AP2: verifiable payment mandates
When an AI agent spends money autonomously, someone needs to answer: who authorized this? AP2 (Agent Payment Protocol v2) creates a cryptographic chain of accountability from human intent to final settlement. Three mandate types cover the full spectrum — from broad pre-authorization to specific cart review to final payment settlement. Each is EIP-712 signed and independently verifiable.The accountability chain
Intent mandate
“I authorize this agent to spend up to$50 on GPU compute.”
The intent mandate is a human pre-authorization. It sets the boundaries — what the agent can buy, from whom, and how much it can spend — before any transaction happens.
Signed by the human via EIP-712. The agent holds this credential as proof of authority.
Cart mandate
“I’ve reviewed the items. Proceed with this purchase.” The cart mandate is created when a human reviews specific items before the agent completes a purchase. It bridges intent and payment — confirming that the human saw and approved the specific transaction.
Requires signatures from both the merchant and the user. This is the “human-present” checkpoint.
Payment mandate
“Settlement credential linking intent, cart, and payment.” The payment mandate is the final settlement-ready credential. It ties the full chain together — intent + cart + payment details — into a single verifiable document.Verification
Any party can verify a mandate chain by checking:- Signature validity — EIP-712 signatures match the claimed signers
- Expiry — mandate hasn’t expired
- Amount limits — payment doesn’t exceed intent authorization
- Merchant authorization — recipient is on the allowed list (if set)
- Chain integrity — cart links to intent, payment links to both
Status lifecycle
Every mandate moves through a defined lifecycle:Why mandates matter
As agents handle larger budgets autonomously, the question shifts from “can the agent pay?” to “should the agent pay?” AP2 mandates answer this with cryptographic proof rather than trust.- Auditable — every spend has a verifiable chain back to human authorization
- Composable — wallets, protocols, and regulators can verify mandates independently
- Graduated autonomy — set broad intents for trusted agents, require cart review for new ones
Full API reference for AP2 mandate endpoints (
/api/agent-economy/mandate/*) is coming soon.
