Every year, online retailers lose an estimated $18 billion to cart abandonment. Nearly 75% of shopping carts are abandoned before checkout completes — not because customers changed their minds, but because the checkout process itself creates friction. Form fields, payment redirects, 3D Secure pop-ups, address verification. Now imagine removing all of that friction by letting an AI agent handle the entire purchase. The agent finds the product, confirms the price, and completes payment — all within a conversation.

That's the promise of agentic commerce, and it's already here. During Black Friday 2025, one in six purchases were AI-assisted. By Cyber Week, it was one in five. But there's a critical problem: when an AI agent — not a human — clicks "buy," how does a merchant prove the customer actually authorized the purchase? How does the payment network distinguish a legitimate agent-initiated transaction from fraud? And when a dispute arises, who's accountable?

That's exactly what Google's Agent Payments Protocol (AP2) solves. And when combined with the Universal Commerce Protocol (UCP) — the open standard for end-to-end agentic commerce — AP2 becomes the trust layer that makes agent-driven sales not just possible, but provably secure.

What AP2 Actually Is

AP2 is an open, non-proprietary protocol announced by Google in September 2025, developed in collaboration with over 60 organizations including Mastercard, American Express, Adyen, PayPal, Coinbase, Shopify, and Salesforce. It's not a payment processor — it's a governance layer that sits between the AI agent, the merchant, and the payment network to create cryptographic proof that the customer authorized every transaction.

Think of it this way: traditional payment systems assume a human is clicking "confirm order" on a trusted website. AP2 is built for a world where that assumption no longer holds — where autonomous agents initiate purchases on behalf of users, sometimes without the user even being present in real time.

💡
Key distinction: AP2 doesn't replace Stripe, Adyen, or PayPal. It works alongside them — adding a verifiable authorization layer that proves user intent before the payment processor ever sees the transaction.

How AP2 and UCP Work Together

UCP handles the full shopping journey — product discovery, checkout sessions, and order management via standardized REST APIs. AP2 plugs into UCP's checkout flow as the trust and authorization layer. Here's how a complete transaction works when both protocols are active:

Step 1 — Discovery. The merchant publishes a UCP business profile at /.well-known/ucp that declares AP2 support alongside their commerce capabilities.

Step 2 — Checkout session. The AI agent creates a UCP checkout session (items, shipping, pricing). The platform signals AP2 activation.

Step 3 — Merchant signing. The merchant responds with a checkoutSignature — a detached JWT cryptographically signing the exact checkout state (items, price, terms). This is the merchant's binding commitment: these items, at this price, under these conditions.

Step 4 — User authorization. Upon user consent (either real-time or via pre-authorized conditions), the platform generates two credentials: a CheckoutMandate containing the hash of the checkout object, and a PaymentMandate as an SD-JWT-VC containing the payment authorization for the card network.

Step 5 — Completion. The platform submits both mandates to the merchant's /complete endpoint. The merchant forwards the PaymentMandate to their payment processor (Stripe, Adyen, etc.), and the transaction settles.

The result: every party in the chain — customer, agent, merchant, payment network — has cryptographic proof of exactly what was authorized, by whom, and under what conditions. No ambiguity. No "I never ordered that." No chargebacks without clear evidence.

The Three Mandates That Make It Work

AP2's security model is built on Verifiable Digital Credentials (VDCs) — tamper-evident, cryptographically signed digital objects. Three types of mandates form the backbone:

Intent Mandate — used for delegated purchases where the user isn't present in real time. The user pre-authorizes conditions: "Buy coffee beans under $30 from this store whenever I run low." The mandate is cryptographically signed using hardware-backed keys on the user's device, giving the agent scoped authority to act within those constraints. The agent can't exceed the price limit, change the merchant, or modify the items.

Cart Mandate — used for real-time purchases where the user is present. After the agent assembles a cart, the user reviews and cryptographically signs the exact items and price. This is non-repudiable proof: the customer saw these items at this price and approved.

Payment Mandate — contains agent involvement signals and human-presence indicators, shared with payment networks and card issuers. This helps the network assess transaction risk using context that traditional payment flows can't provide: was this purchase agent-initiated? Was the human present? What were the authorization conditions?

⚠️
Security note: All mandates use ECDSA digital signatures. The cryptographic chain means that if a dispute arises, the system can trace exactly where the decision was made — user, merchant, or agent — and assign accountability accordingly.

Why This Matters for Merchant Revenue

AP2 isn't just a security protocol — it's a conversion engine. Here's how it directly impacts the bottom line:

Eliminating checkout friction. The 75% cart abandonment rate exists because traditional checkout requires humans to fill forms, authenticate payments, and navigate redirects. With AP2-backed agent checkout, the entire process happens via API calls — no forms, no redirects, no friction. The agent handles everything, and the mandate system ensures it's authorized.

Reducing chargebacks and fraud. Traditional e-commerce fraud rates hover around 2.1% for API-based transactions. AP2 reduces this to 1.15% — a 45% improvement — because every transaction carries cryptographic proof of authorization. Tampering incidents drop from 0.5% to 0.05%. Fewer chargebacks means more revenue retained.

Enabling delegated commerce. Intent Mandates open an entirely new sales channel: purchases that happen without the customer being present. A user authorizes "restock my protein powder when the price drops below $45" and the agent monitors, finds the deal, and completes the purchase — all within the pre-authorized constraints. This creates recurring, automated revenue streams that don't depend on the customer returning to your website.

Capturing the agentic commerce wave. Morgan Stanley projects that agentic commerce could capture 10-20% of the US e-commerce market by 2030 — representing $190 billion to $385 billion in annual GMV. McKinsey's estimate is even bolder: up to $1 trillion in US B2C retail revenue from agentic commerce. Merchants who support AP2 + UCP are positioned to capture this traffic. Those who don't are invisible to AI agents.

AP2 vs. Traditional Payment Flows

To understand why AP2 matters, consider what happens today when a payment dispute occurs. A customer says "I didn't authorize this." The merchant has a transaction log showing a successful charge — but no cryptographic proof that the customer explicitly approved those specific items at that specific price. The chargeback typically goes to the customer.

With AP2, the merchant holds a Cart Mandate — cryptographically signed by the customer's device — proving exactly what was approved. The payment network holds a Payment Mandate with agent context signals. The dispute resolution becomes deterministic: follow the cryptographic chain, identify where the decision was made, and assign accountability to the real-world entity (user, merchant, or issuer). Only if the AI agent made a "load-bearing" wrong decision does fault land on the agent itself.

This isn't incremental improvement over Stripe or PayPal — it's a fundamentally different trust model. Traditional payment systems rely on platform reputation and reversible transactions. AP2 provides mathematical proof of consent.

For merchants: AP2 doesn't replace your existing payment processor. It adds a verification layer that reduces fraud, minimizes chargebacks, and makes agent-initiated transactions as trustworthy as human-initiated ones.

The Ecosystem and What's Coming

AP2's partner list reads like a who's who of global payments: Mastercard, American Express, Adyen, PayPal, Worldpay, Revolut, JCB, UnionPay International, and Ant International on the payments side. Shopify, Salesforce, Trip.com, Lazada, and Shopee on the commerce side. And Coinbase, Ethereum Foundation, MetaMask, and Mysten Labs on the crypto side — through the AP2 x402 extension, which enables stablecoin payments with instant on-chain settlement and ultra-low fees.

The protocol is still in its early adoption phase. Reference implementations exist, PayPal has published its integration roadmap, and sandbox environments are available for testing. Real-world merchant deployments are expected to accelerate through mid-2026 as agent platforms (Google Gemini, Microsoft Copilot) scale their commerce capabilities.

What's clear is the direction: the agentic AI market is projected to grow from $7.29 billion in 2025 to $139.19 billion by 2034 at a 40.5% CAGR. AP2 is positioned as the trust infrastructure for all of it.

The Takeaway

AP2 solves the fundamental trust problem of agentic commerce: how do you prove a customer authorized a purchase they didn't personally click "buy" on? The answer is cryptographic mandates — Intent, Cart, and Payment — that create non-repudiable proof of authorization at every step. When combined with UCP's commerce framework, merchants get a complete stack: UCP for the shopping journey, AP2 for trust and payment security.

For merchants, the math is straightforward. A 75% cart abandonment rate is the cost of human-operated checkout. Agent-mediated checkout eliminates that friction entirely. AP2 ensures it's done securely, with fraud rates 45% lower than traditional API-based transactions. And the market heading toward $1 trillion in agent-driven retail means the merchants who integrate first capture the traffic that's growing right now.

The protocols are open. The partners are signed. The infrastructure is being built. The question for merchants isn't whether agentic commerce is coming — it's whether they'll be ready when the agents start shopping.

References