Protocol Hub / AP2 · 1.0

Google AP2

The Agent Payments Protocol.

Abstract

Google AP2 establishes the secure pathways for agents to process payments on behalf of users, standardizing autonomous settlement across platforms.

1. Introduction to AP2

Google AP2 (Agent Payments Protocol) establishes the secure pathways and standard operational procedures for AI agents to process payments autonomously on behalf of users. It acts as the connective tissue between an agent's intent to purchase and the underlying financial settlement rails, standardizing autonomous transactions across diverse digital platforms.

2. Autonomous Payment Pathways

AP2 provides the underlying specifications for how AI agents can securely hold, transfer, and execute payment credentials without ever exposing sensitive user financial data (such as PANs or CVVs) during the transaction lifecycle. AP2 relies heavily on network-tokenization and single-use cryptograms designed specifically for machine execution.

3. Integration with UCP (Universal Commerce Protocol)

Working hand-in-hand with UCP, AP2 completes the agentic commerce loop. While UCP handles product discovery and semantic understanding, AP2 takes the baton at the checkout phase, moving the agent from product selection straight through to definitive financial settlement seamlessly.

4. Security & Risk Management

AP2 incorporates advanced risk-scoring models tailored for non-human entities. It evaluates velocity, behavioral patterns, and contextual signals to prevent automated fraud. Agents must comply with strict AP2 security challenges, which may include zero-knowledge proofs of user presence or biometric multi-factor authentication (MFA) step-ups pushed to the user's trusted device.

5. Terms of Execution

Any platform or merchant utilizing the Aizii network to process AP2 transactions must adhere to Google's extended terms of service regarding agentic payments. The handling of AP2 tokens is strictly regulated, and any attempt to store or replay AP2 cryptograms outside the defined protocol scope constitutes a severe violation of the network rules.