AP2 (Agent Payments Protocol) is Google's open standard for letting AI agents transact on behalf of users, announced September 16, 2025 with 60+ launch partners including Mastercard, PayPal, Coinbase, American Express, and Salesforce. AP2 introduces three signed "Mandates" (Intent, Cart, Payment) carried as W3C Verifiable Credentials, and treats stablecoin rails as first-class citizens alongside cards and bank transfers.
The protocol sits between agent reasoning frameworks (MCP, A2A) and payment networks, giving merchants a cryptographically verifiable record of what the user authorized, what the agent selected, and what was charged. The full spec lives at github.com/google-agentic-commerce/AP2.
What is AP2 and why did Google launch it?
AP2 is a vendor-neutral protocol that lets an AI agent prove to a merchant or payment network that a real user authorized a specific purchase. It solves the trust gap created when agents act autonomously: who is liable, what was actually consented to, and was the charged amount the agreed amount? Google published the spec under an open license on September 16, 2025.
The launch addressed a concrete problem. Agent checkout was already happening through scraped credentials and stored cards, but networks had no way to distinguish a human-driven transaction from an agent-driven one, and no way to verify the agent acted within scope. Google Cloud's announcement framed AP2 as the payments-layer companion to the Agent2Agent (A2A) protocol it shipped in April 2025, and to Anthropic's Model Context Protocol for tool access.
Launch partners spanned card networks (Mastercard, American Express), processors (PayPal, Adyen, Worldpay), wallets and crypto rails (Coinbase, MetaMask, ConsenSys), enterprise platforms (Salesforce, ServiceNow, Intuit), and merchants (Etsy, Lowe's). The 60+ partner list is maintained in the GitHub README.
How do AP2 Mandates work?
AP2 represents every agent purchase as three signed Mandates: an Intent Mandate (what the user wants), a Cart Mandate (what the agent assembled), and a Payment Mandate (what the merchant or network will charge). Each Mandate is a W3C Verifiable Credential, signed by the user's wallet or the agent's key, and passed between parties as a verifiable JSON object.
The Intent Mandate captures scope and constraints: "buy a pair of running shoes, size 10, under $150, white or grey, deliver to my saved address." It is signed by the user inside their AP2-compatible client. The agent cannot exceed this scope without re-prompting.
The Cart Mandate is produced by the merchant or merchant-side agent. It binds a specific SKU, price, tax, shipping, and total to the Intent. The buyer-side agent verifies the Cart against the Intent before forwarding to payment.
The Payment Mandate finalizes the leg between agent and payment network. It carries the authorized amount, the funding instrument reference (card token, wallet address, bank token), and a hash of the matched Intent and Cart. This is what Mastercard or Coinbase actually sees and authorizes. The full Mandate schemas are in the AP2 specification directory.
How does AP2 relate to MCP and A2A?
AP2 sits one layer below MCP and A2A. MCP gives an agent tools and context. A2A lets agents talk to each other. AP2 is the dedicated payments rail those agents call when a transaction needs to happen. The three protocols are designed to compose: an MCP-equipped shopping agent uses A2A to negotiate with a merchant agent, then invokes AP2 to settle.
Model Context Protocol, released by Anthropic in November 2024, standardizes how an LLM connects to data sources and tools. A2A, released by Google in April 2025, standardizes agent-to-agent discovery and task delegation. Both are payment-agnostic by design.
AP2 fills the gap. Where MCP might expose a "checkout" tool and A2A might route a task to a merchant's fulfillment agent, AP2 carries the actual payment instruction with cryptographic proof of user consent. Google's reference implementation in the AP2 repo shows MCP + A2A + AP2 wired together for a sample shopping flow.
What payment rails does AP2 support?
AP2 is payment-method agnostic. The spec defines extension points for card networks, ACH and bank transfers, real-time payment systems (FedNow, UPI, Pix), and digital assets including stablecoins. Coinbase and MetaMask shipped stablecoin extensions at launch, making USDC and other stablecoin rails first-class Payment Mandate funding instruments alongside Mastercard and PayPal.
The stablecoin path matters for agent commerce because agents transact in small amounts, across borders, and at machine speed. Card interchange averages $0.50 to $0.80 per transaction at typical retail spreads (Federal Reserve Bank of Kansas City interchange research), which is uneconomic for sub-dollar agent purchases. Stablecoin settlement on chains like Base or Solana runs cents or fractions of cents per transfer.
Coinbase's AP2 extension uses the wallet-side signing key for the Payment Mandate and settles in USDC. MetaMask's extension follows the same pattern for self-custodied wallets. Both are linked from the partner section of the AP2 repo.
What does an AP2 integration look like for a merchant?
A merchant integrates AP2 by exposing a Cart Mandate endpoint and accepting an incoming Payment Mandate. The endpoint receives an Intent Mandate from a buyer agent, returns a signed Cart Mandate with priced line items, and accepts a Payment Mandate to confirm the order. The reference TypeScript and Python implementations in the AP2 repo wrap the cryptographic work behind a simple SDK.
Three integration shapes are common:
Direct merchant agent. The merchant runs an A2A-discoverable agent that responds to Intent Mandates with Cart Mandates. Etsy and Lowe's demonstrated this pattern at launch.
Processor-mediated. PayPal, Adyen, and Worldpay accept Payment Mandates and translate to existing rails behind the scenes. The merchant changes nothing on its commerce stack.
Stablecoin-native. Coinbase Commerce and similar accept Payment Mandates with USDC funding references and settle onchain. Useful for digital goods, API access, and cross-border purchases.
The samples directory contains a working merchant, buyer agent, and payment server you can run locally.
AP2 vs Mastercard Agent Pay vs Visa Trusted Agent vs MCP
AP2 is the broadest of the agent-commerce protocols: open, vendor-neutral, payment-method agnostic, and built on W3C Verifiable Credentials. Mastercard Agent Pay and Visa Trusted Agent are network-specific schemes that focus on card-rail tokenization. MCP is not a payment protocol at all, but it is the tool layer agents use to reach into AP2.
Protocol | Operator | Scope | Stablecoins | Status |
AP2 | Google (open spec) | Cross-rail agent payments | First-class (Coinbase, MetaMask) | Live, 60+ partners, Sept 2025 |
Mastercard Agent Pay | Mastercard | Mastercard card rail for agents | No | Announced April 2025 |
Visa Trusted Agent | Visa | Visa card rail for agents | No | Announced 2025 |
MCP | Anthropic (open) | Agent-to-tool context layer | N/A (not a payment protocol) | Live since Nov 2024 |
The practical read: AP2 is the only one of the four that targets the full agent-commerce lifecycle (intent capture, cart binding, payment authorization) across both fiat and stablecoin rails. Network schemes like Agent Pay and Trusted Agent can plug into AP2 as Payment Mandate funding instruments. See Mastercard Agent Pay vs Visa Trusted Agent for the network-specific comparison.
How do Verifiable Credentials secure AP2 transactions?
AP2 Mandates are W3C Verifiable Credentials, a standardized format for cryptographically signed claims. Each Mandate carries an issuer (the user, the agent, or the merchant), a subject (the transaction context), a payload (the Intent, Cart, or Payment data), and a signature. Any party can verify the chain without contacting the issuer.
Verifiable Credentials matter for agent commerce because they make consent auditable. A merchant facing a chargeback can show the signed Intent Mandate authorizing the purchase scope. A network facing a dispute can show the signed Payment Mandate. A user worried about agent overreach can audit which Mandates they signed and what scope each granted.
AP2 uses Decentralized Identifiers (DIDs) for issuer keys, the same primitive used by the EU Digital Identity Wallet and other VC ecosystems. This makes AP2 identity-portable across wallets and clients. See agent identity verification for how DIDs and VCs combine in practice.
How does Eco fit into AP2's stablecoin flow?
AP2's stablecoin Payment Mandates need cross-chain liquidity to be useful: the buyer's USDC might sit on Base while the merchant accepts on Solana or Arbitrum. Eco Routes provides the routing and settlement layer that turns "the agent has USDC somewhere" into "the merchant receives USDC where it wants." Eco Routes supports 15 chains across the major stablecoins (USDC, USDT, USDS).
For an AP2-enabled agent, the integration is direct. When a Payment Mandate specifies a USDC funding instrument and a merchant address on a different chain, the agent calls Eco Routes to fulfill the transfer atomically. The Payment Mandate references the resulting onchain transaction hash, closing the loop between AP2's cryptographic record and the actual settlement.
This is the same pattern that powers other agent-commerce stacks that need cross-chain stablecoin movement. See the agent pay implementation guide for a worked example.
Related reading
Sources and methodology. AP2 specification, partner list, and Mandate schemas verified against the google-agentic-commerce/AP2 GitHub repository and Google Cloud's September 16, 2025 announcement. Verifiable Credentials references from W3C VC Data Model 2.0. Interchange figures from Federal Reserve Bank of Kansas City research. Updated May 2026.