The 2025 holiday rush made one thing clear: agent‑led shopping is moving from demos to production. Over the last two months, Google announced the Agent Payments Protocol (AP2), Visa launched Trusted Agent Protocol (TAP), Stripe released the Agentic Commerce Protocol (ACP) to power ChatGPT’s Instant Checkout, and Coinbase’s x402 saw a surge in usage. Wired also covered Microsoft’s new Agent 365 for managing enterprises’ bot fleets. For merchants, the question is no longer “if” but “what should we support first—and how?”

This guide gives you a plain‑English comparison of AP2, TAP, ACP, and x402, then a practical Q1 2026 readiness checklist you can execute without boiling the ocean.

Quick primer: the four protocols

1. AP2 (Agent Payments Protocol): Google’s open, payments‑method‑agnostic protocol that extends A2A (Agent‑to‑Agent) and MCP. It uses cryptographically signed mandates (verifiable user intent) to reduce fraud and clarify who’s accountable. Early collaborators include PayPal and dozens of payment and tech partners. Source, TechCrunch.
2. Visa TAP (Trusted Agent Protocol): A framework from Visa (with Cloudflare) that helps merchants recognize “trusted” AI agents, pass intent signals, and avoid blocking legitimate agent purchases with bot defenses. Press release.
3. Stripe ACP (Agentic Commerce Protocol): An open standard co‑developed with OpenAI that powers ChatGPT’s Instant Checkout—live with Etsy merchants in the U.S., with Shopify “coming soon,” enabling agent‑native discovery and purchase flows. Source.
4. x402: Coinbase’s web‑native payments layer that revives HTTP 402 Payment Required so agents (and users) can transact with signed stablecoin mandates over HTTP; includes a discovery layer called x402 Bazaar. Protocol, Bazaar.

Why this matters to your stack

• Discovery is shifting to agents. ACP and x402 Bazaar make your catalog and offers discoverable to AI assistants—not just search engines.
• Checkout needs new trust signals. TAP and AP2 formalize how agents prove user intent so your fraud tools don’t nuke legitimate purchases.
• Interoperability is coming fast. AP2 builds on A2A + MCP, which major vendors now support. Instrumentation via OpenTelemetry’s GenAI conventions lets you observe agent flows like you watch APIs today. OpenTelemetry.

How the protocols differ (at a glance)

• Primary scope: AP2 = payments trust/mandates; TAP = agent identity + merchant trust; ACP = merchant/agent integration for discovery + checkout; x402 = machine‑payable web with stablecoins and HTTP‑level primitives.
• Where you’ll see them first: ACP in ChatGPT shopping surfaces; TAP in fraud/agent recognition at checkout; AP2 in multi‑party agent commerce where “who authorized what” must be provable; x402 in micro‑payments and agent‑to‑agent buys.
• Merchant effort: ACP can be a lighter lift if you already use Stripe; TAP needs bot/edge and risk tuning; AP2 requires mandate plumbing and identity; x402 adds crypto rails and accounting.

Q1 2026 Merchant Readiness Checklist

Use this 30–60 day plan to get agent‑ready without a replatform.

1. Expose machine‑readable catalog and policies. Ensure your PDPs use schema.org for products, offers, and availability. Add API endpoints (read‑only to start) for pricing, inventory, shipping, and returns so agents don’t scrape. This primes you for ACP discovery and AP2 cart mandates.
2. Segment agent traffic. At CDN/WAF, create an agent segment and preserve it end‑to‑end in headers or session attributes. Prepare to honor Visa TAP signals so you don’t falsely block agent sessions. Tune rate limits for high‑burst, short‑lived agent “shopping sprees.” Visa TAP.
3. Add mandate‑ready checkout. Design your checkout to accept AP2‑style Cart Mandates and pass Payment Mandates to your PSP. If you’re on Stripe, pilot ACP pathways; if you’re PayPal‑heavy, track the AP2 pilot with Google Cloud. AP2 + PayPal, ACP.
4. Instrument agent flows with OpenTelemetry. Start collecting GenAI metrics/spans (model, tokens, agent task, tool call, error, cost) and business KPIs (AOV, conversion, chargebacks) by traffic type: human vs. agent. This is the backbone for SLOs and FinOps. Spec.
5. Pilot one agentic surface. Pick one: (a) ChatGPT Instant Checkout via ACP for a small SKU set; (b) a trusted‑agent returns/exchanges flow (WhatsApp or web chat); or (c) a limited x402 micro‑purchase (e.g., warranty, gift wrap) if you already support stablecoins. Keep scope tiny and observable.
6. Governance + incident basics. Define who can change agent policies, approve mandate thresholds, or pause agent traffic. Add runbooks for prompt‑injection and mandate mismatch incidents; route alerts to on‑call.

Recommended sequencing by stack

• Stripe‑first merchants: Pilot ACP (ChatGPT Instant Checkout) on a curated catalog, then add TAP signals to lower false positives in fraud tooling.
• PayPal‑first merchants or marketplaces: Track AP2 pilots with Google Cloud + PayPal; prepare mandate plumbing and agent identity mapping now.
• Crypto‑enabled brands: Trial x402 for micro‑entitlements (e.g., $0.25 promo unlocks) and measure adoption; keep it sandboxed behind feature flags.

Where this fits your broader agent stack

Payments is only one layer. You’ll still need an agent control plane, identity, observability, SLOs, and cost controls. See our hands‑on playbooks:

• Build an Internal AI Agent Control Plane in 7 Days (MCP + A2A + OpenTelemetry)
• Agent Reliability Engineering: SLOs, Runbooks, and Incident Response
• Agent FinOps: Cut AI Agent Costs in 90 Days
• Browser Agents vs APIs: When to Use Each
• Agent‑Led Payments Are Here: AP2 + A2A + MCP (30‑Day Playbook)
• The 2026 Agentic Interop Stack: MCP + A2A + AP2

FAQ

Is this only for huge enterprises? No. ACP lets smaller brands ride existing Stripe plumbing to reach agentic surfaces (e.g., ChatGPT). TAP reduces false declines. Start small and instrument everything.

Do I have to pick one protocol? Not necessarily. AP2, TAP, and ACP aim for interoperability and can co‑exist. Sequence based on your PSPs, risk posture, and audience.

What about Microsoft/Salesforce? Expect easier policy, registry, and governance via platforms like Agent 365 (Wired coverage) and Agentforce 360 (Reuters/TechCrunch). These sit above the protocols and help you run agents at scale.

Sources

• Google Cloud + PayPal on AP2: blog, reporting
• Visa Trusted Agent Protocol: press
• Stripe Agentic Commerce Protocol + Instant Checkout: newsroom
• Coinbase x402 + Bazaar: protocol, bazaar
• Microsoft Agent 365 overview: Wired
• Salesforce Agentforce 360 context: Reuters
• OpenTelemetry GenAI semantic conventions: spec

Call to action

Want a 2‑week sprint to make your store agent‑ready (ACP pilot + TAP signals + OTEL dashboards)? Talk to HireNinja or subscribe for weekly playbooks.