Reported by Machine Heart
Machine Heart Editorial Team
Recently, there has been new progress in the field of Agents, as Google announced the launch of the Agent Payments Protocol — AP2 (Agent Payments Protocol), an open shared protocol that provides a common language for secure and compliant transactions between Agents and merchants.

In other words, this protocol is used for AI Agents to initiate and process purchase payments across platforms, providing traceable records for each transaction.
Specifically, AP2 can be seen as an extension of the A2A protocol and the MCP protocol.
Earlier this year, Manus sparked a global trend in Agents, bringing the MCP protocol into the spotlight, which was launched by Anthropic in November 2024 to better integrate Agents with external resources, tools, and APIs, enabling Agents to possess more capabilities.
Then, in April of this year, Google introduced the open A2A (Agent2Agent) protocol, which focuses on the “interaction” between Agents, allowing them to collaborate and complete complex tasks together.

It is easy to understand that while Agents have become the mainstream narrative in AI this year, initiating a “hundred Agents melee” mode, the focus is more on verticals, and there is still a long way to go before achieving generality. If users want to handle a task that requires multiple Agents, the conventional method is manual operation, such as importing various information, which is not “intelligent”. However, based on the A2A protocol, Agents from different frameworks and vendors can achieve interoperability, making it more intelligent.
AP2 takes this a step further.

Currently, many Agents play the role of “assistants”, helping users book hotels, buy plane tickets, purchase coffee, and grab concert tickets. This not only involves cross-platform cooperation between Agents but also cross-platform payments, which naturally raises a question: how to ensure that these payment transactions are secure? If something goes wrong, who is responsible?
Traditional payment systems are built for human clicks on “purchase”, but this set of rules does not apply to Agents. Google’s newly launched AP2 effectively addresses this issue.
According to official information, AP2 mainly focuses on solving three major issues:
-
Authorization: proving the specific permissions granted by the user to the Agent for specific purchases;
-
Authenticity: enabling merchants to be confident that the Agent’s request accurately reflects the user’s true intent;
-
Accountability: determining accountability in case of fraud or incorrect transactions.
Based on the AP2 open shared protocol, it provides a common language for secure and compliant transactions between Agent platforms and merchants, helping to prevent ecosystem fragmentation. It also supports various payment types — from credit cards and debit cards to stablecoins and real-time bank transfers. This helps ensure that users and merchants receive a consistent, secure, and scalable experience while providing financial institutions with the clarity needed to effectively manage risks.
Operational Mechanism: Establishing Trust through Authorization and Verifiable Credentials
According to official information, AP2 establishes trust by using Mandates (authorizations). An authorization is a tamper-proof, cryptographically signed digital contract that serves as verifiable proof of user instructions. These authorizations are signed by Verifiable Credentials (VC) and serve as the foundational evidence for each transaction.
Authorizations cover two main scenarios for users shopping through Agents:
-
Real-time Purchases (Human Involvement): When a user asks an Agent, “Help me find a new pair of white running shoes,” the user’s request is recorded in the initial “intention authorization”. This provides auditable background information for interactions throughout the transaction process. Once the Agent places the desired shoes in the shopping cart, the user’s confirmation action will sign a “shopping cart authorization”. This step is crucial as it creates a tamper-proof record of the item details and prices, ensuring that what is seen is what is paid.
-
Delegated Tasks (No Human Involvement): When a user delegates a task to the Agent, such as “purchase concert tickets immediately upon release,” a detailed intention authorization must be signed in advance. This authorization specifies the participation rules — price limits, timing arrangements, and other conditions. It will serve as a verifiable pre-authorization credential, allowing the Agent to automatically generate a shopping cart authorization once the user’s specific conditions are met.
In both cases, this chain of evidence ultimately links the user’s payment method securely to the verified content in the shopping cart authorization. The complete loop from “intention” to “shopping cart” to “payment” forms an undeniable audit trail, effectively addressing key issues of authorization and authenticity, providing a clear basis for “defining rights and responsibilities”.
From this, it is not difficult to see that the AP2 led by Google attempts to unlock a simpler, new business model for the AI era.
For example, if a user is planning a weekend trip and tells their Agent, “Help me book round-trip tickets and a hotel in Palm Springs for the first weekend in November, with a total budget of $700,” the Agent can simultaneously connect with airlines, hotel Agents, and online travel platforms. Once a combination that meets the budget is found, it can immediately execute a double booking with cryptographic signatures.
According to reports, Google has already partnered with over 60 different types of companies, including American Express, Alibaba, Ant International,Trip.com,Coinbase, Etsy, Forter, Intuit, JCB, Mastercard, Mysten Labs, Paypal, Revolut, Salesforce, ServiceNow, UnionPay International, Worldpay, and others.

Currently, Google has made this project public on GitHub, including complete technical specifications, documentation, and reference implementations.
Protocol Address: https://github.com/google-agentic-commerce/AP2
Quick Start
Navigation Repository:
The directory contains a series of selected scenarios designed to showcase the key components of the Agent Payments Protocol.
These scenarios can be found in the directory at
and
.
Each scenario includes:
-
A file describing the scenario and its operational instructions.
-
A
script to simplify the process of running the scenario locally.
The demonstration includes various Agents and servers, with most of the source code located at
. The source code for the scenario using an Android app as a shopping assistant is located at
.
Prerequisites:
-
Python 3.10 or higher
Setup:
Make sure you have obtained a Google API key from Google AI Studio. Then
declare the variable in one of the following two ways.
-
Declare it as an environment variable:

-
Place it in a file in the
root directory of the repository.
How to Run Scenarios:
To run a specific scenario, follow the instructions in its README.md. It typically follows this pattern:
-
Navigate to the root directory of the repository.

-
Run the script to install dependencies and start the Agent.

-
Navigate to the shopping Agent URL and start participating.
Install AP2 Type Package:
The core objects of the protocol are defined in the
directory. An official PyPI package will be released later. In the meantime, users can install the types package directly using the following command:

Reference Links:
https://github.com/google-agentic-commerce/AP2

© THE END
For reprints, please contact this public account for authorization
Submissions or inquiries: [email protected]