PROTOCOL · LAYER 2 · AP2

Every payment is bound to
a signed mandate.

AP2 (Agent Payments Protocol) is the open mandate format that turns "the agent decided to pay" into "the principal authorized this exact spend, here's the cryptographic proof." AgentWallet ships first-class support for IntentMandate, CartMandate and PaymentMandate — anchored on Base for replay-safe audit.

Three mandate types

Intent → Cart → Payment.

INTENT

IntentMandate

What the agent MAY do. Signed by the Principal. Vendors, caps, time-bound, geographies. The widest grant.

CART

CartMandate

What the agent IS ABOUT TO BUY. Signed by the Agent, references an IntentMandate. Itemized cart, total, expected merchant.

PAYMENT

PaymentMandate

What the agent IS PAYING NOW. Signed by the Agent (and Principal if above threshold). One mandate per settlement.

Schema

An IntentMandate, on the wire.

{
  "type": "IntentMandate",
  "version": "ap2/1",
  "id": "im_01J9X4G8K9Q3P2N1B7H5R6T8X4",
  "principal_id": "prn_01J9X3F2K4Z7T9V1Q5N3M8B2H7",
  "agent_id":     "ag_01J9X3F2K4Z7T9V1Q5N3M8B2H7",
  "scope": {
    "vendors":   ["meta.com","google.com","tiktok.com"],
    "categories":["digital_advertising"],
    "geographies":["US","CA","GB","DE"]
  },
  "limits": {
    "per_call_max_usd":  500,
    "per_day_max_usd":   10000,
    "per_month_max_usd": 200000
  },
  "validity": {
    "from": "2026-05-01T00:00:00Z",
    "to":   "2026-08-01T00:00:00Z"
  },
  "signature": {
    "alg":    "webauthn-es256",
    "cred":   "cred_01J9X4G8K9Q3P2N1B7H5R6T8X4",
    "value":  "0xabc…f01"
  },
  "anchor_tx": "base://0x91e…b22"
}
Verification

Anyone can verify, no API call required.

Public anchor on Base
Every mandate's hash is anchored on-chain on Base. Counterparties verify against the anchor without trusting AgentWallet.
WebAuthn signatures
Mandates are signed with the principal's WebAuthn ES256 key. Standard COSE format, replayable in any browser.
Mandate chains
PaymentMandate references CartMandate references IntentMandate. The chain is replayable end-to-end.
Revocable + expiring
Principals can revoke; mandates auto-expire on `validity.to`. Revocations are anchored too — no quiet kill.

Sign your first mandate.

Built on the open AP2 spec. Free in sandbox.

Get started