ACP vs AP2 vs x402: Complete Guide to Agentic Payment Protocols

When an AI agent needs to pay for something on behalf of a user, which protocol does it use? The answer in 2026 is not one protocol — it is three. ACP (Agent Commerce Protocol) from Stripe and OpenAI handles traditional fiat payments through familiar card rails. AP2 (Agent Payment Protocol) from Google manages cart-level mandates where users pre-approve spending limits. And x402, championed by Coinbase and Cloudflare, enables USDC stablecoin payments using the HTTP 402 status code. Each protocol solves a different problem, and the most prepared merchants will support all three.

ACP is the most familiar of the three protocols because it builds on existing Stripe payment infrastructure. When an agent uses ACP, it creates a payment intent through Stripe's API, the user's stored payment method is charged, and the merchant receives fiat currency through normal settlement rails. ACP's strength is compatibility — any merchant already using Stripe can enable ACP with minimal changes. The protocol handles authentication, payment capture, and refunds through the same infrastructure merchants already trust.

AP2 takes a fundamentally different approach. Instead of authorizing individual transactions, the user pre-approves a spending mandate — a budget and set of rules that the agent operates within. The agent can add items to a cart, compare prices, and execute purchases as long as the total stays within the mandate. Google designed AP2 for shopping scenarios where the agent needs autonomy to make multiple decisions without interrupting the user for each approval. The mandate acts as a trust boundary: the user sets the rules once, and the agent operates within them.

x402 is the most technically novel of the three. It repurposes the HTTP 402 Payment Required status code — dormant since the 1990s — to create a native payment layer in HTTP itself. When an agent hits a 402 endpoint, the response includes a PAYMENT-REQUIRED header with the price, wallet address, and network details. The agent constructs a USDC stablecoin payment, signs it, and includes a PAYMENT-SIGNATURE header in the retry request. Settlement is on-chain, typically on Base (Coinbase L2), with verification in seconds rather than days.

Each protocol approaches security differently. ACP inherits Stripe's PCI compliance, fraud detection, and chargeback protections. AP2 uses mandate-based limits as the primary trust mechanism — the agent physically cannot overspend. x402 relies on cryptographic wallet signatures and on-chain verification, with no intermediary holding funds. For merchants, the security model matters because it determines liability, dispute resolution, and how much trust infrastructure you need to build versus what the protocol provides.

A multi-protocol PSP (Payment Service Provider) bridge normalizes all three protocols into a single merchant interface. Inbound adapters detect which protocol the agent is using, normalize the payment intent into a common format, apply merchant-defined rules through a policy engine, and route to the appropriate settlement path. This is exactly what the AgenticMCPStores Protocol Bridge does — one integration for merchants, three protocols for agents. The merchant sees a unified order flow regardless of whether the agent paid with Stripe, Google Pay, or USDC.