<div dir="ltr">I came across the news that Google announced "Powering AI commerce with the new Agent Payments Protocol (AP2)" my morning today (i.e. like 14 hours ago). <div><br></div><div>I have not grasped the protocol yet, but it is based on the A2A protocol and uses OAuth. Specifically, the "Sample Credential Provider Agent Card" code snippet within the technical implementation section of AP2 Specification [3] shows OAuth2 as part of its security configuration. This seems to indicate that a Credential Provider (CP) uses an OAuth2  for skills such as <font face="verdana, sans-serif">get_payment_methods</font>, which retrieves a user's payment methods.</div>The configuration includes details for the authorizationCode flow, specifying an <font face="trebuchet ms, sans-serif">authorizationUrl</font>, <font face="trebuchet ms, sans-serif">scopes</font> (particularly for <font face="trebuchet ms, sans-serif">get_payment_methods</font>), and a <font face="trebuchet ms, sans-serif">tokenUrl</font>. This seems to indicate that OAuth2 is used by Credential Providers within the AP2 ecosystem to secure access to users' payment credentials<div><br></div><div>Intuit, Mastercard, and Okta seem to be contributing to it. </div><div><br></div><div><span class="gmail-ng-star-inserted" style="display:block;color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><b class="gmail-ng-star-inserted">10 Key Points of Agent Payments Protocol (AP2)</b></div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">1. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Launch and Purpose</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: AP2 is an </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">open protocol launched by Google on September 16, 2025</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">, developed with over 60 leading payments and technology companies. Its purpose is to </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">securely initiate and transact agent-led payments across platforms</b>.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">2. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Extension of Existing Protocols</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: It functions as an </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">extension of the Agent2Agent (A2A) protocol and Model Context Protocol (MCP)</b>.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">3. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Payment-Agnostic Framework</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: AP2 establishes a </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">payment-agnostic framework</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">, enabling secure transactions across all payment methods, including credit/debit cards, stablecoins, and real-time bank transfer</span>s.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">4. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Addressing AI Agent Payment Challenges</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: It addresses critical questions arising from AI agents transacting on behalf of users, such as </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">authorization, authenticity, and accountability</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">, which challenge traditional payment system assumptions</span>.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">5. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Trust through Mandates</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: AP2 builds trust using </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Mandates</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">—tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of user instructions. These are signed by </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">verifiable credentials (VCs</b><b>).</b></div></span><span class="gmail-ng-star-inserted" style="display:block;color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted">6. </span><b class="gmail-ng-star-inserted">Two User Scenarios</b><span class="gmail-ng-star-inserted">: Mandates support two primary user interaction scenarios:</span></div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">    ◦ </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Real-time Purchases (human present)</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: An "Intent Mandate" is captured, and user approval signs a "Cart Mandate" for specific items and price</span>s.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">    ◦ </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Delegated Tasks (human not present)</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: A detailed "Intent Mandate" is signed upfront with rules, allowing the agent to automatically generate a "Cart Mandate" when conditions are met</span>.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">7. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Non-Repudiable Audit Trail</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: The complete sequence from intent to cart to payment creates a </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">non-repudiable audit trail</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">, providing a clear foundation for accountability by answering questions of authorization and authenticity</span>.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">8. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Enabling New Commerce Experiences</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: AP2's flexible design supports new commercial models like </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">smarter shopping, personalized offers, coordinated tasks, and B2B applications</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px"> for autonomous procuremen</span>t.</div></span><span class="gmail-ng-star-inserted" style="display:block"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">9. </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">Support for Emerging Payment Systems</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">: It is designed as a universal protocol for </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">stablecoins and cryptocurrencies</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">, with Google collaborating with Coinbase and others to launch the </span><b class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px">A2A x402 extension</b><span class="gmail-ng-star-inserted" style="color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px"> for agent-based crypto payment</span>s.</div></span><span class="gmail-ng-star-inserted" style="display:block;color:rgb(19,19,20);font-family:"Google Sans Text","Google Sans",sans-serif;font-size:14px"><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><span class="gmail-ng-star-inserted">10. </span><b class="gmail-ng-star-inserted">Open Collaboration and Evolution</b><span class="gmail-ng-star-inserted">: Google is committed to evolving AP2 through an </span><b class="gmail-ng-star-inserted">open, collaborative process</b><span class="gmail-ng-star-inserted">, including engagement with standards bodies, and invites the entire payments and technology community to contribute via its public GitHub repository</span></div><div class="gmail-paragraph gmail-normal gmail-ng-star-inserted" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;line-height:1.5rem"><b>References</b></div></span></div><div><ol><li>Google Blog: Powering AI commerce with the new Agent Payments Protocol (AP2) <a href="https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en">https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol?hl=en</a></li><li>Agent Payments Protocol (AP2): <a href="https://github.com/google-agentic-commerce/AP2">https://github.com/google-agentic-commerce/AP2</a></li><li>AP2 Specification: <a href="https://ap2-protocol.org/specification/#71-illustrative-transaction-flow">https://ap2-protocol.org/specification/#71-illustrative-transaction-flow</a></li></ol><ol><li>A2A x402 Extension: <a href="https://github.com/google-agentic-commerce/a2a-x402">https://github.com/google-agentic-commerce/a2a-x402</a></li></ol><div>Best, </div></div><div><br></div><div>Nat Sakimura</div><div><br></div><div><br><div><br></div><div><br></div></div></div>