Source URL: https://cloud.google.com/blog/topics/developers-practitioners/agent-factory-recap-can-you-do-my-shopping/
Source: Cloud Blog
Title: Agent Factory Recap: Can you do my shopping?
Feedly Summary: In episode #8 of The Agent Factory, Ivan Nardini and I are joined by Prateek Dudeja, product manager from the Agent Payment Protocol Team, to dive into one of the biggest hurdles for AI agents in eccomerce: trust, especially when it comes to money.
This post guides you through the key ideas from our conversation. Use it to quickly recap topics or dive deeper into specific segments with links and timestamps.
Introducing Agent Payment Protocol
Timestamp: [01:43]
What if an agent could buy concert tickets for you at a specific time that the tickets go on sale. You don’t want to miss out! Maybe you want two tickets, and you don’t want to spend more than $200. You definitely want to sit in a section with a great view of the stage. To have an agent act as your ticket buyer, you would have to trust that agent with all facets of your request and your credit card. How can you be sure that the agent won’t buy 200 tickets or that it won’t charge you for a lifetime supply of rubber duckies?
The potential for a messy outcome with this concert ticket request provides insight into a “Crisis of Trust" that can hold back agentic commerce. The good news is there’s a way to move forward and build trust.
To solve the "Crisis of Trust," Google introduced the Agent Payment Protocol (AP2), a new open standard. It’s not a new payment system; it’s a "trust layer" that sits on top of existing infrastructure. AP2 is designed to create a common, secure language for agents to conduct commerce, using role-based architecture and verifiable credentials.
Agent Payments and the Current Payment System
Timestamp: [02:29]
The current payment system was built for humans using trusted interfaces like browsers, not for autonomous agents, resulting in three main challenges for agents: authorization, agent error, and accountability.
The Agent Payment Protocol addresses these challenges by helping agents communicate securely with merchants and payment partners. The Agent Payment Protocol is available today as an extension for the A2A (Agent2Agent) protocol and relies on agents using the Model Context Protocol (MCP).
Deep Dive into the Agent Payment Protocol
Learn more about how this protocol works, including concepts and flow.
A Role-Based Ecosystem
Timestamp: [04:33]
The protocol is built on a "separation of concerns." Your agent doesn’t have to do everything. There are specialized roles:
Shopping Agent: The AI agent you build, great at finding products.
Merchant Endpoint: The seller’s API.
Credential Provider: A secure digital wallet (like PayPal, Google Pay, etc.) that manages payment details.
Merchant Payment Processor: The entity that constructs the final authorization message for the payment networks.
Critical: Your shopping agent never touches the raw credit card number. It doesn’t need to be PCI compliant because it delegates the payment to the specialized, secure providers.
Verifiable Credentials (VCs)
Timestamp: [06:15]
The "handshakes" between these roles in the Agent Payment Protocol ecosystem are secured by Verifiable Credentials (VCs). Think of credentials as protocolized, cryptographically signed digital receipts that prove what was agreed upon.
There are three types of verifiable credentials:
Cart Mandate: For "human-present" scenarios. The user reviews a final cart and cryptographically signs it as proof of approval.
Intent Mandate: For "human-not-present" scenarios (like the concert ticket example). The user signs an intent (e.g., "buy tickets under $200"), giving the agent authority to act within those guardrails.
Payment Mandate: Provides clear visibility to payment networks and banks that an AI agent was involved in the transaction.
A Contractual Conversational Model
Timestamp: [08:03]
The Agent Payment Protocol process creates a "Contractual Conversational Model," moving beyond simple API calls to a flow built on verifiable proof.
To understand this flow, we’ll walk through a human-present scenario:
Delegation: You tell your agent, "Buy two concert tickets."
Discovery & Negotiation: The agent contacts the merchant’s endpoint to prepare the cart.
Finalize Cart: The agent reaches out to your Credential Provider (e.g., your digital wallet). You select the payment method. The agent only gets a reference (like the last 4 digits), never the full credential.
Authorization with Mandates: The agent shows you the final, finalized cart.
You cryptographically sign the Cart Mandate. This is the non-repudiable proof, the "contract."
Purchase: The agent sends this signed mandate to the merchant. The merchant can now trust the purchase mandate is from you. The merchant’s payment processor uses the mandate to securely get the payment token from the credential provider and complete the transaction.
This flow all hinges on trust. In the short term, this trust is built using manual allow lists of approved agents and merchants. In the long term, the plan is to use open web standards like HTTPS and DNS ownership to verify identities.
Q&A with Prateek Dudeja
Timestamp: [13:07]
With the concepts explained, the discussion moved to a Q&A with Prateek.
Why a New Protocol for Payments?
Timestamp: [13:30]
Prateek gave a great analogy: HTTPS is a baseline protocol for browsing. Signing in requires stronger authentication. Making a payment requires an even higher level of trust. AP2 provides that "payments-grade security" on top of baseline protocols like A2A and MCP, ensuring the transaction is high-trust and truly from a human.
How Will Agents Find Trusted Partners?
Timestamp: [14:42]
In the short term, agents will use "decentralized registries of trust" (or allow lists) to find merchants they can interact with. Prateek noted that all the roles (merchant, credential provider, etc.) already exist in the payments industry today. The only new role is the Shopping Agent itself.
Accountability: What Happens When Things Go Wrong?
Timestamp: [16:03]
This is the big question. What if your agent shows you blue shoes, you wanted teal, but you click "approve" anyway?
Prateek explained that the signed Cart Mandate solves this. Because you biometrically signed a tamper-proof credential showing the blue shoes, the responsibility is on you. The merchant has cryptographic evidence that you saw and approved the exact product. This protects merchants from fraudulent chargebacks and users from unauthorized agent actions.
Demo: Reference Implementation
Timestamp: [18:04]
Prateek walked through a demo showing the human-present flow. It showed the user prompting the agent, the agent discovering products, and then the Credential Provider (PayPal) getting involved. The user selected their shipping and payment info from PayPal, and the agent only saw a reference. The user then signed the Cart Mandate, and the purchase was completed.
Compatibility and Getting Started
Timestamp: [19:43]
A key question was – Is this compatible with frameworks like LangGraph or CrewAI? Yes. Prateek confirmed the protocol is compatible with any framework. As long as your agent can communicate over A2A or MCP, you can use AP2.
To get started, Prateek directed developers to the GitHub repo. The first step is to see which role you want to play (merchant, credentials provider, etc.) and explore the sample code for that role.
The Future: Dynamic Negotiation
Timestamp: [21:13]
Looking ahead, Prateek shared an exciting vision for "dynamic negotiation." Imagine telling your agent: "I want that red dress that’s out of stock. I need it by tomorrow… and I’m willing to pay 30% more".
A merchant’s agent could see this "intent" and, if the dress becomes available, automatically complete the sale. What was a lost sale for the merchant becomes a completed order at a markup, and the user gets the exact item they desperately wanted.
Your turn to build
This conversation made it clear that building a secure payment infrastructure is a foundational step toward creating agents that can perform truly useful tasks in the real world. We’re moving from a simple, programmatic web to a conversational, contractual one, and this protocol provides the framework for it.
We encourage you to check out the Agent Payment Protocol GitHub repo, think about which role you could play in this new ecosystem, and start building today!
Connect with us
Shir Meir Lador → LinkedIn, X
Ivan Nardini → LinkedIn, X
Prateek Dudeja → Linkedin
AI Summary and Description: Yes
Summary: The text discusses the introduction of the Agent Payment Protocol (AP2), which addresses trust issues in AI-driven commerce, particularly in e-commerce transactions. It presents a framework for securing transactions involving AI agents, highlighting how AP2 acts as a trust layer built over existing payment infrastructures. This innovation is vital for developers looking to integrate AI agents into secure e-commerce environments.
Detailed Description:
The text elaborates on the challenges faced by AI agents in the e-commerce space, emphasizing the importance of trust in financial transactions. Here are the major points it covers:
– **Crisis of Trust**: Highlights the challenge of trusting AI agents with sensitive financial transactions, showcasing an example of purchasing concert tickets. Concerns arise over potential misuse of authority, leading to a “Crisis of Trust” in agentic commerce.
– **Introduction of Agent Payment Protocol (AP2)**:
– AP2 is not a new payment system but a “trust layer” designed to facilitate secure transactions between AI agents and merchants.
– It acts as a means to build trust without requiring agents to handle sensitive credit card information directly.
– **Framework of AP2**:
– Built on a **Role-Based Ecosystem**:
– Contains specialized roles such as Shopping Agent, Merchant Endpoint, Credential Provider, and Merchant Payment Processor.
– This separation of concerns ensures that agents do not need to manage sensitive payment information.
– **Verifiable Credentials (VCs)**:
– Introduces the concept of VCs which allow secure and accountable transactions.
– Types of VCs include:
– **Cart Mandate**: Allows user approval for transactions in human-present scenarios.
– **Intent Mandate**: Authorizes agents to act under predefined conditions in human-absent scenarios.
– **Payment Mandate**: Ensures visibility to payment networks regarding AI agent involvement in transactions.
– **Contractual Conversational Model**:
– Describes a method for creating trust through documented intent via cryptographic signatures, ensuring accountability for transactions.
– **Addressing Accountability**:
– Discusses the importance of accountability when agents make mistakes. The use of signed mandates ensures that the responsibility lies with the user who approved the action.
– **Future Directions**:
– The potential for “dynamic negotiation” could enhance how agents operate, allowing them to automatically adjust transaction parameters based on user intent and market conditions.
– **Call to Action for Developers**:
– Encourages developers to explore opportunities to build using AP2 and participate in its open ecosystem, which is compatible with existing frameworks.
This detailed analysis underscores the implications of the Agent Payment Protocol in transforming how AI agents operate in commerce, highlighting security, trust, and accountability as foundational elements for future developments in autonomous transaction environments.