AP2 Glossary
The vocabulary used across the lessons. Say it like you mean it.
| Term | Plain English | Closer to spec |
|---|---|---|
| Agent Payments Protocol (AP2) | An open protocol that lets AI agents complete payments with verifiable authority. | An open protocol designed to enable AI agents to securely interoperate and complete payments autonomously. |
| Agent2Agent Protocol (A2A) | Standard for agents to talk to each other; AP2 can extend it. | An open standard for secure communication and task management between AI agents. |
| Checkout Mandate | Authorizes completing a specific checkout; the merchant signs the cart. | A Mandate used for authorizing the completion of a checkout. |
| Closed Mandate | A mandate bound to a specific action with a verifier. | A Mandate bound to a particular action with a Verifier to authorize the agent. |
| cnf (Holder Key) | Confirmation claim in the SD-JWT carrying the holder's public JWK — the key that signs KB-JWT. | Confirmation method (RFC 7800) that binds a token to a holder key, so a verifier knows who is allowed to present it. |
| Credential Provider (CP) | The user's wallet — holds and releases payment credentials. | A secure entity, like a digital wallet, responsible for managing and executing the user's payment and identity credentials. |
| Disclosure | `[salt, name, value]` triple revealed by the holder; base64url-encoded and hashed into `_sd`. | The unit of selective disclosure in SD-JWT; the verifier hashes a presented disclosure and looks it up in `_sd`. |
| Human-Not-Present (HNP) | The user pre-authorizes constraints; the agent acts later on their behalf. | A journey where the agent proceeds with payment in the user’s absence under pre-approved conditions. |
| Human-Present (HP) | The user is available to approve the payment in the moment. | A journey where the human is available when the payment must be authorized. |
| Issuer–Holder–Verifier | The three-party trust model SD-JWT formalizes: issuer signs, holder presents selectively, verifier checks. | Roles defined by the W3C/IETF verifiable-credentials model; AP2 maps them to Bank → Shopping Agent → Merchant. |
| KB-JWT (Key-Binding JWT) | A JWT signed by the holder over `(aud, nonce, iat, sd_hash)` proving they intend *this* presentation for *this* verifier. | Key-Binding JWT (RFC 9901, `typ=kb+jwt`); `sd_hash` covers the entire presentation up to the KB. |
| Mandate | Signed, hash-bound intent — the unit of trust in AP2. | A signed authorization created when a user (or merchant) consents to an action. |
| Mandate Receipt | A verifier-signed token recording the result of an authorization. | A Verifier-signed JWT indicating the result of the action authorization. |
| Merchant (M) | Owns the catalog, signs the cart, and fulfills the order. | The source of the Checkout; owns the catalog and fulfills orders. |
| Merchant Payment Processor (MPP) | Submits the transaction into the payment ecosystem for authorization. | Responsible for processing payments and verifying the Payment Credential is authorized to pay for this Checkout. |
| Model Context Protocol (MCP) | Standard for connecting agents to external tools, APIs, and data. | A protocol standardizing how AI models and agents connect to and interact with external resources like tools, APIs, and data sources. |
| Network / Issuer | Runs the payment rails and issues credentials/tokens; performs final authorization. | The provider of the payment network and the issuer of payment credentials to the user. |
| Open Mandate | A mandate not yet bound to a specific action; carries constraints. | A Mandate not yet bound to a particular action; carries constraints applied to a closed mandate. |
| Payment Mandate | Authorizes the payment for a checkout; shared with network/issuer for trust. | A Mandate used for authorizing the payment for a particular checkout. |
| SD-JWT | A JWT whose claims can be revealed individually via base64url-encoded [salt, name, value] disclosures hashed into an `_sd` array. | Selective Disclosure JWT (RFC 9901); foundation of AP2 mandates with key binding. |
| Selective Disclosure | Reveal only the fields each party needs — keeps PCI/private data minimal. | Mechanism (via SD-JWT) preventing shopping-side agents from seeing sensitive payment data. |
| Shopping Agent (SA) | The agent that talks to the user, finds products, and drives the purchase. | The primary agent performing product discovery, building the checkout, and executing the purchase. |
| Strong Customer Authentication (SCA) | Regulatory requirement to strongly authenticate and link a transaction. | A process required by regulatory frameworks for online identification and transaction initiation. |
| Trusted Surface (TS) | A non-agentic UI where the user gives informed, signed consent. | A secure, non-agentic interface that renders Mandate Content to the user for authorization and consent. |
| Universal Commerce Protocol (UCP) | The commerce layer: a standard Checkout Object that AP2 signs as a Checkout Mandate. | A protocol providing a Checkout Object standard when used with the Checkout Mandate (ucp.dev). |
| Verifiable Intent | Trust based on signed proof, not on guessing what an LLM meant. | Transactions anchored to deterministic, non-repudiable proof of intent from all parties. |