Agentic Commerce Protocols: ACP vs AP2 and What Your Store Must Do
The Plumbing Behind AI Checkout Is Standardizing
For most of the last year, "AI shopping" meant a chatbot naming your brand and sending a shopper to your site. That is recommendation. What is arriving now is transaction: an agent that assembles a cart, authorizes payment, and completes the order without the human ever touching your checkout page.
That shift needs plumbing. You cannot let arbitrary software charge cards and place orders without a shared, secure way to prove who authorized what. Two open standards have emerged to be that plumbing, and they are the layer serious merchants now need to understand: the Agentic Commerce Protocol (ACP), developed by OpenAI and Stripe, and the Agent Payments Protocol (AP2), published by Google. If your store's earlier work was about getting cited by AI, this is about getting transacted with. It builds directly on the mechanics we covered in how AI agents buy products online.
What the Agentic Commerce Protocol Actually Requires
ACP is the standard behind ChatGPT's in-chat purchasing. OpenAI open-sourced it in partnership with Stripe so that any merchant, on any payment processor, can plug in without rebuilding their backend. It breaks into three specifications, and each maps to something concrete you have to provide.
The Product Feed spec. This is how you tell the agent what you sell. Merchants supply a structured feed — the spec supports TSV, CSV, XML, and JSON — carrying product identifiers, descriptions, pricing, inventory, media, and fulfillment options. Required fields cover the basics an agent needs to display price, availability, and checkout eligibility correctly; recommended fields like rich media and reviews improve how you rank and how much the model trusts you. Feeds are served over an encrypted connection and can refresh frequently — as often as every 15 minutes — so the agent never quotes a stale price or sells something you are out of.
The Checkout spec. This defines the API surface the agent calls to build a cart, calculate tax and shipping, and place the order against your systems. Crucially, you remain in control: the merchant performs validation, determines fulfillment, calculates tax, runs its own risk and fraud checks, and completes the order on its own stack.
The Delegated Payment spec. This is the part that makes people nervous, and the design is reassuring once you see it. Under ACP, OpenAI is not the merchant of record. You bring your own payment service provider and settle exactly as you would for any other digital order. When a buyer confirms a purchase in ChatGPT, OpenAI prepares a one-time delegated payment request with a maximum chargeable amount and an expiry, scoped to precisely what the user selected. That payload goes to your PSP, which returns a payment token used to complete the charge. Stripe's Shared Payment Token was the first implementation of this spec, with other PSPs following.
The takeaway: ACP does not ask you to hand over your business. It asks you to expose a clean feed and a checkout API, and to keep being the merchant of record.
What Google's AP2 Adds
AP2 solves a different, deeper problem: accountability. When an agent buys on your behalf, three questions have to be answerable. Did the user actually authorize this specific purchase? Does the agent's request reflect the user's real intent rather than a hallucination? And if something goes wrong, who is liable?
Google's answer, announced in September 2025 with a large coalition of launch partners including Mastercard, PayPal, American Express, and Coinbase, is a system of three cryptographically signed Mandates, carried as W3C Verifiable Credentials:
- Intent Mandate — what the user wants, with constraints. "Running shoes, size 10, under $150, ship to my saved address." Signed by the user inside their own AP2-compatible client. The agent cannot exceed this scope without asking again.
- Cart Mandate — what the agent actually assembled. Produced on the merchant side, it binds a specific SKU, price, tax, shipping, and total. The buyer's agent checks the cart against the intent before anything is charged.
- Payment Mandate — what gets charged, on which rail. AP2 treats cards, bank transfers, and stablecoins as first-class options.
The result is a signed, auditable chain from "I want this" to "you charged this." Because the mandates are verifiable credentials rather than a screen-scraped click, a merchant gets cryptographic proof of authorization instead of a leap of faith. AP2 is designed to compose with adjacent standards — agents discover and negotiate through other protocols, then invoke AP2 to settle — and in 2026 the payments industry began consolidating around it, including contribution to the FIDO Alliance.
ACP or AP2 — Which Do You Implement?
This is the wrong question, and it is the one most merchants ask first. They are not competitors you choose between the way you'd choose a theme. They operate at different layers and are increasingly meant to interoperate:
- ACP is a distribution-and-checkout standard tied closely to how a specific surface (ChatGPT) discovers your catalog and places orders.
- AP2 is a payment-authorization standard that any agent, on any surface, can use to prove intent and settle securely.
A realistic near-future purchase uses both: an agent finds your product through an ACP-style feed, then settles it through an AP2 mandate chain. Your job is not to bet on one. It is to make your store legible and transactable to whichever protocol shows up.
What To Actually Do This Quarter
The good news is that readiness for both protocols rests on the same foundations, and most of it is work you should be doing for AI visibility anyway.
-
Get your product data feed-ready. Clean identifiers (GTIN/MPN/SKU), accurate real-time price and inventory, structured variants, shipping and return terms, and rich media. Both protocols are only as good as the feed underneath them. This is the core of product optimization for AI.
-
Make availability and pricing genuinely real-time. A feed that refreshes every 15 minutes is worthless if your backend reports stale stock. Agents punish inconsistency by dropping you from consideration.
-
Confirm your PSP's agentic support. If you are on Stripe, Shared Payment Token support is the on-ramp to ACP; ask any provider directly where they stand on delegated payment and AP2 mandates.
-
Harden the technical basics. Server-rendered, machine-readable pages, valid structured data, and stable APIs matter whether an agent reads a feed or drives a browser. That groundwork is exactly what our technical foundation work targets.
-
If you're on a managed platform, turn the feature on and verify it. Platforms like Shopify are syndicating catalogs to multiple AI surfaces on merchants' behalf; know what is enabled, what data it is sending, and whether it matches your live catalog.
The protocols will keep evolving — specifics of any single surface's rollout have already shifted more than once. The durable move is not chasing a headline integration. It is owning clean, real-time, structured product data and a payment stack that speaks the agentic standards, so that whichever protocol wins the surface you care about, your store is already something an agent can safely buy from.
Want to see how AI engines perceive your brand?
Get Your Free AI Visibility Audit