Active Standard Version 2.0
Agent Payments Protocol (AP2)
Google's authorization protocol for AI agent commerce, providing cryptographic spending mandates that prove user consent for agent transactions.
AP2ECDSAGoogle Pay
Overview
The Agent Payments Protocol (AP2) provides authorization infrastructure for AI agent commerce. It answers the question: Did the user actually approve this transaction?
AP2 operates at the authorization layer, above identity (TAP) and below execution (ACP/x402).
Core Concepts
Mandates
Mandates are cryptographically signed authorizations that define what an agent can spend on behalf of a user:
- Intent Mandate - general spending authorization up to a limit
- Cart Mandate - authorization for specific items
- Payment Mandate - final authorization for a specific transaction
Mandate Lifecycle
User creates Intent Mandate (max $200)
↓
Agent finds products, creates Cart Mandate ($45.99)
↓
User approves Cart Mandate
↓
Agent creates Payment Mandate
↓
Payment executes via ACP/x402Cryptographic Verification
All mandates are signed using ECDSA (P-256) signatures. Any party can verify:
- The mandate was created by the claimed user
- The mandate hasn’t been tampered with
- The mandate is within its validity period
- The mandate hasn’t been revoked
Mandate Schema
{
"mandate_id": "uuid",
"type": "intent|cart|payment",
"user_id": "user_identifier",
"agent_id": "tap:agent_id",
"max_amount": {
"value": 20000,
"currency": "USD"
},
"constraints": {
"merchant_categories": ["retail", "groceries"],
"valid_until": "2026-02-01T00:00:00Z"
},
"signature": "base64-ecdsa-signature"
}Integration with Three-Layer Model
AP2 sits between identity and execution:
| Layer | Protocol | Question |
|---|---|---|
| Identity | TAP | Who is this agent? |
| Authorization | AP2 | Did the user approve this? |
| Execution | ACP/x402 | Process the payment |
Implementation Status
| Component | Status | Notes |
|---|---|---|
| Intent Mandates | Active | Full implementation |
| Cart Mandates | Active | Full implementation |
| Payment Mandates | Active | Full implementation |
| Google Pay Integration | Active | Test mode operational |
| Mandate Revocation | Active | Real-time revocation |
Security Features
- ECDSA signatures prevent tampering
- Nonce values prevent replay attacks
- Spending limits bound exposure
- Expiration times limit validity
- Immediate revocation capability