At session start, the user defines an IntentMandate specifying constraints: maximum budget, allowed payment instruments, permitted merchant categories, and expiry time; use the AP2 SDK's IntentMandate builder to construct and sign this object.
Store the signed IntentMandate and share it with the agent via a secure token reference; never pass the raw mandate body through the LLM prompt.
The agent consults the IntentMandate before executing any purchase action, checking that price, merchant, and instrument all satisfy the stated constraints before proceeding.
When the agent is ready to buy, it generates a CartMandate from the merchant and a PaymentMandate referencing both the CartMandate and the originating IntentMandate, forming a verifiable three-document chain.
Present the complete mandate chain to the credential provider; the provider validates that the PaymentMandate does not exceed the IntentMandate's budget ceiling and that the mandate has not expired.
Known gotchas
Open Intent Mandates have an explicit expiry field; an expired mandate must be reissued by the user — the agent cannot extend it unilaterally.
Budget constraints in the IntentMandate are denominated in a single currency; cross-currency purchases require FX conversion before the constraint check, which is not handled automatically by the SDK.
Merchants who do not yet support AP2 cannot receive a mandate chain; the agent must fall back to a human-in-the-loop flow rather than silently skipping mandate verification.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp