Skill

ap2-payment-mandate

Implements AP2 Payment Mandate VDC to signal AI involvement and user authorization in payments. Guides schema fetch, construction for merchant processors in auth flows, tokenization.

Python

REST API

backend

security

authentication

Install

npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin ap2-agentic-payments

Tool Access

This skill is limited to using the following tools:

ReadWriteEditBashGrepGlobWebSearchWebFetch

Preview

**Fetch live docs**:

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.1k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

claude-code-plugin-release

1 file

Automates semantic versioning and release workflow for Claude Code plugins: bumps versions in package.json, marketplace.json, plugin.json; verifies builds; creates git tags, GitHub releases, changelogs.

claude-mem

64.7k

Stats

Parent Repo Stars14

Parent Repo Forks9

Last CommitMar 9, 2026

Actions

View Source View Plugin View on GitHub View README

AP2 Payment Mandate

Before writing code

Fetch live docs:

Fetch https://ap2-protocol.org/specification/ for the Payment Mandate schema
Web-search site:github.com google-agentic-commerce AP2 payment mandate for type definitions
Web-search site:github.com google-agentic-commerce AP2 src/ap2/types payment for Python types
Fetch https://ap2-protocol.org/topics/core-concepts/ for Payment Mandate conceptual details

Conceptual Architecture

What the Payment Mandate Is

The Payment Mandate is a separate VDC specifically for the payment ecosystem — shared with payment networks (Visa, Mastercard) and issuers (banks). Unlike the Cart/Intent Mandates that focus on purchase authorization, the Payment Mandate provides visibility into the agentic nature of the transaction.

Purpose

The Payment Mandate serves three functions:

Signals AI involvement — Tells the network/issuer that an AI agent initiated this transaction
Signals user presence — Indicates whether the user was present (human-present vs human-not-present)
Provides authorization proof — Includes user-signed authorization for the payment

Who Creates It

The Merchant Payment Processor (MPP) constructs the Payment Mandate from the transaction information after the user has authorized the purchase. The Shopping Agent does not create the Payment Mandate — it is assembled on the MPP side from the payment context.

Payment Mandate Contents

{
  "payment_mandate_contents": {
    "payment_mandate_id": "pm_unique_id",
    "payment_details_id": "order_id",
    "payment_details_total": {
      "amount": {
        "currency": "USD",
        "value": "29.99"
      },
      "refund_period": 30
    },
    "payment_response": {
      "request_id": "order_id",
      "method_name": "CARD",
      "details": {
        "token": "dpan_token_xyz"
      },
      "shipping_address": null
    },
    "merchant_agent": "MerchantAgentName",
    "timestamp": "2025-09-01T12:00:00Z"
  },
  "user_authorization": "eyJhbGc..."
}

Key Fields

payment_mandate_id — Unique identifier for this payment mandate
payment_details_id — Links back to the order/cart
payment_details_total — Transaction amount, currency, and refund period
payment_response — Selected payment method, tokenized credentials, shipping
merchant_agent — Identity of the merchant's agent
user_authorization — User's cryptographic signature
timestamp — When the mandate was created

How It Flows Through the System

1. User authorizes purchase on trusted device surface
2. Shopping Agent sends Cart Mandate + user attestation to Merchant
3. Merchant submits payment to Merchant Payment Processor (MPP)
4. MPP constructs the Payment Mandate from the transaction context
5. MPP requests payment credentials from Credentials Provider (CP)
6. CP verifies and performs tokenization (if needed)
7. CP returns credentials to MPP
8. Network/Issuer evaluates the mandate for risk assessment
9. Payment authorized (or challenged)

Payment Method Tokenization

The Payment Mandate includes a tokenized payment method (DPAN — Digitized Primary Account Number):

The actual card number is never exposed to the Shopping Agent
Credentials Provider handles tokenization
The token is bound to the specific transaction
Network/Issuer can resolve the token to the real credentials

Relationship to Cart/Intent Mandates

Cart Mandate → authorizes what's being purchased (user → merchant)
Intent Mandate → authorizes the shopping scope (user → agent)
Payment Mandate → authorizes the payment (user → payment ecosystem)

All three work together: the Cart/Intent Mandate proves the purchase is authorized; the Payment Mandate proves the payment is authorized and provides network visibility.

Refund Period

The refund_period field in the mandate specifies the refund window (in days). This is important for:

Dispute resolution timelines
Chargeback eligibility
Merchant liability assessment

Best Practices

Always include a valid user_authorization signature
Link the Payment Mandate to the corresponding Cart/Intent Mandate via IDs
Include accurate merchant_agent identification
Set realistic refund periods aligned with merchant policy
Store Payment Mandates for the full refund period for dispute resolution
Never expose raw payment credentials to Shopping Agents
Validate the payment method token before processing

Fetch the specification for exact Payment Mandate fields, token formats, and network integration requirements before implementing.