Agentic Commerce Standards: x402, AP2, and Payment Protocols

A GPT-powered procurement agent can fire off 400 API calls an hour across a dozen vendors, negotiate prices, and commit to spend, all before a human finishes their coffee. The money has to move somewhere. The question nobody fully agreed on until recently was how.

The global payment stack was built for people. Credit cards lean on 2FA. Bank transfers wait for manual approval. Chargebacks assume a human noticed a bad charge and picked up the phone. Strip the human out of the loop and every one of those assumptions quietly breaks.

So the industry did what it always does when the rails do not fit: it started building new ones. Coinbase shipped x402. Google published AP2. OpenAI and Stripe co-authored the Agentic Commerce Protocol (ACP). Visa and Mastercard are retrofitting the tokenization infrastructure they already run at planetary scale. Four answers, four different bets.

Some are crypto-native. Some extend the card networks. All of them are chasing one deceptively simple goal: let machines pay each other, reliably, at scale. This article breaks down each agentic commerce protocol, weighs the trade-offs, and points at the one layer every single design leaves out.

Autonomous agents have already moved from the slide deck into production. They book cloud compute, top up API credits, renew SaaS seats, and settle data transactions without a person in the chair. That shift, from human-to-machine toward machine-to-machine commerce, is the backdrop for everything that follows, and it deserves its own treatment, which is why we cover the economics of the machine economy separately.

For the purposes of comparing protocols, what matters is the friction. An agent running 10,000 micropayments a day cannot stop for a one-time password. A machine does not look at its own account and notice "unusual activity." Card networks were designed around exactly those human reflexes, so a new class of protocol has to enforce, in code, what a human used to handle by instinct:

The four leading designs disagree on almost everything else: how decentralized to be, how much to lean on existing finance, and who is accountable when an agent gets it wrong. What they share is urgency. The OpenAI-Stripe tie-up and Google's payments push turned agentic commerce from a research topic into a shipping requirement, and the builders would rather set the standards themselves than wait for regulators to set them.

HTTP defined status code 402, "Payment Required," back in the 1990s and then left it sitting idle for decades. There was simply no micropayment plumbing to make it real. Coinbase's x402 is the first serious attempt to wake it up.

The flow is almost suspiciously clean:

No intermediary. No processor sitting in the middle. No chargeback window. Settlement lands in seconds on Base, Coinbase's Ethereum Layer 2, for a fraction of a cent.

Why that combination matters for agents specifically:

It also quietly solves the handshake problem. Agents from different vendors, built on different models, can hit any x402-compliant endpoint with no pre-negotiated contract and no shared API key.

The catch is real. x402 assumes crypto-native infrastructure on both ends. The merchant has to accept USDC; the agent needs a funded on-chain wallet. For a regulated enterprise, that drags in custody risk, messy accounting, and jurisdiction-dependent exposure. If you are already building on OriginStamp's blockchain timestamping infrastructure or a similar on-chain service, x402 slots in naturally because both sides already speak blockchain. For a legacy ERP vendor, the lift is steep.

Google's Agent Payments Protocol (AP2) plants its flag somewhere else entirely. Instead of reaching for public blockchains, AP2 extends Google's existing tokenization and mandate framework to cover browser-based and cloud-based agents.

The heart of it is the payment mandate: a pre-authorized spending permission a human hands to an agent at setup. A mandate pins down:

When the agent wants to buy something, it presents its mandate token to an AP2-compliant merchant. The merchant checks the token against Google's payment infrastructure, confirms the purchase fits the mandate, and settles over existing card rails.

The security posture is deliberately cautious. Rather than handing agents raw payment credentials, AP2 leans on tokenized intent backed by verifiable credentials, so the agent never touches card data, spending power is tightly scoped, and revocation is immediate. The deeper mechanics of how those verifiable credentials build an audit trail are their own subject; the design echoes how the W3C Web Payments Working Group frames delegated payment authority.

AP2's real edge is the absence of adoption friction. Merchants already take Google Pay, so the mandate layer sits on top of infrastructure they run today, which means becoming AP2-compatible is a small lift rather than a migration. Across Chrome, Android, and Workspace, Google effectively owns a distribution channel for agent commerce.

The limitation mirrors x402's, just inverted. AP2 itself is an open, non-proprietary protocol, co-developed with more than 60 payments and technology partners and published on GitHub with a public specification and SDK. The real trade-off is the rail it leans on: settlement still flows through the card networks, which means T+2 clearing, interchange fees, and the full dispute-resolution apparatus of traditional finance, a feature or a bug depending entirely on where you sit.

Plenty of teams treat agent payments as a bolt-on to the existing checkout. The OpenAI-Stripe Agentic Commerce Protocol flips that. It tries to define a universal language for agent payments that holds up across model providers, processors, and merchant categories.

ACP positions Stripe as the checkout layer for any agent-initiated transaction, whichever model is doing the buying. Its signature move is dynamic authorization: instead of a static mandate fixed in advance, ACP evaluates each request against the user's budget policy in real time.

The authorization flow runs like this:

ACP's sharpest contribution is the "merchant of record" question. In ordinary e-commerce, that role is obvious. In agentic commerce it is murky: if your agent buys a service on your behalf, who is liable, and who handles the dispute? ACP assigns that responsibility explicitly to the platform operator that deployed the agent instead of leaving it dangling.

That clarity feeds directly into tamper-proof agent logs. When an agent makes a purchase nobody expected, you need a clean chain of accountability: which policy was live, which agent version ran, and what the agent was told to do. ACP emits structured receipts built to support exactly that chain.

Interoperability is the stated endgame. Stripe says publicly that ACP should become an open standard so any agent can transact with any ACP-compliant merchant, no lock-in. Whether that survives the competitive crossfire from Google and Coinbase is an open bet.

While the crypto-native camp argues about decentralization and the platform giants build proprietary mandate systems, Visa and Mastercard are doing what they have done for fifty years: bending existing rails to fit a new transaction pattern.

Visa's Trusted Agent Protocol ties agent authorization to verified, human-linked keys. Every agent has to be cryptographically bound to a verified human identity (the deeper question of how agent identity earns trust is its own topic). When an agent kicks off a transaction, Visa's network checks that the human principal behind it actually authorized that class of action, which creates a non-repudiable line of authority that carries weight in a dispute.

Mastercard's Agent Pay repurposes the network's tokenization stack. Each agent gets a unique, revocable token, functionally a virtual card number, scoped to specific merchants, categories, and time windows, and killable the instant the agent misbehaves.

Both approaches hand agents something x402 and AP2 cannot: consumer-protection machinery that already runs at global scale. Chargebacks, fraud scoring, dispute resolution, these took decades to build, and the TradFi route plugs agents straight into them rather than reinventing the wheel.

The cost is the walled garden. Visa and Mastercard tokens live inside their own networks. A Mastercard agent token cannot natively shake hands with an x402 endpoint. Interoperability across protocol families is still unsolved. And the moment money settles, a different gap opens up around chargeback evidence in agentic commerce, where network-level settlement and proof of what was actually agreed drift apart.

Here is the thing. Every protocol above answers one question, how does money get from agent to merchant. None of them answers a second one that is just as load-bearing: after the fact, how do you prove what was agreed, delivered, and accepted?

Call it the post-transaction integrity gap.

A payment confirmation proves that some amount of USDC left wallet A and reached wallet B at a given moment. It says nothing about:

Internal system logs do not close that gap. Records sitting in a provider's database can be edited by an admin, lost in an outage, or quietly aged out before a dispute surfaces eighteen months later. Without independent verification, an audit trail of agent activity is legally fragile, and regulators are circling: the EU AI Act (Article 12) already mandates automatic event logging over the lifetime of high-risk systems, which creates practical pressure for tamper-evident records.

The fix is a mathematical, third-party proof of existence: a blockchain timestamp that anchors the hash of an interaction record to a public chain at a fixed moment. That gives you three things at once, proof that a specific record existed in a specific form at a specific time, proof it has not changed since, and proof that stands independent of any single provider or administrator.

This is not hypothetical. OriginStamp's timestamping service has anchored cryptographic fingerprints to Bitcoin and Ethereum since 2013, producing tamper-evident proof that any third party can verify, with no dependency on OriginStamp still being around to vouch for it.

For agentic commerce, the practical move is to decouple payment from integrity. The payment protocol moves the money. The timestamp handles the proof of what happened. Both are necessary; neither is sufficient on its own. The broader accountability gap in AI agent systems is exactly this shape: organizations deploy agents, agents decide, money moves, and when it goes sideways there is no tamper-proof record of what the agent was allowed to do, what it did, and what was delivered. That is not a payment-protocol problem. It is a data-integrity problem.

The agentic commerce protocol field is not collapsing into one winner, and it arguably should not. x402 fits crypto-native, decentralized ecosystems where low fees and open infrastructure win. AP2 suits browser-based agents inside Google's orbit with minimal merchant work. ACP is the pragmatic pick for enterprises that want dynamic authorization and a clearly named merchant of record. Visa and Mastercard supply the consumer-protection layer that regulated industries cannot operate without.

Choosing a protocol is an architecture decision. It encodes how much decentralization you need, what regulatory weather you live in, and how much infrastructure complexity you can stomach.

But none of that settles the integrity question. Every agentic deployment, whatever payment standard sits underneath it, needs a tamper-proof record of what agents were authorized to do, what they actually did, and what was delivered, and that record has to be verifiable by people who had nothing to do with creating it.

The pairing of AI and blockchain here is not a slogan. It is a structural requirement. When machines make decisions that move money, the audit trail cannot live in the machine's own memory. It has to anchor to something immutable: a public blockchain timestamp no administrator can rewrite and no outage can erase.

Moving from "trust the provider" to "verify the math" is the working definition of trustworthy agentic commerce. The payment protocols handle the transaction. OriginStamp's blockchain timestamping infrastructure handles the proof, so every agent interaction, contract, and data exchange carries a cryptographic fingerprint that outlives the dispute, the audit, and the clock.