AP2 — cryptographic mandates for agent spend

Frequently asked questions

What is AP2?

AP2 (Agent Payments Protocol) is the open mandate format that binds every AI-agent payment to a cryptographically signed authorization from a verified human Principal. Three mandate types — IntentMandate (broad scope), CartMandate (specific cart), PaymentMandate (final settlement) — anchored on Base for replay-safe audit.

Who signs an AP2 mandate?

The Principal — using a WebAuthn passkey on their laptop or phone. The agent itself never holds a mandate signing key; it requests a signature from the Principal and the Principal taps to approve.

What's the difference between IntentMandate, CartMandate and PaymentMandate?

IntentMandate = 'this agent may spend up to $X on category Y until date Z' (broad, pre-authorized scope). CartMandate = 'this agent may charge $A.BC for this exact cart from merchant M' (per-purchase narrowing). PaymentMandate = the final settlement signature with the payment-method binding. AgentWallet generates and chains all three automatically.

Are AP2 mandates revocable?

Yes. Revoke any mandate from the dashboard or POST /mandates/:id/revoke. Subsequent payments referencing the revoked mandate are rejected at the policy gate and a revocation receipt is anchored on Base.

Are AP2 mandates an open standard?

Yes. AP2 is being developed in the open with the AP2 working group; AgentWallet's implementation matches the public spec, and any AP2-compatible verifier can validate our mandates against the published JSON Schema.

How does AP2 differ from EIP-712 typed data?

AP2 mandates are typed payment authorizations specifically for the agent-payments domain — they include the Principal binding, the agent identity, the spend scope, the rail and the trace anchor. Under the hood AgentWallet does sign the AP2 payload as EIP-712 typed data so any EVM-aware verifier can validate it.