[Openid-specs-fapi] Issue #754: Agent Payments Protocol (AP2) Impacts to FAPI (openid/fapi)

Nat issues-reply at bitbucket.org
Wed Sep 17 14:49:55 UTC 2025 

New issue 754: Agent Payments Protocol (AP2) Impacts to FAPI
https://bitbucket.org/openid/fapi/issues/754/agent-payments-protocol-ap2-impacts-to

Nat Sakimura:

In the Sept 17 call, in AOB, AP2 Imapcs to FAPI was talked about. We decided to track it as a task. 

Following is the copy of my email to the list that kicked off this discussion. 

---

I came across the news that Google announced ["Powering AI commerce with the new Agent Payments Protocol \(AP2\)" ](https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en)my morning today \(i.e. like 14 hours ago\). 

I have not grasped the protocol yet, but it is based on the A2A protocol and uses OAuth. Specifically, the "Sample Credential Provider Agent Card" code snippet within the technical implementation section of [AP2 Specification \[3\]](https://ap2-protocol.org/specification/) shows OAuth2 as part of its security configuration. This seems to indicate that a Credential Provider \(CP\) uses an OAuth2  for skills such as get\_payment\_methods, which retrieves a user's payment methods.

The configuration includes details for the authorizationCode flow, specifying an authorizationUrl, scopes \(particularly for `get_payment_methods`\), and a `tokenUrl`. This seems to indicate that OAuth2 is used by Credential Providers within the AP2 ecosystem to secure access to users' payment credentials

Intuit, Mastercard, and Okta seem to be contributing to it. 

**10 Key Points of Agent Payments Protocol \(AP2\)**

1. **Launch and Purpose**: AP2 is an **open protocol launched by Google on September 16, 2025**, developed with over 60 leading payments and technology companies. Its purpose is to **securely initiate and transact agent-led payments across platforms**.
2. **Extension of Existing Protocols**: It functions as an **extension of the Agent2Agent \(A2A\) protocol and Model Context Protocol \(MCP\)**.
3. **Payment-Agnostic Framework**: AP2 establishes a **payment-agnostic framework**, enabling secure transactions across all payment methods, including credit/debit cards, stablecoins, and real-time bank transfers.
4. **Addressing AI Agent Payment Challenges**: It addresses critical questions arising from AI agents transacting on behalf of users, such as **authorization, authenticity, and accountability**, which challenge traditional payment system assumptions.
5. **Trust through Mandates**: AP2 builds trust using **Mandates**—tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of user instructions. These are signed by **verifiable credentials \(VCs\).**
6. **Two User Scenarios**: Mandates support two primary user interaction scenarios:

    ◦ **Real-time Purchases \(human present\)**: An "Intent Mandate" is captured, and user approval signs a "Cart Mandate" for specific items and prices.

    ◦ **Delegated Tasks \(human not present\)**: A detailed "Intent Mandate" is signed upfront with rules, allowing the agent to automatically generate a "Cart Mandate" when conditions are met.

7. **Non-Repudiable Audit Trail**: The complete sequence from intent to cart to payment creates a **non-repudiable audit trail**, providing a clear foundation for accountability by answering questions of authorization and authenticity.
8. **Enabling New Commerce Experiences**: AP2's flexible design supports new commercial models like **smarter shopping, personalized offers, coordinated tasks, and B2B applications** for autonomous procurement.
9. **Support for Emerging Payment Systems**: It is designed as a universal protocol for **stablecoins and cryptocurrencies**, with Google collaborating with Coinbase and others to launch the **A2A x402 extension** for agent-based crypto payments.

10\. **Open Collaboration and Evolution**: Google is committed to evolving AP2 through an **open, collaborative process**, including engagement with standards bodies, and invites the entire payments and technology community to contribute via its public GitHub repository

**References**

1. Google Blog: Powering AI commerce with the new Agent Payments Protocol \(AP2\) [https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en](https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en)
2. Agent Payments Protocol \(AP2\): [https://github.com/google-agentic-commerce/AP2](https://github.com/google-agentic-commerce/AP2)
3. AP2 Specification: [https://ap2-protocol.org/specification/#71-illustrative-transaction-flow](https://ap2-protocol.org/specification/#71-illustrative-transaction-flow)
4. A2A x402 Extension: [https://github.com/google-agentic-commerce/a2a-x402](https://github.com/google-agentic-commerce/a2a-x402)

Best, 

‌

Nat Sakimura

‌

More information about the Openid-specs-fapi mailing list