Agent Payments Protocol (AP2) Artifacts for Cryptographically-Signed Agent Purchases
Signals your readiness for Google AP2, the emerging industry standard for authorising agent-driven purchases.
What this signal tests
We check whether your site exposes any Agent Payments Protocol (AP2) artifacts. AP2 is a proposed industry standard, led by Google and a coalition of more than sixty payment networks, that defines cryptographically-signed Intent, Cart, and Payment Mandates for agent purchases. The signal looks for a JSON document at /.well-known/ap2 or /.well-known/agent-payments, or a JSON-LD reference to PaymentMandate.
Why it matters for your visibility in AI
When an AI agent buys something on a customer's behalf, both the merchant and the payment network need a way to know the customer actually approved the purchase, at what price, and within what limits. AP2 is the proposed standard for that authorisation. Backed by Google and over sixty payment networks including major card schemes, it defines a chain of cryptographically-signed mandates - the user authorises an intent, the agent builds a cart, and the merchant confirms the payment, each step cryptographically verifiable. This is genuinely early-stage; the specification is still evolving and discoverability conventions are not yet finalised. Adopting AP2 today is a forward-positioning move rather than a revenue lever. Merchants who track the spec closely will be ready to plug in the moment the discovery layer stabilises, which most observers expect during 2026.
Pass criteria at a glance
| Criterion | Passes when |
|---|---|
| Any AP2 endpoint or schema reference detected. |
How we test it
Our scanner probes /.well-known/ap2 and /.well-known/agent-payments for a JSON document and also inspects any JSON-LD on your pages for an @type of PaymentMandate or an @context referencing ap2-protocol.org. Any one of these is enough to pass; the spec is young and the discovery conventions are still being finalised, so the test is deliberately tolerant of multiple advertisement patterns.
Show technical detection method
GET /.well-known/ap2 or /.well-known/agent-payments returning JSON; or JSON-LD with @type PaymentMandate or @context ap2-protocol.org.
If your site fails: how to fix it
- Track the AP2 specification at ap2-protocol.org and the reference implementation at github.com/google-agentic-commerce/AP2; the work to do this is best done by a developer who can read the AP2 specification as it evolves.
- Subscribe to release notifications on the AP2 GitHub repository so you know when the discovery layer and mandate schemas stabilise enough for low-risk adoption.
- If your business processes high-value transactions where agent fraud risk is a real concern, prioritise AP2 readiness because the cryptographic mandate chain is the strongest defence available.
- Once a stable discovery convention lands, publish a /.well-known/ap2 document declaring which mandate types you accept and which payment networks you settle through.
- Coordinate with your payment service provider - most major PSPs in the AP2 coalition are building AP2 support into their gateways, so adoption may be a configuration toggle rather than a build.
Quick facts
| Maturity | PROPOSED |
|---|---|
| Weight | low |
| Category | Agent Actions |
Primary sources
Related signals
Frequently asked questions
Is this only useful when autonomous AI agents become mainstream?
AP2 is explicitly designed for autonomous agent purchases. Adoption today is primarily positioning - to be visible as agent-payable when AP2 reaches stable adoption. The protocol itself is still PROPOSED, so most businesses should track it rather than implement it immediately.
Will this matter in 2026 or is it years away?
AP2 was unveiled in 2025 with strong industry backing. Realistically, stable discovery conventions and broad merchant adoption are 12–24 months out. Most businesses should monitor closely through 2026 and adopt when their payment provider supports it natively.
How is AP2 different from x402?
x402 is a stateless per-call micropayment standard, useful for API access and small purchases. AP2 is a richer cryptographic mandate system for higher-value agent purchases where the user's explicit consent must be verifiable. The two are complementary, not competing.
Does this cost anything to implement?
The protocol itself is open and free. Implementation cost will depend heavily on your payment service provider. If your PSP joins the AP2 coalition (Stripe, Adyen, Worldpay, and several card networks are involved) adoption may be a configuration change. Custom integration could be a multi-week engineering effort.
Run your own scan
Run a free scan and see how your site grades across all 155 AI-readiness signals.