Tenzro
Blog — Payments

Payments for AI agents — every rail, one gateway

Agents transact with humans, with services, with other agents — and with merchants who only accept cards. No single payment protocol covers all four. Tenzro implements every rail that matters and routes through a unified gateway.
Author
Tenzro Engineering
Date
2026-01-07
Category
Payments
Read time
8 min

Agents don't transact with one counterparty type. A research agent might pay an API in stablecoin, tip a model provider per token, settle a SaaS subscription via cart mandate, and buy a domain from a merchant who only takes cards — all in the same workflow.

No single rail covers that. So Tenzro implements all of them and routes through a unified PaymentGateway.

MPP and x402 — HTTP 402 for machines

MPP (Machine Payments Protocol) — co-authored by Stripe and Tempo. HTTP 402 challenge / credential / receipt flow with session management for streaming. MppPaymentServer issues challenges; MppClient signs credentials; MppSessionManager tracks streaming sessions for per-token billing.

x402 — Coinbase's HTTP 402 protocol. EIP-3009 transferWithAuthorization. CDP facilitator for verify and settle. Stateless one-shot. Stablecoin-native.

Both use HTTP 402 as the gate. A model API, a TEE endpoint, or any resource returns 402 with a payment challenge. The agent's wallet signs a credential bound to its TDIP DID. Tenzro verifies and settles.

AP2 cart mandates

AP2 introduces structured commitments — pre-authorize a specific basket up to a max amount with an expiry. Tenzro's Ap2Validator enforces three nested ceilings before settlement:

  1. The AP2 IntentMandate constraints (item set, max_amount)
  2. The TDIP DelegationScope (max value, allowed operations, time bound)
  3. The runtime SpendingPolicy (per-tx, rolling daily window)

All three must pass. The mandate hash binds to the DID. Replay-safe by nonce.

Cards — Visa TAP and Mastercard Agent Pay

Card networks have their own agent payment standards now — Visa Trusted Agent Payments and Mastercard Agent Pay extend the rails to autonomous principals with cryptographic mandate validation. Tenzro issues and verifies the mandate; the clearing rail is the card network's. This is the path that lets agents buy from merchants who haven't adopted MPP/x402.

Tempo and Stripe

Tempo is the stablecoin settlement chain co-developed with Stripe. Tenzro participates directly through TempoParticipant — EIP-155 Secp256k1 signing, RLP encoding, Keccak-256 hashing, eth_sendRawTransaction. Stripe Payment Intents for fiat onramps. HMAC-SHA256 webhook verification.

Native — channels and escrow

For per-token AI inference, on-chain settlement per call is too expensive. MicropaymentChannelManager opens a channel between consumer and provider. State updates exchange off-chain with Ed25519 signatures over canonical (nonce, payer_balance, payee_balance) preimage. The latest signed state closes the channel to the ledger.

For high-value coordination — bonds, sealed orders, expiring offers — there's an on-chain escrow primitive at consensus-mediated opcodes: CreateEscrow (0x01000010), ReleaseEscrow (0x01000011), RefundEscrow (0x01000012). Vault addresses derived deterministically. Payer-only authorization.

Defense in depth

Every payment runs through three independent ceilings — the protocol-specific limits, the TDIP DelegationScope, the runtime SpendingPolicy. Plus the on-chain ERC-7579 validator modules at signing time. An agent that bypasses the off-chain check still gets blocked on-chain. That's the lesson from the agent-wallet drain incidents of mid-2026.

Keep reading
← All posts