Who this is for

• Shopify, WooCommerce, and custom‑stack merchants preparing for Q4/Q1 growth.
• Founders and product leaders evaluating AI shopping agents and conversational commerce.
• Ops, payments, and security teams who must keep fraud low and attribution clear.

AP2 vs ACP in plain English

AP2 (Agent Payments Protocol) is a Google‑led open protocol that defines how AI agents get permission (“mandates”), authenticate, and complete payments across providers—designed to complement A2A and MCP for cross‑agent interoperability. Think: a standardized trust and payments layer that many platforms can implement. See the announcement and GitHub samples.

ACP (Agentic Commerce Protocol) is an OpenAI/Stripe open standard that lets agents (e.g., ChatGPT) render product listings and execute checkout while sellers remain merchant of record. It’s already powering Instant Checkout pilots (Etsy live in the U.S.; Shopify coming). See Stripe, OpenAI docs, and Reuters.

They’re complementary: AP2 focuses on permissioned, auditable payments across ecosystems, while ACP focuses on merchant‑controlled product feeds and checkout flows inside agent surfaces. Expect bridges across A2A/MCP and payments tokens (e.g., Stripe shared payment tokens; PayPal agent flows). Google Cloud × PayPal, TechCrunch.

What changes for merchants in the next 90 days

1. New discovery surfaces: Agents (ChatGPT, Perplexity, etc.) will show products during conversational queries—your product feed quality and policy compliance matter more than ad placement.
2. Checkout shifts closer to the conversation: Single‑item agentic checkout is rolling out now, with multi‑item carts on the roadmap. Post‑purchase still routes to your existing OMS/PSP.
3. Trust and fraud evolve: “Mandates,” delegated tokens, and agent identity signals will augment traditional risk decisioning. You’ll need new telemetry and allow/deny rules for agent‑initiated orders.

The 30‑Day Agent‑Ready Checklist (Shopify/WooCommerce)

Week 1 — Strategy, Data, and Guardrails

• Define eligible SKUs: Start with low‑risk, in‑stock, single‑item products; exclude hazmat/age‑restricted items via feed rules.
• Policies: Publish plain‑English returns/shipping windows and restocking fees; expose them in your feed and order confirmation.
• Security posture: Map agent risks against our red‑teaming playbook and impersonation controls.

Week 2 — Product Feeds and Eligibility

• Structure your feed: Include canonical titles, attributes (size/color), tax/shipping, stock, and media. Keep updates ≤15 minutes for fast stock changes.
• Agent‑safe content: Avoid claims that trigger compliance blocks; add age, region, and shipping restrictions per SKU.
• Telemetry: Tag agent channel/source in UTM and order metadata to measure conversion and refunds separately.

Week 3 — Payments & Risk

• Delegated tokens: Enable shared/payment tokens with your PSP (e.g., Stripe SPT) or PayPal agent flows; verify soft caps, expiry, and allowed MCCs.
• Mandates & step‑up: Support step‑up challenges (3DS, address verification) if risk exceeds thresholds; log mandate IDs to the order.
• Fraud rules: New signals: agent platform, mandate scope, device/browser automation flags. Create allowlists for trusted agent origins.

Week 4 — Observability, SLAs, and Support

• Observability: Emit OpenTelemetry spans for agent discovery → checkout → fulfillment. Copy our Agent Observability blueprint.
• Support automations: Pipe agent orders to your helpdesk with intents (e.g., cancel/return). Follow our 7‑day Zendesk agent playbook.
• Go‑live gates: Dry‑run with sandbox tokens, then 50‑order pilot, refund SLA ≤ 48h, refund rate < 4%, chargeback rate < 0.5% before scaling.

Architecture patterns you can copy

• AP2‑forward store: Expose an A2A/MCP endpoint for negotiation; implement AP2 mandates and cart approvals; route to PSP via your gateway. Start with Google’s AP2 samples.
• ACP‑ready store: Publish a clean product feed; implement Agentic Checkout + Delegated Payment endpoints; accept delegated tokens; reconcile orders in OMS. See OpenAI commerce docs and Stripe newsroom.
• Hybrid: Use a gateway that can accept both delegated tokens and traditional PANs; normalize mandates/metadata into your orders table; centralize risk decisions.

KPIs that prove ROI (and keep costs in check)

• Agent discovery → add‑to‑cart rate (target: within 10% of site PDP baseline after two weeks).
• Agent order approval rate (post‑risk) vs. web baseline; keep decline deltas ≤2 p.p.
• Refund and chargeback deltas for agent channel vs. site (goal: no worse than +0.2 p.p.).
• CAC impact: measure “organic agent” orders sourced from agent surfaces vs. paid ads.
• Unit economics: track PSP + protocol fees minus ad savings; apply our cost‑control playbook.

Risk, compliance, and spoofing

Adopt signed mandates, verified agent identities, delegated tokens, and explicit per‑order audit trails. Combine that with behavioral rules (velocity, shipping risk) and human‑in‑the‑loop review for high‑value orders. See AP2’s mandate model and PayPal/Google’s joint approach to secure agent collaboration. AP2 announcement, Google × PayPal. For end‑user safety and brand protection, also review our guide on stopping agent impersonation.

Getting started this week (TL;DR)

1. Pick 25–50 SKUs, clean the data, and publish a test product feed.
2. Enable delegated tokens with your PSP or PayPal agent flows; set mandate limits.
3. Add agent channel tagging and OpenTelemetry traces.
4. Run a 50‑order pilot; compare KPI deltas vs. web baseline.
5. Scale behind allowlists; expand SKU coverage and countries as metrics hold.

Further reading

• Google: AP2 announcement and AP2 GitHub.
• OpenAI/Stripe: ACP docs and newsroom.
• PayPal: Agentic commerce services and Google Cloud partnership.
• Context: TechCrunch on agent startups.