What is the Agentic Commerce Protocol?

The Agentic Commerce Protocol (ACP) is an open standard co-developed by OpenAI and Stripe that enables AI agents to complete commercial transactions on behalf of users. It consists of three specifications: Product Feed, Agentic Checkout, and Delegated Payment.

Yes, the protocol specification is free and open source (Apache 2.0). Standard payment processing fees apply when using Stripe for payments.

Do merchants keep their customer relationships with ACP?

Yes, merchants remain the merchant of record and keep full control over customer relationships, including customer data, emails, and support.

How are payments secured in ACP?

ACP uses Shared Payment Tokens (SPTs) that are merchant-specific, amount-limited, time-limited, and single-use. The AI agent never sees actual payment credentials.

Which AI assistants support ACP?

ChatGPT supports ACP via its Instant Checkout feature. As an open standard, any AI platform can implement ACP support.

Delegated Payment Specification

Enable secure payment credential sharing without exposing sensitive information.

Stripe’s Shared Payment Token (SPT) is the first implementation of this spec.

How It Works

User provides payment method to AI agent
Agent requests a Shared Payment Token scoped to merchant and amount
Token is passed to merchant during checkout
Merchant charges the token through their payment provider

Token Properties

Property	Description
Single-use	Cannot be reused after charge
Merchant-scoped	Only works for intended merchant
Amount-limited	Cannot charge more than authorized
Time-limited	Expires after ~30 minutes

Stripe Integration


// Accept Shared Payment Token
const paymentIntent = await stripe.paymentIntents.create({
  amount: cartTotal,
  currency: 'usd',
  payment_method: sharedPaymentToken,
  confirm: true,
  payment_method_options: {
    card: { request_delegated_payment: true },
  },
});

Error Codes

Code	Description
`token_expired`	Token has expired
`token_invalid`	Invalid format
`token_already_used`	Already charged
`amount_exceeded`	Exceeds authorization
`payment_declined`	Card declined

Security

Never store tokens. Charge immediately and discard.

Tokens protect raw card data
Reduces PCI scope (SAQ A eligible)
Full audit trail of usage