In episode #8 of The Agent Factory, Ivan Nardini and I are joined by Prateek Dudeja, product manager from the Agent Payment Protocol Team, to dive into one of the biggest hurdles for AI agents in eccomerce: trust, especially when it comes to money.

This post guides you through the key ideas from our conversation. Use it to quickly recap topics or dive deeper into specific segments with links and timestamps.

Introducing Agent Payment Protocol

Timestamp: [01:43]

What if an agent could buy concert tickets for you at a specific time that the tickets go on sale. You don't want to miss out! Maybe you want two tickets, and you don't want to spend more than $200. You definitely want to sit in a section with a great view of the stage. To have an agent act as your ticket buyer, you would have to trust that agent with all facets of your request and your credit card. How can you be sure that the agent won't buy 200 tickets or that it won't charge you for a lifetime supply of rubber duckies?

The potential for a messy outcome with this concert ticket request provides insight into a "Crisis of Trust" that can hold back agentic commerce. The good news is there's a way to move forward and build trust. 

To solve the "Crisis of Trust," Google introduced the Agent Payment Protocol (AP2), a new open standard. It's not a new payment system; it’s a "trust layer" that sits on top of existing infrastructure. AP2 is designed to create a common, secure language for agents to conduct commerce, using role-based architecture and verifiable credentials.

Agent Payments and the Current Payment System

Timestamp: [02:29]

The current payment system was built for humans using trusted interfaces like browsers, not for autonomous agents, resulting in three main challenges for agents: authorization, agent error, and accountability.

The Agent Payment Protocol addresses these challenges by helping agents communicate securely with merchants and payment partners. The Agent Payment Protocol is available today as an extension for the A2A (Agent2Agent) protocol and relies on agents using the Model Context Protocol (MCP). 

Deep Dive into the Agent Payment Protocol

Learn more about how this protocol works, including concepts and flow.

A Role-Based Ecosystem

Timestamp: [04:33]

The protocol is built on a "separation of concerns." Your agent doesn't have to do everything. There are specialized roles:

• Shopping Agent: The AI agent you build, great at finding products.

• Merchant Endpoint: The seller's API.

• Credential Provider: A secure digital wallet (like PayPal, Google Pay, etc.) that manages payment details.

• Merchant Payment Processor: The entity that constructs the final authorization message for the payment networks.

Critical: Your shopping agent never touches the raw credit card number. It doesn't need to be PCI compliant because it delegates the payment to the specialized, secure providers.

Verifiable Credentials (VCs)

Timestamp: [06:15]

The "handshakes" between these roles in the Agent Payment Protocol ecosystem are secured by Verifiable Credentials (VCs). Think of credentials as protocolized, cryptographically signed digital receipts that prove what was agreed upon.

There are three types of verifiable credentials:

Cart Mandate: For "human-present" scenarios. The user reviews a final cart and cryptographically signs it as proof of approval.

Intent Mandate: For "human-not-present" scenarios (like the concert ticket example). The user signs an intent (e.g., "buy tickets under $200"), giving the agent authority to act within those guardrails.

Payment Mandate: Provides clear visibility to payment networks and banks that an AI agent was involved in the transaction.

A Contractual Conversational Model

Timestamp: [08:03]

The Agent Payment Protocol process creates a "Contractual Conversational Model," moving beyond simple API calls to a flow built on verifiable proof.

To understand this flow, we'll walk through a human-present scenario:

1. Delegation: You tell your agent, "Buy two concert tickets."

2. Discovery & Negotiation: The agent contacts the merchant's endpoint to prepare the cart.

3. Finalize Cart: The agent reaches out to your Credential Provider (e.g., your digital wallet). You select the payment method. The agent only gets a reference (like the last 4 digits), never the full credential.

4. Authorization with Mandates: The agent shows you the final, finalized cart.

5. You cryptographically sign the Cart Mandate. This is the non-repudiable proof, the "contract."

6. Purchase: The agent sends this signed mandate to the merchant. The merchant can now trust the purchase mandate is from you. The merchant's payment processor uses the mandate to securely get the payment token from the credential provider and complete the transaction.

This flow all hinges on trust. In the short term, this trust is built using manual allow lists of approved agents and merchants. In the long term, the plan is to use open web standards like HTTPS and DNS ownership to verify identities.

Q&A with Prateek Dudeja

Timestamp: [13:07]

With the concepts explained, the discussion moved to a Q&A with Prateek.

Why a New Protocol for Payments?

Timestamp: [13:30]

Prateek gave a great analogy: HTTPS is a baseline protocol for browsing. Signing in requires stronger authentication. Making a payment requires an even higher level of trust. AP2 provides that "payments-grade security" on top of baseline protocols like A2A and MCP, ensuring the transaction is high-trust and truly from a human.

How Will Agents Find Trusted Partners?

Timestamp: [14:42]

In the short term, agents will use "decentralized registries of trust" (or allow lists) to find merchants they can interact with. Prateek noted that all the roles (merchant, credential provider, etc.) already exist in the payments industry today. The only new role is the Shopping Agent itself.

Accountability: What Happens When Things Go Wrong?

Timestamp: [16:03]

This is the big question. What if your agent shows you blue shoes, you wanted teal, but you click "approve" anyway?

Prateek explained that the signed Cart Mandate solves this. Because you biometrically signed a tamper-proof credential showing the blue shoes, the responsibility is on you. The merchant has cryptographic evidence that you saw and approved the exact product. This protects merchants from fraudulent chargebacks and users from unauthorized agent actions.

Demo: Reference Implementation

Timestamp: [18:04]

Prateek walked through a demo showing the human-present flow. It showed the user prompting the agent, the agent discovering products, and then the Credential Provider (PayPal) getting involved. The user selected their shipping and payment info from PayPal, and the agent only saw a reference. The user then signed the Cart Mandate, and the purchase was completed.

Compatibility and Getting Started

Timestamp: [19:43]

A key question was - Is this compatible with frameworks like LangGraph or CrewAI? Yes. Prateek confirmed the protocol is compatible with any framework. As long as your agent can communicate over A2A or MCP, you can use AP2.

To get started, Prateek directed developers to the GitHub repo. The first step is to see which role you want to play (merchant, credentials provider, etc.) and explore the sample code for that role.

The Future: Dynamic Negotiation

Timestamp: [21:13]

Looking ahead, Prateek shared an exciting vision for "dynamic negotiation." Imagine telling your agent: "I want that red dress that's out of stock. I need it by tomorrow... and I'm willing to pay 30% more".

A merchant's agent could see this "intent" and, if the dress becomes available, automatically complete the sale. What was a lost sale for the merchant becomes a completed order at a markup, and the user gets the exact item they desperately wanted. 

Your turn to build

This conversation made it clear that building a secure payment infrastructure is a foundational step toward creating agents that can perform truly useful tasks in the real world. We're moving from a simple, programmatic web to a conversational, contractual one, and this protocol provides the framework for it.

We encourage you to check out the Agent Payment Protocol GitHub repo, think about which role you could play in this new ecosystem, and start building today!

Connect with us

• Shir Meir Lador → LinkedIn, X

• Ivan Nardini → LinkedIn, X

• Prateek Dudeja → Linkedin