[Openid-specs-fapi] Issue #754: Agent Payments Protocol (AP2) Impacts to FAPI (openid/fapi)

Shannon Day shannonday083 at gmail.com
Wed Sep 17 15:07:06 UTC 2025 

Google's open and collaborative approach to developing its Agent Payments
Protocol (AP2) has significant strategic implications for the future of
AI-driven commerce, drawing both praise and scrutiny from the technology
community.
Strategic benefits of an open protocol

   - Encourages broad adoption: The open, shared nature of AP2 helps
   prevent the payments ecosystem from fragmenting into competing, proprietary
   systems. By collaborating with over 60 payments and technology companies,
   Google is increasing the likelihood that the protocol will become a
   universal standard for agent-led transactions.
   - Builds trust and accountability: For AI-driven commerce to succeed,
   merchants, banks, and consumers need confidence that transactions are
   secure and auditable. AP2 uses "mandates," or cryptographically-signed
   digital contracts, to verify a user's instructions. This creates a
   transparent trail for every transaction, addressing a major concern in
   AI-powered purchasing: who is accountable if something goes wrong?
   - Fosters innovation: By providing a standard foundation for secure
   transactions, Google frees the wider payments and technology community to
   innovate on other elements of the agentic AI experience. This includes
   adjacent areas like seamless agent authorization and decentralized identity.
   - Leverages existing infrastructure: AP2 is built as an extension of
   Google's existing Agent2Agent (A2A) and Model Context Protocol (MCP)
   frameworks. This allows developers to work with a familiar structure while
   also supporting diverse payment types, including traditional credit cards,
   stablecoins, and bank transfers.
   - Accelerates Web3 integration: The open approach enables extensions
   like the A2A x402, a production-ready solution for agent-based crypto
   payments developed with partners like Coinbase and the Ethereum Foundation.
   This demonstrates how community collaboration can accelerate support for
   emerging payment systems.

Challenges and potential concerns

   - Long-term adoption hurdles: While Google's strategy mirrors the
   successful expansion of Android, analyst Sanchit Vir Gogia notes that
   legitimacy does not guarantee widespread adoption. AP2 will need to compete
   with incumbent payment systems like Stripe and PayPal, which have built
   years of trust and resilience.
   - Clarification of liability: A major question remains regarding legal
   liability. If an AI agent makes a mistake, who is on the hook for the
   cost—the enterprise that deployed the agent, the merchant, or the payment
   issuer? This issue will need to be addressed by regulations and contracts
   before businesses use AP2 for high-risk or complex transactions.
   - Google's influence: Despite the open and collaborative model, Google
   remains the primary driver of AP2. The company's heavy involvement could
   still create a reliance on its specific ecosystem, raising concerns about
   power dynamics and control within the community.
   - Managing competing interests: The collaborative process includes a
   wide range of stakeholders, from traditional financial institutions like
   Mastercard and American Express to crypto players like Coinbase and
   MetaMask. Managing the diverse and sometimes competing interests of these
   groups will be crucial for the protocol's ongoing success and evolution.

Overall perspective
Google's move to create an open and collaborative payments protocol is a
savvy strategic play to define the future of AI-driven commerce, rather
than merely participate in it. By leveraging the network effects of
open-source development and gaining buy-in from major players early on,
Google increases the chances of establishing AP2 as the new industry
standard. However, the true success of this initiative will depend on how
effectively Google and the community navigate the complex issues of
liability, compliance, and competing interests.

Shannon Day (OCTOPUSSY)

On Wed, Sep 17, 2025, 9:50 AM Nat via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> New issue 754: Agent Payments Protocol (AP2) Impacts to FAPI
>
> https://bitbucket.org/openid/fapi/issues/754/agent-payments-protocol-ap2-impacts-to
>
> Nat Sakimura:
>
> In the Sept 17 call, in AOB, AP2 Imapcs to FAPI was talked about. We
> decided to track it as a task.
>
> Following is the copy of my email to the list that kicked off this
> discussion.
>
> ---
>
> I came across the news that Google announced ["Powering AI commerce with
> the new Agent Payments Protocol \(AP2\)" ](
> https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en)my
> morning today \(i.e. like 14 hours ago\).
>
> I have not grasped the protocol yet, but it is based on the A2A protocol
> and uses OAuth. Specifically, the "Sample Credential Provider Agent Card"
> code snippet within the technical implementation section of [AP2
> Specification \[3\]](https://ap2-protocol.org/specification/) shows
> OAuth2 as part of its security configuration. This seems to indicate that a
> Credential Provider \(CP\) uses an OAuth2  for skills such as
> get\_payment\_methods, which retrieves a user's payment methods.
>
> The configuration includes details for the authorizationCode flow,
> specifying an authorizationUrl, scopes \(particularly for
> `get_payment_methods`\), and a `tokenUrl`. This seems to indicate that
> OAuth2 is used by Credential Providers within the AP2 ecosystem to secure
> access to users' payment credentials
>
> Intuit, Mastercard, and Okta seem to be contributing to it.
>
> **10 Key Points of Agent Payments Protocol \(AP2\)**
>
> 1. **Launch and Purpose**: AP2 is an **open protocol launched by Google on
> September 16, 2025**, developed with over 60 leading payments and
> technology companies. Its purpose is to **securely initiate and transact
> agent-led payments across platforms**.
> 2. **Extension of Existing Protocols**: It functions as an **extension of
> the Agent2Agent \(A2A\) protocol and Model Context Protocol \(MCP\)**.
> 3. **Payment-Agnostic Framework**: AP2 establishes a **payment-agnostic
> framework**, enabling secure transactions across all payment methods,
> including credit/debit cards, stablecoins, and real-time bank transfers.
> 4. **Addressing AI Agent Payment Challenges**: It addresses critical
> questions arising from AI agents transacting on behalf of users, such as
> **authorization, authenticity, and accountability**, which challenge
> traditional payment system assumptions.
> 5. **Trust through Mandates**: AP2 builds trust using
> **Mandates**—tamper-proof, cryptographically-signed digital contracts that
> serve as verifiable proof of user instructions. These are signed by
> **verifiable credentials \(VCs\).**
> 6. **Two User Scenarios**: Mandates support two primary user interaction
> scenarios:
>
>     ◦ **Real-time Purchases \(human present\)**: An "Intent Mandate" is
> captured, and user approval signs a "Cart Mandate" for specific items and
> prices.
>
>     ◦ **Delegated Tasks \(human not present\)**: A detailed "Intent
> Mandate" is signed upfront with rules, allowing the agent to automatically
> generate a "Cart Mandate" when conditions are met.
>
> 7. **Non-Repudiable Audit Trail**: The complete sequence from intent to
> cart to payment creates a **non-repudiable audit trail**, providing a clear
> foundation for accountability by answering questions of authorization and
> authenticity.
> 8. **Enabling New Commerce Experiences**: AP2's flexible design supports
> new commercial models like **smarter shopping, personalized offers,
> coordinated tasks, and B2B applications** for autonomous procurement.
> 9. **Support for Emerging Payment Systems**: It is designed as a universal
> protocol for **stablecoins and cryptocurrencies**, with Google
> collaborating with Coinbase and others to launch the **A2A x402 extension**
> for agent-based crypto payments.
>
> 10\. **Open Collaboration and Evolution**: Google is committed to evolving
> AP2 through an **open, collaborative process**, including engagement with
> standards bodies, and invites the entire payments and technology community
> to contribute via its public GitHub repository
>
> **References**
>
> 1. Google Blog: Powering AI commerce with the new Agent Payments Protocol
> \(AP2\) [
> https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en](https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en)
> 2. Agent Payments Protocol \(AP2\): [
> https://github.com/google-agentic-commerce/AP2](https://github.com/google-agentic-commerce/AP2)
> 3. AP2 Specification: [
> https://ap2-protocol.org/specification/#71-illustrative-transaction-flow](https://ap2-protocol.org/specification/#71-illustrative-transaction-flow)
> 4. A2A x402 Extension: [
> https://github.com/google-agentic-commerce/a2a-x402](https://github.com/google-agentic-commerce/a2a-x402)
>
> Best,
>
>>
> Nat Sakimura
>
>>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20250917/880df972/attachment-0001.htm>

More information about the Openid-specs-fapi mailing list