How Should E-Commerce Platforms Accept Payments from AI Agents?

For E-commerce platform operators and marketplace builders · Based on Kaliski Safe Agent Payments Framework

// TL;DR

E-commerce operators should adopt the Kaliski Safe Agent Payments Framework to safely accept payments from AI agents acting on behalf of human buyers. Instead of forcing agents through web checkout UIs (which causes errors, chargebacks, and fraud exposure), expose your product catalog as structured JSON and implement Agent-to-Commerce Protocol endpoints for programmatic checkout. Accept Shared Payment Tokens that surface card metadata so your existing fraud systems keep working. You don't need to rebuild risk infrastructure — just add a programmatic checkout layer.

Why Are AI Agents Buying from My Store and What Should I Do About It?

AI shopping agents are already making purchases online. When an agent navigates your web checkout like a human — clicking buttons, filling forms, parsing prices from HTML — the results are unreliable. Misread prices lead to disputes. Incorrect shipping selections create fulfillment errors. Browser automation breaks when you update your UI.

The Kaliski Safe Agent Payments Framework solves this from the seller's side. You don't need to understand or control the agent — you need to give agents a reliable, structured way to transact with your business.

The core principle for sellers: robots prefer code. Web UIs are for humans; APIs are for agents. By exposing a programmatic checkout interface, you turn unreliable agent interactions into predictable, auditable transactions.

How Do I Make My Product Catalog Agent-Friendly?

Your first step is exposing your product catalog as structured JSON. Each product entry should include:

- Product ID and name

- Description (plain text, not HTML)

- Images (direct URLs)

- Pricing (base price, currency, unit)

- Availability and stock status

- Variant options (size, color, etc.)

- Shipping eligibility

This is not a new concept — it's essentially a well-structured product feed. Many platforms already generate these for Google Shopping or affiliate networks. The key difference is making it directly accessible to agent buyers via API, not just as a static feed.

Agents using this structured catalog will select the right product far more reliably than agents scraping your web pages.

How Do I Implement Agent-to-Commerce Protocol Checkout?

The Agent-to-Commerce Protocol (ACP) replaces browser-based checkout with a structured, programmatic back-and-forth:

1. Checkout initiation: The agent sends a POST with line items and quantities. Your system responds with the full cart state — line items, base prices, applicable taxes, and available fulfillment options.

2. Cart updates: When the agent changes shipping method, quantity, or payment method, it sends an update request. You respond with the new cart state. Every change triggers a fresh, authoritative state response from your system.

3. Payment submission: The agent submits a Shared Payment Token. You process the payment, and the PSP validates the token's mandate (seller scope, amount cap, currency, expiry).

4. Order confirmation: You return a structured order confirmation with order ID, expected delivery, and tracking information.

Critically, your system provides all pricing, taxes, and totals. The agent never calculates these independently. This eliminates the most common source of chargebacks in agent-mediated transactions: price disagreements caused by the agent parsing stale or incorrect amounts from your web pages.

How Do Shared Payment Tokens Work with My Existing Fraud Systems?

This is where many sellers worry — will agent payments bypass my fraud detection? Under the Kaliski framework, no.

Shared Payment Tokens are required to surface card brand, last four digits, and credit type to you as the seller. Your existing risk systems can evaluate these signals exactly as they do for human customers. The token is scoped and constrained, but it is not opaque.

You retain the customer relationship you expect. You see the payment method metadata. You run your fraud checks. The only difference is that checkout happened via API instead of a web form.

If an incoming token hides payment metadata, the Kaliski framework says you should reject it. Transparency is a requirement, not an option.

What If I Sell on a Marketplace — Does This Apply to Me?

Yes. Marketplace operators should implement ACP at the platform level, giving agent buyers a consistent checkout experience across all sellers. Individual sellers on the marketplace benefit without each building their own agent-facing API. The marketplace handles token acceptance, cart state management, and payment routing while each seller's existing fulfillment and risk processes remain unchanged.

Next step: Audit your current checkout flow and identify the minimum API endpoints needed to support ACP — start with a JSON catalog endpoint and a checkout initiation endpoint. These two alone dramatically reduce agent error rates.

// FREQUENTLY ASKED QUESTIONS

Will accepting AI agent payments increase my chargeback rate?

Not if you implement the Agent-to-Commerce Protocol. Chargebacks from agent purchases typically occur because the agent misread a price or selected the wrong item from a web UI. ACP eliminates this by making your system the authoritative source for pricing, taxes, and cart state. The agent confirms your numbers, not its own interpretation. Combined with Shared Payment Tokens that surface card metadata for your fraud checks, agent transactions can actually have lower dispute rates than human web transactions.

Do I need to rebuild my fraud detection for agent payments?

No. The Kaliski framework requires Shared Payment Tokens to surface card brand, last four digits, and credit type to sellers. Your existing fraud systems can evaluate these signals exactly as they do for human customers. You only need to add a programmatic checkout layer (ACP endpoints) alongside your web checkout. Your risk infrastructure, fulfillment systems, and order management remain unchanged.

Can I still require human approval for large agent orders?

Yes, and the framework supports this naturally. Shared Payment Tokens have amount caps enforced by the PSP, so orders exceeding the mandate are automatically declined. You can also build approval workflows into your ACP endpoints — returning a pending status for orders above a threshold and requiring human confirmation before processing payment. The structured nature of ACP makes it easy to insert review steps at any point in the checkout flow.