Google’s Agent Payments Protocol (AP2) launched in September 2025 with 60+ partners including Mastercard, PayPal, Adyen, and Coinbase. By March 2026, three more protocols have joined the race: Coinbase’s x402, Stripe and OpenAI’s ACP, and the freshly funded MPP from Stripe and Tempo (backed by $500M at a $5B valuation). If you are building AI agents that need to spend money, you are staring at four protocols and wondering which one to implement.
The answer: they are not competing. They are layers in a stack. AP2 handles authorization. x402 handles crypto settlement. ACP handles checkout flows. MPP handles session billing. A single agent workflow can touch all four. Understanding the stack is the difference between building payment infrastructure that works and building something you rip out in six months.
What Google AP2 Actually Does
Most coverage of AI agent payments focuses on how agents pay (crypto wallets, card tokens, stablecoins). AP2 focuses on a different question: who said the agent could pay in the first place?
AP2 introduces “mandates,” structured authorization objects that define what an AI agent is allowed to spend, on what, from which account, and until when. Think of a mandate as a machine-readable power of attorney for a specific financial scope.
Here is what a mandate contains:
- Scope constraints: maximum per-transaction amount, cumulative spending cap, allowed merchant categories
- Temporal bounds: start date, expiration, recurring schedule (e.g., “up to $50/week on cloud compute”)
- Payment method binding: which funding source (card, bank account, crypto wallet) the agent can draw from
- Traceability chain: every transaction references back to the mandate that authorized it, creating an audit trail from human intent to agent action
The critical design choice: AP2 is payment-rail agnostic. It does not care whether the agent settles with Visa, SEPA, USDC on Base, or carrier pigeons. The mandate authorizes the intent; the settlement layer handles the execution. That is why Coinbase integrated x402 as AP2’s crypto settlement option, and why Mastercard and PayPal joined as fiat settlement partners.
The Four-Layer Payment Stack
If you look at what each protocol actually does, the stack becomes obvious. Each protocol owns a different problem.
Layer 1: Authorization (Google AP2)
AP2 answers: “Is this agent allowed to make this payment?” Before any money moves, the agent presents its mandate. The receiving service validates the scope, checks the spending limits, and either proceeds or rejects. No mandate, no payment.
This layer exists because AI agents have no legal personhood. A human cannot give an agent a credit card and say “figure it out.” The mandate is the formal, verifiable record that a specific human authorized a specific scope of spending. When something goes wrong (and it will), the mandate is how you reconstruct what was authorized versus what happened.
AP2’s 60+ launch partners include payment processors (Adyen, Stripe, Square), card networks (Mastercard, Visa), banks (PayPal, Revolut), and crypto infrastructure (Coinbase). Google positioned this deliberately: AP2 is the authorization layer that all settlement methods can plug into.
Layer 2: Micropayment Settlement (Coinbase x402)
x402 answers: “How does an agent pay $0.002 for a single API call?” Traditional payment rails cannot handle this. Stripe’s minimum processing fee is roughly $0.30 per transaction. A $0.002 API call would cost 150x more in processing fees than the service itself.
x402 revives the HTTP 402 “Payment Required” status code with USDC stablecoins on Base (Coinbase’s Layer 2 network). The agent hits a gated endpoint, gets a 402 response with pricing, signs a stablecoin transfer, and resubmits with payment proof. Gasless transactions on Base mean no ETH management. The protocol is stateless, RESTful, and fits natively into existing HTTP infrastructure.
In the stack, x402 sits under AP2. The agent’s mandate defines the spending limit; x402 handles individual micropayments within that limit. Cloudflare co-founded the x402 Foundation in September 2025, noting they already return over one billion HTTP 402 codes daily to bots hitting rate limits.
Layer 3: Checkout Flows (Stripe + OpenAI ACP)
ACP, the Agentic Commerce Protocol, answers: “How does an agent complete a multi-step purchase?” Buying a flight is not a single API call. It requires searching, selecting, entering passenger details, choosing seats, and paying. ACP structures this as a checkout flow where the agent navigates a defined purchase sequence.
ACP is already operational inside ChatGPT’s Instant Checkout feature. A user tells ChatGPT to buy something; the agent handles product selection and payment through ACP-connected merchants. The human approved the intent; ACP manages the execution sequence.
The key difference from x402: ACP assumes a human initiated the purchase. x402 assumes the agent is operating autonomously. That distinction matters for liability and consumer protection. ACP transactions carry the same chargeback rights as regular card purchases.
Layer 4: Session Billing (Stripe + Tempo MPP)
MPP, the Machine Payments Protocol, is the newest entrant. Tempo raised $500M at a $5B valuation in March 2026, backed by Visa, Mastercard, Deutsche Bank, Revolut, OpenAI, and Anthropic. The protocol’s tagline: “OAuth for payments.”
MPP answers: “How does an agent run a long session consuming multiple paid services without re-authorizing every call?” The agent pre-funds a session (like depositing money into a parking meter), then auto-settles per call until the session budget runs out.
This fits a specific use case: an agent that orchestrates a complex workflow across multiple paid APIs over hours or days. Think of a recruiting agent that searches LinkedIn (paid), runs background checks (paid), scores candidates (paid), and schedules interviews (paid). Without MPP, each service requires separate payment setup. With MPP, the agent establishes one session, and each service draws from the pre-funded pool.
Why the Stack Matters More Than Any Single Protocol
The instinct when four protocols launch in the same space is to ask “which one wins?” That framing misses the point entirely.
Consider a concrete scenario: a procurement agent buying cloud infrastructure. The human creates an AP2 mandate: “Spend up to $5,000/month on compute, only from AWS, Google Cloud, or Azure.” The agent uses MPP to establish a billing session across these providers. Within each session, individual API calls settle via x402 micropayments. If the agent needs to purchase a reserved instance (a larger one-time transaction), it uses ACP’s checkout flow for that specific purchase.
Four protocols. One workflow. No redundancy.
This mirrors how the web payment stack already works. You do not pick between TLS, HTTP, OAuth, and Stripe. You use TLS for encryption, HTTP for transport, OAuth for authorization, and Stripe for payment processing. They are layers, not alternatives.
The companies backing these protocols understand this. Stripe appears in three of the four (ACP, MPP, and x402 integration). Coinbase appears in two (x402, AP2 partner). Google appears in two (AP2, x402 integration). They are not betting on one protocol. They are building the stack.
What Is Missing from the Stack
Two gaps remain unresolved.
Dispute resolution. When a human buys something with a credit card and the product is defective, chargeback rights apply. When an AI agent pays $0.002 for an API call that returns garbage data, there is no recourse mechanism. ACP inherits card-network dispute rights. x402 has none. MPP is unclear. AP2 mandates track authorization but not quality of service.
Cross-protocol identity. Each protocol identifies agents differently. AP2 uses mandate-based identity. x402 uses wallet addresses. ACP uses Stripe customer IDs. MPP uses session tokens. An agent operating across all four needs four separate identity systems. No unified agent identity standard exists yet, though Mastercard’s Verifiable Intent framework and Sam Altman’s World ID integration with AgentKit are early attempts.
Which Protocol Should You Implement First?
Skip the theory. Here is a decision framework based on what your agent actually does.
Your agent consumes paid APIs programmatically. Start with x402. If your agent calls weather APIs, runs searches, or fetches data, x402’s micropayment model fits perfectly. Integration is straightforward: handle HTTP 402 responses, sign USDC transactions, resubmit with proof. The x402 SDK for TypeScript/Node.js is open-source.
Your agent buys products or books services for humans. Start with ACP. If a human says “buy me this” and your agent executes the purchase, you need the checkout flow and consumer protections that ACP provides. Stripe’s existing merchant network means broad acceptance from day one.
Your agent orchestrates multi-service workflows with ongoing costs. Start with MPP. If your agent runs long-duration tasks across multiple paid services (data pipelines, multi-step research, procurement workflows), MPP’s session-based billing simplifies what would otherwise be dozens of individual payment integrations.
You need an audit trail for compliance. Add AP2 mandates regardless of which settlement layer you use. For DACH-region companies, the EU AI Act’s high-risk classification for financial AI systems makes AP2’s traceability chain practically mandatory. Every agent transaction needs to trace back to a human authorization.
For most builders in 2026, the pragmatic path is: implement AP2 mandates for authorization, then add one settlement protocol based on your primary use case. You can add the others later as your agent’s capabilities grow.
Frequently Asked Questions
What is Google AP2 (Agent Payments Protocol)?
Google AP2 is a payment authorization protocol for AI agents, launched in September 2025 with 60+ partners including Mastercard, PayPal, and Coinbase. It uses “mandates” to define what an agent is allowed to spend, creating a verifiable chain from human authorization to agent transaction. AP2 is payment-rail agnostic, meaning it works with cards, bank transfers, and crypto settlement.
How is Google AP2 different from x402?
AP2 and x402 solve different problems. AP2 is an authorization layer that defines what an agent is allowed to spend (mandates, spending limits, allowed merchants). x402 is a settlement layer that handles the actual payment using USDC stablecoins and HTTP 402 status codes. They work together: AP2 authorizes the intent, x402 executes the crypto micropayment.
What is MPP (Machine Payments Protocol)?
MPP is a session-based payment protocol for AI agents, developed by Stripe and Tempo (which raised $500M at a $5B valuation in March 2026). Described as “OAuth for payments,” MPP lets agents pre-fund a billing session and auto-settle per API call. It is backed by Visa, Mastercard, Deutsche Bank, Revolut, OpenAI, and Anthropic.
Which AI agent payment protocol should I implement first?
It depends on your use case. For API micropayments, start with x402. For product purchases, start with ACP (Stripe + OpenAI). For multi-service workflows, start with MPP. For compliance and audit trails, add AP2 mandates as your authorization layer regardless of settlement choice. Most builders should implement AP2 for authorization plus one settlement protocol.
Can AI agents use multiple payment protocols simultaneously?
Yes. The four protocols (AP2, x402, ACP, MPP) are layers in a stack, not competitors. A single agent workflow can use AP2 for authorization mandates, x402 for crypto micropayments, ACP for product checkout flows, and MPP for session-based billing across multiple services. This mirrors how web infrastructure layers TLS, HTTP, OAuth, and payment processing.