The CTO’s Guide to Agentic Commerce: Protocols, Architecture, and Implementation

Last updated: March 2026

Five protocols. Four transports. Three payment layers. Two competing alliance blocs. And one question your board will ask before the year is out: can customers buy from us through an AI agent?

This guide provides the technical decision framework for engineering leaders evaluating agentic commerce. It covers protocol selection, architecture design, security requirements, and a phased implementation roadmap – grounded in the official specifications released between September 2025 and March 2026.

---

The Architecture You Need to Build

Agentic commerce introduces a new distribution surface alongside your existing web and mobile storefronts. Instead of rendering HTML for browsers, you expose structured APIs that AI agents – ChatGPT, Gemini, Perplexity, Copilot, and custom enterprise agents – consume programmatically to search products, build carts, and complete purchases on behalf of consumers.

The reference architecture has four layers:

+------------------------------------------------------------------+
|  Layer 4: Agent Surfaces                                         |
|  ChatGPT Instant Checkout | Google AI Mode | Gemini | Custom     |
+------------------------------------------------------------------+
|  Layer 3: Commerce Protocols                                     |
|  UCP (Google/Shopify) | ACP (OpenAI/Stripe) | A2A (Google)      |
+------------------------------------------------------------------+
|  Layer 2: Transport & Tooling                                    |
|  MCP (Anthropic) | REST | gRPC | MCP-UI (Shopify)               |
+------------------------------------------------------------------+
|  Layer 1: Commerce Infrastructure                                |
|  Product Catalog | Inventory | Pricing | Payments | Fulfillment  |
+------------------------------------------------------------------+

Layer 1 is your existing commerce backend. Layers 2 and 3 are the new integration surfaces. Layer 4 represents the AI platforms where consumers interact with agents. Your engineering investment concentrates on Layers 2 and 3.

---

Protocol Selection Matrix

Two open standards dominate the landscape. Both are Apache 2.0 licensed and vendor-neutral in principle. In practice, each is tightly coupled to its steward’s AI ecosystem.

Dimension	UCP (Google + Shopify)	ACP (OpenAI + Stripe)
Primary use case	Search-to-buy (Google AI Mode, open web)	Chat-to-buy (ChatGPT Instant Checkout)
Transport options	REST, MCP, A2A, gRPC	REST, MCP
Discovery mechanism	/.well-known/ucp JSON manifest	Product feed submission (CSV/JSON)
Payment infrastructure	PSP-agnostic; Agent Payments Protocol (AP2)	Stripe-native; SharedPaymentToken (SPT)
Checkout model	Session state machine with escalation protocol	5-endpoint REST API
Capability negotiation	Dynamic (agent + merchant publish, intersection computed)	Static (merchant declares, agent consumes)
Partners	Shopify, Etsy, Walmart, Target, Wayfair	Stripe (founding); growing merchant base
Status (March 2026)	Waitlist / rolling access	Live since September 2025
Transaction fee	Not yet disclosed	4% per transaction (on top of PSP fees)

Decision framework:

• Implement ACP first if your primary goal is ChatGPT’s 900M+ weekly active users and you already use Stripe.
• Implement UCP first if your priority is Google Search AI Mode discovery and you need PSP flexibility.
• Implement both if you are a mid-market or enterprise brand. The integration surfaces share enough infrastructure (product data, inventory APIs, checkout logic) that the marginal cost of the second protocol is significantly lower than the first.

The protocols are complementary, not mutually exclusive. Both support MCP as a transport layer, which means a single MCP server can serve as the foundation for both.

---

MCP Server: The Highest-Leverage Investment

The Model Context Protocol, originally developed by Anthropic in late 2024, has become the de facto standard for connecting AI agents to external systems. Both UCP and ACP support MCP as a transport. Shopify ships MCP endpoints on every store by default at /api/mcp. Payment providers including PayPal, Visa, Marqeta, and Worldpay have launched MCP servers. Enterprise platforms like commercetools and Salesforce B2C Commerce provide MCP services.

Building an MCP server for your commerce platform is the single highest-leverage investment because it creates a universal integration point. Any MCP-compatible agent – Claude, ChatGPT, Gemini, Cursor, custom enterprise agents – can interact with your catalog and checkout without protocol-specific adapters.

Core MCP tools to implement:

Tool	Purpose	Protocol Coverage
search_catalog	Product discovery with semantic context	UCP, ACP, standalone
get_product_details	Variant-level product information	UCP, ACP, standalone
create_cart / update_cart	Cart management	UCP, ACP, standalone
get_checkout_session	Session state retrieval	UCP, ACP
complete_checkout	Payment processing	UCP, ACP

Reference implementation: Shopify’s Storefront MCP Server (https://{shop}.myshopify.com/api/mcp) requires no authentication for public storefront data and supports search_shop_catalog, get_cart, update_cart, and search_shop_policies_and_faqs. Study this implementation as the canonical pattern.

---

UCP Implementation: Discovery, Capabilities, and Checkout

UCP follows a TCP/IP-inspired layered architecture. Layer 1 is the Shopping Service (checkout sessions, line items, totals). Layer 2 defines Capabilities (Checkout, Orders, Catalog). Layer 3 contains Extensions (domain-specific schemas like loyalty or fulfillment).

Step 1: Publish the Discovery Manifest

Host a JSON document at https://yourdomain.com/.well-known/ucp:

{
  "version": "1.0",
  "serviceEndpoints": {
    "checkout": "https://api.yourdomain.com/ucp/checkout",
    "orderWebhook": "https://api.yourdomain.com/ucp/orders/webhook"
  },
  "capabilities": [
    "dev.ucp.shopping.checkout",
    "dev.ucp.shopping.discount",
    "dev.ucp.shopping.fulfillment",
    "dev.ucp.identity.linking"
  ],
  "paymentHandlers": ["googlePay", "stripe", "payPal"],
  "publicKey": "<signature-verification-key>"
}

CORS headers are required: Access-Control-Allow-Origin: *, Access-Control-Allow-Methods: GET, OPTIONS. Serve with Content-Type: application/json. Cache aggressively at the CDN layer.

Step 2: Implement Three Core Endpoints

Endpoint	Method	Purpose
/checkout-sessions	POST	Create session with line items, buyer info, currency, payment handler
/checkout-sessions/{id}	PUT	Update session (apply discount, change fulfillment, update buyer info)
/checkout-sessions/{id}/complete	POST	Finalize with AP2 cryptographic payment proof

Every response must return the full current checkout state. Use idempotency-key headers on all mutation endpoints. Sign webhook payloads with HMAC-SHA256.

Step 3: Identity Linking (Optional but Recommended)

Implement OAuth 2.0 authorization to enable returning customer experiences – saved addresses, payment methods, loyalty points. Authorization codes must expire within 5 minutes. Validate redirect URIs strictly.

Latency Requirements

Product discovery responses must complete in under 200ms. Agents deprioritize or skip merchants with slow APIs. Checkout completion must stay under 500ms. These are not aspirational targets; they are table stakes for agent visibility.

---

ACP Implementation: Five Endpoints and SharedPaymentToken

ACP defines a focused checkout API. Where UCP is a broad capabilities framework, ACP is deliberately narrow: get products into a cart and get the cart paid for.

The Five Endpoints

Endpoint	Method	Purpose
/checkouts	POST	Create checkout session with items, buyer info, fulfillment address
/checkouts/{id}	GET	Retrieve current session state
/checkouts/{id}	PUT	Update items, shipping method, buyer information
/checkouts/{id}/complete	POST	Process payment via SharedPaymentToken
/checkouts/{id}/cancel	POST	Release inventory, update status

Session states follow a linear progression: not_ready_for_payment to ready_for_payment to completed (or canceled). All monetary amounts are in integer cents. Currency codes use ISO 4217 lowercase format.

SharedPaymentToken Integration

Stripe’s SharedPaymentToken (SPT) is the first ACP-compliant payment method. The token is provisioned by the agentic application (ChatGPT), scoped to a specific amount and seller, single-use, and time-bound.

The complete checkout request passes the SPT in the payment data:

POST /checkouts/{id}/complete
{
  "payment_data": {
    "token": "spt_abc123",
    "provider": "stripe",
    "billing_address": { ... }
  }
}

You process this token through your existing Stripe integration. PCI DSS Level 1 merchants can alternatively use proprietary vaults. The merchant remains the merchant of record in all cases – OpenAI never processes the payment.

Product Feed Integration

Merchants supply structured product data via CSV or JSON feeds. Feeds include product IDs, descriptions, pricing, inventory status, media URLs, and fulfillment options. Feed accuracy directly determines whether your products appear in ChatGPT recommendations.

Certification

ACP requires a certification process with OpenAI. You must pass conformance checks covering product feed accuracy, all four checkout endpoints, SPT payment processing, webhook delivery reliability, and order lifecycle management. Shopify and Etsy merchants have pre-existing eligibility and can bypass several steps.

---

Security Architecture

The Zero-Signal Crisis

When an AI agent executes a purchase, every traditional fraud detection signal disappears simultaneously. Device fingerprints, browser behavior patterns, session duration, geolocation, typing patterns – all absent. A legitimate agent purchase is indistinguishable from bot fraud using conventional detection methods.

This is not a theoretical concern. Visa’s Payment Ecosystem Risk and Control (PERC) team identified a greater than 450% increase in dark web community posts mentioning “AI Agent” over six months. Friendly fraud already accounts for approximately 75% of all chargebacks, costing merchants an estimated $132 billion annually. Agentic commerce amplifies this exposure.

The Layered Trust Architecture

Layer 4: Consumer Intent      Verifiable Intent (Mastercard + Google), user authorization proofs
Layer 3: Agent Identity       Visa TAP signatures, Mastercard Agentic Tokens, DIDs
Layer 2: Transaction Security PCI DSS compliance, vault tokenization, 3D Secure
Layer 1: Network Security     TLS 1.2+, API authentication, rate limiting, HMAC signatures

Verifiable Digital Credentials

Mastercard and Google announced Verifiable Intent on March 5, 2026 – the most significant development in agentic commerce trust. The protocol captures three elements: the cardholder authorizing the agent, the consumer’s specific instructions (intent scope), and the interaction between agent and merchant resulting in a purchase. It creates a tamper-resistant audit trail for dispute resolution, built on standards from FIDO Alliance, EMVCo, IETF, and W3C.

PCI DSS for AI Agents

The PCI Security Standards Council has published AI principles for payment environments. Key requirements include:

• Least privilege (Requirement 7): Agents must never access the full card vault. Use scoped tokens, not raw PANs.
• Audit logging (Requirement 10): Every agent-initiated transaction must have a traceable chain from user authorization to payment execution, including prompt inputs and reasoning.
• Documentation and oversight: Organizations must document agent privileges, validate AI outputs, and maintain human oversight mechanisms.

Practical Security Checklist

1. Vault-first architecture: agents handle tokenized aliases only (VGS, Stripe tokens, network tokens).
2. Scoped delegation tokens: time-limited, amount-limited, category-limited.
3. Cryptographic intent chains: signed records from user authorization through agent action to payment execution.
4. Agent behavior profiling: baseline purchase frequency, amounts, and categories; flag deviations.
5. Per-agent and per-user transaction velocity limits.
6. HMAC-SHA256 signature verification on all webhook deliveries.
7. Replay attack protection: 5-minute timestamp windows on signed requests.
8. Human-in-the-loop escalation for transactions exceeding defined thresholds.

---

Infrastructure Requirements

Performance Targets

Metric	Target	Consequence of Missing
Product discovery response	<200ms	Agents deprioritize or skip your merchant
Checkout completion	<500ms	Cart abandonment by agent
Error rate	<1%	Trust score penalties from platforms
Uptime	99.9%+	Delisted from agent recommendations
Agent discovery rate	95%+	Reduced visibility in AI surfaces

Recommended Stack

Component	Recommendation
Compute	Edge functions (Cloudflare Workers, Vercel Edge, Lambda@Edge)
Product cache	Redis with webhook-based invalidation on inventory changes
Order database	PostgreSQL
CDN	Required for /.well-known/ucp manifest and product data
Monitoring	APM with sub-200ms alert thresholds on agent-facing endpoints
Rate limiting	Token bucket with burst allowances; separate limits for agent vs. human traffic

Caching Strategy

Product discovery endpoints benefit from aggressive edge caching. Invalidate on inventory_levels/update webhooks. Checkout endpoints must not be cached. The /.well-known/ucp manifest should be cached at the CDN with a TTL of 5-15 minutes.

---

Team and Skills Needed

Role	Responsibility	Allocation
Backend engineer (senior)	MCP server, checkout endpoints, payment integration	1 FTE for 8-12 weeks
Infrastructure / DevOps	Edge deployment, caching, monitoring, rate limiting	0.5 FTE for 4-6 weeks
Product data engineer	Catalog normalization, feed generation, data quality	0.5 FTE ongoing
Security engineer	PCI compliance review, tokenization, webhook signing	0.25 FTE for 4 weeks
QA engineer	Conformance testing, edge case validation, load testing	0.5 FTE for 4-6 weeks

For Shopify-native merchants using the Universal Commerce Agent app, the team requirement drops to a product data engineer (1-2 weeks) and a QA engineer (2-3 days).

---

Build vs. Buy Decisions

Component	Build	Buy / Use Platform
MCP server	Custom (if headless or custom platform)	Shopify Storefront MCP (free, every store)
UCP endpoints	Custom (2-4 weeks)	Shopify Universal Commerce Agent app (<48 hours)
ACP endpoints	Custom (2-4 weeks)	Stripe Agentic Commerce Suite (hosted ACP endpoint)
Product feed management	Custom ETL pipeline	Shopify Global Catalog; Google Merchant Center
Payment tokenization	VGS, custom vault	Stripe SPT (ACP-native); Google Pay tokens (UCP)
Agent analytics	Custom dashboards	Platform dashboards (Shopify admin, OpenAI merchant dashboard)
Fraud detection	Extend existing ML models with agent signals	Visa TAP, Mastercard Verifiable Intent (emerging)

---

Six-Month Implementation Roadmap

Month 1: Foundation

• Audit product catalog: structured titles (Brand + Model + Size + Color), standardized attributes, unique SKUs on every variant, real-time inventory accuracy.
• Deploy MCP server with search_catalog and get_product_details tools.
• Implement edge caching for product discovery endpoints with sub-200ms response times.
• Set up monitoring and alerting on agent-facing endpoints.

Month 2: First Protocol

• Implement ACP (5 checkout endpoints) if Stripe-based, or UCP (3 endpoints + manifest) if Google/PSP-agnostic.
• Integrate SharedPaymentToken processing (ACP) or AP2 token handling (UCP).
• Implement webhook delivery with HMAC-SHA256 signing and retry logic.
• Begin certification process with OpenAI (ACP) or join UCP waitlist (Google).

Month 3: Second Protocol + Security

• Implement the second protocol, reusing checkout infrastructure from month 2.
• Deploy vault-first payment architecture if not already in place.
• Add agent behavior profiling and per-agent rate limiting.
• Implement idempotency handling on all mutation endpoints.

Month 4: Identity and Trust

• Implement OAuth 2.0 identity linking (UCP) for returning customer experiences.
• Integrate Visa TAP or Mastercard Agentic Tokens for agent identity verification.
• Build cryptographic intent chain logging for dispute resolution.
• Add human-in-the-loop escalation for high-value agent transactions.

Month 5: Optimization

• Analyze agent traffic patterns; optimize caching and rate limiting.
• A/B test product data formatting for agent discovery rates.
• Implement cross-protocol analytics dashboard.
• Load test for agent traffic spikes (agent traffic is bursty by nature).

Month 6: Scale and Measure

• Full production deployment across all agent surfaces.
• Establish baseline metrics: agent discovery rate, conversion rate, AOV comparison.
• Revenue attribution analysis: agentic channel vs. traditional channels.
• Publish agent-specific return and dispute policies.

---

Frequently Asked Questions

Do I need to implement both UCP and ACP?

For maximum reach, yes. ACP gives you ChatGPT’s 900M+ weekly users. UCP gives you Google Search AI Mode and the Gemini ecosystem. The protocols share enough infrastructure – product data, inventory APIs, checkout logic – that the marginal cost of the second implementation is 30-40% of the first.

What is the real cost of ChatGPT Instant Checkout?

4% per transaction on top of standard Stripe processing fees (2.9% + $0.30 in the US). Total take rate approaches 7%. This is significant but comparable to marketplace fees. Evaluate against the customer acquisition cost of reaching ChatGPT’s user base through traditional marketing.

How do I prevent agents from exploiting discount codes?

Implement strict discount stacking rules enforced server-side, not client-side. Add agent-specific rate limits on discount redemption. Consider agent-specific promotional codes that you can control and revoke independently. Both UCP and ACP pass discount codes through the checkout session – validation is your responsibility.

What happens if my API is slow?

Agents skip slow merchants. This is documented in platform guidelines and confirmed by early merchant experience. A product discovery endpoint that takes 800ms instead of 150ms may never surface your products in agent recommendations. Invest in edge caching and monitor latency obsessively.

How do I handle chargebacks on agent-initiated transactions?

The merchant remains liable under current card network rules. However, Verifiable Intent records (Mastercard + Google, March 2026) create a tamper-resistant audit trail that can weaken fraudulent chargeback claims. Log delegation proofs alongside transaction data. Set agent-specific transaction limits. Require out-of-band consumer confirmation for high-value purchases.

Should I use Shopify’s built-in MCP or build my own?

If you are on Shopify, use the built-in Storefront MCP Server (/api/mcp) – it is free, live on every store, and maintained by Shopify. Build a custom MCP server only if you run a headless or custom commerce platform, or if you need tools beyond what Shopify exposes (custom search ranking, dynamic pricing, B2B-specific logic).

What PCI compliance changes does agentic commerce require?

No new PCI DSS version is required, but the existing requirements apply with renewed emphasis. Requirement 7 (least privilege) means agents must never access raw card data – tokenized aliases only. Requirement 10 (audit logging) means you must log the complete chain from user authorization through agent reasoning to payment execution. Document agent privileges and maintain human oversight mechanisms.

---

The protocols are shipping. The payment networks are deploying trust infrastructure. The AI platforms are onboarding merchants. The engineering decisions you make in the next two quarters will determine whether your commerce platform is visible to the next generation of buyers – or invisible.

---

References:

• UCP Specification: ucp.dev
• ACP Specification: agenticcommerce.dev
• Stripe ACP Documentation: docs.stripe.com/agentic-commerce/protocol/specification
• Google UCP Developer Guide: developers.google.com/merchant/ucp
• Shopify Agentic Commerce: shopify.dev/docs/agents
• MCP Specification: modelcontextprotocol.io
• Mastercard Verifiable Intent: mastercard.com/us/en/news-and-trends/stories/2026/verifiable-intent
• Visa Trusted Agent Protocol: corporate.visa.com
• PCI SSC AI Principles: blog.pcisecuritystandards.org/ai-principles
• NIST AI Agent Standards Initiative: nist.gov
• CSA Agentic Trust Framework: cloudsecurityalliance.org