Agentic Commerce Protocol (ACP) Overview
The Agentic Commerce Protocol (ACP) is a specification that enables AI agents to interact with merchant systems to discover products, manage shopping carts, and complete purchases on behalf of users.
What is ACP?
ACP defines a standard way for AI assistants (like ChatGPT) to:
- Discover products from merchant catalogs
- Create and manage shopping carts with real pricing
- Complete purchases using secure payment methods
- Receive order updates throughout the fulfillment lifecycle
Think of it as a “language” that AI agents and e-commerce systems use to communicate—ensuring consistent, secure, and reliable shopping experiences.
The Three Pillars of ACP
┌─────────────────────────────────────────────────────────────────────────┐
│ Agentic Commerce Protocol │
├───────────────────────┬───────────────────────┬─────────────────────────┤
│ │ │ │
│ PRODUCT FEED │ CHECKOUT SPEC │ DELEGATED PAYMENT │
│ │ │ │
│ What's for sale? │ How do I buy it? │ How do I pay? │
│ │ │ │
│ • Catalog data │ • Cart management │ • Secure tokens │
│ • Pricing & stock │ • Address handling │ • PSP integration │
│ • Rich metadata │ • Tax & shipping │ • Fraud protection │
│ • Semantic search │ • Order completion │ • Refunds & disputes │
│ │ │ │
└───────────────────────┴───────────────────────┴─────────────────────────┘1. Product Feed Specification
Defines how merchants share their product catalog with AI systems:
| Field | Purpose | Example |
|---|---|---|
id | Unique product identifier | SKU12345 |
title | Product name | Nike Air Zoom Pegasus |
description | Full product description | Responsive running shoe... |
price | Current price with currency | 129.99 USD |
availability | Stock status | in_stock |
variants | Size, color options | [{sku: "black-10", ...}] |
images | Product photos | [{url: "https://..."}] |
Key Features:
- Supports TSV, CSV, XML, or JSON formats
- Updates as frequently as every 15 minutes
- Enables semantic (natural language) search
- Includes inventory, shipping, and compliance data
2. Agentic Checkout Specification
Defines the REST endpoints for managing the purchase flow:
| Endpoint | Purpose |
|---|---|
POST /checkout_sessions | Create a new shopping cart |
POST /checkout_sessions/{id} | Update cart contents |
POST /checkout_sessions/{id}/complete | Finalize the purchase |
POST /checkout_sessions/{id}/cancel | Cancel the order |
GET /checkout_sessions/{id} | Get current cart state |
Key Features:
- Full cart state returned with every response
- Real-time tax and shipping calculation
- Support for multiple fulfillment options
- Error messages displayed to users
3. Delegated Payment Specification
Defines how payment credentials are securely shared:
| Concept | Description |
|---|---|
| Payment Token | Single-use credential with spending limits |
| Allowance | Maximum amount and expiration time |
| PSP Integration | Works with merchant’s existing payment processor |
Key Features:
- OpenAI is NOT the merchant of record
- Merchants use their existing PSP (Stripe, etc.)
- Tokens are constrained by amount and time
- Supports network tokenization for enhanced security
How ACP Works: End-to-End Flow
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ User │ │ AI │ │ Lorn │ │ Merchant │
│ │ │ Agent │ │ AI │ │ Systems │
└────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘
│ │ │ │
│ "Find running │ │ │
│ shoes" │ │ │
│──────────────▶│ │ │
│ │ │ │
│ │ GET /acp/products?q=running │
│ │──────────────▶│ │
│ │ │ │
│ │ │ Query products │
│ │ │──────────────▶│
│ │ │ │
│ │ │◀──────────────│
│ │ │ Product list │
│ │◀──────────────│ │
│ │ Products │ │
│ │ │ │
│◀──────────────│ │ │
│ "I found Nike │ │ │
│ Pegasus..." │ │ │
│ │ │ │
│ "Add to cart" │ │ │
│──────────────▶│ │ │
│ │ │ │
│ │ POST /checkout_sessions │
│ │──────────────▶│ │
│ │ │ │
│ │ │ Create session │
│ │ │──────────────▶│
│ │ │ │
│ │◀──────────────│ │
│ │ Session ID │ │
│ │ + pricing │ │
│ │ │ │
│◀──────────────│ │ │
│ "Added! Total │ │ │
│ is $148.38" │ │ │
│ │ │ │
│ "Complete │ │ │
│ purchase" │ │ │
│──────────────▶│ │ │
│ │ │ │
│ │ POST /checkout_sessions/{id}/complete
│ │──────────────▶│ │
│ │ │ │
│ │ │ Process order │
│ │ │──────────────▶│
│ │ │ │
│ │◀──────────────│ │
│ │ Completed │ │
│ │ │ │
│◀──────────────│ │ │
│ "Order │ │ │
│ confirmed!" │ │ │
│ │ │ │Checkout Session States
A checkout session progresses through defined states:
┌─────────────────┐
│ │
┌──────▶│ not_ready_for │
│ │ payment │
│ │ │
│ └────────┬────────┘
│ │
│ │ Add shipping address
│ ▼
┌───────┴───────┐ ┌─────────────────┐
│ │ │ │
│ open │◀│ ready_for │
│ (created) │ │ payment │
│ │ │ │
└───────────────┘ └────────┬────────┘
│
┌──────────────────┼──────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ │ │ │ │ │
│ canceled │ │ completed │ │ expired │
│ │ │ │ │ │
└───────────────┘ └───────────────┘ └───────────────┘| State | Description |
|---|---|
open | Session created, cart has items |
not_ready_for_payment | Missing required info (address, etc.) |
ready_for_payment | All info present, can complete |
completed | Purchase finalized |
canceled | Session canceled by user or system |
Key Principles
1. Merchant Remains in Control
- Merchants own their product data, pricing, and inventory
- Payments process through merchant’s existing PSP
- Fulfillment happens on merchant’s systems
- OpenAI/AI agents are facilitators, not merchants of record
2. Rich State in Every Response
Every checkout API response includes the complete cart state:
{
"checkout_session": {
"id": "cs_demo_abc123",
"status": "ready_for_payment",
"line_items": [...],
"shipping_address": {...},
"tax": {...},
"amounts": {
"subtotal": 129.99,
"tax": 10.40,
"shipping": 7.99,
"total": 148.38
}
}
}This allows AI agents to display accurate information without additional API calls.
3. Security by Design
- All traffic over HTTPS
- Request signing for authentication
- Idempotency keys prevent duplicates
- Payment tokens are single-use and constrained
- Webhook signatures verify authenticity
4. Graceful Error Handling
Errors are structured and actionable:
{
"messages": [
{
"type": "error",
"code": "out_of_stock",
"path": "$.line_items[0]",
"content": "This item is no longer available."
}
]
}ACP vs Traditional E-commerce APIs
| Aspect | Traditional APIs | ACP |
|---|---|---|
| Consumer | Web/mobile apps | AI agents |
| Search | Keyword-based | Semantic/natural language |
| State | Multiple calls to build state | Complete state in each response |
| Payments | Direct integration | Delegated with constraints |
| Updates | Polling or webhooks | Real-time webhooks |
| Error Display | Developer interprets | AI-friendly messages |
Implementing ACP with Lorn AI
Lorn AI provides a complete ACP implementation:
| ACP Requirement | Lorn AI Implementation |
|---|---|
| Product Feed | Supabase + pgvector semantic search |
| Checkout Sessions | FastAPI REST endpoints |
| Delegated Payments | Demo mode with PSP integration ready |
| Webhooks | HMAC-signed event delivery |
Quick Integration
# Your AI agent can use Lorn AI's ACP endpoints directly
# 1. Search products
products = GET("/acp/products?q=running shoes")
# 2. Create checkout
session = POST("/checkout_sessions", {
"items": [{"product_id": products[0]["id"], "quantity": 1}]
})
# 3. Complete purchase
order = POST(f"/checkout_sessions/{session['id']}/complete")Next Steps
- Multi-Brand Catalogs — Shop across multiple merchants
- Checkout Flow — Deep dive into session management
- Building a Shopping Agent — Complete implementation guide