Skip to Content
🚀 {xpay✦} is building the future of x402 payments - Join the developer beta →
Agentic Commerce ProtocolsACP vs UCP vs AP2

ACP vs UCP vs AP2 — Technical Comparison

Side-by-side technical comparison of the three open agentic-commerce specifications. Aimed at engineers picking one to integrate against or contributing upstream. Last reviewed 2026-05-16.

Spotted something stale or wrong? File an issue on the docs repo and we’ll correct it ahead of other doc work.

TL;DR

ACPUCPAP2
Full nameAgentic Commerce ProtocolUniversal Commerce ProtocolAgent Payments Protocol
Sponsor org(s)OpenAI + StripeVendor-neutral (Tech Council + Governance Council)Google
Public launch2025-09-29 (repo created)2025-Q42025-Q4
Repoagentic-commerce-protocol/agentic-commerce-protocoluniversal-commerce-protocol/ucpgoogle-agentic-commerce/AP2
GovernanceSEP process + TSC + Founding-Maintainer vetoTech Council + Governance Council; TC review labelMaintained inside Google; community PRs accepted
Primary surfaceCart + checkoutCart, checkout, order, catalog, refunds, disputesPayment mandates, A2A messages
TransportsHTTP+JSON onlyHTTP, MCP, A2A, embeddedA2A, MCP (via Google Agent Builder)
Request integrityBearer token per platform (Issue #4  — explicitly out-of-scope at spec level)HTTP Message Signatures (RFC 9421)Signature, Signature-Input, Content-DigestMandate signatures (verifiable credentials style)
Spec statusProduction-ready for ChatGPT Buy It surfaceDraft, dated releasesDraft / preview
Conformance toolingvalidate:all stub in-repoSeparate conformance repo + python-sdk + js-sdk + ucp-schema (Rust validator)Sample agents in repo

Repo statistics below were captured 2026-05-15. Star counts and issue counts will drift — re-check via gh api repos/<owner>/<repo> before quoting.

RepoStarsOpen issuesCreated
agentic-commerce-protocol/agentic-commerce-protocol1,3891052025-09-29
universal-commerce-protocol/ucp2,9591042025-Q4
google-agentic-commerce/AP22,9991012025-Q4

Governance models

ACP

ACP runs a SEP (Spec Enhancement Proposal) process with a Technical Steering Committee. The Founding Maintainers (OpenAI, Stripe, Meta) hold a documented veto for neutrality/security; in practice most breaking changes are pre-aligned before a public PR lands. Fast and coherent; less open to outside steering. A separate Forter-led trusted-agentic-commerce-protocol fork (177★) exists alongside it — read their README for their stated motivation rather than ours.

UCP

UCP runs a two-council model: a 16-person Tech Council approves spec changes (the TC review label is the green-light signal), and a Governance Council oversees process. No single vendor holds veto. Slower per PR than ACP, but no founding-maintainer can unilaterally block. Dated releases (docs/specification/2026-04-08/...) give implementers a pin point.

AP2

AP2 lives under Google’s google-agentic-commerce org. Community PRs are accepted, but stewardship is effectively single-vendor. The framing as payments rather than commerce keeps the surface small enough that single-vendor stewardship is workable; that would be harder to sustain for a full commerce spec.

Spec surface — what each repo actually publishes

ArtifactACPUCPAP2
OpenAPI / JSON SchemaYes (per-endpoint JSON Schema)Yes (OpenAPI + JSON Schema, per dated release)Partial (sample schemas)
MCP bindingNo (TODO: confirm — community proposals exist)Yes (cart-mcp.md-style binding docs)Yes (Agent Builder integration)
A2A bindingNoYesYes (primary surface)
Reference implStripe + Shopify partner-onlyjs-sdk, python-sdk (open)Sample agents (open)
Conformance suitevalidate:all stubSeparate conformance repoSample tests

Transport bindings

  • ACP — HTTP+JSON only. Discovery is out-of-band (you must already know the merchant endpoint). There is no MCP binding in the spec as of 2026-05-15.
  • UCP — HTTP is canonical, but the repo also publishes binding docs for MCP, A2A, and embedded (in-app) transports. The MCP binding is the most actively iterated; it maps cart.create / cart.update / checkout.complete directly onto MCP tool calls.
  • AP2 — Built around A2A. MCP is reachable through Google Agent Builder. HTTP-only consumers are second-class.

Authentication & request integrity

This is the single biggest spec-level divergence.

ACP

Bearer tokens, sourced per platform. The spec explicitly defers request integrity to the implementer — see Issue #4  where the maintainers scope request signing out of the protocol. Pragmatic for shipping, but every integrator builds (or skips) signing themselves.

UCP

UCP requires HTTP Message Signatures (RFC 9421 )Signature, Signature-Input, Content-Digest. Reference verifiers ship in js-sdk and python-sdk. Strongest request-integrity story of the three by a clear margin.

AP2

Signed mandates — short verifiable credentials describing what the agent is allowed to spend on behalf of the user. The mandate travels with each transaction; verification is against the issuer’s public key (user wallet or identity provider). Stronger than ACP’s bearer model; orthogonal to UCP’s per-request signing — the two could coexist.

Commerce surface coverage

ACPUCPAP2
Cart create / updateYesYesImplicit
CheckoutYesYesYes
Order lifecyclePartialYesPartial
Catalog / product feedNo (out-of-band)YesNo
RefundsNo (TODO)YesOut-of-scope
DisputesNoDraftOut-of-scope
Discounts / promotionsYes (rich)PartialNo
Fulfillment / shippingYesYesNo
Payment authorizationYes (via Stripe-style intents)Yes (signature-based)Yes (primary surface)

ACP wins on discount/promotion semantics (price adjustments, coupon stacking, line-item overrides — see PR #192  which shipped the Promotions API in spec/2026-04-17). UCP wins on post-purchase (refunds, disputes, multi-stage order states). AP2 is narrower by design.

Conformance & tooling

  • ACP ships a validate:all stub that exercises JSON Schema against a small fixture set. No language SDKs in the canonical repo as of 2026-05-15.
  • UCP ships a separate conformance repo, plus python-sdk, js-sdk, and ucp-schema (a Rust validator). Multi-language coverage is the most complete of the three.
  • AP2 ships sample agents and a small test harness. SDK story is TODO — verify against latest Google docs.

Versioning & release cadence

  • ACP uses dated revisions (most recent: 2026-04-17 as of writing — TODO: verify against RELEASES.md). Breaking changes are flagged in the changelog; the cherry-pick workflow is informal.
  • UCP uses strict dated specs (spec/YYYY-MM-DD.md) with a formal cherry-pick workflow between draft and stable branches.
  • AP2 uses semver-ish tags; release cadence is irregular.

Maturity signals (2026-05-15)

  • Throughput — all three sit around 100 open issues with active weekly merges. ACP merges community PRs but at lower velocity than internal ones; UCP’s TC review label is the single best signal of “maintainers want this.” TODO: pull time-to-merge numbers with gh pr list --state merged --json mergedAt,createdAt.
  • Stars are a vanity metric. AP2 and UCP both crossed 2,900 within months on brand pull alone; ACP’s 1,400 with two big sponsors and a working production integration is the more interesting number.
  • Production footprint — ACP is live via OpenAI’s Buy It in ChatGPT and Stripe’s reference handler (Vercel ships a community port ). UCP has NVIDIA’s Retail-Agentic-Commerce  blueprint plus early Shopify integrations. AP2 production deployments — none we can verify; if you have one, tell us and we’ll cite it.

Cross-pollination opportunities

Not “merge them,” just things each could borrow from the others:

  • ACP could adopt RFC 9421 from UCP. Issue #4 is the obvious site; the result is one normative request-integrity story instead of N per-platform schemes.
  • UCP could borrow ACP’s promotion/discount model. ACP’s price_adjustment semantics (post #192) are richer than UCP’s current draft and slot cleanly into UCP’s cart object.
  • AP2’s mandate model could plug into both as an additional auth mode. A signed mandate strictly subsumes “this agent may spend $X with merchant Y”; ACP and UCP could accept mandates without giving up their own auth.
  • One MCP transport binding for all three. The MCP tool-call shape for cart.create / cart.update / checkout.complete is nearly identical across the three specs. A shared binding would let a single MCP client target all of them with one code path — and would let UCP’s existing binding work serve the other two with light edits.

When to choose which

Use caseBest fitWhy
B2C retail, ChatGPT-drivenACPDirect path to OpenAI Buy It surface and Stripe processing
B2B procurement, multi-vendorUCPVendor-neutral governance, RFC 9421 integrity, refunds/disputes
Voice / Gemini agent commerceAP2A2A is the native transport for Google Agent Builder
Content monetization, per-callx402 directlySkip the commerce protocol; you only need a payment rail
Hybrid (cart-aware agent paying in stablecoin / fiat / both)UCP + the rail of your choiceUCP for cart semantics; layer MPP, x402, or card rails underneath as fits

xpay✦ engagement

xpay✦ is rail-agnostic by design — we integrate with MPP, x402, cards, and stablecoin rails, and we contribute upstream to ACP and UCP so the commerce layer above those rails stays open. Current upstream work is on minor-improvement-track items first, with a longer-running interest in landing RFC 9421 adoption in ACP (citing UCP precedent).

Current upstream work (snapshot 2026-05-16):

  • ACPPR #251  — README changelog listing fix (minor-improvement track). Tracking Issue #97  (Idempotency-Key TTL) as a near-term SEP candidate with a Stripe TSC sponsor.
  • UCPPR #443  — shared-type centralization against Issue #412  (endorsed by @igrigorik and @wry-ry).
  • AP2 — watching; no active PRs.

References

Last updated on:
OverviewACP (OpenAI + Stripe)