The future of agentic payments

My name is Steve. Um I'm [snorts] a software engineer here at Stripe. I've

been here for uh somewhere between six and a half, seven years, something like that. Um [snorts] the the first chunk of

that. Um [snorts] the the first chunk of my time here was uh focused on our banking products. So you know, how

banking products. So you know, how developers can make credit cards or bank accounts or uh receive capital loans.

And [snorts] then about two years ago, I I shifted gears to explore uh how we can give those same things to agents, right?

So what does it look like to equip an agent with money or the capacity to spend? What would that mean in terms of

spend? What would that mean in terms of the things that they want to be able to do? What would that mean for sellers who

do? What would that mean for sellers who typically had a human audience and now have a robot [clears throat] audience?

So on and so forth. Um so I'm going to mostly demo through my way through things that we've actually built and show you how they work and I'm happy to take uh questions at the end. So um

first thing our docs agent commerce. So

um well what is it? Well we're going to we're going to jump in first. Um I'm in uh and you could do this too. I'm I'm in chatbt. Um and uh this was one of the

chatbt. Um and uh this was one of the first things we launched was a integration uh between OpenAI and Stripe to make it possible for you to buy uh products uh through through their uh

application. So I have a prompt, you

application. So I have a prompt, you know, I want to purchase a toy for my 9week old daughter from Etsy. And I can scan through and I can see some results and so on and so forth. And you know,

this one looks interesting. And you

know, typically you would you maybe if you were in a a Google search, you'd be, you know, clicked out to that seller's website, but instead I have the opportunity to pay for it in the application itself, right? Using the

payment method that I already have on file um with OpenAI for my subscription, so I can go ahead and click to pay Etsy directly. Now, I know that doesn't seem

directly. Now, I know that doesn't seem hyperagentic. There's no code and tokens

hyperagentic. There's no code and tokens flying by, but the foundations and principles that make it possible to ask the agent to discover products, to buy

it in line using payment credentials local to the agent, and then have that actually interact with the seller. Those

foundations are what we're building, and I think over time we'll see it look more like a Terminator. Hopefully not, but anyways. Um, okay. So, we built two

anyways. Um, okay. So, we built two things. Uh, I'm going to go through

things. Uh, I'm going to go through them. Um, the first is what we're

them. Um, the first is what we're calling a shared payment token. So, you

know, back to that that UI earlier. I

have my, you know, uh, Stripe link payment method in there. Um, that's a payment method that got collected by the agent, right? So, that's not one that I

agent, right? So, that's not one that I have on file with the seller. Um, so

maybe I pay a subscription subscription fee to you the agent's product or have given it my credential otherwise. And we

need to find a way to securely transmit that to a seller, right? So the worst case scenario is uh I give it my 16-digit card number and I just like pray that it goes over no one sees it

and it you know gets used correctly. Um

but there are other payment methods beyond cards too, right? Um in other countries people pay with their bank account often or have local payment methods that can't be serialized into 16 digits that can be transferred, right?

So we have to figure out a way to basically um serialize uh securely any kind of payment method independent of uh

its shape and its behavior um so that a seller can receive it and process it. So

um the quick workflow is uh you know using stripe's existing payment method solution where we can collect uh over 150 different payment methods. The agent

uh presents some UI, you know, not dissimilar to the one here to collect payment details and then it issues basically a mandate which says um I want to send this credential to a particular

seller in the Stripe network to be used up to a certain amount in a certain currency in a certain time frame. That

mandate then gets sent over to the seller who can process it within their existing Stripe integration. Um, and the payment, you know, flows as you expect, even though the human was never on the seller's website. So, we're going to go

seller's website. So, we're going to go ahead and just, uh, take a look at how that works.

So, is this big enough? Okay. So, um, I, in this case, I have two Stripe accounts now, right? I have the Stripe account of

now, right? I have the Stripe account of the agent and the Stripe account of the seller, right? So, twice as many uh,

seller, right? So, twice as many uh, Stripe accounts as normal. And in

advance, I've collected a payment method. In this case, it's the test mode

method. In this case, it's the test mode Visa card, but I could have collected it with StripeJS and and payment elements.

And I'm going to declare that it going to go to this test seller, and I'm going to let it spend up to uh $25, and it's going to expire by the end of the month.

Now, we'll just sort of assume that it got shared in some way, and the seller now can look up that token that's been granted to them. So, they take that token, they pass it into the existing

Stripe payment intent flow, which she was talking about earlier, and they're going to charge it for $10, which is within the confines of the amount that we said was okay. So, let's

run that quickly.

[snorts] Okay, so to start off, we can see that new shared payment token that got created, the payment method that it's associated with.

Um, also as mentioned, you know, Stripe sees tons of different transactions and likely has seen this payment method before. So, it has a sense of the sort

before. So, it has a sense of the sort of risk profile of that payment method.

And again, you know, because the payment method is being collected by the agent and not by the seller, some of the insights, you know, about the browser fingerprint or how the card was provided can only be collected by the agent,

right? So, we want to make sure that

right? So, we want to make sure that we're still giving our sellers the same insights that they would have if they had collected the method themselves.

I can see that it hasn't been used yet.

the merchant it's going to go to and then again that leap of faith we've sent it over to the seller they have uh some understanding of you know it being a Visa card and it's expiry time in case

they want to make their own judgment and then lastly that payment intent occurs you for $10 and it goes through now just to prove that you we actually do enforce

these limits we can increase the payment intent to be $50 which is twice the limit of the $25 that was previously agreed upon And we can see that decline occurred.

Right? So even though I collected that payment method in one place um and sent it over to the seller, those constraints that we uh dictated at the beginning still apply. So this makes sure that we

still apply. So this makes sure that we can, you know, send any payment method, right? Whether it be a card or a bank

right? Whether it be a card or a bank account or Apple Pay or Google Pay, you know, the hundreds more that Stripe supports without actually having to share the raw underlying details. We can

also apply spending controls and and usage limits and so on so forth uh that are certifiably [clears throat] enforced by Stripe. Okay, so we talked a little bit about how do we get credit card numbers around or other payment

methods around that agents collect from their from their human owners over to sellers. Um but now we have this problem

sellers. Um but now we have this problem of like well how do I know what I'm buying right? So I know I can at least

buying right? So I know I can at least securely share a credential but how do I know I'm buying the thing that I thought I was buying? Um so that's where we we worked with OpenAI to develop what we're calling the agent commerce protocol

which in [clears throat] effect basically says uh this is a standard definition of checkout. Um so if you're a seller you can advertise your capacity

um to support sort of headless checkouts. Um the seller you know

checkouts. Um the seller you know maintains their own data model and their own uh payment processing and they sort of express uh instructions back to the

agent. So, we'll

agent. So, we'll also run this one.

So, I'm going to show two different things. Um,

things. Um, hold on. The night mode is no good. It

hold on. The night mode is no good. It

looks stupid. Let me turn off that.

Okay. So, uh, we're going to look at two different perspectives. We're going to

different perspectives. We're going to look at the perspective of the agent, right? So, this isn't terribly

right? So, this isn't terribly dissimilar from, you know, the Etsy [clears throat] purchase I was trying earlier. And then the perspective of a

earlier. And then the perspective of a seller. So uh you know for example we

seller. So uh you know for example we have this very cool stripe press. You

guys should check out the books there.

It's a website very much designed for the human not for the machine. Uh but we have our machine version of this right.

So we've expressed the products that we have through an API rather than through a user interface. [clears throat]

Details about the you know the price and and information about the book and then expose an API that agents can use to actually purchase that book. So we can look at it in practice now. So I've, you

know, made the request if there's any good books about AI.

[cough and clears throat] We've sent over, let me just zoom in a little bit. We've sent over that request

little bit. We've sent over that request to the seller saying, you know, I have this buyer John Doe. They want to get these books.

The seller can reply back just as they would had this action occurred on their own site. You know, saying, you know, I

own site. You know, saying, you know, I recognize the buyer. These are the line items and the cost of them, right? So

the seller is responsible again for and able to use their own backend, their own commerce back end. Um they send back fulfillment options, you know, the same things that would been in the drop down

on their site. Um the tax breakdown, so on and so forth, right? So as I modify the cart, right, I can add or remove items, we're sending subsequent requests back and forth, right? So instead of the

robot like clicketity clacketing around the site and trying to figure out what the right button is to remove an item or add an item or change a shipping option, it's all programmatic in step. And then

just to tie back to what we talked about previously, you know, if I go ahead and click pay, we're now generating that shared payment token um from the payment method that we

collected here, sending that over to the seller. the seller receives that,

seller. the seller receives that, processes the payment, you know, can return back a well, that didn't work, but can return back a, you know, receipt or whatever it might be. So, we figured

out how to uh capture payment methods uh have an agent uh collect payment methods, create a mandate to make sure it's not used beyond what was expected, send that to the seller, and then also

what the sort of wrapping uh back and forth of uh um you know, the checkout flow looks like. So all that's live today. Um and we've been working with

today. Um and we've been working with users like OpenAI and and Microsoft Copilot to deploy that. Um but there's another thing that we've also been really interested in which is sort of at the other spectrum of these kinds of

purchases. Um the more like truly

purchases. Um the more like truly agentic part, right? So how many of [clears throat] us use cloud code or something to that effect, right? Like

okay um all of us. Um

so you know in many ways when we're using something like cloud code we we're like already dealing with an economic agent right like the tokens are flying by we've permitted it to [clears throat] use up our you know cloud max

subscription as it as it pleases and um you know we're basically entrusted it to spend but in some cases that spend like isn't just on tokens right it may want

to interact with thirdparty services to uh make you know one API call to do one thing right and in the shape of that sort of commerce interaction looks a lot different than me, [clears throat] Steve, you know, buying books or buying

a toy for my kid. So, uh, we just [clears throat] announced this the other day, but, you know, Stripe is now supporting, uh, the X42 protocol to support these kinds of, um, crypto-based

agent, uh, purchases. So, we're just going to kind of walk through what that looks like, uh, and what we built there.

Um, so let's imagine that, uh, you know, I have an API product, right? and I have this API endpoint. [snorts] Um, and today, uh, you know, you sign up for a

SAS, uh, subscription to my product.

Maybe I track invocations to the API.

And then at the end of the month, I invoice you. You know, I bundle up the

invoice you. You know, I bundle up the the total number of calls and I invoice you. And that's a really great business

you. And that's a really great business model between uh, a business and a human, right? Maybe there you have a

human, right? Maybe there you have a diff a bunch of different people who work at your company and you have different seats and so on and so forth.

But a robot's relationship may be more ephemeral, right? It just wants to pay

ephemeral, right? It just wants to pay for the one API call and move on. or

maybe it needs to pay for thousands of these API calls. Um but you know the the uh interaction is more dynamic. So you

know right now if we I have to run this again.

[snorts] Okay. So right now if I uh if I'm the

Okay. So right now if I uh if I'm the robot you can imagine I am making a request to it you know I get the foo bar back and if I uh dig in

I I'm getting a 200. So it's free right?

I was I was able to make the request freely. Now we're gonna

freely. Now we're gonna uh add some middleware to this code now.

And what we're basically saying now is uh any get request to this API, it's going to cost one penny in USDC on the base [clears throat] network and I want to have it pay to a particular address.

Um you know the way you could do this today is you could have your own crypto wallet you could put it in. But what we found is that there are many Stripe uh users who have pre-existing SAS businesses you with that you know human

seat model but also want to sell to agents but they don't want to change their sort of back office flow for how they manage tax or how funds end up in their balance or pay out and all the uh

great things that Stripe does today. So,

we've extended uh the Stripe payment intents to now be able to uh generate per transaction uh deposit addresses that for that one particular transaction

agents can remit funds to um through protocols like X42. So, I've turned this on. I'm going to charge that penny. I'm

on. I'm going to charge that penny. I'm

going to reboot the server.

We're make that curl request again. And

this time, uh it's going to be rejected.

So, we have a 402 saying that payment has to be required. We got some instructions for how to pay as well. So,

um with just a few lines of code, we've now sort of gated access to that. Um and

let's go ahead and look at how we might get past that. So, we we're asked for the open source thing. We open source the thing. You can contribute to it

the thing. You can contribute to it called Pearl. It's payments plus curl.

called Pearl. It's payments plus curl.

[cough] And if I go ahead and make that request, um now I have an opportunity to present my own wallet and that will, you know, uh process the payment flow. So, let's

hope I t my password in correctly. And I

did. Um, so now we actually get the response back. I that transaction which

response back. I that transaction which we can look up. I got the 200 back through as well. So, um, I didn't have to sign up for the service, right? I

don't have a contract or anything. I

just made that one API invocation. I

paid a penny for it. Um, and that's that. So uh you know we built mechanisms

that. So uh you know we built mechanisms to share uh just to summarize we've built uh mechanisms to share regular payment methods like cards and bank accounts and Apple pay Google pay and hundreds of other ones uh between agents

and sellers. Uh we've also built uh

and sellers. Uh we've also built uh protocols to explain the checkout flow and how you as a seller can express um express what you know your capacity to sell to agents. And then we're also

exploring these more you know really agent ways to to transact just on the HTTP level.

[music]