Why it matters
Token security is what makes AP2 safe. Understanding scoping and single-use prevents replay attacks.
Advertisement
The architecture
Token payload: amount, currency, merchant ID, expiration, nonce, signature.
Scoping: bound to specific payment intent. Reuse for other charges rejected.
Advertisement
How it works end to end
Signature: wallet signs with private key. Merchant verifies via wallet's public key.
Single-use: token consumed at redemption. Replay attempts rejected.
Expiration: minutes to hours typical. Bounds risk if token intercepted.
Refund tokens: separate flow for reversals.