 29, 2025. The protocol defines how an AI agent collects a buyer's payment selection, hands a narrowly scoped token to the merchant, and lets the merchant charge that token through any compliant payment service provider while keeping the merchant of record intact. ACP debuted alongside ChatGPT's Instant Checkout feature, which went live with Etsy on launch day and added a dozen Shopify brands (Glossier, Vuori, Spanx, SKIMS) over the following weeks. Instant Checkout was retired in March 2026 after only about a dozen Shopify merchants ever shipped against it, but the protocol itself kept going: PayPal joined as a payment provider on October 28, 2025, Stripe shipped the Agentic Commerce Suite on December 11, 2025, and the latest stable spec version (2026-04-17) lives on GitHub at agentic-commerce-protocol/agentic-commerce-protocol. This piece is the technical primer: the four-actor flow, the Shared Payment Token, the OpenAI Delegated Payment Spec, the production retreat, and where ACP sits next to UCP, AP2, and x402.
​

ACP is an Apache 2.0 open standard, co-maintained by OpenAI and Stripe, that defines how an AI agent runs checkout against a merchant the agent does not own. The protocol covers cart construction, capability negotiation, delegated payment, and order lifecycle. The merchant remains the merchant of record. The agent never sees raw card details. ACP launched on September 29, 2025.
​

ACP defines a contract between four actors: a human buyer, an AI agent acting on the buyer's behalf, a business that sells goods or services, and a payment provider that handles credentials. The agent runs checkout — selecting items, choosing a payment method, confirming totals — without ever holding the buyer's primary account number. The merchant accepts the request, charges through its existing payment service provider, and keeps every other piece of the customer relationship: catalog, pricing, branding, fulfillment, dispute resolution. The Stripe blog frames the design goal directly: "With ACP, you maintain your customer relationships as the merchant of record, retaining control over which products can be sold, how they're presented, how transactions are processed, and how orders are fulfilled."
​

The specification ships under Apache 2.0 with founding maintainers OpenAI and Stripe, governed through a SEP (Specification Enhancement Proposal) process documented in the repo's docs/governance.md. The latest stable spec version is dated 2026-04-17 and covers checkout, payment delegation, cart, feed, orders, authentication, and integration with Anthropic's Model Context Protocol. Companion docs live on OpenAI's developer site and Stripe's documentation portal.
​

The launch surface was ChatGPT's Instant Checkout feature, which went live on September 29, 2025 with Etsy as the first integrated marketplace. Shopify enrolled several brands shortly after — Glossier, Vuori, Spanx, and SKIMS were named at launch — though the total Shopify merchant count never exceeded around a dozen during the feature's six-month run. Fidji Simo, OpenAI's CEO of Applications, framed the protocol's role in the launch announcement: "By co-developing the Agentic Commerce Protocol with Stripe, we're making it possible for businesses of all sizes to meet people where they are."
​

ACP fits inside a broader agentic commerce stack. Other entries in the same category — Google's Universal Commerce Protocol, Visa's Trusted Agent Protocol, Coinbase's x402, Anthropic's Model Context Protocol — each occupy a different layer; the cross-protocol picture is laid out in the agent payment protocols compared reference. ACP is the agent-to-merchant retail-checkout layer, optimized for high-intent purchases of physical or digital goods through a card-rail PSP. It is not a stablecoin protocol, not a tool-discovery protocol, and not an agent-identity protocol.
​

An ACP transaction has four steps. The agent assembles a cart from the merchant's product feed, the buyer selects a payment method inside the agent surface, the payment provider issues a scoped token, and the agent posts that token to the merchant's checkout endpoint. The merchant charges through its own PSP. Settlement and dispute stay merchant-side.
​

The flow has four moving parts. First, the agent reads the merchant's product feed and constructs a cart. Capability negotiation happens here too — the merchant declares which payment handlers it accepts (Stripe SPT, OpenAI Delegated Payment Spec, seller-backed handler, etc.) and the agent picks one. Second, the buyer selects a payment method inside the agent surface. In ChatGPT's Instant Checkout, this was a Stripe-powered checkout panel that surfaced inline; the buyer could pay with any method the user had on file, including Stripe Link. Third, the payment provider issues a scoped token. On Stripe's implementation that token is a Shared Payment Token; on OpenAI's parallel Delegated Payment Spec it is a vault token of the form vt_.... Fourth, the agent posts the token plus the cart to the merchant's ACP checkout endpoint, the merchant creates a PaymentIntent (or equivalent at any compliant PSP), and the charge runs.
​

The merchant's checkout endpoint is where ACP standardizes the integration surface. The Stripe documentation describes the protocol contract: a defined set of HTTP endpoints for cart, checkout, and order updates that a merchant exposes once and any compliant agent can call. The same agent can shop a Shopify store, a Squarespace storefront, a custom storefront on commercetools — the merchant only writes the endpoints once, and the agent only writes the client once. This is the integration shape that the Apache 2.0 license is designed to encourage: any AI surface can drive checkout against any merchant without bilateral negotiation.
​

Risk lives at the payment-provider layer. The PSP signs the token, sets the constraints, and refuses to release credentials outside those limits. The merchant treats the token as a normal payment method on its side — Stripe documents that the merchant simply creates a PaymentIntent with payment_method_data[shared_payment_granted_token] and processes from that point as it would any other digital transaction. The agent never gets the PAN. The merchant never has to write a separate code path for agent-driven traffic.
​

OpenAI's Delegated Payment Spec adds an envelope between OpenAI and the merchant's chosen PSP. The spec defines POST /agentic_commerce/delegate_payment with a signed request header and an idempotency key; the PSP returns a vault token tagged with allowance object (max amount, currency), expiration timestamp in RFC 3339 format, merchant identifier, checkout session reference, and risk signal classifications such as card-testing flags. Settlement responsibility, compliance, and dispute handling remain with the merchant and its PSP. OpenAI is the messenger, not the merchant.
​

The Shared Payment Token is Stripe's reference implementation of ACP's delegated-payment primitive. Each SPT is scoped to one seller profile, one currency, one maximum amount, and one expiration timestamp. It carries the card brand and last four digits but never the PAN. The merchant references the token ID inside a normal PaymentIntent and Stripe handles the credential clone server-side.
​

Token issuance happens at POST /shared_payment/issued_tokens. The agent supplies three fields: the customer's payment_method ID, the seller's network_business_profile identifier, and the usage constraints. The constraints set currency (a single denomination — USD, EUR), maximum amount (the agent typically sets this to match the cart total exactly), and an expiration window expressed as a Unix timestamp. Stripe returns a token of the form spt_123 carrying brand, last four, the constraints, and a status field that reads active, requires_action, or deactivated.
​

Verification at the merchant end is intentionally invisible. The merchant creates a PaymentIntent with payment_method_data[shared_payment_granted_token] set to the SPT ID. Stripe clones the underlying payment method, creates a new PaymentMethod attached to the merchant's account, and processes the charge through that PaymentMethod. If the cart amount exceeds the SPT's max, the currency does not match, the seller does not match the SPT's scope, or the expiration has passed, the PaymentIntent fails before any money moves. The merchant writes no extra validation logic — the constraints are enforced at the credential layer.
​

Three properties matter for any ACP integration. The first is single-seller scope: an SPT issued to one merchant cannot be replayed at another. The second is single-amount scope: the cap is set at issuance and cannot grow afterward; if an agent needs to charge more, it issues a new token. The third is short expiry: Stripe documents tokens as expiring "in minutes," not hours or days, which keeps a leaked token close to useless. None of the three properties contain a PAN. Scoped tokens of this shape are one of the cleanest mechanical patterns for keeping autonomous agent payments inside policy.
​

The OpenAI Delegated Payment Spec defines the same primitive at the protocol layer, abstracted from any specific PSP. Delegated payment tokens carry an allowance (max amount + currency), an expiration in RFC 3339 format, a merchant identifier, a checkout-session reference, and risk-signal fields. PSPs other than Stripe can implement the spec and return their own vault-token format; PayPal's ACP server, announced October 28, 2025 in the PayPal-OpenAI partnership press release, is the second compliant implementation in production and adds PayPal-wallet funding sources (bank, balance, cards, buyer-and-seller protections) on top of the same scoped-token shape.
​

Instant Checkout did not survive its first six months. OpenAI launched the feature with Etsy on September 29, 2025, added a handful of Shopify brands, and retired the in-chat checkout flow in early March 2026. Only about a dozen Shopify merchants ever went live. OpenAI confirmed the retreat in its updated shopping experience announcement on March 24, 2026.
​

The launch shape on September 29, 2025 was narrow but legible. Etsy went live on day one across the full ChatGPT US user base. Stripe's launch announcement named Glossier, Vuori, Spanx, and SKIMS as Shopify enrollees joining "soon after," with the implication that hundreds of additional merchants would follow as Shopify rolled the integration out across its merchant base. That second wave never materialized at scale. Reporting from Modern Retail and CNBC later established that only "about a dozen" Shopify merchants ever shipped against ACP during the Instant Checkout window.
​

The post-mortem points to two structural problems rather than one technical failure. The first was catalog freshness. CNBC reported that Instant Checkout's product selection stayed limited months after launch and item information was not consistently fresh — a flat catalog inside a chat surface that was supposed to feel current. The second was user behavior. OpenAI staff cited in CNBC's reporting noticed that ChatGPT users were researching products in the chatbot but completing purchases elsewhere; the conversion intent that the feature was built around did not show up at the volume the launch had projected. The official OpenAI line in the retirement announcement, quoted by MacRumors, was that Instant Checkout "did not offer the level of flexibility that we aspire to provide."
​

The replacement architecture is structurally different. ChatGPT now treats commerce as a discovery surface rather than a checkout surface. The interface ships side-by-side product comparison, image search, and conversational filtering; checkout itself happens at the merchant's site, either inside an in-app browser on the ChatGPT mobile app or in a separate browser tab on the web. Walmart launched a dedicated ChatGPT app supporting account linking, loyalty, and Walmart Pay. Target, Sephora, Nordstrom, Best Buy, and The Home Depot all participate in the updated discovery experience as feed providers but do not host checkout inside ChatGPT.
​

The instructive read is that the spec outlasted the showcase. ACP itself kept evolving — the latest stable version at 2026-04-17 added refinements to capability negotiation and the seller-backed payment handler — and Stripe's Agentic Commerce Suite, launched December 11, 2025, expanded the integration surface to Coach, Kate Spade, URBN's Anthropologie/Free People/Urban Outfitters, Revolve, Ashley Furniture, plus Squarespace, Wix, WooCommerce, commercetools, and BigCommerce as platforms. Instant Checkout was the visible product. ACP is the underlying contract.
​

ACP's spec cadence held steady after the September 2025 launch. PayPal joined as a second compliant payment provider on October 28, 2025. Stripe shipped the Agentic Commerce Suite on December 11, 2025. The GitHub spec reached 2026-04-17 as its latest stable version. The protocol now powers product discovery, agent feeds, and any agent-initiated checkout where a compliant PSP plugs in.
​

PayPal's adoption announcement on October 28, 2025 was the first proof point that ACP was not a Stripe-only protocol. The PayPal ACP server exposes the same delegated-payment spec OpenAI documents, with PayPal-wallet funding sources behind it: bank, balance, cards, plus PayPal's existing buyer-and-seller protection flows and post-purchase services like tracking and dispute resolution. The integration positions PayPal as a peer to Stripe inside ACP — both PSPs implement the same delegated-payment surface, and either can sit behind the same agent-side integration.
​

Stripe's Agentic Commerce Suite launch on December 11, 2025 packaged ACP into a single-integration product. The Suite handles Shared Payment Token issuance, agent-side cart construction, and merchant-side endpoint scaffolding. Brands announced at launch — Coach, Kate Spade, the URBN portfolio (Anthropologie, Free People, Urban Outfitters), Revolve, Ashley Furniture — represent a more apparel-and-home shape than the original Etsy-plus-DTC-beauty launch list. Platform integrations span Squarespace, Wix, Etsy, WooCommerce, commercetools, and BigCommerce, which collectively cover most of the long tail of ecommerce that does not run on Shopify. Etsy's chief product and technology officer Rafe Colburn, quoted in the Suite announcement, framed the value as cross-surface discovery: "[the Suite] makes this easier than ever, enabling us to surface sellers' unique items to buyers across platforms."
​

Stripe's executive framing across the launches has been consistent. Will Gaybrick, Stripe's president of technology and business, framed the broader effort as "building the economic infrastructure for AI." Kevin Miller, Stripe's head of payments, explained the reasoning in the launch post:
​

"Stripe has spent the last 15 years optimizing commerce for human buyers. Now, we are starting to do the same for agents." — Kevin Miller, Head of Payments, Stripe
​

The spec itself has continued to ship. The repo shows date-versioned releases following the SEP process, with 2026-04-17 as the latest stable cut. The April version covers checkout, payment delegation, cart, feed, authentication, plus an integration hook for Anthropic's Model Context Protocol so ACP-aware agents can advertise their checkout capability through MCP tool discovery. Post-launch contributors have added RFCs for Capability Negotiation, the Seller-Backed Payment Handler (where the seller acts as its own PSP), and Extensions and Discounts.
​

What ACP currently handles in production: agent-initiated checkout against any PSP that implements the delegated-payment spec; product feeds standardized for AI surfaces; cart construction and capability negotiation across heterogeneous storefronts. What it does not handle: stablecoin settlement (that is x402's territory), cross-chain treasury movement, agent-identity attestation (Visa's Trusted Agent Protocol and Google's AP2), or pre-purchase mandate signing.
​

ACP is one of four overlapping agent-payment standards that emerged in 2025–2026, each addressing a different layer of the same problem. ACP handles agent-to-merchant checkout for retail goods through PSPs. UCP covers agent commerce more broadly across surfaces. AP2 attaches authorization mandates. x402 settles machine-to-machine API payments in stablecoins. They compose more than they compete.
​

The four protocols sit at different layers of the agent-payment stack. The table below summarizes scope, sponsors, settlement rail, and current state:

ACP's neighbors solve different problems. UCP, Google's protocol, was designed for agent commerce experiences across Google's surfaces (Search, Shopping, Assistant) plus third-party agents. PayPal supports both ACP and UCP in 2026, framing them as parallel standards rather than competitors. The technical contracts overlap at the cart-and-token level but diverge on capability negotiation and on how non-payment signals (loyalty, returns, post-purchase) propagate.
​

AP2 is the authorization layer. Where ACP focuses on the moment of charge, AP2 sits one step earlier: it provides a cryptographic mandate signed by the buyer that confirms the agent had authority to make this purchase on this scope. ACP and AP2 compose — an agent can carry an AP2 mandate into an ACP checkout, giving the merchant a signed pre-authorization plus a scoped payment token. Visa's Trusted Agent Protocol, launched October 14, 2025, plays the same authorization role from the card-network side and signs agent identity into HTTP headers.
​

x402 is the stablecoin settlement layer for machine-to-machine API calls. The protocol uses HTTP 402 Payment Required to negotiate sub-cent USDC payments between agents and APIs. By April 2026 x402 was running 69,000 active agents, 165 million transactions, and approximately $50 million in cumulative volume, donated to the Linux Foundation as the x402 Foundation. ACP and x402 do not compete: an agent might use ACP to buy a sweater on a Stripe-powered storefront and x402 to pay for the price-comparison API it consulted before purchasing. The retail-goods rail is fiat-via-PSP. The API-call rail is stablecoin-onchain.
​

Most production agent stacks layer all four. MCP for tool discovery, x402 for machine-to-machine API payments, ACP or UCP for retail checkout, AP2 or TAP for the authorization signature. The category as a whole does not pick one protocol; it picks one per layer.
​

ACP's design favors merchant control and PSP flexibility, accepting card-network latency, cost, and dispute structure rather than chain-native settlement. It does not handle stablecoin payments natively, agent identity attestation, or sub-cent micropayments. The spec is still in beta, and Instant Checkout's retirement showed that adoption depends on the host surface as much as the standard.
​

The first tradeoff is that ACP routes through traditional card-network rails. A Stripe-issued SPT eventually charges through Visa, Mastercard, or a card-on-file at PayPal. That carries the standard interchange cost (typically 1.5–3.5% of cart value) and the standard settlement latency (T+1 to T+2 for most merchants). For sub-dollar agent-to-API payments this is the wrong rail — that is what x402 is for. ACP is purpose-built for retail-cart purchases where 2% interchange is already in the margin model. Stablecoin developer tools and stablecoin swap aggregators for the parallel rail are mostly outside ACP's scope by design.
​

The second is that ACP does not solve agent-identity attestation. The merchant trusts that the SPT came from a permissioned agent because the PSP issued it; what it does not get is a cryptographic proof that the buyer authorized this specific cart. AP2 and TAP fill that gap, but as separate protocols carrying separate signatures. Production stacks running ACP at meaningful scale tend to layer one of those on top.
​

The third is the launch-surface dependency exposed by Instant Checkout. The protocol is sound; the spec is open; the PSP support is real. But the visible volume came almost entirely through OpenAI's host product, and when OpenAI judged that ChatGPT users preferred to research-then-redirect over check-out-in-place, the headline volume vaporized. The protocol kept shipping versions and the Stripe Agentic Commerce Suite kept signing brands, but ACP without a checkout surface looks more like a developer specification than a consumer product.
​

The fourth is dispute and refund semantics. Because the merchant remains the merchant of record, all of the standard chargeback machinery applies — buyers retain their card-network protections, merchants face the standard dispute process. This is a feature for retail goods (which have human buyers and physical fulfillment) and a misfit for autonomous agent-to-agent flows (which have neither). It is one of the cleaner reasons ACP and x402 do not compete: they are calibrated for different dispute models.
​

Sources and methodology. Protocol mechanics verified against the ACP GitHub repository and Stripe's official documentation. Launch and retirement dates cross-referenced against OpenAI's launch post, Stripe's newsroom, CNBC's March 24, 2026 coverage, and MacRumors. Stablecoin supply figures pulled from DeFiLlama on April 30, 2026. Spec cadence and version numbers reflect the GitHub repo state at time of writing.
​

ACP standardizes how an agent runs checkout against a merchant; it does not specify the chain or the stablecoin behind the dollars. When an agent paying USDC needs to settle against a treasury that lives on a different chain — Solana, Tron, Arbitrum, Base — a separate orchestration layer handles routing, solver selection, and finality. Eco operates as that cross-chain stablecoin orchestration layer, abstracting where the dollars settle across 15 chains. Most production agent stacks running ACP for retail-goods checkout pair it with x402 for API payments; the stablecoin payment leg of those stacks is what Eco routes. Stripe Link's agent integration bridges the two rails by letting an agent pay via card on ACP and via USDC on x402 with the same authentication context. Stablecoin swap and routing across chains becomes its own engineering surface once the agent footprint moves past one network, and orchestration is what keeps that surface from blowing up.
​