Agent-driven traffic across the web has grown more than 1,300% in the past nine months. ChatGPT now processes roughly 50 million shopping queries every day across 800 million weekly active users. During Cyber Week 2025, retailers with AI agent integration saw approximately 7× better sales growth than those without. Agentic commerce has moved from concept to revenue channel inside a single calendar year.
For most enterprise merchants, however, the checkout flow that handles these transactions was built for a customer scrolling on a phone. AI agents do not scroll. They call APIs, parse structured data, and complete purchases through protocols that did not exist eighteen months ago. The merchants who treat this as a 2027 problem are already losing market share to competitors who treated it as a 2025 one.
This guide explains exactly what “AI-agent-ready” means in practice, the protocols and infrastructure your stack needs, and the concrete steps to get there without rebuilding everything you already have.
An AI-agent-ready checkout is one that can accept and process a purchase initiated by an autonomous AI agent, on behalf of a human buyer, through a standardized protocol, without requiring the agent to navigate a human-facing user interface, solve a CAPTCHA, or call merchant-specific custom code.
Concretely, this means four things:
Each of these has its own technical requirements, and most enterprise stacks are missing at least two of the four today. The good news is that they map cleanly onto capabilities most merchants already have for traditional ecommerce. The work is in extending them, not rebuilding them.
Agentic commerce is governed by two open protocols that emerged in late 2025. Understanding what they are and how they differ tells you where to focus your implementation effort.
ACP is the open standard co-developed by Stripe, OpenAI, and Meta, released under the Apache 2.0 license in September 2025. It powers ChatGPT Instant Checkout and is the protocol behind the fastest-growing AI shopping channel in the world. ACP defines four composable building blocks: agentic checkout (creating, updating, and completing checkout sessions), cart and feed (browsing catalogs), delegate payment (passing secure tokens between buyer, agent, and merchant), and delegate authentication (OAuth 2.0 for agents acting on a buyer’s behalf).
The merchant remains the merchant of record. The agent is the messenger. Settlement, compliance, and disputes stay with the merchant and their PSP. ACP integration requires a product feed endpoint (daily updates to an OpenAI-provided endpoint), a Checkout API implementing five REST endpoints, and a payment integration using delegated payment tokens. Stripe was the first compatible PSP; PayPal joined as the second in October 2025.
UCP is the open standard co-developed by Google and Shopify, covering the full shopping journey from discovery through checkout and fulfillment. It powers commerce inside Google AI Mode and Gemini. UCP requires an active Google Merchant Center account with healthy product feeds, a capability profile published at /.well-known/ucp declaring your supported capabilities, and either a Native Checkout or Embedded Checkout implementation.
UCP is more modular than ACP and has been endorsed by more than 20 retailers and platforms including Walmart, Target, Visa, Mastercard, and Stripe. Where ACP optimizes for the conversational ChatGPT experience, UCP optimizes for the broader Google ecosystem including AI Mode in search.
| ACP | UCP | |
|---|---|---|
| Backed by | OpenAI, Stripe, Meta | Google, Shopify |
| Powers | ChatGPT Instant Checkout | Google AI Mode, Gemini |
| License | Apache 2.0 (open source) | Open standard |
| Released | September 2025 | October 2025 |
| Merchant requirements | Product feed endpoint, Checkout API (5 REST endpoints), delegated payment | Google Merchant Center account, /.well-known/ucp profile, Native or Embedded Checkout |
| Payment integration | Shared Payment Tokens (Stripe), Delegated Payment Spec (other PSPs) | UCP-defined checkout primitives |
| Merchant of record | Merchant | Merchant |
| Scope | Checkout-focused | Full journey (discovery to fulfillment) |
For most enterprise merchants, the right answer is to support both. Agent traffic does not come from one source, and supporting one protocol cuts you out of roughly half of the addressable market by the time the dust settles.
Before walking through implementation, it helps to understand the transaction flow itself. Every agent-initiated purchase moves through five steps:
The critical observation is that only steps 1, 2, and 3 are new. Steps 4 and 5 are the same payment infrastructure the merchant already operates, provided that infrastructure can accept tokens from multiple PSPs, route intelligently, and tag agent traffic separately.
Mapping the protocol requirements onto a merchant’s stack produces four concrete capability areas. Audit yours against each.
AI agents do not browse storefronts. They consume product data through structured endpoints. To be discovered, your catalog needs to be exposed in a format that ACP and UCP specifications can consume, with current pricing, real-time availability, accurate product attributes, and clear policies on shipping, returns, and fulfillment.
For most merchants, this means three pieces of work: cleaning and enriching product data so it parses unambiguously (an LLM cannot guess that “M” means medium if the size attribute is missing), publishing structured data using schema.org markup, and either implementing the ACP product feed endpoint and UCP capability profile yourself or using a platform that does it on your behalf.
A common pitfall worth flagging: heavy JavaScript frameworks can prevent agents from parsing product information at all. If your product details, prices, or stock levels are only available after client-side rendering, agents reading your feed will see empty values. Running a non-JavaScript crawl of your storefront and identifying what is missing is the fastest way to find this class of bug.
Once an agent has identified your product as the right answer for a buyer’s query, it needs a way to actually transact with you. This is where the agentic checkout API comes in.
Under ACP, this means implementing five REST endpoints covering session creation, retrieval, updates, completion, and cancellation. Under UCP, it means supporting either Native Checkout (where the agent handles the entire payment flow) or Embedded Checkout (where the buyer is redirected to a merchant-controlled surface for the final step). Both protocols require strict adherence to their specifications, and OpenAI runs conformance tests covering feed validation, checkout flow, and payment processing before approving a merchant for production.
The single most important architectural decision at this step is who controls those endpoints. If they sit inside a single PSP’s infrastructure, you have just locked yourself into that PSP for every agent-driven transaction going forward. If they sit inside an orchestration layer that can route to multiple PSPs, you preserve the flexibility you need as the protocols and the providers behind them continue to evolve.
Agent-initiated transactions never see raw card credentials. The buyer authorizes a payment in their AI agent’s environment, the agent receives a scoped token from the buyer’s chosen wallet or payment method, and the agent passes that token to the merchant. The merchant charges the token through their existing PSP relationship.
This pattern depends on three things: the merchant’s payment infrastructure must be able to accept delegated payment tokens, those tokens need to remain valid as they move across the agent-to-merchant boundary, and the merchant needs a vault that does not lock the tokenized data to a single processor. For merchants who already use provider-agnostic tokenization and network tokens, this layer is largely solved. For merchants whose tokens live inside one PSP’s system, this is the layer that creates the most exposure.
The security implications matter. Each token is scoped to one merchant, one currency, one maximum amount, and one expiration timestamp typically measured in minutes. A leaked token is close to useless because of these constraints, but the merchant’s vault and authentication infrastructure still has to be PCI DSS Level 1 compliant to handle the data flow safely.
The fourth capability is the one that determines whether your agentic commerce work pays back in the first quarter or becomes a quiet drain. Agent-driven transactions look identical to regular checkouts in most merchant analytics. Without specific tagging, you cannot measure their authorization rates, identify conversion gaps, or optimize routing for them.
The capabilities to look for in this layer are:
The fastest path to ACP support today is a single-line update inside a Stripe integration. The fastest path to ChatGPT Instant Checkout (while it existed) was being on Shopify. Both options ship quickly because they bundle protocol compliance with a specific PSP or platform.
The trade-off is exactly the kind of vendor lock-in that orchestration was designed to prevent in the first place. If every agent-initiated transaction has to route through one PSP, that PSP becomes a single point of failure for an increasingly large share of your revenue. If your tokenization is locked to one provider’s vault, switching providers means re-collecting agent payment credentials from a customer who is not present at checkout, which is functionally impossible.
The better pattern is to treat protocol compliance as a layer separate from payment processing. The merchant implements ACP and UCP endpoints once, those endpoints sit inside an orchestration layer that connects to multiple PSPs, and each agent-initiated transaction is routed in real time to whichever PSP is most likely to approve it. This is the architecture that preserves the flexibility you need as protocols and providers continue to shift through 2026 and 2027.
This is exactly the problem Gr4vy’s Agentic Development Kit (ADK) was designed to solve. The ADK gives merchants the infrastructure and step-by-step guidance to enable their storefront inside AI environments like ChatGPT, orchestrate the resulting transactions across more than 400 PSPs and payment methods, and maintain control over routing, security, and performance, all without replatforming and without locking themselves into a single PSP.
For merchants beginning this work today, the sequence below captures the order most likely to deliver results in weeks rather than quarters.
Week 1: Audit and inventory. Run a non-JavaScript crawl of your storefront, identify any product data that is missing or only available client-side, and document the schema.org markup currently in place. Pull your current authorization rates, decline reasons, and PSP coverage by geography. This becomes the baseline you will measure agent traffic against.
Week 2: Decide your protocol coverage. Decide whether you are supporting ACP, UCP, or both. For most enterprise merchants the answer is both, but the order depends on your customer mix. B2C merchants with high ChatGPT-aligned demographics typically start with ACP. B2C merchants with strong Google Shopping presence typically start with UCP. B2B merchants often have time to evaluate both before committing.
Week 3: Stand up the orchestration layer. If you do not already have one, this is the prerequisite for everything that follows. The orchestration platform becomes the home of your agentic checkout endpoints, your provider-agnostic vault, and your routing rules. Trying to layer agentic commerce on top of a single-PSP integration is the architectural decision most likely to require rework within twelve months.
Week 4 through 6: Implement protocol endpoints. Build (or configure, if your orchestration platform provides it) the ACP Checkout API endpoints and product feed, the UCP capability profile, or both. Run the conformance tests provided by OpenAI and Google. Apply for the merchant programs that gate live agent traffic.
Week 7 onward: Tag, measure, optimize. Enable agent-specific transaction tagging from day one of live traffic. Track authorization rates and conversion separately. Adjust routing rules as you learn which PSPs and acquirers perform best for agent-initiated transactions in each of your markets.
A few patterns are already separating the merchants who pay back this investment in one quarter from those who are stuck rebuilding in twelve months.
Treating agentic commerce as a marketing channel. Agentic commerce is not a campaign; it is a checkout architecture decision. Treating it as something the growth team can solve with feeds and tags misses the orchestration, security, and visibility work that determines whether the channel performs.
Implementing only ACP because it is what their PSP supports first. Single-protocol implementation made sense in late 2025 when only ChatGPT was live. By the time you read this, traffic from Google AI Mode, Gemini, Microsoft Copilot, and a long tail of agent frameworks is already meaningful. Implementing only one protocol creates a known gap.
Skipping the visibility layer. Many early implementations route agent traffic through the same instrumentation as human traffic. The result is that the merchant cannot see what is happening, cannot optimize, and cannot prove the value of the work to finance. Tagging from day one is the cheapest insurance policy in this stack.
Underestimating data quality requirements. AI agents are unforgiving readers. Inconsistent product attributes, missing inventory data, or ambiguous shipping policies are not minor catalog issues for agent flows; they are the difference between being recommended and being skipped entirely. The merchants treating data cleanup as a first-week priority are the ones converting agent traffic at meaningful rates.
Locking into a single PSP because the integration was easier. This is the most expensive mistake on the list, because the cost is invisible until the merchant tries to switch or add a second provider and discovers their entire agent-driven revenue stream is hostage to one vendor’s roadmap.
Agentic commerce is a category of transactions where an autonomous AI agent, such as ChatGPT, Gemini, or Microsoft Copilot, discovers products, compares options, and completes purchases on behalf of a human buyer. The buyer still authorizes the spend, but the path from intent to checkout runs through the agent rather than the buyer’s own clicks on a merchant website.
A checkout is AI-agent-ready when it can accept a purchase initiated by an autonomous AI agent through a standardized protocol (ACP, UCP, or both) without requiring the agent to navigate a human user interface. This requires a machine-readable product catalog, agentic checkout API endpoints, delegated payment token support, and visibility infrastructure to measure and optimize agent-driven traffic separately.
ACP (Agentic Commerce Protocol) is co-developed by Stripe, OpenAI, and Meta. It powers ChatGPT Instant Checkout and focuses on the checkout flow. UCP (Universal Commerce Protocol) is co-developed by Google and Shopify. It powers commerce inside Google AI Mode and Gemini and covers the full journey from discovery through fulfillment. Most enterprise merchants implement both, since agent traffic comes from multiple platforms.
No. ACP and UCP are open standards, both released under permissive licenses. Any merchant can implement them against any commerce backend and any PSP. Shopify and Stripe offer the fastest paths to specific implementations of these protocols, but the protocols themselves are infrastructure-agnostic. Merchants using payment orchestration can implement ACP and UCP once and route the resulting transactions across multiple PSPs and acquirers.
Yes, in both directions. Agent-driven transactions often have different fraud profiles, different geographic distributions, and different card-on-file patterns than customer-initiated ones, which can produce different decline rates. Merchants who route agent traffic through intelligent routing typically see meaningful authorization rate lift on these flows specifically. Merchants who do not tag agent traffic separately often cannot tell whether their authorization rates are improving or degrading.
When an AI agent initiates a purchase, the buyer authorizes payment inside the agent’s environment. The agent receives a scoped payment token from the buyer’s chosen payment method, and that token is passed to the merchant. The token is restricted to one merchant, one currency, a maximum amount, and a short expiration (typically minutes). The merchant references the token inside a standard authorization request, and the PSP handles the underlying credential securely. Raw card data never reaches the agent.
It can be, with the right infrastructure. The protocols themselves are designed with security in mind: scoped tokens, short expiration windows, programmatic controls, and full audit logging. The compliance burden falls on the merchant and their PSP to maintain PCI DSS Level 1 certification, apply appropriate fraud rules, and ensure that the authentication flow handles both customer-present and agent-initiated cases. Merchants who operate inside a PCI DSS Level 1 compliant orchestration environment with fraud rules tunable per traffic type are well positioned. Merchants who try to bolt agentic flows onto an aging PCI footprint typically struggle with audit scope.
For merchants with an existing orchestration layer, full ACP or UCP implementation typically takes 4 to 8 weeks, with most of that time spent on conformance testing and merchant program approvals rather than the integration itself. For merchants without orchestration, the timeline depends heavily on which PSPs and tokenization providers are in the stack and how much data cleanup the catalog requires. Six months is a common range for a from-scratch implementation that includes the prerequisite infrastructure work.
No, and that is not the question merchants should be asking. Agentic commerce is an additional channel, not a replacement. The merchants who win this transition are the ones who treat it as a parallel revenue stream alongside their existing checkout, sharing the same payment infrastructure, fraud rules, and analytics surface, with separate visibility into agent-specific performance.
The merchants who emerge from 2026 with strong agentic commerce performance will share three characteristics: their catalogs are machine-readable and current, their checkout supports both ACP and UCP, and their payment infrastructure routes agent-driven transactions intelligently across multiple PSPs with full visibility into what is working.
For most enterprise stacks, getting there does not require starting over. It requires a clear inventory of where the four capabilities above already exist, where the gaps are, and which sequence of work closes them in weeks rather than quarters.
Gr4vy’s cloud-native payment orchestration platform was built to be the integration layer that makes this work. Through a single integration, merchants can implement ACP and UCP endpoints once, route agent-driven transactions across more than 400 PSPs and payment methods, apply provider-agnostic tokenization, and tag and analyze agent traffic from day one, all while keeping their existing PSP relationships and checkout intact.
If you’re ready to audit your stack against the four capabilities and map out the fastest path to AI-agent-ready, contact our team or explore the Agentic Development Kit for a step-by-step implementation framework.
Most businesses use the terms payment gateway, payment processor, and payment orchestration platform as if…
The average online checkout loses seven out of every ten shoppers. Across all industries, the…
For years, platforms treated payments as a necessary layer to enable transactions. Something to plug…
Most merchants focus on the transaction rate. By the time interchange, scheme fees, chargebacks, and…
A subscription business with fifty thousand active subscribers will process roughly six hundred thousand recurring…
The partnership brings Pix Automático to Gr4vy’s payment orchestration platform, allowing merchants in Brazil to…