-By Bartłomiej Mąkina

In September 2025, Google announced the Agent Payments Protocol (AP2) not just another payments API, but a fundamental shift toward governed agentic commerce. After building a production-grade implementation from the ground up, I can confirm this protocol represents the missing infrastructure for trusted AI-driven transactions that compliance teams have been waiting for.

‍

Executive Summary

What AP2 is: An open protocol that creates a cryptographically verifiable chain from user intent through cart formation to final payment execution, using three types of signed mandates as audit-ready evidence.

Why it matters: Enables autonomous, accountable purchases while reducing fraud and dispute friction opening new commerce models like delegated shopping, dynamic bundles, and coordinated multi-merchant transactions.

Who should care: Merchants, payment service providers, wallet providers, issuers, marketplaces, booking platforms, and any organization building on AI agents especially those in regulated industries requiring comprehensive audit trails.

‍

The Governance Challenge AP2 Solves

Traditional payment flows assume a human clicks "Buy" on a trusted interface. In agentic commerce, compliance teams need to prove three critical elements:

• Authorization: A user granted specific scope and authority for the purchase
• Authenticity: The transaction request genuinely reflects verified user intent
• Accountability: Clear evidence of who executed what actions, when, and under which permissions

AP2's solution: verifiable credentials combined with cryptographically signed mandates that form an immutable audit trail from initial intent through final payment execution.

‍

Industry-Wide Standards Adoption

Google developed AP2 in collaboration with over 60 organizations including Mastercard, American Express, PayPal, Coinbase, Salesforce, Shopify, Etsy, and Adyen. This isn't a proprietary walled garden it's an industry movement toward shared trust primitives built on open standards including W3C Verifiable Credentials and FIDO protocols.

‍

The Three-Mandate Trust Architecture

AP2 establishes trust through three layered, cryptographically signed mandates:

Intent Mandate

A signed record capturing what the user wants, including scope, limits, timing, and authorization boundaries. For example: "Find tropical vacation packages under $2,000 for dates in November."

Cart Mandate

The merchant's signed, immutable offer containing specific items, prices, terms, and conditions. This creates a tamper-evident record ensuring what the user approves is exactly what gets charged.

Payment Mandate

The user's final signed authorization binding a specific payment method to the verified cart contents. This completes the evidentiary chain from intent through execution.

Together, these mandates create a non-repudiable audit trail that eliminates "mystery purchases" and provides comprehensive evidence for dispute resolution.

‍

Real-World Implementation: A Working AP2 System

To validate AP2's capabilities, I built a complete vacation booking system implementing the full protocol stack. The system demonstrates all critical components working together in a production environment.

Agent-to-Agent (A2A) Communication

Three independent agents communicate using structured TextPart and DataPart payloads:

• Shopping Agent: Orchestrates user requests and maintains conversation context
• Merchant Agent: Manages product catalog and returns signed Cart Mandates
• Credentials Provider: Manages payment method credentials and authorization

Cryptographic Security Framework

Every mandate undergoes rigorous security processing:

• Signed with JWT tokens using the jose library
• Integrity verified through SHA-256 hashing
• Validated at each transaction step
• Persistently stored for non-repudiable audit trails

AI Integration with Governance Controls

Using LangChain with Kimi K2 (via OpenRouter), the Shopping Agent:

• Processes natural language requests ("Find me a tropical beach under $2,000")
• Maps user intent to available products
• Maintains multi-turn conversation context
• Operates within pre-defined constraint boundaries

Standards-Compliant Payment Processing

Integration with Stripe through W3C Payment Request API ensures:

• Industry-standard checkout processes
• Compliance with existing payment regulations
• Seamless integration with current merchant infrastructure

‍

Transparency Through Live Transaction Logging

The implementation provides complete transaction visibility critical for regulatory compliance:

1. ‍User → Shopping Agent: "I want a tropical vacation"‍
2. Shopping Agent → Merchant Agent: A2A message + Intent Mandate‍
3. Merchant Agent → Shopping Agent: Three signed Cart Mandates‍
4. Shopping Agent → Credentials Provider: Payment method request‍
5. Credentials Provider → Shopping Agent: Available payment methods‍
6. User Device → Shopping Agent: Signed Payment Mandate → Payment Complete‍

This transparency isn't optional it's fundamental to making autonomous systems trustworthy and auditable.

‍

‍

Unlocking New Commerce Models with Built-in Governance

AP2's standardized framework enables sophisticated commerce patterns while maintaining compliance:

• Delegated Shopping with Pre-Authorization
  
  • "Buy concert tickets the second they go on sale, maximum $150 per ticket" with signed Intent Mandates providing clear authority boundaries.
• Dynamic Bundle Creation
  
  • A user shopping for a bicycle triggers the merchant's agent to create a time-sensitive bundle (bike + helmet + rack) with automatic discount application, all captured in signed Cart Mandates.
• Coordinated Multi-Merchant Transactions
  
  • "Book flight + hotel combination under $700 total budget" enabling complex transactions across multiple systems with unified audit trails.
• B2B Automation with Compliance Controls
  
  • Agents automatically adjust software licenses, procure services, and reconcile transactions all hands-off yet fully auditable.
• Regulatory and Security Considerations
  
  • Based on analysis from security experts and compliance frameworks , robust AP2 implementations require:
• Integration with Strong Customer Authentication (SCA)
  
  • Compliance with payment services regulations through proper user verification and step-up authentication for high-risk transactions.
• Intent Mandate Time-to-Live (TTL) Configuration
  
  • Proper expiration controls preventing unauthorized use of outdated authorizations.
• Hardware-Backed Key Management
  
  • Secure credential storage and signing processes using hardware security modules where appropriate.
• Dispute Resolution Protocols
  
  • Clear processes for handling transaction disputes with access to complete mandate chains.

‍

Where InteliGems Adds Governance Value

While AP2 provides the trust substrate for agent payments, InteliGems adds the governance framework to make those payments defensible in regulated environments:

Control Tower Architecture

• Separation of duties (SoD) and human-in-the-loop (HITL) approvals
• Policy-as-code guardrails with real-time enforcement
• Tamper-evident logging at every critical decision point

Agent Fleet Management

• Standardized, testable agents with built-in isolation
• Replay and rollback capabilities for transaction review
• Drift monitoring to detect unauthorized behavior changes

Evidence Pack Generation

• Complete audit trails linking mandates to policy decisions
• Approval workflows with cryptographic verification
• Regulator-ready documentation for compliance reviews

Private-by-Default Deployment

• VPC/on-premises deployment maintaining data sovereignty
• Built on open-source Odyssey core no vendor lock-in
• Full control over sensitive transaction data

‍

Implementation Resources and Next Steps

Demo: https://ap2-nextjs-stripe.vercel.app
GitHub Repository: https://github.com/bartlomiej-makina/ap2-nextjs-stripe

‍

Official AP2 Resources

• Official AP2 Documentation
• Google Cloud Blog Announcement
• Public GitHub Repository

‍

Looking Ahead: The Governed Agentic Future

Within the next few years, personal and enterprise agents that understand preferences, optimize purchasing decisions, and execute transactions safely will become as routine as smartphone usage. This transformation requires standardized trust, security, and openness exactly what AP2 delivers as the foundational substrate.

However, substrate alone isn't sufficient. Organizations need governance frameworks that turn AP2's capabilities into defensible, compliant automation. This means proper controls, audit trails, and evidence generation that satisfy regulatory requirements while enabling the efficiency benefits of agentic commerce.

Recent developments show continued momentum: Affirm announced support for AP2 in October 2025 , joining the growing ecosystem of financial institutions and technology companies building on this standard. The protocol's payment-agnostic design supports everything from traditional cards to stablecoins and real-time bank transfers.

‍

Ready to explore AP2 implementation with proper governance controls?

InteliGems helps compliance, risk, and audit teams deploy AP2-enabled agent systems with built-in SoD/HITL approvals, policy guardrails, and comprehensive audit trails all running within your security perimeter. Contact us to discuss how AP2 can transform your commerce operations while maintaining regulatory compliance.

‍