Google is preparing for a version of online commerce in which AI agents do more than recommend products. With the Agent Payments Protocol, or AP2, the company is proposing a shared way for those agents to search, negotiate, and complete purchases on behalf of users.
The protocol was announced with backing from more than 60 merchants and financial institutions. Its central promise is interoperability: AI platforms, payment systems, and vendors should be able to understand the same transaction flow, rather than each building a separate process for agent-driven purchases.
Why AP2 Exists
AI agents are automated software programs that can shop and make decisions for users. That ability creates a practical problem for commerce: when software acts on a person’s behalf, every participant needs to know what the user actually authorized, what the agent did, and when a purchase became final.
AP2 is designed to create a traceable paper trail for each transaction. That trail matters because agentic purchasing can involve several parties at once, including a user’s AI agent, a merchant’s AI agent, a payment provider, and a vendor.
Google described the effort as an open one. In the announcement post, Stavan Parikh and Rao Surapaneni wrote: “We are committed to evolving this protocol in an open, collaborative process, including through standards bodies, and invite the entire payments and technology community to build this future with us,”
The full specification for AP2 was posted to GitHub alongside the announcement, giving developers and other companies a more detailed view of how the protocol is meant to work.
How Agent-Driven Purchases Would Work
The protocol is built around a future where AI agents can interact with retailers’ AI agents in real time. Google’s examples show why a simple checkout button may not be enough for that kind of commerce.
In one example, a chatbot user asks an agent to shop for a bike trip. That request can trigger a spontaneous time-sensitive bundle offer from a bike shop’s agent. In that scenario, the purchase is not just a static item in a cart. It is the result of a real-time exchange between agents.
Another example involves travel and lodging for a weekend vacation. The user gives the dates, location, and budget. The agent can then interact with airline and hotel agents, online travel agencies, and booking platforms. Once it finds a combination that fits the budget, it can execute both cryptographically-signed bookings simultaneously.
Those examples show the larger goal of AP2. The protocol is not only about paying for something. It is about defining what the user asked for, what the agent was allowed to do, and how the final transaction can be verified after the fact.
The Two Approvals Inside AP2
AP2 uses two separate approvals before a purchase can be made. Google calls the first an “intent mandate.” This is the user’s initial instruction to the agent, such as looking for a specific kind of product. It allows the agent to search for the item and negotiate with sellers.
The second approval is the “cart mandate.” This happens after a specific item has been found and gives final approval for the purchase. Together, the two mandates separate the user’s shopping intent from the final act of buying.
That distinction is important for AI agent payments because a user may want an agent to explore options without authorizing an immediate purchase. It also gives vendors and payment systems a clearer record of when the user moved from search to commitment.
AP2 also includes a path for fully automated purchases. In those cases, the agent is allowed to automatically generate a cart mandate once an item is found. But the initial intent mandate must be more detailed, with price limits, timing, and other rules of engagement.
Across both flows, the goal is an auditable trail that can be reexamined in cases of fraud. That auditability is one of the protocol’s core answers to the trust problem around automated buying.
Crypto Wallets and Competing Systems
Google also worked with Coinbase, MetaMask, and the Ethereum foundation on an extension connected to crypto wallets. That extension would integrate the cryptocurrency-oriented x402 protocol, allowing AI-driven purchasing from crypto wallets.
AP2 is not the only effort in agentic purchasing. Perplexity has a Buy With Pro service in its agentic browser. Stripe also produces software tools for agentic purchasing on its platform, though the source describes them as not as comprehensive as AP2.
For AP2, the next question is adoption. Like any protocol, its impact depends on whether other players in the ecosystem support it, especially developers building agentic purchasing systems.
The protocol already has support from major financial providers including Mastercard, American Express, and PayPal. That gives AP2 an immediate footprint, but the larger test will be whether AI platforms, payment systems, vendors, and developers treat it as a common layer for agent-driven commerce.
What It Means for Online Buying
AP2 points to a shift in how online purchases may be structured when AI agents become active participants. Instead of a user manually comparing every option and completing every checkout step, an agent could search across sellers, negotiate, assemble a cart, and complete a transaction under defined permissions.
The protocol’s structure suggests that trust will be as important as convenience. If AI agents are going to buy products, book travel, or coordinate complex transactions, users and businesses need a clear record of what was authorized and what happened.
Google’s approach is to make that record part of the purchase flow itself. The intent mandate, the cart mandate, cryptographic signing, and audit trail all serve the same purpose: making agent-driven purchases legible to the people and systems that have to trust them.