ACP — Agentic Commerce Protocol

What is ACP?

ACP (Agentic Commerce Protocol) is an open agentic checkout protocol from OpenAI and Stripe (endorsed by Meta). It lets AI agents complete purchases — cart, shipping, payment — via Shared Payment Tokens without exposing the user’s payment details. Released on September 29, 2025 in beta; live transactions on Etsy, Shopify (1M+ transactions), and Walmart.

Why do you need ACP?

Without a standard protocol, an agent cannot complete checkout autonomously: it would need the user’s actual card data or manual confirmation of every payment. ACP solves this with Shared Payment Tokens:

1. The user authorizes the agent once via OAuth 2.0 delegation.
2. The agent receives a token — not card data, but permission to transact.
3. Stripe processes the payment without exposing card details to the agent.

Key ACP capabilities:

Capability	Description
Agentic checkout	Cart, shipping, and payment in a single agent flow
Shared Payment Tokens	Payment without exposing card details
OAuth 2.0 delegation	User explicitly delegates rights to the agent
MCP transport	Native integration with MCP servers

How do you implement ACP?

ACP uses native MCP transport, making it straightforward to embed checkout in existing MCP servers:

{
  "payments": {
    "acp": "https://api.example.com/acp"
  }
}

Or via a Link header:

Link: <https://api.example.com/acp>; rel="acp-endpoint"

Full flow: agent obtains a Shared Payment Token via OAuth 2.0 → builds the cart → calls the ACP checkout endpoint → Stripe settles the transaction. Merchant documentation: docs.stripe.com/agentic-commerce/acp.

How do we check ACP?

The ACP check in the scanner is informational (does not affect the main score). The scanner checks for protocol support declaration in two ways:

1. GET /.well-known/ai-agent.json → payments.acp field
2. HEAD / → Link header with rel="acp-endpoint"

The actual checkout flow, OAuth delegation, and settlement via Stripe are not tested. If a declaration is found → pass, if absent → fail.