What is the Agentic Commerce Protocol?

The Agentic Commerce Protocol (ACP) is an open standard co-developed by OpenAI and Stripe that enables AI agents to complete commercial transactions on behalf of users. It consists of three specifications: Product Feed, Agentic Checkout, and Delegated Payment.

Yes, the protocol specification is free and open source (Apache 2.0). Standard payment processing fees apply when using Stripe for payments.

Do merchants keep their customer relationships with ACP?

Yes, merchants remain the merchant of record and keep full control over customer relationships, including customer data, emails, and support.

How are payments secured in ACP?

ACP uses Shared Payment Tokens (SPTs) that are merchant-specific, amount-limited, time-limited, and single-use. The AI agent never sees actual payment credentials.

Which AI assistants support ACP?

ChatGPT supports ACP via its Instant Checkout feature. As an open standard, any AI platform can implement ACP support.

🚀Agentic Commerce Protocol is now live! Instant Checkout is available in ChatGPT. Learn more →

Testing Your Integration

Thoroughly test your ACP implementation before enabling live transactions.

Test Environment

Stripe Test Mode

Use Stripe’s test mode for development:


# Test API keys
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...

Test Card Numbers

Card Number	Scenario
`4242424242424242`	Successful payment
`4000000000000002`	Card declined
`4000000000009995`	Insufficient funds
`4000000000000069`	Expired card

Local Development

Using ngrok

Expose your local server for webhook testing:


# Install ngrok
brew install ngrok  # macOS
# or download from ngrok.com
 
# Start tunnel
ngrok http 3000
 
# Use the HTTPS URL for webhooks
# https://abc123.ngrok.io

Request Signing

Test signature verification with sample payloads:


import crypto from 'crypto';
 
function generateTestSignature(body, secret, timestamp) {
  return crypto
    .createHmac('sha256', secret)
    .update(`${timestamp}.${JSON.stringify(body)}`)
    .digest('base64');
}
 
// Example test
const testBody = { cart_items: [{ product_id: 'test', quantity: 1 }] };
const timestamp = Date.now().toString();
const signature = generateTestSignature(testBody, 'test_secret', timestamp);

API Testing

Create Session


curl -X POST https://your-server.com/checkout_sessions \
  -H "Content-Type: application/json" \
  -H "timestamp: $(date +%s)" \
  -H "signature: YOUR_SIGNATURE" \
  -d '{
    "cart_items": [
      {"product_id": "prod_123", "quantity": 1}
    ],
    "currency": "USD"
  }'

Expected Response


{
  "checkout_session_id": "cs_abc123",
  "state": "ready_for_payment",
  "cart": {
    "items": [...]
  },
  "totals": {
    "total": 2999
  }
}

Validation Checklist

✅

Complete this checklist before going live.

Session Management

Sessions created with unique IDs
Sessions expire after 30 minutes
Invalid sessions return 404

Payment Flow

Test payments succeed
Declined cards handled gracefully
Delegated payment tokens work correctly

Error Handling

Invalid signatures return 401
Missing fields return 400
Server errors return 500

Security

HTTPS enforced
Signatures verified on all requests
Sensitive data not logged

Integration Testing

Simulate Agent Flow

Create checkout session
Simulate shipping address update
Complete payment with test token
Verify order creation

Load Testing

Test concurrent sessions:


# Using Apache Bench
ab -n 1000 -c 10 https://your-server.com/checkout_sessions
 
# Using k6
k6 run load-test.js

Going Live

Once all tests pass:

Switch to live Stripe keys
Update webhook URLs
Enable production logging
Monitor initial transactions

Merchant Application Stripe Integration

Specification maintained by OpenAI and Stripe

About Privacy Terms RSS

Apache 2.0 · Open Source