Tenzro Testnet is live —request testnet TNZO

AP2 — Agent Payments Protocol

AP2 is a payment protocol for autonomous agents. Unlike MPP (streaming session-based) or x402 (stateless one-shot), AP2 uses Verifiable Digital Credentials (VDC)-wrapped mandates with a parent-child structure that captures the full decision path from user intent to final cart.

Mandate Types

Intent Mandate

Signed by the user, authorizing an agent to spend up to a bounded amount for a described purpose within a time window. Serves as the root of the mandate chain.

Fields: agent_did, max_amount, purpose, expires_at, allowed_merchants, allowed_categories

Cart Mandate

Signed by the agent, referencing a parent intent mandate via parent_id. Binds the final line items, merchant, and total amount to the prior intent authorization.

Fields: parent_id, merchant_did, line_items, total_amount, payment_method

VDC Envelope

Both mandate types are wrapped in a Verifiable Digital Credential envelope with an Ed25519 signature over a canonical JSON serialization:

{
  "vdc": {
    "id": "mandate-01HQ...",
    "kind": "intent",
    "issuer": "did:tenzro:human:...",
    "subject": "did:tenzro:machine:...",
    "issued_at": "2026-04-20T12:00:00Z",
    "expires_at": "2026-04-20T14:00:00Z",
    "claims": { ... }
  },
  "signature": "base64(Ed25519(canonical(vdc)))",
  "signer_did": "did:tenzro:human:...",
  "alg": "EdDSA"
}

Verification Flow

  1. Verify VDC signature — Resolve signer_did to its public key and verify the Ed25519 signature over the canonical VDC bytes.
  2. Check issuer/subject — For intent: issuer must be a human DID. For cart: issuer must be the machine DID named in the parent intent's subject.
  3. Validate parent-child pair — Cart mandate must reference a valid, signed intent mandate. Total must not exceed intent's max_amount. Merchant must be allowed.
  4. Check expiration — Both mandates must be within their validity windows.
  5. Check delegation scope — Agent's TDIP delegation must include AP2 as an allowed payment protocol.

RPC Methods

// Verify a single VDC mandate
tenzro_ap2VerifyMandate({ vdc })
  -> { valid: bool, mandate_id, kind, signer_did, alg, error? }

// Validate an intent/cart pair
tenzro_ap2ValidateMandatePair({ intent_vdc, cart_vdc })
  -> { valid, intent_id, cart_id, total_within_intent, merchant_allowed, ... }

// Protocol metadata
tenzro_ap2ProtocolInfo()
  -> { version, supported_algs, supported_kinds, chain_id }

CLI

tenzro ap2 verify --vdc-file intent.json
tenzro ap2 validate-pair --intent intent.json --cart cart.json
tenzro ap2 info

Relationship to TDIP

AP2 mandates extend the TDIP delegation model. The intent mandate is a constrained, payment-scoped delegation that is cryptographically bound to a specific cart outcome. TDIP's DelegationScope.allowed_payment_protocols must include Ap2 for the agent to present cart mandates.

Why VDC-wrapped Mandates?

  • Non-repudiation — User intent is cryptographically signed and cannot be forged by the agent.
  • Audit trail — The parent-child chain captures the full decision path.
  • Scope limitation — Spending is bounded by the intent even when the agent operates autonomously.
  • Interoperability — VDC format is W3C-aligned and can be verified by any AP2-aware party.
→ Tutorial: Sign and verify AP2 mandates