Explore AP2, Agent Commerce, AI Payments, Security Models, Developer Resources and Industry Insights — the independent knowledge hub for the agentic economy.
A comprehensive resource for developers, researchers, and fintech professionals navigating the emerging agentic commerce landscape.
Deep dives into the Agent Payments Protocol — its specification, design goals, trust architecture, and how it enables AI agents to transact autonomously on behalf of users.
SDKs, code examples, integration guides, and API documentation to help you build AP2-compatible systems. Quickstart to production in one place.
Authentication patterns, consent frameworks, fraud prevention strategies, and risk scoring models for robust agent payment systems.
Stay current with the latest developments in AI commerce, agentic systems, payment infrastructure, and regulatory landscape — curated and independent.
A growing directory of wallets, payment providers, agent platforms, merchant systems, and developer tools across the AP2 ecosystem.
Protocol basics, integration patterns, advanced configurations, and spec references organized into a navigable documentation center.
As AI agents gain the ability to take actions on behalf of users — including financial transactions — AP2 provides the trust, authorization, and verification layer that makes autonomous commerce safe.
AI agents purchasing goods, subscribing to services, and managing recurring transactions with explicit user authorization at every step.
User-defined spending rules and budget caps that allow agents to operate within clear constraints without requiring real-time approval.
Cryptographic proof chains ensuring every agent-initiated transaction is traceable, auditable, and attributable to a human principal.
Fine-grained permission systems that give users precise control over what agents can buy, from whom, and under what conditions.
A deep technical look at how AP2's payment intent objects chain together to support complex, multi-hop purchasing workflows where agents delegate to sub-agents.
Revoking an agent's spending permissions should be instant and irreversible. We explore the revocation challenges that current AP2 implementations face and how to address them.
An independent review of the first digital wallets built with native AP2 support — covering UX, developer tooling, and the critical edge cases each product handles differently.
No cryptography background required. A practical guide for PMs building agentic commerce features, covering the core concepts and gotchas in plain language.
A current-state survey of major payment networks and their AP2 compatibility status — from established card networks to real-time payment systems and crypto rails.
When Agent A instructs Agent B to make a purchase, whose authorization scope applies? We examine open research questions in delegated-authority payment systems.
A comprehensive introduction to AP2 — what it is, why it exists, and how it shapes the future of autonomous commerce.
How the protocol is structured — authentication, authorization, payment intent, settlement, and consent management.
AP2 uses asymmetric key pairs (Ed25519 or ECDSA P-256) to authenticate both agents and their principals. Each agent has a unique identity keypair; the corresponding public key is registered with the AP2 registry and linked to a human user account.
Authentication tokens are short-lived (default 15 minutes) and bound to specific transaction contexts, preventing replay attacks across different payment sessions.
Authorization in AP2 is expressed as a ScopeGrant object — a JSON document signed by the principal specifying merchant categories, amount limits, frequency caps, and time boundaries.
Scope grants can be hierarchical, allowing enterprise users to define global agent policies while permitting individual agents to carry sub-grants for specific task contexts.
A PaymentIntent is the core transactional object in AP2. It describes the purchase: amount, currency, merchant ID, item description, and references to the authorizing scope grant.
Intents are immutable once created and signed. Any modification requires creating a new intent, ensuring full auditability of what was actually authorized versus what was executed.
Settlement in AP2 is decoupled from authorization. Once the payment provider confirms settlement, a SettlementReceipt is generated and appended to the transaction's audit trail.
The receipt references the original PaymentIntent, the agent that executed it, the scope grant that authorized it, and a timestamp-bound signature from the payment provider.
AP2's consent framework requires explicit, granular user consent before any agent can be granted a ScopeGrant. The consent UI specification mandates clear language about what the agent can purchase, the maximum spend, and how to revoke access.
Consents are stored in the user's AP2 wallet and are propagated to all registered AP2 infrastructure providers, enabling instant revocation across the entire ecosystem.
AP2 defines a standard risk signal format allowing payment providers and merchants to exchange fraud risk scores alongside transaction data without exposing proprietary models.
Risk thresholds can be set at the scope grant level, requiring step-up authentication (back to the human principal) when a transaction's risk score exceeds the configured threshold.
Everything you need to build AP2-compatible systems — from quickstart to production integration.
# Install via npm npm install @ap2/sdk # Or via yarn yarn add @ap2/sdk # Or via pip (Python) pip install ap2-sdk
import { AP2Agent, ScopeGrant } from '@ap2/sdk'; // Initialize your agent with its identity keypair const agent = new AP2Agent({ agentId: 'agent_01HXYZ...', privateKey: process.env.AP2_AGENT_PRIVATE_KEY, environment: 'production' }); // Load the scope grant issued by your user const scopeGrant = ScopeGrant.fromToken( process.env.USER_SCOPE_GRANT_TOKEN );
// Create a payment intent for a specific purchase const intent = await agent.createPaymentIntent({ merchant: { id: 'merchant_ABC123', name: 'Acme Cloud Services', category: 'software_subscription' }, amount: { value: 2999, // Amount in cents currency: 'USD' }, description: 'Monthly Pro Plan — June 2026', scopeGrant: scopeGrant, expiresIn: 300 // 5 minutes }); console.log(intent.id); // intent_01HXYZ... console.log(intent.status); // 'pending_verification'
// Submit the intent to the AP2 gateway const result = await agent.submitIntent(intent); if (result.status === 'authorized') { console.log('Payment authorized', result.settlementId); // Proceed with the merchant transaction } else if (result.status === 'requires_step_up') { // Risk threshold exceeded — notify the user await notifyUserForApproval(result.stepUpToken); } else { // Handle rejection console.error('Rejected:', result.rejectReason); }
Full-featured SDK with TypeScript types, async/await support, and built-in retry logic. Works in Node.js and modern browsers.
Pythonic async client with Pydantic model validation, sync and async interfaces, and comprehensive test fixtures for CI pipelines.
Enterprise-ready JVM client with Spring Boot integration, reactive Webflux support, and a Maven BOM for dependency management.
High-performance, zero-copy Rust client suitable for low-latency infrastructure components, payment gateways, and embedded systems.
Idiomatic Go client with context propagation, structured logging hooks, and direct integration with common Go web frameworks.
Language-agnostic HTTP API with OpenAPI 3.1 specification. Use when no native SDK is available for your platform.
Base URL: https://api.ap2protocol.example/v2
All API requests use Bearer token authentication with a short-lived JWT signed by your agent's private key.
Authorization: Bearer <signed_agent_jwt> Content-Type: application/json AP2-Agent-ID: agent_01HXYZ...
/v2/intents
Create a new payment intent. Returns an intent object with status pending_verification.
/v2/intents/{intentId}
Retrieve an intent by ID including full audit trail, current status, and settlement receipt if available.
/v2/scopes
Register a new ScopeGrant issued by a user. Required before an agent can submit payment intents on behalf of that user.
/v2/scopes/{scopeId}
Immediately revoke a ScopeGrant. All pending intents referencing this scope will be cancelled and no new intents can reference it.
/v2/audit/{agentId}
Retrieve the full transaction audit trail for an agent. Supports pagination, date range filtering, and status filters.
import express from 'express'; import { AP2Webhook } from '@ap2/sdk'; const app = express(); const webhook = new AP2Webhook(process.env.AP2_WEBHOOK_SECRET); app.post('/webhooks/ap2', async (req, res) => { const event = webhook.verify(req.body, req.headers['ap2-signature']); switch (event.type) { case 'intent.authorized': await handleAuthorized(event.data); break; case 'intent.settled': await handleSettled(event.data); break; case 'scope.revoked': await handleRevocation(event.data); break; } res.json({ received: true }); });
from ap2 import AP2Client, ScopeGrant client = AP2Client( agent_id="agent_01HXYZ", private_key=os.environ["AP2_PRIVATE_KEY"] ) # Validate a scope grant before attempting a purchase def can_purchase(scope_token: str, amount_cents: int, category: str) -> bool: grant = ScopeGrant.from_token(scope_token) if grant.is_expired(): return False if category not in grant.allowed_categories: return False if amount_cents > grant.per_transaction_limit_cents: return False return client.scopes.is_valid(grant.scope_id)
AP2 provides a sandbox environment for integration testing that mirrors production behavior without processing real payments. Use test credentials to simulate all authorization outcomes including approvals, rejections, and step-up challenges.
# .env.test AP2_ENVIRONMENT=sandbox AP2_BASE_URL=https://sandbox.api.ap2protocol.example/v2 AP2_AGENT_ID=agent_test_01HXYZ AP2_PRIVATE_KEY=<your-test-keypair> # Test amounts that trigger specific outcomes # $1.00 → Always authorized # $500.00 → Triggers step-up authentication # $9999.99 → Always rejected (exceeds scope)
Authentication, authorization, consent frameworks, fraud prevention, and best practices for AP2 implementations.
AP2's security architecture is built on the principle of least-privilege delegation: every agent receives only the permissions it explicitly needs, for only as long as it needs them, with the ability for the user to revoke access at any moment.
This section covers the security components of AP2 as an educational resource. Implementations should be reviewed by qualified security professionals.
L1=Basic · L2=Standard · L3=High · L4=Very High
AP2 requires Ed25519 or ECDSA P-256 signing for all agent tokens. Symmetric HMAC is explicitly prohibited for agent identity assertions. Public key registration is required before any agent can submit payment intents.
Users must provide explicit consent for each distinct scope an agent requests. The AP2 consent specification mandates human-readable descriptions of every permission, with no dark patterns or pre-checked boxes.
Standard AP2 risk signals include transaction velocity, merchant reputation scores, behavioral anomaly flags, and geographic consistency checks. Providers can extend this with proprietary models.
Risk scores are expressed as integer values from 0–100 on the AP2 standard scale. Scope grants can specify maximum acceptable risk scores, with higher-risk transactions triggering step-up authentication flows.
Every AP2 transaction generates an immutable audit record. The record includes: initiating agent ID, user principal, scope grant reference, intent hash, merchant, amount, timestamp, and settlement proof.
AP2 revocations propagate to all registered infrastructure within a protocol-defined maximum window (currently 500ms for online systems). Offline revocation caching is required for resilient implementations.
15-minute JWT expiry is the AP2 recommended maximum for agent authentication tokens.
Cache revocation status locally and refresh at least every 30 seconds for real-time systems.
Every intent creation, submission, and outcome should be appended to your own audit log, independent of AP2's audit trail.
Notify users in real time when an agent submits a payment intent, not just when it settles.
Independent coverage of AP2, AI commerce, agentic payments, and payment infrastructure developments.
The draft introduces a new DelegatedScopeGrant object type, enabling parent agents to issue sub-scopes to child agents without requiring fresh user consent for pre-authorized delegation patterns.
Following similar announcements from US institutions last quarter, three European banking groups have entered AP2 compatibility testing, signaling growing institutional acceptance of the agentic payments standard.
Independent research tests how leading language models respond when given ambiguous purchasing instructions that would violate scope constraints, revealing significant behavioral variance across models.
A leaked draft of the European Commission's forthcoming AI Commerce Directive contains language closely aligned with AP2's consent specification, which could effectively standardize the approach across the bloc.
According to infrastructure provider reports, the AP2 ecosystem processed over 100 million payment intents in May — a 340% year-over-year increase driven primarily by enterprise agentic workflows.
A security researcher published a responsible disclosure describing how overly broad merchant category codes in scope grants could be exploited to authorize purchases at unintended merchant types in certain wallet implementations.
In-depth analysis, tutorials, and perspectives on the agentic payments ecosystem.
The most comprehensive introduction to AP2 written for developers, product managers, and fintech professionals with no prior background in agentic systems. Covers history, architecture, and practical implications.
How AI agents move from receiving a high-level task to executing specific purchases — and the authorization handshakes that happen at each step.
Real-time cross-border agent transactions, offline authorization caching, and the emergence of agent credit scoring — what's coming in the AP2 ecosystem.
Walking through a complete AP2 transaction lifecycle — from the moment a user grants scope, through the agent's intent creation, to settlement and receipt generation.
A briefing for payments industry professionals on the agent commerce landscape — volume projections, integration requirements, and competitive implications.
Moving beyond checklist security to building genuine trustworthiness into agentic payment systems — covering design principles, threat modeling, and ongoing monitoring.
Interviews and case studies from merchants who've enabled AP2 support — covering technical integration, fraud patterns, and the surprising revenue impact of agent-initiated purchases.
Protocol basics, integration guides, and technical references — organized for quick navigation.
Definitions for key terms in the Agent Payments Protocol and agentic commerce ecosystem.
An AI system that can take actions in the world on behalf of a human user, including initiating financial transactions within an authorized scope. In AP2, agents are identified by cryptographic keypairs and are associated with a human principal.
The broader category of economic activity initiated by AI agents on behalf of human principals, including purchasing goods, subscribing to services, booking services, and executing financial instructions.
The set of permissions granted to an agent by a user, expressed as a ScopeGrant object. Defines allowed merchant categories, spending limits, time windows, and frequency caps.
The immutable, cryptographically linked record of every step in an AP2 transaction lifecycle — from intent creation through authorization to settlement. Required by the AP2 specification for all production implementations.
The explicit, informed agreement by a human user to grant an agent a specific ScopeGrant. AP2 consent must be freely given, specific, informed, and revocable. Dark patterns in consent collection are explicitly prohibited by the specification.
The act of withdrawing a previously granted ScopeGrant. Revocations must propagate across all AP2 infrastructure within the protocol-defined maximum latency window, and must immediately cancel any pending PaymentIntents referencing the revoked scope.
In AP2 contexts, an escrow arrangement where funds are held pending fulfillment of a condition — typically delivery confirmation for physical goods purchased by agents. AP2 defines optional escrow extension fields on PaymentIntent objects.
A standardized classification code (derived from ISO 18245) used in ScopeGrants to restrict which types of merchants an agent can transact with. AP2 uses an extended MCC taxonomy that includes digital goods and service categories not covered by the original ISO standard.
The core transactional object in AP2 — a signed, immutable JSON document created by an agent that describes a specific purchase: merchant, amount, currency, description, scope grant reference, and expiry. Once created, a PaymentIntent cannot be modified; changes require a new intent.
The process by which a merchant or payment provider validates that an incoming AP2 payment intent was created by a legitimate, authorized agent acting within its granted scope, before accepting the transaction.
The human user at the top of an AP2 authorization hierarchy. All agent permissions ultimately derive from a human principal's explicit authorization. Principals can delegate to agents, who can in turn sub-delegate under certain conditions.
In the AP2 context, the full specification defining data structures, communication patterns, security requirements, and behavioral expectations for agents, wallets, merchants, and payment infrastructure participating in the AP2 ecosystem.
A system for scoring the likelihood that a given AP2 transaction is fraudulent or anomalous. AP2 defines a standard risk signal format enabling providers to exchange scores without exposing proprietary model details. Risk scores from 0 (lowest risk) to 100 (highest risk).
A signed JSON document issued by a principal (human user) to an agent, specifying the exact permissions granted. Includes merchant category codes, maximum transaction amount, daily/monthly spending limits, allowed time windows, and expiry.
The final clearing and transfer of funds from the payer's account to the merchant's account, following successful authorization of an AP2 payment intent. The settlement process generates a SettlementReceipt that is added to the transaction's audit trail.
A mechanism in AP2 that requires an agent to pause and obtain fresh authorization from its human principal when a transaction's risk score or amount exceeds configurable thresholds. The step-up token is passed back to the agent after user confirmation.
The combination of authentication, authorization, audit logging, and revocation mechanisms in AP2 that together establish whether a given agent-initiated transaction should be trusted and processed. The trust layer is the defining contribution of AP2 to the agentic payments stack.
The process of confirming the authenticity and authorization of an AP2 payment intent. Verification checks that the agent signature is valid, the scope grant is active and covers the transaction, the intent hasn't expired, and the nonce hasn't been used previously.
In AP2, a software system responsible for managing a user's payment credentials, issuing ScopeGrants to authorized agents, maintaining the revocation registry, and presenting consent flows to users. AP2-compatible wallets must implement the full AP2 wallet interface specification.
Answers to the most common questions about AP2, agentic payments, and this resource.
Join the growing community of developers, researchers, and practitioners building the agentic payments ecosystem.
Real-time discussion, protocol announcements, and community support for developers and enthusiasts.
Channels for #dev-help, #protocol-discussion, #security, #integrations, and regional communities.
Reference implementations, example integrations, community SDKs, and educational repositories.
Weekly digest of protocol updates, developer guides, industry news, and community highlights.
Online · June 18, 2026 · 2:00 PM UTC
Discord Voice + Recording · June 25, 2026 · 3:00 PM UTC
In-Person · July 8, 2026 · SoMa, San Francisco
Online · Monthly, 3rd Wednesday · July 16, 2026
Wallets, payment providers, agent platforms, developer tools, and merchant systems in the AP2 ecosystem.
Full AP2 v1.2 support · Consumer · Enterprise
AP2 v1.1 · Mobile-first wallet · Hardware key support
AP2 v1.2 · Enterprise SSO · Policy management
AP2 v1.0 · Developer-focused · Open source
AP2 v1.2 · 140 currencies · Real-time settlement
AP2 v1.1 · Startup-friendly · Sandbox included
AP2 v1.2 · Cross-border specialist · 80+ countries
AP2 v1.0 · Enterprise only · SLA guarantee
Full AP2 · Multi-agent orchestration · Commerce focus
AP2 v1.1 · Long-running agents · Offline support
AP2 v1.2 · Developer SDK · Workflow automation
AP2 intent debugger · Visual scope builder · Sandbox
CLI tool · Transaction tracer · Audit log viewer
Local mock server · Zero config · CI/CD ready
An independent educational platform for the Agent Payments Protocol ecosystem.
AP2 Gateway exists to make the Agent Payments Protocol ecosystem accessible, understandable, and safer for everyone involved — developers building agentic systems, businesses enabling agent commerce, users delegating financial actions to AI, and researchers studying the implications of autonomous commerce.
Our content is produced independently. We do not accept payment for editorial coverage, and our technical assessments reflect our own analysis. Where we cite external sources, we attribute them clearly.
We distinguish clearly between official AP2 specification content and our own editorial interpretation. When protocol specifics are uncertain or subject to change, we say so explicitly.
The participants, systems, and infrastructure that make up the Agent Payments Protocol landscape.
Structured learning paths for developers, researchers, and product professionals entering the AP2 ecosystem.
No prior experience needed. Learn what AP2 is, why it exists, and how it fits into the broader AI and payments landscape.
What is an AI agent? What is agent commerce? How is it different from traditional e-commerce and automation?
A quick payments primer for engineers coming from the AI side: cards, ACH, real-time payments, and how authorization works.
Why trust matters in agentic systems, the risks of autonomous purchasing, and how AP2 addresses them.
Practical guidance for PMs building agentic commerce features — what to specify, what to watch out for, and how to work with developers.
An interactive tour of the AP2 glossary, explaining the 25 most important terms with examples from real scenarios.
Hands-on guide to building an AP2-capable agent from scratch using the JS SDK — from identity setup to submitting your first payment intent.
Security patterns for AP2 implementations: key management, scope minimization, revocation handling, and monitoring for anomalies.
How to add AP2 scope grant issuance and revocation management to an existing wallet application — with complete code examples.
Adding AP2 payment acceptance to your merchant checkout: registration, intent validation, and settlement receipt handling.
Understanding the AP2 risk signal format, how to interpret scores, and how to configure risk thresholds in scope grants.
Unit testing, integration testing, and end-to-end testing strategies for AP2 implementations, including sandbox usage and CI/CD integration.
Designing systems where agents delegate to sub-agents, with proper scope narrowing, authorization inheritance, and revocation propagation across agent hierarchies.
Building high-throughput AP2 infrastructure: registry design, revocation cache architecture, latency optimization, and failure mode handling.
Cryptographic primitives in AP2, formal verification of authorization flows, known attack vectors, and the emerging threat landscape for agentic payment systems.
Compliance considerations for deploying AP2 in financial services, healthcare, and government — mapping protocol features to regulatory requirements.
Whitepapers, research reports, technical documents, and case studies from the AP2 ecosystem.
A comprehensive overview of AP2's design goals, architectural decisions, and protocol primitives — intended for technical decision-makers evaluating adoption.
Annual industry report covering transaction volumes, adoption trends, security incidents, and ecosystem growth across the AP2 landscape.
Independent security research examining formal proofs, known vulnerabilities, and recommended hardening measures for AP2 implementations.
Detailed case studies from enterprise organizations that have deployed AP2-enabled agentic workflows — covering integration challenges, outcomes, and lessons learned.
A catalog of common AP2 integration patterns for agents, wallets, merchants, and infrastructure, with architecture diagrams and implementation guidance.
Survey of regulatory requirements for AP2-enabled cross-border transactions across major jurisdictions — the EU, US, UK, Singapore, and Japan.
Recorded sessions from community developer workshops covering setup, integration, testing, and advanced topics — 8 videos, ~6 hours total.
Questions, contributions, partnership inquiries, or just want to say hi.
Questions about the content, feedback on articles, or general enquiries about AP2 Gateway.
hello@ap2gateway.store
Community partnerships, ecosystem listings, event collaboration, and co-marketing opportunities.
partnerships@ap2gateway.store
Security vulnerability disclosures or concerns about content accuracy on security-sensitive topics.
security@ap2gateway.store
Press inquiries, requests for expert commentary, or interview and speaking engagement requests.
media@ap2gateway.store
Privacy Policy, Terms of Service, Disclaimer, and Cookie Policy for AP2 Gateway.
Last updated: June 2026
AP2 Gateway collects minimal personal information. When you subscribe to our newsletter, we collect your email address. When you use our contact form, we collect the information you provide. We do not use cookies for tracking or targeted advertising.
Email addresses collected for newsletter purposes are used only to send the AP2 Gateway weekly digest. We do not sell, rent, or share your personal information with third parties. Contact form submissions are used only to respond to your inquiry.
We use privacy-respecting analytics to understand which content is most valuable to readers. This analytics does not use cookies, does not collect personally identifiable information, and is not shared with advertising networks.
You may request deletion of your email from our newsletter list at any time by clicking the unsubscribe link in any email we send, or by contacting hello@ap2gateway.store. We will process deletion requests within 5 business days.
Last updated: June 2026
Content on AP2 Gateway is provided for educational purposes. You may read, share links to, and quote portions of our articles with attribution. You may not reproduce substantial portions of our content without permission.
We make reasonable efforts to ensure the accuracy of our educational content. However, AP2 Gateway does not guarantee the accuracy, completeness, or currentness of any information. Always consult official protocol documentation and qualified professionals for implementation guidance.
Nothing on AP2 Gateway constitutes legal, financial, security, or professional advice. Information is provided for educational purposes only. For implementation guidance, consult qualified security and payments professionals.
Mentions of companies, products, or services in our directory or editorial content do not constitute endorsement. Directory listings are provided as a community service and are not paid placements.
Protocol specifications evolve. Code examples and architectural descriptions on AP2 Gateway may not reflect the latest specification version. Always verify against current official documentation before implementing in production systems.