Intent, Cart, Payment: The 3 Mandates Decoded
- The Cryptographic Chain: Google's AP2 protocol relies on a strict, sequential chain of three mandates to process agentic payments securely.
- Intent Mandate: This first signature establishes the user's initial request, budget limits, and specific parameters.
- W3C Standard Compliance: All three mandates are formatted as W3C Verifiable Credentials to ensure tamper-proof machine-to-machine validation.
- Dispute Survival: Retaining these authorization receipts is the only way a merchant can win a chargeback dispute triggered by an autonomous agent hallucination.
Intent, cart, payment: the 3 signed mandates that decide if an agent purchase survives a dispute. Get the order wrong, or miss a single cryptographic signature, and none of them count.
As enterprises scale autonomous purchasing, understanding this cryptographic chain is the most critical component of the agentic commerce AI agent payment protocols stack.
Without these mandates, you cannot definitively prove a human user authorized a machine to spend capital.
If a transaction chain breaks because of a missing or invalid mandate, the transaction becomes immediately contestable, and the party without the signed proof absorbs the entire financial loss.
The Authorization Chain: Decoding AP2 Mandates
To eliminate the liability gap in automated purchasing, the AP2 framework avoids relying on standard API keys.
Instead, it uses a digitally signed statement from the consumer that defines exactly what the agent may spend, on what, with what limits, and for how long.
What is the Intent Mandate?
The Intent Mandate is the genesis of the transaction. It captures exactly what the human user originally requested.
For example, a user might prompt: "buy running shoes under $150, arriving Friday". The Intent Mandate cryptographically seals these exact parameters—budget, category, and timeline—so the agent cannot deviate from them later in the flow.
Understanding how agents discover these products before the intent is sealed requires a deep look at the foundational discovery models found in the MCP vs A2A vs ACP protocol ecosystems.
What is the Cart Mandate?
The Cart Mandate is generated and signed once the AI agent has interacted with the merchant's checkout endpoint.
This document records the exact items the agent actually assembled in response to the initial prompt. It proves that the SKU, final price, and shipping details perfectly align with the guardrails established by the Intent Mandate.
What is the Payment Mandate?
The final link is the Payment Mandate. This specific credential defines exactly what the merchant or the underlying payment network will be charged.
It authorizes the actual clearing event, bridging the AI's logic to the final settlement rail (such as a card network or a stablecoin protocol).
Cryptography and Compliance: W3C Verifiable Credentials
These mandates are not simple JSON payloads; they are robust cryptographic assets designed for high-stakes enterprise compliance.
How Mandates Differ From Tokenized Cards
A standard tokenized credit card merely proves that the buyer is in possession of a valid payment credential. It does not prove why the credential is being used.
In contrast, AP2 mandates travel with the transaction, allowing the merchant and network to verify that the agent had genuine authorization to execute that specific purchase.
Delegation Semantics and Spending Limits
Because the mandates act as W3C Verifiable Credentials, they natively support complex delegation semantics.
This means a procurement officer can issue an Intent Mandate that dictates strict spending limits and tight time windows. If the AI attempts to execute the Cart Mandate one second after the time window closes, the cryptographic chain invalidates itself.
Surviving Disputes: When the Chain Breaks
The sequence of these three documents is not a suggestion; it is a rigid legal and technical requirement.
The Cost of Missing or Invalid Mandates
The order matters immensely. If a mandate is missing or invalid, the entire chain breaks down.
When an AI shopping agent buys the wrong item and the human initiates a chargeback, the merchant must produce the signed mandates. If they skipped the validation of the Intent or Cart mandate at checkout, the merchant absorbs the financial loss.
Post-Purchase Storage and Audit Trails
Enterprises and merchants must architect their databases to store these signed mandates long after the purchase clears.
By treating an unmandated transaction the way finance treats an expense with no receipt, organizations can build automated audit trails that instantly defend against unauthorized AI spending disputes.
Conclusion & CTA
Failing to validate the intent, cart, and payment mandate chain leaves your digital storefront fundamentally exposed to automated fraud and severe chargeback liabilities.
As AI agents dominate the next era of e-commerce, cryptographic authorization is your only defense. Audit your API endpoints, integrate W3C Verifiable Credential support, and ensure your checkout architecture strictly enforces all three AP2 mandates today.
Frequently Asked Questions (FAQ)
The Intent Mandate is the first cryptographic signature in the AP2 chain. It captures the user's explicit request, defining exactly what the AI agent is authorized to buy, along with strict budgetary limits and delivery timelines.
The Cart Mandate is signed after the AI agent selects the items from a merchant. It records the exact contents of the assembled cart, mathematically proving that the selected inventory aligns perfectly with the boundaries set in the Intent Mandate.
The Payment Mandate is the final credential in the chain. It explicitly authorizes the merchant and the underlying settlement network to charge a specific financial amount, finalizing the autonomous transaction securely.
They form a sequential, cryptographically bound chain. The Cart Mandate must mathematically validate against the Intent Mandate, and the Payment Mandate must validate against the Cart Mandate. If any link is out of order or invalid, the transaction fails.
Yes, all three mandates within the AP2 protocol are structured as W3C Verifiable Credentials. This ensures they are globally standardized, machine-readable, and completely tamper-proof against unauthorized alterations during the checkout process.
If a single mandate is missing, improperly ordered, or cryptographically invalid, the chain breaks. The transaction instantly becomes contestable, and the party unable to produce the valid signed proof will absorb the financial loss in a dispute.
Unlike standard API keys, mandates travel alongside the transaction data. They provide merchants and networks with an immutable, retained record proving that a human explicitly defined and approved the agent's specific purchasing actions.
Yes. The Intent Mandate is specifically designed to enforce strict delegation semantics, allowing users to embed hard spending caps, item restrictions, and exact time windows in which the AI agent is permitted to spend funds.
A tokenized card only verifies that a system possesses a valid payment method. Mandates verify the actual human consent behind the action, proving the agent was explicitly authorized to make that specific purchase.
Merchants, payment processors, and enterprise procurement platforms must retain the signed mandates in their databases after a purchase. They serve as the definitive audit trail and primary defense during chargeback arbitrations.