Key Concepts
This page explains the fundamental concepts youβll encounter when working with the Agentic Commerce Protocol. Understanding these terms will help you navigate the documentation and implement ACP effectively.
Core Concepts
AI Agent
An AI agent is a software system powered by artificial intelligence that can take actions on behalf of a user. In the context of ACP:
- The agent understands user requests in natural language
- It searches for products across multiple merchants
- It facilitates the checkout process
- It never handles actual payment credentials
Examples: ChatGPT, Claude, future AI assistants
Think of an AI agent as a knowledgeable personal shopping assistant who can browse stores, compare options, and handle the logistics of purchasingβbut always asks for your approval before spending your money.
Agentic Commerce
Agentic commerce refers to commercial transactions where AI agents act as intermediaries between buyers and sellers. Key characteristics:
- Autonomous discovery: AI finds products based on intent, not keywords
- Conversational interface: Users describe what they want naturally
- Cross-platform: Single conversation spans multiple merchants
- User-controlled: Humans approve all purchases
Checkout Session
A checkout session is a temporary container that holds the state of a purchase in progress. It includes:
- Cart items (products and quantities)
- Buyer information (shipping address, email)
- Calculated totals (subtotal, shipping, tax, total)
- Session state (ready/not ready for payment)
- Expiration time (typically 30 minutes)
{
"checkout_session_id": "cs_abc123",
"state": "ready_for_payment",
"cart": { /* items */ },
"totals": { /* calculated amounts */ },
"expires_at": "2024-12-15T12:00:00Z"
}Session States
A checkout session moves through defined states:
ββββββββββββββββββββββββ
β not_ready_for_payment β β Missing required info
ββββββββββββ¬ββββββββββββ
β Add shipping address
βΌ
ββββββββββββββββββββββββ
β ready_for_payment β β Can complete checkout
ββββββββββββ¬ββββββββββββ
β Submit payment
βΌ
ββββββββββββββββββββββββ
β completed β β Order created
ββββββββββββββββββββββββ| State | Meaning |
|---|---|
not_ready_for_payment | Session created but missing required information |
ready_for_payment | All requirements met, can accept payment |
completed | Payment successful, order created |
cancelled | Session explicitly cancelled |
expired | Session timed out |
Payment Concepts
Shared Payment Token (SPT)
A Shared Payment Token is a secure, limited-use credential that allows a merchant to charge a specific amount. Key properties:
| Property | Description |
|---|---|
| Merchant-specific | Only the designated merchant can use it |
| Amount-limited | Cannot charge more than specified |
| Time-limited | Expires after ~30 minutes |
| Single-use | Cannot be reused after charging |
SPTs are the key security innovation in ACP. They allow AI agents to facilitate payments without ever having access to actual payment credentials.
Delegated Payment
Delegated payment is the model where payment authorization is βdelegatedβ from the user to a token system:
- User has card stored with payment provider (Stripe)
- User authorizes a payment for specific merchant/amount
- Token is generated representing this authorization
- Token is passed through AI agent to merchant
- Merchant redeems token with payment provider
The AI agent is just a messengerβit canβt create tokens or modify amounts.
Merchant of Record
The merchant of record is the business legally responsible for the transaction. In ACP:
- The merchant (not OpenAI, not the AI agent) is the merchant of record
- Merchants handle refunds, chargebacks, and disputes
- Merchants are responsible for tax collection
- Merchants maintain the customer relationship
This is different from marketplace models where the platform is often the merchant of record.
Product Concepts
Product Feed
A product feed is a structured data file that describes a merchantβs available products. It enables AI agents to discover and search products.
{
"products": [
{
"id": "sku_12345",
"title": "Wireless Headphones",
"description": "Premium over-ear headphones...",
"price": 199.99,
"currency": "USD",
"availability": "in_stock",
"category": "Electronics > Audio",
"images": ["https://..."]
}
]
}Product Variant
A variant is a specific version of a product that differs by attributes like size, color, or material:
{
"id": "prod_tshirt",
"title": "Classic T-Shirt",
"variants": [
{"id": "var_small_blue", "size": "S", "color": "Blue", "price": 29.99},
{"id": "var_medium_blue", "size": "M", "color": "Blue", "price": 29.99},
{"id": "var_large_red", "size": "L", "color": "Red", "price": 29.99}
]
}Availability States
Products have availability states that AI agents check before adding to cart:
| State | Meaning |
|---|---|
in_stock | Available for immediate purchase |
out_of_stock | Not currently available |
preorder | Available for pre-order |
limited | Low stock, may sell out |
discontinued | No longer available |
API Concepts
Idempotency
Idempotency means that making the same request multiple times produces the same result. ACP uses idempotency keys to prevent duplicate orders:
POST /checkout_sessions/cs_123/complete
Idempotency-Key: order_abc123_attempt_1If this request is accidentally sent twice, only one order is created.
Request Signing
Request signing is a security measure where requests include a cryptographic signature proving they came from an authorized source:
Signature: sha256=abc123...
Timestamp: 2024-12-15T10:30:00ZThe signature is calculated from:
- Request timestamp
- Request body
- Shared secret key
This prevents request tampering and replay attacks.
Webhooks
Webhooks are HTTP callbacks that notify your system when events occur:
Merchant Server Your System
β β
β POST /webhooks/acp β
β { β
β "event": "order.created", β
β "order_id": "ord_123" β
β } β
β βββββββββββββββββββββββββββββββΊβ
β β
β 200 OK β
β ββββββββββββββββββββββββββββββββCommon webhook events:
checkout.session.createdcheckout.session.completedorder.createdorder.shippedorder.delivered
Architecture Concepts
Three-Party Model
ACP uses a three-party model where each participant has distinct responsibilities:
| Party | Responsibilities |
|---|---|
| User | Initiate requests, approve purchases, provide shipping info |
| AI Agent | Understand intent, search products, facilitate checkout |
| Merchant | Provide products, process payments, fulfill orders |
Trust Boundaries
Trust boundaries define what each party can and cannot access:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β User's Domain β
β β’ Payment credentials (stored with Stripe) β
β β’ Full purchase history β
β β’ Personal preferences β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Token (limited) β Address (necessary)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent's Domain β
β β’ Conversation context β
β β’ Product search results β
β β’ Checkout session state β
β β’ Payment tokens (opaque, limited) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Token + Address
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Merchant's Domain β
β β’ Order details β
β β’ Shipping address β
β β’ Payment confirmation β
β β’ Fulfillment data β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββStateless vs. Stateful
ACP components vary in how they manage state:
| Component | State Model | Why |
|---|---|---|
| Product Feed | Stateless | Products can be queried anytime |
| Checkout Session | Stateful | Tracks progress through checkout |
| Payment Token | Stateful | Tracks usage and expiration |
Integration Concepts
Integration Levels
Merchants can integrate at different levels:
Platform Integration
Use a pre-built integration from your e-commerce platform:
- Shopify app
- WooCommerce plugin
- BigCommerce connector
Effort: Hours | Control: Limited
Stripe Agent Toolkit
Use Stripeβs SDK with pre-built ACP support:
import { AgentToolkit } from '@stripe/agent-toolkit';
const toolkit = new AgentToolkit({ stripe });Effort: Days | Control: Moderate
Full API Implementation
Build your own implementation of all three specifications:
- Product feed endpoint
- Checkout API endpoints
- Payment handling
Effort: Weeks | Control: Complete
API Versioning
ACP uses URL path versioning:
https://merchant.com/acp/v1/checkout_sessions
β
Version numberVersion changes:
- Major version (v1 β v2): Breaking changes
- Minor updates: Backwards-compatible additions
Common Patterns
Optimistic UI
AI agents often use optimistic UI patternsβshowing expected results before confirmation:
AI: "I'm adding the garden tools to your cart..."
[Shows cart immediately]
"Cart updated! Ready to checkout when you are."
[Confirms after API responds]Progressive Disclosure
ACP supports progressive disclosure of information:
- Start with minimal info (just cart items)
- Add shipping when needed
- Add payment when ready
- Complete only with full confirmation
This reduces friction and lets users exit at any point.
Error Recovery
ACP is designed for graceful error recovery:
- Sessions can be resumed if interrupted
- Idempotency prevents duplicate orders
- Clear error codes enable intelligent retry logic
- Expired sessions can be recreated with same cart
Glossary Quick Reference
| Term | Definition |
|---|---|
| ACP | Agentic Commerce Protocol |
| SPT | Shared Payment Token |
| Checkout Session | Temporary container for purchase state |
| Product Feed | Structured product catalog data |
| Merchant of Record | Business legally responsible for transaction |
| Idempotency Key | Unique identifier preventing duplicate operations |
| Webhook | HTTP callback for event notifications |
| Delegated Payment | Payment model using tokens instead of credentials |