Agent Embedded Payment Protocol (AEP2)
A Deferred Settlement Payment Protocol for Agent Commerce
Version 1.0October 2025
Abstract
The rise of AI agents has created a fundamental challenge in commerce: existing payment systems cannot support the high-frequency, low-latency micropayment requirements of autonomous agent interactions. Traditional blockchain transactions require on-chain confirmation before service delivery, creating latency bottlenecks and high costs that make micropayments economically infeasible.
Agent Embedded Payment Protocol (AEP2) introduces a novel "Authorize First, Settle Later" payment paradigm designed specifically for agent commerce. By separating payment authorization from settlement execution, AEP2 enables instant transaction confirmation while deferring actual fund transfers to batch settlement windows. This architecture supports high-frequency micropayments, pay-per-call API billing, and automated agent-to-agent interactions at scale.
AEP2 leverages cryptographically signed payment mandates, Account Abstraction (AA) wallets, and deferred settlement mechanisms to achieve transaction speeds comparable to traditional centralized systems while maintaining blockchain-level security guarantees.
1. Introduction
1.1 The Agent Commerce Problem
AI agents are becoming autonomous economic actors, requiring payment infrastructure that supports:
- High-frequency transactions: Thousands of API calls per second
- Micropayments: Transaction amounts as low as $0.001
- Low latency: Sub-second payment confirmation
- Automated execution: No human intervention required
- Security: Cryptographic guarantees and fund custody
Current payment solutions fall short:
| Payment Method | Transaction Speed | Cost per Transaction | Minimum Amount | Automation |
|---|---|---|---|---|
| Credit Cards | ~2-3 seconds | $0.30 + 2.9% | ~$0.50 practical minimum | Limited |
| Traditional Crypto | 12-60 seconds | $0.50-$5 gas fees | ~$10 practical minimum | Good |
| Layer 2 Solutions | 1-5 seconds | $0.01-$0.10 | ~$1 practical minimum | Good |
| AEP2 | <100ms | ~$0.0001 (batched) | $0.001+ | Excellent |
1.2 Core Innovation
AEP2's fundamental innovation is the separation of payment into two phases:
Phase 1: Authorization (Instant)
- Payer signs a cryptographic payment mandate
- Payee verifies the signature and mandate validity
- Transaction completes immediately
- No on-chain transaction required
Phase 2: Settlement (Deferred)
- Payee submits mandate to Settlement Processor
- Processor batches multiple mandates
- Batch settlement executes on-chain
- Gas costs amortized across hundreds of transactions
This architecture achieves the speed of centralized systems with the security of decentralized custody.
2. Protocol Architecture
2.1 Core Components
AEP2 consists of four primary components:
Agent Debit Wallet (Smart Contract)
An Account Abstraction wallet that:
- Holds user's stablecoin balance
- Signs payment mandates cryptographically
- Enforces withdrawal delay periods
- Allows authorized Settlement Processors to debit funds
Key mechanisms:
- Pre-funded balance: Users deposit funds before payments
- Deferred withdrawal: Withdrawals trigger 24h delay window
- Authorized SP access: Only whitelisted processors can settle
- Mandate queue: Tracks pending settlements
- Auto-extension: Delay extends if new mandates arrive
Payment Mandate
A cryptographically signed authorization containing:
{
mandate_id: unique_identifier,
from_wallet: payer_address,
to_wallet: payee_address,
amount: payment_amount,
nonce: anti_replay_nonce,
timestamp: creation_time,
signature: cryptographic_signature
}Mandates are:
- Base64 encoded for transport
- Embedded in protocol headers (x402, MCP, A2A)
- Verifiable by payees before service delivery
- Non-repudiable due to cryptographic signatures
Settlement Processor (Off-chain AVS)
An Actively Validated Service that:
- Receives mandates from payees
- Validates signatures and balances
- Maintains per-payer settlement queues
- Builds batch settlement transactions
- Executes settlements on-chain periodically
Settlement window: 24 hours (configurable)
Know Your Agent (KYA) Provider
Optional identity service providing:
- Agent identity verification
- KYC/KYB/KYA compliance
- Anonymous or verified transaction modes
- Trust scoring for agents
2.2 Transaction Flow
┌─────────┐ ┌─────────┐
│ Payer │ │ Payee │
│ Agent │ │ Agent │
└────┬────┘ └────┬────┘
│ │
│ 1. Request mandate from wallet │
├──────────────────┐ │
│ ↓ │
│ ┌──────────────┐ │
│ │ Debit Wallet │ │
│ │ (signs) │ │
│ └──────┬───────┘ │
│ ↓ │
│ 2. Embed mandate in request │
├────────────────────────────────────>│
│ │
│ │ 3. Verify mandate
│ ├────────┐
│ │ │
│ 4. Return service result │<───────┘
│<────────────────────────────────────┤
│ │
│ │ 5. Enqueue for settlement
│ ├──────────┐
│ │ ↓
│ ┌────────────────────┐
│ │ Settlement │
│ │ Processor │
│ │ (batch settles) │
│ └────────────────────┘Step-by-step:
- Payer agent requests signed mandate from its debit wallet
- Mandate is embedded in service request (e.g., HTTP header)
- Payee extracts and verifies mandate signature and amount
- Upon successful verification, payee delivers service immediately
- Payee enqueues mandate for deferred settlement
- Settlement Processor batches mandates and settles on-chain within 24h
2.3 Security Model
Trust Assumptions:
- Users trust themselves: Funds remain in user's smart contract wallet
- Limited SP authorization: Settlement Processors can only debit based on valid signed mandates
- Cryptographic guarantees: Mandates are non-repudiable and tamper-proof
- On-chain enforcement: All settlement logic enforced by smart contract
Security Guarantees:
- No custody risk: Users retain full custody of funds
- No unauthorized debits: Only signed mandates can trigger debits
- No double-spending: Nonces prevent mandate replay
- Withdrawal protection: Delay period ensures settlements complete
- Dispute resolution: Optional dispute processor for conflicts
3. Transaction Modes
AEP2 supports two payment initiation patterns:
3.1 Intent Mode (Payer-Initiated)
Characteristics:
- One-round interaction
- Payer embeds mandate proactively
- Fixed, known pricing
- Ultra-low latency
Use cases:
- Pay-per-call API billing
- Streaming data transmission
- Automated agent interactions
- High-frequency micropayments
Example flow:
Payer: "Call analyze_data(data) with $0.01 mandate"
→ [Request + Embedded Mandate]
Payee: Verify mandate → Execute service → Return result
→ Total time: <100ms3.2 Order Mode (Payee-Initiated)
Characteristics:
- Two-round interaction
- Payee creates order/quote first
- Dynamic or complex pricing
- User approval workflow
Use cases:
- Task completion billing
- Subscription services
- Usage-based metering
- Custom service quotes
Example flow:
Round 1:
Payer: "Request service X"
Payee: "Service X costs $5.00" → [Returns Order]
Round 2:
Payer: "Approved" → [Submits Mandate]
Payee: Verify mandate → Execute service → Return result4. Protocol Integration
4.1 x402 Integration
x402 extends HTTP with payment mandates:
POST /api/analyze HTTP/1.1
Host: ai-service.example.com
X-Agent-Id: agent-001
X-Agent-Spend-Mandate: eyJtYW5kYXRlX2lkIjoiMDAwMSIsImZyb2...
Content-Type: application/json
{"data": "..."}The payee extracts the mandate from headers, verifies it, and provides the service.
4.2 MCP/A2A Integration
Model Context Protocol and Agent-to-Agent protocols embed mandates in their payment fields:
{
"protocol": "mcp",
"method": "get_context",
"params": {...},
"payment": {
"protocol": "asp",
"mandate": "eyJtYW5kYXRlX2lkIjoiMDAw..."
}
}4.3 AP2 Authorization Layer
Agent Permission Protocol (AP2) adds user authorization:
User → Authorizes Agent → Agent signs mandate → Payee verifies bothOnly mandates with valid user authorization through AP2 are considered valid, ensuring users maintain control over agent spending.
5. Extensibility
5.1 Settlement Mechanism Extensions
Debit Settlement (Default):
- Immediate debit from payer wallet
- Payee receives funds after settlement
Credit Settlement:
- Payee extends credit to payer
- Settlement occurs when credit limit reached
- Enables free trials and usage accumulation
Result-Based Settlement:
- Settlement conditional on service delivery
- Payer confirms completion before settlement
- Provides buyer protection
5.2 Wallet Extensions
Basic Debit Wallet:
- Simple balance management
- Fixed withdrawal delays
Credit Wallet:
- Supports negative balances up to limit
- Interest calculation
- Credit scoring integration
Voucher Wallet:
- Marketing vouchers and coupons
- Loyalty points
- Multi-token support
5.3 Identity Provider Extensions
Anonymous Mode:
- No identity verification required
- Pseudonymous transactions
- Lower trust, lower friction
Verified Mode:
- KYC/KYB/KYA verification
- Compliance with regulations
- Higher trust, higher requirements
6. Economic Model
6.1 Fee Structure
Settlement Processor Fees:
- Percentage: 0.1% - 0.5% of transaction amount
- Minimum: $0.0001 per mandate
- Batching reduces per-transaction cost
Gas Cost Amortization:
- Single transaction: ~$0.50 gas fee
- Batched 1000 transactions: ~$0.0005 per transaction
- 1000x reduction in per-transaction cost
Example Economics:
$0.01 transaction:
- SP fee: $0.00001 (0.1%)
- Batched gas: $0.0005
- Total cost: $0.00051 (5.1% overhead)
$1.00 transaction:
- SP fee: $0.001 (0.1%)
- Batched gas: $0.0005
- Total cost: $0.0015 (0.15% overhead)
6.2 Incentive Alignment
For Payers:
- Low transaction costs
- High-frequency capability
- Maintained custody
For Payees:
- Instant payment confirmation
- No chargebacks
- Low overhead
For Settlement Processors:
- Fee revenue from volume
- Competitive market dynamics
- Reputation-based selection
7. Use Cases
7.1 AI Agent API Marketplace
Agents discover and consume services from other agents:
- Agent A needs data analysis: $0.005 per call
- Agent B provides sentiment analysis: $0.002 per call
- Agent C offers translation: $0.001 per word
AEP2 enables these micro-transactions at scale without economic friction.
7.2 Streaming Data Payments
Real-time data feeds billed per message:
- Market data: $0.0001 per quote
- IoT sensor data: $0.00001 per reading
- Social media feeds: $0.0005 per post
Traditional systems cannot support such granular billing.
7.3 Compute Resource Billing
Cloud compute billed per second:
- GPU time: $0.50 per second
- API inference: $0.01 per request
- Storage: $0.00001 per MB per day
AEP2 enables true pay-as-you-go models.
8. Comparison with Existing Solutions
8.1 vs. Payment Channels (Lightning Network)
Similarities:
- Both defer settlement
- Both support micropayments
- Both reduce on-chain load
Differences:
| Feature | Payment Channels | AEP2 |
|---|---|---|
| Setup | Requires channel opening | No channel required |
| Capital | Locked in channels | Flexible wallet balance |
| Topology | Network routing required | Direct peer-to-peer |
| Flexibility | Fixed counterparties | Any agent can transact |
| Settlement | Bilateral | Processor-mediated batch |
AEP2 Advantages:
- No upfront channel setup
- No capital lockup
- No routing complexity
- Works for one-time transactions
8.2 vs. Traditional Payment Processors
Similarities:
- Fast transaction confirmation
- Deferred settlement
- Merchant integration
Differences:
| Feature | Traditional (Stripe/PayPal) | AEP2 |
|---|---|---|
| Custody | Processor holds funds | User retains custody |
| Chargebacks | High risk for merchants | No chargebacks |
| Fees | 2.9% + $0.30 | 0.1% + $0.0005 |
| Min Amount | ~$0.50 practical | $0.001 practical |
| Automation | API-based | Fully autonomous |
| Compliance | KYC/AML required | Optional (KYA) |
AEP2 Advantages:
- 10-30x lower fees
- True micropayment support
- No custody risk
- Better for automation
9. Security Considerations
9.1 Attack Vectors and Mitigations
Mandate Replay:
- Attack: Reuse old mandates
- Mitigation: Nonces prevent replay
Insufficient Balance:
- Attack: Spend more than wallet balance
- Mitigation: Wallet tracks queue balance
Withdrawal Racing:
- Attack: Withdraw before settlement
- Mitigation: Delay period with auto-extension
Signature Forgery:
- Attack: Fake payment mandates
- Mitigation: Cryptographic signatures
Settlement Processor Failure:
- Attack: SP doesn't settle mandates
- Mitigation: Multiple SPs, reputation system
9.2 Dispute Resolution
Optional Dispute Processor enables:
- Payer initiates disputes within timeframe
- Escrow during dispute investigation
- Arbitration for resolution
- Penalties for fraudulent disputes
10. Roadmap
Phase 1: Core Protocol (Q4 2025)
- Basic debit wallet smart contract
- Payment mandate specification
- Reference Settlement Processor
- x402 integration
Phase 2: Ecosystem (Q1 2026)
- KYA provider integration
- Multiple Settlement Processors
- Dispute resolution framework
- MCP/A2A integration
Phase 3: Advanced Features (Q2 2026)
- Credit wallet extensions
- Result-based settlement
- Cross-chain support
- Advanced analytics
Phase 4: Scale & Adoption (Q3 2026)
- Enterprise integration tools
- Compliance frameworks
- Performance optimization
- Global expansion
11. Conclusion
Agent Spend Protocol represents a fundamental rethinking of payment infrastructure for the age of autonomous AI agents. By separating authorization from settlement, AEP2 achieves the transaction speed and cost efficiency required for agent commerce while maintaining blockchain-level security guarantees.
The protocol's extensible architecture enables innovation across wallet types, settlement mechanisms, and identity systems, creating a flexible foundation for the emerging agent economy.
As AI agents become increasingly autonomous economic actors, AEP2 provides the payment rails necessary to support high-frequency, low-latency micropayments at scale—enabling new business models and use cases previously impossible with existing payment infrastructure.
References
- Agent Spend Protocol Documentation: https://docs.fluxa.ai
- x402 Protocol Specification: https://github.com/httpx402
- Account Abstraction (ERC-4337): https://eips.ethereum.org/EIPS/eip-4337
- Model Context Protocol: https://modelcontextprotocol.io
Contact
Website: https://fluxa.ai Documentation: https://docs.fluxa.ai GitHub: https://github.com/fluxa Email: contact@fluxa.ai
License
This whitepaper is released under Creative Commons BY-SA 4.0