Request an Agentic Token via the Mastercard Digital Enablement Service (MDES) Tokenization API, specifying the agent identity, permitted merchant scope (one or more merchant IDs or MCC categories), and consent policy including spend caps and expiry.
The issuer returns a token that binds the underlying card PAN to the agent identity and scope; the raw card number is never exposed to the agent or LLM.
Embed the Agentic Token in the agent's payment credential store; at checkout, the agent passes the token in the authorization request just as a standard MDES token, with additional fields carrying agent identity.
Configure real-time authorization revocation: the consumer's issuer app can pull the agent's authorization at any time, immediately invalidating the Agentic Token at the network level.
Test in the Mastercard sandbox via developer.mastercard.com; the agentic tokenization sandbox supports Level 1 (minimal changes) and higher level implementations per the Merchant Cloud Tutorials.
Known gotchas
Agentic Tokens are an extension of standard MDES tokenization; merchants who already accept MDES tokens require only incremental changes to handle agent-specific fields per the Level 1 guide.
Spend caps, merchant restrictions, and expiry windows are set at token provisioning time; modifying them requires re-issuance of the token, not a simple API update.
The broader Mastercard Agent Pay framework (AP4M) uses on-chain Verifiable Intent for new agent-native flows; Agentic Tokens are the backward-compatible path for existing card-network merchants and processors.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp