AETHELFORGESTAGING
Try Axis

PROTOCOL · AP2

AP2 — Agent Payments Protocol

Google's spec for agent-mediated payment authorization and settlement. Payments a human delegated, not a password they shared.

THE ANSWER

What is the Agent Payments Protocol (AP2)?

The Agent Payments Protocol (AP2) is a specification from Google for how AI agents authorize and settle payments on behalf of a human principal. Instead of sharing raw card credentials with an agent, AP2 issues a scoped, revocable delegation the agent can sign against — so the bank knows who delegated, what the agent is allowed to do, and that this specific transaction was signed correctly.

word_count=66 · type=definitional

The problem AP2 solves

You hand a credit card to a friend to pick up pizza. If they spend more than expected, you can argue about it but there's no cryptographic trail. You trust them because they are a person you know.

You cannot trust an agent that way. An agent is software — you need a cryptographic equivalent of “my friend,” with an explicit scope, an expiry, and a way to revoke on demand. AP2 is that.

How delegation works

  • Enrollment. The human enrolls an agent with their issuer (bank, wallet, network). The issuer produces a scoped delegation credential: usable only by this agent, only for these categories, only up to this limit, only until this date.
  • Transaction signing. When the agent wants to pay, it signs the specific transaction against the delegation. The signature is what the issuer checks — not a card number in the clear.
  • Settlement. The issuer reconciles against the underlying instrument (your actual card, your actual bank account) and the merchant gets paid through the normal rails. The delegation sits on top; it does not replace the rail.
  • Revocation. The human can revoke a delegation at any time without touching the underlying instrument. The agent simply loses the right to sign.

AP2 and Aethelforge

The Aethelforge gate verifies AP2 signatures at the orchestration layer. When Axis (or any other consumer agent) spends through Aethelforge, the intent carries an AP2 delegation proof alongside the ACP handshake. The gate checks that the scope matches the actual transaction, that the delegation has not been revoked, and that the signature is valid. Only then does the settlement fire.

A merchant does not need to implement AP2 itself. Aethelforge validates the delegation on behalf of the merchant, so the merchant just sees a verified, compliant transaction coming through Forge SDK. The cryptographic complexity stays at the gate.

Why it matters for consumers

AP2 is what makes it safe for a grandmother to install Axis. The agent cannot drain her account because it was never given the keys — only a specific, revocable, scoped delegation. If something goes wrong, she revokes one credential, not her whole banking stack. That is the missing piece for consumer-grade agent commerce, and AP2 is the most credible proposal for building it.

FAQ

AP2 · questions

  1. 01Who stewards AP2?

    Google. AP2 was introduced as part of the broader agent-platform work coming out of Google's Agent Developer Kit and Gemini initiatives, targeting the gap between capability delegation and payment authorization.

  2. 02Why do agents need their own payment protocol?

    Because payment cards and tokenized credentials assume a single principal. When an agent spends money on your behalf, the bank needs to know three things: who delegated the authority, what scope the agent has, and how the agent signed this specific transaction. AP2 makes those three things explicit.

  3. 03How does AP2 compose with ACP?

    ACP is the commerce handshake; AP2 is the payment authorization underneath it. ACP negotiates what is being purchased; AP2 proves the agent is allowed to pay for it and within what constraints. They are layered, not competing.

  4. 04Does using AP2 expose my card details?

    No — AP2 is built to avoid that. The agent receives a scoped delegation credential (not a pan card number), signs transactions with it, and the issuer is the one reconciling against your underlying instrument. The delegation can be revoked without rotating the card.