ACP: The Commerce Layer for AI Agents

This is Part 1 of our three-part series on the Agentic Commerce Stack. This instalment examines ACP—the commerce layer that enables AI agents to orchestrate checkout flows. Part 2 covers AP2, Google's trust framework for authorisation and identity. Part 3 explores x402, the settlement layer for on-chain payment execution.

Executive Summary

When ChatGPT users started buying products directly within their conversations in September 2025, it signalled a fundamental shift in how commerce infrastructure must evolve. The Agentic Commerce Protocol (ACP)—co-developed by Stripe and OpenAI—provides the technical foundation: an open standard that enables AI agents to orchestrate checkout flows while merchants retain full control over their customer relationships.

This report examines the technical architecture, security model, and ecosystem positioning of ACP as the commerce layer in the emerging agentic payments stack.

Key findings:

ACP collapses traditional multi-page checkout into a conversational interface, with merchants retaining merchant-of-record status
The SharedPaymentToken (SPT) enables agents to initiate payments without exposing buyer credentials—scoped by merchant, amount, and time
Native integration with existing Stripe infrastructure allows merchants to enable agentic payments with minimal code changes
ACP is designed to work alongside AP2's trust framework and x402's settlement layer as complementary infrastructure

The Problem: Checkout Was Designed for Browsers

Traditional e-commerce checkout assumes a human navigating a graphical interface. The merchant presents a checkout page, collects shipping details through form fields, requests card information via secure iframes, and processes the payment—all orchestrated through browser redirects and page loads.

This model breaks down for AI agents:

Agents cannot navigate visual checkout flows or click buttons
Session-based authentication doesn't map to programmatic access
Multi-step form completion requires context that agents don't retain naturally
Payment credential collection assumes human oversight at the moment of transaction

The friction is quantifiable. McKinsey forecasts that agentic commerce could generate $3-5 trillion in global retail revenue by 2030. Bain estimates 15-25% of US e-commerce will flow through AI agents by the same timeframe.

The infrastructure gap is clear: merchants need a way to sell through AI agents without rebuilding their commerce stack, and agents need a programmatic interface to checkout without handling raw payment credentials.

How ACP Works: The Four-Actor Model

ACP structures transactions across four participants, each with distinct responsibilities:

Actor 1: The Buyer

The buyer interacts with their AI agent conversationally—expressing purchase intent, reviewing options, and authorising checkout. Critically, buyers never expose payment credentials to the agent directly. Instead, they provision a scoped payment token through their payment provider.

Actor 2: The AI Agent

The agent serves as the buyer's interface to commerce. Its responsibilities include:

Understanding purchase intent from conversation
Discovering and presenting relevant products
Initiating checkout sessions with merchants
Rendering checkout state (totals, shipping options) to the buyer
Collecting buyer authorisation and provisioning payment tokens
Completing the transaction on behalf of the buyer

Importantly, the agent never becomes the merchant of record—it facilitates the transaction without taking ownership of the commercial relationship.

Actor 3: The Merchant

The merchant retains full control over the commercial relationship. According to Stripe's documentation: "With ACP, you maintain your customer relationships as the merchant of record, retaining control over which products can be sold, how they're presented, how transactions are processed, and how orders are fulfilled."

Merchants implement the ACP specification to expose their checkout to agents, but all business logic—pricing, inventory, fraud decisions—remains under merchant control.

Actor 4: The Payment Provider

The payment provider (initially Stripe) handles credential tokenisation and fraud protection. When a buyer authorises a purchase, the provider issues a SharedPaymentToken scoped to the specific merchant and transaction—enabling the agent to complete checkout without accessing raw payment credentials.

The Checkout Flow: From Intent to Confirmation

The complete ACP checkout flow executes through four REST endpoints, as specified in the protocol documentation:

Phase 1: Checkout Initiation

Step 1: Buyer expresses purchase intent ("I want to buy this ceramic vase for my friend's housewarming").

Step 2: Agent sends a POST /checkouts request to the merchant's ACP endpoint, including:

Product SKU and quantity
Initial buyer context (if available)

Step 3: Merchant responds with the current checkout state:

Line items with pricing and availability
Available fulfillment options (shipping methods, costs, delivery windows)
Supported payment methods
Checkout status (not_ready_for_payment, ready_for_payment, etc.)

Phase 2: Checkout Configuration

Step 4: Agent renders the checkout state to the buyer—total amount, shipping options, estimated delivery.

Step 5: Buyer makes selections (shipping method, provides address).

Step 6: Agent sends PUT /checkouts/:id with updates:

Buyer details (name, email, phone)
Shipping address
Selected fulfillment method

Step 7: Merchant recalculates totals (including tax, shipping) and returns updated state.

This update cycle may repeat as the buyer refines their selections.

Phase 3: Payment Authorisation

Step 8: Buyer confirms intent to pay. The agent requests a SharedPaymentToken from the payment provider.

Step 9: The payment provider issues an SPT scoped to:

The specific merchant
The exact transaction amount
A time-limited validity window

Step 10: Agent sends POST /checkouts/:id/complete with the SPT attached.

Phase 4: Completion

Step 11: Merchant creates a PaymentIntent using the SPT and processes the transaction through their existing Stripe integration.

Step 12: Merchant responds with order confirmation, including:

Order ID and permalink for tracking
Confirmation details for the buyer

Step 13: Post-purchase, merchants send webhook events (order_created, order_updated) to keep the agent informed of fulfillment status.

The SharedPaymentToken: Secure Credential Delegation

The SharedPaymentToken (SPT) is ACP's core security innovation—a payment primitive that enables agents to initiate transactions without accessing underlying credentials.

How SPTs Work

When a buyer authorises a purchase, the payment provider (Stripe) issues a token with strict constraints:

SharedPaymentToken {
  currency: "USD",
  max_amount: 4999,          // Amount in cents
  expires_at: "2025-01-07T12:00:00Z",
  seller: {
    network_id: "merchant_abc123",
    external_id: "checkout_xyz789"
  }
}

The SPT is:

Merchant-scoped: Can only be used with the specified merchant
Amount-bounded: Cannot exceed the authorised maximum
Time-limited: Expires after a defined window
Single-use: Invalidated after successful payment

Security Guarantees

According to Stripe's documentation: "SPTs never contain real PANs or other raw credentials." When a merchant confirms a PaymentIntent with an SPT, Stripe clones the buyer's original payment method into a new PaymentMethod object—the merchant receives a functional payment method without the agent ever handling sensitive data.

Fraud Protection Integration

SPTs integrate with Stripe Radar to provide fraud signals:

Likelihood of fraudulent dispute
Card testing detection
Stolen card indicators
Issuer decline probability

This enables merchants to make informed accept/decline decisions even when the transaction originates from an AI agent rather than a traditional checkout flow.

Technical Implementation Options

ACP supports two implementation patterns, offering flexibility for different technical architectures:

Option 1: RESTful API

The standard implementation exposes four HTTP endpoints:

Endpoint	Method	Purpose
`/checkouts`	POST	Create checkout session
`/checkouts/:id`	GET	Retrieve current state
`/checkouts/:id`	PUT	Update checkout details
`/checkouts/:id/complete`	POST	Process payment with SPT
`/checkouts/:id/cancel`	POST	Cancel and release inventory

All requests require HTTPS with Authorization: Bearer {token} headers. Webhook events must be signed with HMAC signatures for verification.

Option 2: MCP Server

For AI-native architectures, ACP can be implemented as a Model Context Protocol (MCP) server. This positions checkout as a capability that AI agents can discover and invoke through the emerging standard for AI-tool communication.

As described on agenticcommerce.dev: "ACP works with any integration pattern and technology stack. Publish your checkout configuration with a traditional API or MCP."

The Delegated Payment Specification

For payment providers beyond Stripe, the Delegated Payment Spec defines how PSPs can issue compatible payment tokens:

User saves payment method with the AI platform
Platform sends delegated payment request to PSP
PSP returns scoped, single-use token
Token is forwarded during checkout completion

Direct integration requires PCI DSS Level 1 compliance or use of network tokens to minimise credential exposure.

Ecosystem Adoption

Platform Launch: ChatGPT Instant Checkout

ACP launched publicly on September 29, 2025, when OpenAI enabled Instant Checkout in ChatGPT. US users can now purchase directly within conversations, starting with Etsy merchants and expanding to Shopify.

The user experience is seamless: a buyer asks ChatGPT for product recommendations, reviews options presented in the conversation, taps "Buy," and completes checkout via a Stripe-powered form without leaving the chat. As OpenAI describes it: payment information is "processed securely by trusted payments partners, and is not stored by OpenAI."

Merchant Adoption

Early adopters span major retail brands:

Direct integrations: URBN (Anthropologie, Free People, Urban Outfitters), Coach, Kate Spade, Revolve, Ashley Furniture, Halara, Abt Electronics, Nectar

Platform partners: Etsy, Shopify (1M+ merchants), Wix, WooCommerce, BigCommerce, Squarespace, commercetools

Strategic Partnerships

Salesforce (October 14, 2025): Agentforce Commerce will integrate with ACP, enabling Salesforce merchants to accept purchases from ChatGPT and other ACP-compatible agents.

PayPal (October 28, 2025): PayPal will serve as an ACP-compatible payment provider, bringing its tens of millions of merchants into ChatGPT commerce starting 2026. PayPal will handle "routing, validation, and orchestration" through its own ACP server implementation.

PwC: Consulting partnership to help enterprises prepare for agentic commerce—structuring product data, connecting commerce systems, and piloting ACP integrations.

Key Milestones

Date	Event
April 2025	Mastercard Agent Pay and PayPal Agent Toolkit launch
September 29, 2025	ACP launches with ChatGPT Instant Checkout
October 14, 2025	Salesforce Agentforce integration announced
October 28, 2025	PayPal partnership announced
2026	PayPal merchant catalogue rollout planned

ACP in the Agentic Commerce Stack

ACP operates as the commerce layer in a three-protocol stack emerging to address different aspects of the agentic payments problem:

Protocol	Developer	Layer	Focus
ACP	Stripe + OpenAI	Commerce	Checkout flows, merchant integration
AP2	Google + 60 partners	Trust	Authorisation, identity, mandates
x402	Coinbase + Cloudflare	Settlement	On-chain payment execution

Complementary Architecture

As Orium's analysis describes: "ACP, AP2, and x402 are not direct competitors so much as layers in an emerging agentic commerce stack."

ACP handles the commerce lifecycle—product discovery, cart management, checkout orchestration. It answers: "How does an agent complete a purchase?"

AP2 provides trust guarantees—verifiable credentials proving user authorisation. It answers: "Who authorised this transaction?"

x402 executes settlement—moving funds via stablecoin when that's the preferred rail. It answers: "How do the funds actually move?"

A complete agentic transaction might use all three: ACP to orchestrate checkout with a merchant, AP2 to verify the agent's authorisation mandate, and x402 to settle the payment in USDC.

Current Positioning

ACP represents, as one analysis notes, "the path of least resistance. Its philosophy is 'don't reinvent the wheel, optimise the road.'" Rather than building new payment rails, ACP adapts existing card infrastructure for AI checkout—making it immediately deployable for Stripe's millions of existing merchants.

What This Means for the Market

The launch of ACP signals that agentic commerce infrastructure is transitioning from concept to production.

For merchants: ACP offers a low-friction path to AI agent distribution. Stripe's existing merchants can enable agentic payments with minimal integration work, gaining access to ChatGPT's 400+ million weekly users as a new sales channel.

For AI platforms: Native commerce capabilities become a competitive differentiator. ChatGPT's Instant Checkout demonstrates that purchase completion within the AI interface—without redirecting to external checkout—creates a meaningfully better user experience.

For payment providers: The Delegated Payment Spec opens a path for PSPs beyond Stripe to participate. PayPal's announcement demonstrates that ACP is designed for multi-provider ecosystems, not Stripe exclusivity.

For enterprises: The convergence of ACP, AP2, and x402 is establishing the infrastructure layer for what Bain estimates could be a $300-500 billion US market by 2030.

The commerce layer is now defined. The next question is trust—how do we verify that an agent is authorised to spend on a user's behalf?

Continue to Part 2: AP2 to understand how Google and 60 partners are architecting the trust layer for agent authorisation, or skip to Part 3: x402 for the settlement layer that completes the stack.

Hexploits specialises in AI infrastructure, agent architectures, and autonomous system design. If you're building systems that require agentic commerce capabilities, we should talk.