AnimaAnima
Sign inGet Started
← Back to blog

Visa TAP, Google AP2, and Mastercard VI: A Protocol Deep Dive

A technical exploration of the three leading protocols for AI agent commerce: Visa TAP, Google AP2, and Mastercard VI.

Anima Team2 min read
#tutorial#protocols#commerce

The world of agentic commerce is currently being defined by three major protocols. Each approach has unique trade-offs for security, delegation, and verification. Anima implements all three within our identity infrastructure, ensuring compatibility across different payment networks.

Visa TAP: HTTP Message Signatures (RFC 9421)#

Visa TAP (Tokenized Asset Protocol) focuses on establishing a secure, signed channel between the agent and the merchant. It leverages RFC 9421 HTTP Message Signatures to provide non-repudiation and integrity for every transaction.

Key features of Visa TAP include:

  • Cryptographic primitives: Supports Ed25519 and RSA-PSS.
  • Replay protection: Uses nonce-based mechanisms and expiration timestamps.
  • Explicit intent: Every request must include a signed intent block that specifies the merchant and amount.
import { Anima } from '@anima/sdk';
 
const am = new Anima(process.env.ANIMA_API_KEY);
 
// Create a Visa TAP compliant signature for a request
const tapSignature = await am.commerce.visaTap.signRequest({
  url: 'https://merchant.com/api/v1/payment',
  method: 'POST',
  body: JSON.stringify({ amount: 1000, currency: 'USD' }),
  keyId: 'agent_key_001'
});

Google AP2: Virtual Delegation Credentials (VDC)#

Google AP2 takes a different approach by focusing on multi-hop delegation. It uses Virtual Delegation Credentials (VDCs) that allow a user to delegate spending power to an agent, which can then delegate it further to sub-agents.

Google AP2 introduces three critical mandate types:

  1. Cart Mandate: Grants the agent authority to manage a specific shopping cart.
  2. Intent Mandate: Defines the scope of what the agent is allowed to purchase.
  3. Payment Mandate: The final credential used to authorize the actual transfer of funds.

This chain of delegation allows for complex workflows where a primary agent might outsource a task to a specialized sub-agent while maintaining strict controls over the spending limits.

Mastercard VI: Selective Disclosure JWT (SD-JWT)#

Mastercard VI (Verified Identity) utilizes Selective Disclosure JWTs (SD-JWT) using ES256 signatures. It's built around three credential layers:

  • L1 (Identity): Proves the agent's core identity.
  • L2 (Capabilities): Attests to the agent's verified permissions.
  • L3 (Constraints): Defines the specific limitations of a transaction, such as vendor category or geographic location.

Mastercard VI supports 8 different constraint types, allowing for highly granular control over agent spending behavior.

Choosing the Right Protocol#

Anima simplifies the implementation of these protocols by providing a unified SDK. You don't need to manually sign HTTP headers or manage complex delegation chains.

// Example of creating a Mastercard VI credential with constraints
const mcCredential = await am.commerce.mastercardVi.createCredential({
  constraints: {
    maxAmount: 500,
    merchantCategory: 'Software',
    expiresIn: '1h'
  }
});

By supporting Visa TAP, Google AP2, and Mastercard VI, Anima ensures that your agents can participate in the digital economy regardless of the merchant's preferred protocol.

Stay Updated

Get the latest on AI agent identity, delivered weekly.