What is the Universal Commerce Protocol (UCP)?

UCP is an open standard designed to make e-commerce stores accessible to autonomous AI agents. It provides a standardized interface enabling AI agents to interact with e-commerce stores for shopping transactions. Major retailers like Walmart, Target, and Best Buy use UCP.

What is Agentic Advertising?

Agentic Advertising is a new paradigm where AI agents autonomously discover, evaluate, and recommend products on behalf of consumers. Instead of traditional ads reaching humans, agentic advertising ensures your products are discoverable by AI shopping agents like ChatGPT, Copilot, and Google AI Mode.

How long does UCP integration take?

UCP integration with signalCommerce completes in under 15 minutes. The non-disruptive integration wraps your existing platform (Shopify, WooCommerce, BigCommerce, Magento) without requiring migration. Your store becomes AI-ready with automated UCP endpoint generation.

What platforms does signalCommerce support for UCP integration?

signalCommerce supports UCP integration for Shopify, WooCommerce, BigCommerce, Magento, PrestaShop, OpenCart, plus custom headless stores. The integration provides real-time inventory synchronization for AI systems and OAuth 2.0 security with merchant-controlled permissions.

How does signalCommerce help with agentic advertising?

signalCommerce makes your store discoverable to autonomous AI agents by implementing UCP. This enables your products to appear in AI agent recommendations, driving new customer acquisition through agentic advertising channels like ChatGPT Shop, Copilot Checkout, and Google AI Mode.

What security features does UCP provide?

UCP implementation through signalCommerce includes OAuth 2.0 security with merchant-controlled permissions. You control which AI agents can access your store data, and all transactions are secured through industry-standard protocols.

Who needs UCP and agentic advertising?

Any e-commerce business, D2C brand, or retailer that wants to be discovered by AI shopping agents needs UCP integration. As consumers increasingly use AI agents for shopping, stores without UCP risk becoming invisible to this growing channel.

The Agentic Commerce Protocol Stack

Six core protocols. Nine adjacent standards. One layered map.

E-commerce was built for humans clicking through checkout flows. AI agents cannot click buttons, read CAPTCHAs, or interpret visual page layouts. As agents become autonomous economic participants — discovering products, comparing prices, executing payments — they need a machine-native protocol layer purpose-built for their capabilities. In the last twelve months, Google, OpenAI, Stripe, Visa, Mastercard, FIDO, and Cloudflare have all published protocols targeting different parts of this problem. The result is a rich but fragmented landscape that most product teams are trying to navigate without a map.

The agentic commerce stack at a glance

Core Protocols

UCP, ACP, AP2, A2A, MPP, WebMCP

Adjacent Standards

TAP, Agent Pay, ACE, AMP, FIDO, x402, Bot Auth, IETF, Verifiable Intent

Functional Layers

Discovery → Governance

Adoption Phases

Now → 2028+

This post is that map. We classify the standards into a layered stack, walk through the six core protocols, look at who built what and why, then close with three concrete examples and a phased adoption roadmap.

1. The paradigm shift

Human-driven commerce is sequential and visual: a person opens a browser, browses, adds to cart, fills in card details, and waits for confirmation email. Every step is repeated for every purchase. Agentic commerce collapses the same outcome into five protocol-mediated phases — intent, discovery, negotiation, authorization, execution — and removes the human from everything except intent and confirmation.

The paradigm shift: human-driven vs. agent-driven commerce

TODAY · Human-driven e-commerce

✗
User opens browser and searches manually
✗
Browses — clicks through pages, compares products
✗
Cart — manually adds items, enters shipping info
✗
Pay — types card details, clicks Place Order
✗
Track — refreshes email for confirmation
✗
15+ minutes per purchase · error-prone · no cross-vendor optimization

FUTURE · Agent-driven commerce

✓
Intent — user says "buy running shoes"
✓
Discover — agent finds vendors via A2A
✓
Negotiate — agent compares + negotiates via UCP
✓
Authorize — AP2 creates signed payment mandate
✓
Execute — Agent Pay processes + confirms
✓
Seconds per purchase · cryptographically trusted · cross-vendor optimal

Human in every step ⟶ human only at intent + confirmation. Latency drops from minutes to seconds, error rate collapses, and the agent shops the entire market in parallel.

Latency drops from minutes to seconds. Error rate drops because agents don't fat-finger card numbers or pick the wrong size. Optimization improves because the agent compares across vendors before committing. The constraint shifts from "how fast can I click" to "what does the protocol expose."

2. The protocol stack

The best way to navigate the landscape is through a layered architecture. Each layer addresses a distinct concern, and no single protocol spans the full stack.

The agentic commerce protocol stack

1. Agent Discovery & Collaboration

A2A · ANP · ACP (Comm.) — how agents find and talk to each other

2. Tool / Website Execution

MCP · WebMCP — structured access to tools and websites

3. Agent Trust & KYC

Web Bot Auth · Visa TAP · Mastercard Recognition — proving the agent is legitimate

4. Commerce Session / Cart / Checkout

UCP · ACP — the shopping layer

5. Payment Authorization & Verified Intent

AP2 · Verifiable Intent · FIDO — proving the user authorized the transaction

6. Wallet / Card / Mobile Enablement

AMP · Mastercard Agent Pay · Amex ACE — issuing tokenized credentials to agents

7. Machine-Paid Resources

MPP · x402 — pay-per-call APIs and on-chain micropayments

8. Governance & Standardization

FIDO Alliance · IETF HTTP Signatures — the rules that hold it together

Commerce is only two of the eight layers. Trust, identity, payments, and governance need more infrastructure than the shopping itself.

Key insight: commerce is only two of the eight layers. Trust, identity, payments, and governance collectively require more infrastructure than the shopping itself. If you're a merchant focused on UCP/ACP, you're looking at the middle of the stack — but the agents calling you have to satisfy four other layers before they get there.

3. The six core protocols

Six protocols form the backbone of agentic commerce. Each was built by a different organization to solve a specific problem.

The six core protocols

	Sponsor	Core problem	Best fit	Limitation
UCP	Google	Shared commerce across platforms	Retail ecosystem interop	Broad scope
ACP	OpenAI + Stripe	Deterministic merchant checkout	ChatGPT-style checkout	Checkout only
AP2	Google + partners	Proves user-authorized intent	High-trust autonomous pay	No discovery alone
A2A	Google / Linux Fdn.	Agent discovery & collaboration	Multi-agent workflows	No commerce semantics
MPP	Stripe + Tempo	Pays for APIs over HTTP	Metered API services	No catalog
WebMCP	W3C / Chrome	Replaces brittle scraping	Websites agent-ready	Early draft

Each is necessary for its layer. None is sufficient on its own.

UCP (Google) provides shared commerce flows — product discovery, cart, pricing, fulfillment — across platforms. The broadest scope of any protocol in the stack.
ACP (OpenAI + Stripe) focuses narrowly on deterministic merchant checkout. If you've seen a ChatGPT Shop integration, you've seen ACP.
AP2 (Google + partners) adds cryptographic payment mandates that prove the user authorized the transaction.
A2A (Linux Foundation) handles agent-to-agent discovery and communication. No commerce semantics — just how agents find and talk to each other.
MPP (Stripe + Tempo) enables machine-to-machine payments via HTTP 402 challenges, settled on the Tempo blockchain in USDC.
WebMCP (W3C / Chrome) exposes website capabilities as structured tools for browser-based agents, replacing brittle scraping.

Each is necessary for the layer it covers. None is sufficient on its own.

4. Who built what — and why

Understanding the institutional dynamics is as important as the technical specs. Different organizations are investing in different layers for different strategic reasons.

The protocol ecosystem — by sponsor category

🏗️

Tech GiantsInfrastructure

Google: UCP · A2A · AP2 · OpenAI: ACP · Cloudflare: Web Bot Auth · x402 · W3C / Chrome: WebMCP. Building the agent runtime and commoditizing the substrate underneath it.

💳

Payment NetworksExisting rails

Stripe + Tempo: MPP · Visa: TAP · Mastercard: Agent Pay + Verifiable Intent · American Express: ACE. Keeping agent commerce inside regulated payment infrastructure.

🛡️

Identity & StandardsTrust foundations

FIDO Alliance: Delegation + Auth · IETF: HTTP Signatures · Google + partners: AP2 · Ant Intl / Alipay+: AMP. Becoming the universal verification layer for autonomous agents.

🌐

Open CommunityDecentralized

Linux Foundation: A2A governance · ANP Community: ANP · MCP Ecosystem: MCP · ACP (Comm., folded into A2A). Preventing any single vendor from owning the layer.

The card networks' message is unambiguous: agent commerce should flow through regulated rails, not around them.

Tech giants are building infrastructure (Google: UCP, A2A, AP2; OpenAI: ACP; Cloudflare: Web Bot Auth, x402; W3C/Chrome: WebMCP). Payment networks are extending existing rails (Visa TAP, Mastercard Agent Pay, Amex ACE). Standards bodies are building trust foundations (FIDO delegation, IETF HTTP signatures, AMP wallet). The message from card networks is unambiguous: agent commerce should flow through regulated payment infrastructure, not around it.

5. The trust problem

Of all the challenges in the stack, trust is the most consequential and the least solved. An agent transaction needs answers to four distinct questions, and each is handled by a different protocol family.

Four layers of trust required for a fully autonomous transaction

1. Agent Identity

"Who is this agent?" — Web Bot Auth + Visa TAP. HTTP signatures verify the agent is legitimate before the merchant accepts a session.

2. User Authorization

"Can this agent act for the user?" — AP2 + FIDO Delegation. Cryptographic mandates prove the user gave permission for this specific scope.

3. Payment Capability

"Can this agent actually pay?" — AMP + Mastercard Agent Pay + Amex ACE. Tokenized credentials enable secure payment execution without exposing the underlying card.

4. Merchant Verification

"Is this merchant real?" — Verifiable Intent + UCP profiles. Intent proofs and discoverable merchant profiles confirm legitimacy before the agent commits.

Skip any one and the merchant rejects, or falls back to human confirmation.

All four must be satisfied for a fully autonomous transaction. Skip any one and the merchant either rejects the transaction outright or has to fall back to a human-in-the-loop confirmation step that defeats the point of agentic commerce.

6. Real-world examples

Here is how the protocols compose in practice across three common scenarios.

End-to-end flight booking — protocol handoffs at each step

1. User Intent

User tells agent: "Book cheapest SFO → NYC May 20"

2. Discovery

Agent finds airline agent via A2A Agent Cards

3. Trust Check

Airline verifies agent identity via Web Bot Auth + Visa TAP

4. Commerce

UCP structures cart: flight, seat, bags, price negotiation

5. Pay Auth

AP2 creates signed mandate proving user authorized $450

6. Pay Exec

Mastercard Agent Pay tokenizes + processes card payment

7. Confirm

Agent receives receipt + booking ref via UCP + A2A

Communication, trust, commerce, and payment layers each handle a distinct slice of the flow.

Example 1 — AI shopping assistant buys running shoes

User says "Find and buy Nike Pegasus 41, size 10." The agent discovers three retailers via A2A, compares prices using UCP, constructs a cart, generates an AP2 payment mandate, and completes checkout through ACP. Total time: 8 seconds. Savings vs. the first option: $23.

Protocols: A2A → UCP → AP2 → ACP

Example 2 — coding agent pays for a premium API

The agent calls a premium API and receives an HTTP 402 with an MPP payment challenge ($0.02 per request). It evaluates the cost against the developer's $5/day spending policy, resolves the charge via x402 micropayment, and retries with a payment token. Total: 340 ms, zero human involvement.

Protocols: MPP (402 challenge) → x402 (micropayment) → HTTP 200

Example 3 — procurement agent renews a SaaS contract

The agent discovers the vendor via A2A, authenticates via Web Bot Auth + Visa TAP, negotiates a 10% discount through three rounds of structured back-and-forth in UCP, creates an AP2 mandate authorized by the CFO via FIDO delegation, then processes payment through Mastercard Agent Pay.

Protocols: A2A → Web Bot Auth + TAP → UCP → AP2 + FIDO → Agent Pay

7. Which protocol do you need?

Start with the layer closest to your user's money and work outward.

Which protocol do you need? A decision guide

🛍️

AI shopping assistantUCP + ACP

For commerce flows and merchant checkout. Discovery, cart, pricing, fulfillment — and a deterministic completion path.

💸

Agent paying for APIsMPP + x402

For machine-to-machine payments. HTTP 402 challenges, micropayment resolution, blockchain settlement.

🤖

Multi-agent workflowsA2A + MCP

For agent discovery, agent-card-based collaboration, and structured access to tools and data.

💼

Agent spends user moneyAP2 + AMP

For payment authorization and wallet access. Cryptographic mandates and tokenized credentials.

🌐

Browser-based AI agentWebMCP

For structured tool access on websites that don't ship server-side APIs. Replaces brittle DOM scraping.

🔐

Merchant trust verificationVisa TAP + Web Bot Auth

To prove the agent on the other end is legitimate before opening a session or accepting a transaction.

Start with the layer closest to your user's money and work outward.

If you're building an AI shopping assistant, start with UCP + ACP. If you're building an agent that pays for APIs, start with MPP + x402. If you're building multi-agent workflows, start with A2A + MCP. If your agent spends user money, you need AP2 + AMP. If your agent is browser-based, you need WebMCP. And if your storefront accepts agent traffic, you need Visa TAP + Web Bot Auth to prove the agent on the other end is legitimate.

8. The adoption roadmap

We recommend a four-phase approach that sequences protocol integration by dependency and value delivery. Each phase builds on the previous: discovery and trust come before commerce, commerce comes before payments, and payments come before the long-tail autonomous use cases.

A phased approach to agentic commerce

Now – Q4 2026Phase 1 · Foundation

Adopt A2A for agent discovery. Implement MCP for tool access. Integrate Web Bot Auth for identity. Build agent-readable product data.

Q1 – Q2 2027Phase 2 · Commerce

Add UCP or ACP checkout flows. Implement AP2 payment mandates. Integrate Visa TAP for trust. Build WebMCP for browser agents.

Q3 – Q4 2027Phase 3 · Payments

Connect to Mastercard Agent Pay. Enable AMP mobile-wallet support. Implement MPP for API monetization. Add the Verifiable Intent layer.

2028+Phase 4 · Scale

Full autonomous agent transactions. Cross-protocol interoperability. x402 micropayment ecosystems. FIDO-based delegated authority.

Each phase builds on the previous — start with discovery + trust, then add commerce + payments.

Phase 1 is mostly free wins — adopting A2A, MCP, and Web Bot Auth costs you a few weeks and gets you on the map. Phase 2 is where commerce teams should be by mid-2027. Phase 3 unlocks payments at scale. Phase 4 is when the stack hardens enough for fully autonomous agent transactions in regulated industries.

Strategic takeaways

Don't wait for a single winner. The stack is fragmented by design — each layer was built by the organization with the strongest incentive to solve that layer. Invest in the three to five protocols closest to your core use case rather than trying to predict which "platform" will consolidate.

Trust is the bottleneck, not payments. Agent identity and user authorization are the hardest unsolved problems in the stack. Early investment here creates a structural moat — by the time the trust layer is commoditized, the integrations and risk models built on top of it will be hard to replicate.

Card networks are not standing still. Visa, Mastercard, and Amex are actively building agent payment rails. Interoperability with them is essential, not optional.

Browser and API paths will coexist. WebMCP handles the long tail of merchants who won't ship server-side APIs. Native protocols serve high-volume transactions. Plan for both.

The bottom line

UCP and ACP handle commerce. AP2 and Verifiable Intent handle payment authorization. Visa TAP and Web Bot Auth handle trust. AMP, Agent Pay, and ACE handle wallets. MPP and x402 handle machine payments. A2A and WebMCP handle interoperability.

Start with the layer closest to your user's money and work outward.

The agent economy isn't coming. It's here. Build the infrastructure accordingly.

Want to see how your storefront scores against the discoverability, comprehensibility, interactability, transactability, and coherence pillars these protocols sit on? Run a free agentic readiness audit — 15 seconds, no signup, just a domain.