Active Standard Version 1.0
Agentic Commerce Protocol (ACP)
Stripe/OpenAI's execution protocol for AI commerce, handling checkout sessions and payment processing with SharedPaymentToken delegation.
ACPStripeOpenAI
Overview
The Agentic Commerce Protocol (ACP) provides execution infrastructure for AI commerce transactions. It answers the question: How do we actually process this payment?
ACP operates at the execution layer, below identity (TAP) and authorization (AP2).
Core Concepts
Checkout Sessions
ACP uses checkout sessions to manage transaction state:
{
"session_id": "cs_live_abc123",
"status": "open|complete|expired",
"amount": 4599,
"currency": "usd",
"payment_delegation": {
"token": "spt_delegation_xyz",
"max_amount": 5000,
"merchant_id": "merchant_789"
},
"line_items": [
{
"name": "Product Name",
"quantity": 1,
"amount": 4599
}
]
}SharedPaymentToken Delegation
ACP allows users to delegate payment authority to agents via SharedPaymentTokens:
- Scoped by merchant - only valid for specific merchants
- Scoped by amount - maximum transaction size
- Time-limited - tokens expire after set period
- Revocable - can be cancelled at any time
Session Lifecycle
Agent creates checkout session
↓
Session validated against AP2 mandate
↓
Payment processed via Stripe
↓
Webhook confirms completion
↓
Session marked completeIntegration with Three-Layer Model
ACP completes the execution layer:
| Layer | Protocol | Action |
|---|---|---|
| Identity | TAP | Verify agent |
| Authorization | AP2 | Verify user consent |
| Execution | ACP | Process payment |
Webhook Security
ACP webhooks are verified using HMAC-SHA256:
const event = stripe.webhooks.constructEvent(
body,
signature,
webhookSecret
);
// Throws if signature invalidImplementation Status
| Component | Status | Notes |
|---|---|---|
| Checkout Sessions | Active | Full CRUD operations |
| Payment Delegation | Active | SharedPaymentToken support |
| Webhook Handlers | Active | HMAC verification |
| Idempotency | Active | 24-hour key caching |
Security Features
- HMAC signature verification on webhooks
- Idempotency keys prevent duplicate charges
- Server-side cart calculation (never trust client)
- SharedPaymentToken scoping limits exposure
- Automatic session expiration
x402 Settlement
ACP sessions can settle via x402 protocol for stablecoin payments:
- USDC via EIP-3009 gasless transfers
- $U stablecoin support
- PYUSD multi-rail option