Why it matters

Token security is what makes AP2 safe. Understanding scoping and single-use prevents replay attacks.

Advertisement

The architecture

Token payload: amount, currency, merchant ID, expiration, nonce, signature.

Scoping: bound to specific payment intent. Reuse for other charges rejected.

AP2 token lifecycleToken issuedwallet signsMerchant redeemssingle-useExpiresshort lifetimeToken scoping prevents reuse for different amount or merchant; signature prevents forgery
Token characteristics.
Advertisement

How it works end to end

Signature: wallet signs with private key. Merchant verifies via wallet's public key.

Single-use: token consumed at redemption. Replay attempts rejected.

Expiration: minutes to hours typical. Bounds risk if token intercepted.

Refund tokens: separate flow for reversals.