Agent Payment Protocol (AP2) defines how an agent acts on behalf of a user to spend money — authorization, capture, refund, reconcile. The hard part isn't the protocol; it's the trust and consent model around it.
Consent and authorization
User pre-authorizes the agent for a scope: 'spend up to $X on category Y from card Z'. Each transaction checks scope. Scope changes need user confirmation. Audit log of every charge.
Two-step charge
Authorize (hold funds) → capture (commit). Decouples the agent's decision from the irrevocable charge. Allows verification, cancellation, partial capture. Standard payment-processing pattern; AP2 mandates it.
Reconciliation
Daily / per-transaction reconciliation: agent's records vs payment processor's records. Discrepancies investigated. Required for any production agent-payment integration; many AP2 implementations underbuild this.