A grouped, example-driven glossary of the agentic commerce terms builders keep tripping over: tokens, mandates, settlement, and the roles each protocol assigns.
What are agentic commerce terms, and why do they matter?
Agentic commerce terms are the shared vocabulary that describes how AI agents discover products, get authorized to spend, complete checkout, and settle payment on a buyer’s behalf. They matter because as of 2026 there is no single winning standard — there is a stack of overlapping ones, and the words are how you tell them apart. Getting a term wrong (treating a token as a mandate, or a checkout protocol as a settlement rail) is the fastest way to build an integration that fails fraud review.
The confusion is understandable. In roughly eight months — from Coinbase shipping x402 in May 2025 through Google’s AP2 and the OpenAI and Stripe Agentic Commerce Protocol in September 2025, to Stripe and Tempo’s Machine Payments Protocol in March 2026 — the industry coined dozens of new primitives. Many sound interchangeable but operate at completely different layers.
This glossary groups the most important agentic commerce terms into four buckets: authorization terms (who said the agent could spend), token types (what the agent actually hands over), settlement terms (how money moves), and roles (who is responsible for what). Each term gets a crisp definition and a real, current example. If you want the protocol-by-protocol comparison rather than the vocabulary, read our companion guide, Agentic Payment Protocols Compared.
One caveat before the definitions: these specifications are young and still moving. Versions, partner lists, and which features are GA versus beta have changed repeatedly. Treat every figure here as attributed and time-stamped, and verify against the primary spec before you ship.
Think in layers, not brands. A real ChatGPT or Gemini purchase can use Visa TAP for agent identity, an AP2 mandate for authorization, ACP for the merchant checkout, and a card network or x402 for settlement — all in one transaction. The terms below are tagged by layer so you can see how they bolt together.
Authorization terms: mandates and consent
Authorization terms describe the cryptographic proof that a human actually told an agent to spend — and within what limits. In agentic commerce this is dominated by Google’s AP2 mandate model, which breaks authorization into three signed artifacts so that intent, the exact cart, and the payment can each be verified and audited independently.
The recurring design goal across every authorization term is non-repudiation: producing a tamper-proof record that answers, after the fact, ‘who authorized this, for what, and was a person in the loop?’ The table below defines the core authorization vocabulary with a concrete example for each.
This distinction is not academic. Human-present means the user is live in the loop and approves the cart in real time; human-not-present (delegated) means the agent executes later against a pre-signed Intent Mandate. Issuers price risk and assign liability differently for each, so your Payment Mandate must carry that flag accurately.
| Term | Definition and real example |
|---|---|
| AP2 (Agent Payments Protocol) | Google-led open protocol, announced September 2025 with 60+ partners (Mastercard, American Express, PayPal, Coinbase, Adyen). Defines the trust and authorization layer for agent payments using cryptographically signed mandates. Example: a Gemini-powered shopping agent uses AP2 to prove the user authorized a purchase before any merchant ships goods. |
| Mandate | A tamper-proof, cryptographically signed digital contract that serves as verifiable proof of a user’s instructions to an agent. Example: an AP2 mandate signed by the user’s wallet that a merchant can later present as evidence in a dispute. |
| Intent Mandate | Captures the user’s request and the rules of engagement (price limits, timing, conditions). Used for both human-present shopping and delegated, autonomous tasks. Example: ‘Buy these concert tickets the moment they drop if the price is under $200’ is signed once, upfront, as an Intent Mandate. |
| Cart Mandate | A signature over the exact items and final price, creating an unchangeable ‘what you see is what you pay for’ record. In human-present flows the user signs it; in delegated flows the agent generates it once Intent conditions are met. Example: the user approves a $184.50 cart of three items and the signature locks those line items. |
| Payment Mandate | A signed artifact that links the verified Cart Mandate to a payment method and explicitly signals AI-agent involvement to the payment network and issuer. Example: an issuer sees the Payment Mandate flag and applies agent-specific fraud rules rather than treating the charge as a normal card-not-present transaction. |
| Verifiable Credential (VC) | The cryptographic signing format that makes a mandate tamper-proof and attributable to an identity. AP2 mandates are signed by VCs. Example: a user’s device-bound key signs the Cart Mandate so the merchant can verify it without trusting the agent vendor. |
Token types: the agentic commerce terms for scoped credentials
A payment token in agentic commerce is a scoped, single-use stand-in for real card or account credentials that the agent can hand to a merchant without ever exposing the underlying number. The whole category exists to contain blast radius: if a token leaks, it should be worthless outside the one purchase it was minted for. These are the agentic commerce terms most likely to be confused, because every network and protocol ships its own flavor.
The unifying pattern is scoping across three dimensions — amount, merchant, and time. The Shared Payment Token introduced by Stripe for ACP is the clearest example, and the others are variations on the same containment idea.
“If a token leaks, it should be worthless outside the one purchase it was minted for. Amount, merchant, and time — scope all three or you have not actually contained anything.”
On why every agentic token is single-use and scoped
| Term | Definition and real example |
|---|---|
| Shared Payment Token (SPT) | A new payment primitive Stripe introduced with ACP (September 29, 2025) that lets an app like ChatGPT initiate payment without exposing the buyer’s card credentials. It is single-use, time-bound, and amount-scoped, so a merchant cannot change the charge amount after the buyer approves it. Example: ChatGPT Instant Checkout hands an Etsy merchant an SPT good for exactly $42.00, once, within a short window. |
| Tokenization | The general practice of replacing a sensitive credential (a PAN, a bank token) with a non-sensitive substitute that is permissioned, programmatically controlled, and logged. Example: a card number becomes a network token that only works for a specific agent-merchant pair. |
| Agentic Token (Mastercard) | An extension of Mastercard’s Digital Enablement Service (MDES) that binds a tokenized card credential to a specific agent, a specific merchant scope, and a specific consent policy. Announced April 29, 2025 under Mastercard Agent Pay; first live agentic transaction September 29, 2025. Example: a Copilot agent gets an Agentic Token usable only at one retailer, under the consent rules the user set. |
| Delegated payment | The pattern where the agent relays payment credentials to the merchant via a secure token, rather than the merchant collecting card details directly. Example: in ACP, the agent passes the SPT and the merchant charges it through its own PSP. |
Settlement terms: how money actually moves
Settlement terms describe the rail that moves real value once an agent is authorized and a token is issued — card networks, stablecoins over HTTP, or machine-to-machine payment sessions. Authorization and tokens decide whether a payment is allowed; settlement decides how the funds clear. Conflating the two is the most common architectural error in agentic commerce.
The most-discussed settlement innovation is x402, which revives the long-dormant HTTP 402 status code so a server can demand payment inline and a client can pay programmatically. The facilitator is the load-bearing role here.
ACP defines the checkout conversation between an agent and a merchant; it does not move money itself. The actual settlement happens through whatever PSP and rail the merchant uses — a card network for an SPT, or x402 for a stablecoin transfer. Keep these terms in separate boxes.
x402 — internet-native stablecoin payments over HTTP
An open payment protocol from Coinbase, shipped May 2025 and donated to the x402 Foundation at the Linux Foundation on April 2, 2026. It uses HTTP 402 Payment Required so a server can ask for payment inline. The cycle: client requests a resource, server returns 402 with a PAYMENT-REQUIRED header, client sends a signed payload in the PAYMENT-SIGNATURE header, the server routes it to a facilitator that verifies and settles on-chain, then returns the resource. As of March 2026 reporting it had processed 119M+ transactions on Base and 35M on Solana with zero protocol fees — figures that move, so verify before quoting.Facilitator (x402) — verify and settle, so sellers skip blockchain infra
A service that handles payment verification and settlement on behalf of the resource server, so sellers do not run their own blockchain infrastructure. Per HTTP 402 cycle it confirms the signed payment payload is valid (verify) and submits the on-chain transfer (settle). Example: the Coinbase-hosted CDP facilitator settles ERC-20 payments (USDC, EURC via EIP-3009) across Base, Polygon, Arbitrum, World, and Solana.MPP (Machine Payments Protocol) — agent-to-agent payment sessions
An open protocol co-developed by Stripe and Tempo (with Visa as a design partner), launched March 18, 2026 alongside Tempo’s mainnet. Its ‘sessions’ model lets an agent pre-authorize a spending limit and then stream micropayments in stablecoins or fiat. Example: an AI agent pays a per-API-call fee to a web-access provider, machine-to-machine, without a human per transaction.Stablecoin settlement — fiat-pegged on-chain value
Using a fiat-pegged token (USDC, EURC) as the unit that actually clears on a blockchain, instead of card rails. Used by x402 and as an option in MPP. Example: an agent settles a $0.01 API micropayment in USDC on Base, where card interchange would make the transaction uneconomical.Roles: who is responsible in an agentic commerce term sheet
Role terms name the responsible parties in an agentic transaction — and in agentic commerce, the headline change is that the merchant stays the merchant of record even though an AI agent initiated the purchase. Understanding these roles is what lets you assign liability, route fraud signals, and answer a regulator’s questions later. These agentic commerce terms map cleanly onto familiar payments roles, with a few new entrants.
The most important nuance: a checkout protocol like ACP is explicitly designed so the business keeps its customer relationship and control over which products sell, how they are presented, and how transactions process. The agent is a new initiator, not a new merchant of record.
Visa TAP and Mastercard’s framework answer different questions. Visa TAP asks ‘is this agent real and where did it come from?’ (identity). Mastercard Agentic Tokens and AP2 mandates ask ‘did the user actually authorize this, and for what?’ (intent). Mature stacks answer both.
| Role | Definition and real example |
|---|---|
| ACP (Agentic Commerce Protocol) | The OpenAI and Stripe open standard (Apache 2.0, September 29, 2025) defining how a buyer’s agent, the buyer, and a business complete a purchase. It standardizes the checkout, cart, and product-feed conversation. Example: ChatGPT Instant Checkout with Etsy and Shopify brands like Glossier and Vuori runs on ACP. |
| Merchant of record (MoR) | The legal seller responsible for the transaction, taxes, refunds, and the customer relationship. In ACP the business remains the MoR even though an agent initiated checkout. Example: when an agent buys from Glossier via ChatGPT, Glossier — not OpenAI — is the merchant of record. |
| PSP (Payment Service Provider) | The processor that actually charges the token and moves funds for the merchant. ACP is PSP-agnostic; Stripe was the first compatible PSP via the Shared Payment Token. Example: a merchant accepts an SPT and charges it through Stripe (or any other compatible PSP). |
| Visa TAP (Trusted Agent Protocol) | An open framework Visa introduced in October 2025 that signs an agent’s identity into HTTP request headers so a merchant can cryptographically verify the agent is legitimate — distinguishing real agents from malicious bots. Built on HTTP Message Signatures (RFC 9421) and Web Bot Auth with Ed25519 keys checked against a Visa directory. Example: a merchant verifies an incoming agent’s signature before honoring its cart. |
| Credentials provider | In AP2, the party that issues and manages the verifiable credentials used to sign mandates. Example: a wallet or issuer that signs a user’s Cart Mandate so merchants can verify it without trusting the agent vendor. |
How the agentic commerce terms fit together in one transaction
Learn the layers, not the logos
In a real 2026 purchase, these agentic commerce terms compose rather than compete: identity, authorization, checkout, and settlement each contribute one layer to a single transaction. The protocols were designed by overlapping consortia precisely so they could interlock. Knowing the vocabulary is what lets you see the seams.
Walk a concrete flow. A user tells their agent to buy running shoes under $200. The agent’s identity is verified to the merchant via Visa TAP headers. The user’s instruction is captured as an AP2 Intent Mandate; once a cart is built, the user signs a Cart Mandate locking the items and price, and a Payment Mandate flags AI involvement to the issuer. Checkout runs over ACP, the agent hands the merchant a Shared Payment Token, and the merchant — still the merchant of record — charges it through its PSP. For a machine-to-machine API fee inside that same workflow, the agent might settle in stablecoins via x402 and a facilitator, or stream micropayments through an MPP session.
That single sentence touched eleven of the terms in this glossary. None of them is redundant. If you are building on this stack, the discipline is to keep the layers labeled in your own architecture so that when a spec changes — and they change often — you know exactly which box is affected. For the head-to-head trade-offs between these protocols, see Agentic Payment Protocols Compared.
The mental model that survives spec churn: identity (who is the agent), authorization (what did the human approve), checkout (how the order is placed), settlement (how money clears). Every agentic comBuilder’s take
I build Cyntr, an agent orchestration runtime, and I run Loomfeed, so I read these specs the way a plumber reads pipe diameters: the words have to bolt together or nothing flows. The biggest mistake I see teams make is treating these as competing standards when most of them stack. Get the vocabulary right and the architecture mostly designs itself.
- Separate the four layers in your head before you write code: identity (Visa TAP), authorization (AP2 mandates), checkout (ACP), and settlement (x402, MPP, or a card network). A single transaction often touches three of them.
- The Shared Payment Token is the term to internalize first. Once you understand why a token is scoped to one amount, one merchant, and a short window, every other token type (Mastercard Agentic Token, AP2 Payment Mandate) reads as a variation on the same risk-containment idea.
- When an issuer or PSP asks ‘was a human present?’, that is not philosophy — it is a real field. AP2’s Payment Mandate and the human-present versus human-not-present distinction map directly to interchange, fraud liability, and decline rates. Wire that signal through deliberately.
- Pin every protocol version and capture the spec’s commit hash in your integration tests. These specs moved monthly through 2025 and 2026; an ‘agentic commerce’ integration that silently drifts is a chargeback waiting to happen.
Frequently asked questions
A Shared Payment Token (SPT) is a payment primitive Stripe introduced with the Agentic Commerce Protocol in September 2025 that lets an app like ChatGPT initiate a payment without exposing the buyer’s card credentials. It is single-use, time-bound, and amount-scoped, so the merchant cannot change the charge amount after the buyer approves it. The merchant then charges that token through any compatible PSP.
AP2 defines the Intent Mandate, the Cart Mandate, and the Payment Mandate. The Intent Mandate captures the user’s request and spending rules (useful for autonomous, human-not-present tasks); the Cart Mandate locks the exact items and price with the user’s signature; and the Payment Mandate links that cart to a payment method while signaling AI-agent involvement to the issuer and network.
An x402 facilitator verifies and settles the on-chain stablecoin payment in each HTTP 402 cycle, so sellers do not have to run their own blockchain infrastructure. It confirms the client’s signed payment payload is valid, then submits the on-chain transfer. The Coinbase-hosted CDP facilitator, for example, settles USDC and EURC across chains including Base, Polygon, Arbitrum, and Solana.
No. In protocols like ACP the business remains the merchant of record even though an AI agent initiated the purchase. The merchant keeps the customer relationship, control over what is sold and how, and responsibility for taxes and refunds. The agent is a new transaction initiator, not a new legal seller.
They answer different questions. Visa’s Trusted Agent Protocol focuses on identity — cryptographically proving an agent is legitimate and distinguishing it from malicious bots, using signed HTTP headers. Mastercard Agentic Tokens (and AP2 mandates) focus on intent — proving the user actually authorized a specific action, by binding a tokenized credential to an agent, merchant scope, and consent policy.
Mostly they complement each other because they operate at different layers. A single transaction can use Visa TAP for agent identity, AP2 for authorization, ACP for the merchant checkout, and x402 or MPP for settlement. They were designed by overlapping consortia to interlock rather than to replace one another.
Primary sources
- Developing an open standard for agentic commerce — Stripe
- Announcing Agent Payments Protocol (AP2) — Google Cloud
- x402 facilitator and payment cycle docs — Coinbase Developer Platform
- Agentic token framework: driving trusted AI transactions — Mastercard
- Visa Introduces Trusted Agent Protocol — Visa
- Introducing the Machine Payments Protocol — Stripe
Last updated: May 31, 2026. Related: Commerce.
