AP2
Agent Payments Protocol
Google's mandate-based payment authorization for AI agents. Three mandate types ensure that every agent purchase has cryptographic proof of human consent -- from browsing intent to final settlement.
What is AP2?
AP2 (Agent Payments Protocol) solves a fundamental problem: how do you let an AI agent spend money on your behalf without giving it a blank check? The answer is mandates -- cryptographically signed authorizations that constrain what an agent can buy, how much it can spend, and when human approval is required.
Released by Google alongside UCP (Universal Commerce Protocol), AP2 handles the payment authorization layer while UCP handles product discovery and checkout. Together, they form the commerce stack for the Internet of Agents.
The three mandate types
IntentMandate
Human declares a goal. "Buy cloud monitoring tools under $500/mo." Agent receives a signed scope to shop within.
CartMandate
Agent selects specific items. Human reviews the cart. Signs approval for exact items and total price.
PaymentMandate
Final authorization. Links to a payment method. Cryptographically bound to the cart -- no last-minute changes.
Why mandates matter
Without AP2, agent payments are binary: either the agent has your credit card and can buy anything, or it can't buy at all. Mandates create a graduated trust model:
- Progressive authorization -- Each mandate narrows scope. An agent can't jump from "browse" to "buy $10,000 of servers" without passing through each gate.
- Cryptographic binding -- Mandates are signed with ES256 (ECDSA P-256) per RFC 8785 (JSON Canonicalization Scheme). Tampered mandates are rejected.
- Auditability -- Every mandate creates a verifiable record: who authorized what, when, and with what constraints.
- Revocability -- Cancel an IntentMandate and all downstream CartMandates and PaymentMandates are automatically voided.
AP2 vs x402
AP2 and x402 solve different payment problems:
- AP2 -- Traditional payment rails (credit cards, bank transfers). Human-authorized mandates. Best for large purchases, subscriptions, enterprise procurement.
- x402 -- Stablecoin micropayments via HTTP 402. Agent-autonomous. Best for API calls, per-request payments, micro-transactions under $1.
Enterprise AI needs both: AP2 for procurement workflows, x402 for real-time API consumption.
How MeetLoyd implements AP2
MeetLoyd provides full AP2 mandate support with enterprise-grade governance on top:
- Full AP2 crypto stack -- ES256 signing, RFC 8785 JSON canonicalization, mandate chain verification. Every mandate is cryptographically bound to its parent.
- Spending policy enforcement -- Cascading governance policies control per-agent and per-team spending limits. An agent can't exceed its budget even with a valid mandate.
- Human-in-the-loop -- CartMandate and PaymentMandate transitions trigger approval tasks. Configurable thresholds: auto-approve under $50, require approval above.
- Audit trail -- Every mandate, approval, and settlement is logged with SOX-grade audit trails. Full chain of custody from intent to payment.
- Dual-rail -- AP2 for traditional payments, x402 for stablecoin micro-payments. Same governance pipeline, two settlement methods.