By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
DenyAccept

How AP2 defines what an AI agent can do

Published
April 21, 2026
Table of content
This is also a heading
This is a heading

Join 14,000+ identity enthusiasts who subscribe to our newsletter for expert insights.

By subscribing you agree to with our Privacy Policy.
Success! You’re now subscribed to the newsletter.
Oops! Something went wrong while submitting the form.

We’re starting to see agents move beyond research. They can already compare products, find the best options and recommend what to buy.

The next step is obvious: “Go ahead and buy it for me.”

That’s where things get tricky.

Because the moment an agent can transact, one question becomes critical:

How does the system know the agent is actually authorized to do that?

Introducing AP2: giving agents provable authority

In this 2-minute video, Mike Parkhill, our Head of Engineering, demoed the Agentic Payment Protocol (AP2), an emerging approach to this problem.

Instead of relying on implicit trust, AP2 introduces explicit, verifiable instructions.

These come in the form of credentials called mandates:

  • Cart mandate → “Buy this exact item, from this retailer, at this price”
  • Intent mandate → “Find and buy something within these constraints (budget, brand, etc.)”
  • Payment mandate → “Here’s how to pay, and who is responsible”

Each of these is issued as a verifiable credential.

What this looks like in practice

In the demo, Mike showed a simple example:

A user issues a cart mandate to an agent, for example: buy Nike running shoes, size 11, from Amazon for $145.

That instruction isn’t just text.

It becomes a credential issued to the agent (and visible in the agent wallet).

As these flows evolve, the idea is that when the agent interacts with a merchant or payment provider, it can present that credential to prove what it was asked to do, who authorized it, what constraints it must follow.

Without a mechanism like this, it becomes difficult to safely let agents act on our behalf.

AP2 points toward a model where agent actions are provable and constrained.

It’s still early, but this is a strong direction for making agent-driven transactions more secure and more auditable.

Watch the full demo

We covered this in much more detail in the full webinar.

Mike walks through:

  • How the Truvera MCP server works and what digital identity capabilities it exposes to agents
  • How to issue a verifiable credential using MCP
  • How that digital ID credential is stored in a wallet and later verified through a proof request
  • And how AP2 credentials (like a cart mandate) can be issued directly to an agent

If you’re exploring agentic systems or thinking about how identity fits into them, it’s worth watching the full session.

A unified identity experience, without rebuilding your stack

Truvera helps you issue and verify digital IDs using the identity systems you already have. Connect IAM, IDV, and partner systems to create a unified identity experience that reduces re-verification, lowers friction across channels, and enables trusted interactions at scale.

Request free consultation
Sign up

Ready to get started?

Sign up to TruveraRequest Free Consultation

Company

Truvera Platform

Developers

Use Cases

Resources

Copyright © 2020-2024 Dock Labs AG