Architecture

AP2 vs x402: Authorization Layer vs Payment Settlement Layer

May 8, 2026

AP2 vs x402: Authorization Layer vs Payment Settlement Layer#

AP2 and x402 are complementary more than they are direct substitutes. AP2 answers whether an agent was authorized to make a payment. x402 answers how a protected HTTP resource can request and verify payment. A serious agent commerce stack may need both.

The confusion comes from the word “payment.” AP2 is about permission, proof, and accountability. x402 is about settlement and access.

The short version#

CriterionAP2x402
Main functionProves authorization and user intentRequests and verifies payment over HTTP
Main artifactMandates and cryptographic proofHTTP 402 payment request and payment proof
Best fitAgent checkout, delegated commerce, auditabilityPaid APIs, MCP tools, data access, microtransactions
Payment railPayment method agnosticOften stablecoin based, expanding through ecosystem support
Core risk addressedWas this agent allowed to buy this?Has this resource been paid for?

What AP2 is designed to solve#

Google introduced AP2 to make agent led payments safer across platforms. The core issue is not just payment execution. It is authorization.

A merchant, issuer, or payment processor needs evidence that a human gave an agent authority to act. The evidence also needs to match the final cart. If the user asked for running shoes under $120, the agent should not silently buy a $230 jacket.

AP2 addresses this through mandate concepts. The protocol records user intent and payment context in a way that can be verified later. Google’s later AP2 update also introduced work around autonomous transactions where the human may not be present at the exact moment of payment, based on prior authorization.

That is a trust layer.

What x402 is designed to solve#

x402 solves a narrower and very practical problem: how can a server request payment before granting access to a resource?

A client asks for a resource. The server responds with HTTP 402 Payment Required and payment details. The client pays or attaches payment proof. The server verifies and returns the resource.

This pattern is especially useful for agents because small, automated transactions are awkward in traditional checkout systems. An agent should not create an account and negotiate a subscription just to buy one API response.

Why AP2 and x402 can be combined#

In a hybrid stack, AP2 can prove authorization while x402 handles settlement.

Example flow:

  1. A user authorizes an agent to buy premium market data up to a defined budget.
  2. AP2 captures the user intent and authorization boundaries.
  3. The agent calls a protected data endpoint.
  4. The endpoint returns an x402 payment requirement.
  5. The agent settles through x402 within the authorized limits.
  6. The merchant or service keeps proof of both authorization and payment.

That stack is stronger than either layer alone.

Where AP2 is stronger#

AP2 is stronger when the transaction has legal, compliance, fraud, or accountability risk.

Good AP2 use cases include:

  1. Retail purchases made by an assistant
  2. Agent based procurement
  3. Travel booking
  4. Insurance policy servicing
  5. High value purchases with pre authorized constraints
  6. Agent to agent payments where responsibility matters

Where x402 is stronger#

x402 is stronger where the transaction is small, digital, and directly tied to resource access.

Good x402 use cases include:

  1. Paid API calls
  2. MCP tool invocation
  3. Premium web content for agents
  4. Data packets
  5. Per request inference
  6. Machine readable research files

AEO implications#

AEO teams should expose both payment and authorization requirements in machine readable form.

For each payable action, document:

  1. Whether the action requires user authorization
  2. Whether autonomous execution is allowed
  3. Which payment protocols are supported
  4. Whether x402 payment is accepted
  5. Which mandate or credential proof is required
  6. How errors and refunds are handled
  7. How an agent verifies completion

This documentation should be linked from llms.txt, the protocol hub, and relevant action pages.

FAQ#

Is AP2 better than x402? AP2 is better for authorization and accountability. x402 is better for direct HTTP payment settlement. They solve different layers.

Does AP2 use x402? AP2 is payment method agnostic and can work with different rails. x402 can be used as a settlement mechanism in AP2 compatible flows.

Should API providers implement AP2? Most API providers should look at x402 or MPP first. AP2 becomes more important when the API action has delegated authority, high risk, or a purchase mandate.

Should ecommerce merchants implement x402? Not as the first protocol in most cases. Ecommerce merchants usually need commerce and authorization layers before raw per request settlement.

Sources#

Primary references: Google Cloud AP2 announcement, Google AP2 FIDO Alliance update, x402 documentation, and Linux Foundation x402 Foundation announcement.