Agentic Commerce: Dive into ACP & UCP Protocols

TLDR

Agentic commerce enables AI agents to autonomously handle end-to-end shopping workflows—from discovery to checkout—through standardized protocols like ACP (OpenAI/Stripe) and UCP (Shopify/Google).

This article explores their architectures, a practical Shopify MCP implementation, engineering challenges, and future directions for developers building scalable agentic systems.

Intro

E-commerce revolutionized retail by digitizing physical stores into accessible, scalable online platforms, enabling globalized reach and streamlined checkout flows. Agentic commerce amplifies these capabilities exponentially, empowering AI agents to autonomize end-to-end purchases, negotiate dynamic discounts, provide proactive post-purchase support, and orchestrate complex workflows—all while maintaining merchants as the Merchant of Record (MoR).

This represents a paradigm shift from human-led browsing to AI-orchestrated commerce, powered by interoperable protocols and robust system design. For engineers, it demands new skills in protocol interoperability, stateful agent reasoning, and headless commerce integration.

Overview: Enabling Agentic Commerce

To operationalize agentic commerce, open-source protocols provide the foundational building blocks:

1. ACP (Agentic Commerce Protocol) focuses on checkout and payment processing. It provides a REST-based Checkout API for cart management and a Delegate Payment API for secure payment tokenization through PSPs like Stripe. The minimal implementation surface enables rapid merchant adoption. OpenAI supports merchant integration via standardized product feed specs that expose inventory to ChatGPT.

2. UCP (Universal Commerce Protocol) addresses the full commerce lifecycle including product discovery, identity linking, checkout, and order management. It defines participant roles, capability boundaries, and interaction patterns for complex commerce workflows. Shopify implements UCP through MCP servers for catalog and checkout, with ongoing development for post-purchase capabilities.

Both protocols support human-driven API workflows alongside agentic flows, ensuring backward compatibility while future-proofing for autonomous commerce.

Protocols and Standards

ACP

• There are 4 parties involved in ACP:
  • Buyer: human who wants to purchase something.
  • Agent: AI platform that orchestrates checkout experience.
  • Seller: the merchant who sells products. Sellers implement the Checkout API and remain the merchant of record (MoR).
  • Payment Provider: handles payment tokenization and processing. Eg: stripe.

Core APIs:

• Checkout API:
  Enables agents to programmatically create, update, and complete checkout sessions. Designed for conversational flows where agents maintain session state across multi-turn interactions while managing cart modifications, shipping calculations, and order finalization.

• Delegate Payment API:
  Provides tokenized payment credentials with granular usage constraints through an allowance framework. Merchants can enforce spending limits, merchant restrictions, and time-based controls without exposing raw payment credentials.

UCP

• There are 4 parties involved in UCP as well:

  • Platform/Agent: Buyer-facing interface (smart assistants, conversational surfaces, embedded commerce tools)
  • Business: Product/service provider with inventory and fulfillment responsibilities
  • Credential Provider: Identity management for user profile data (Google Sign-In, Entra ID)
  • Payment Provider: Payment processing infrastructure (Stripe, PayPal, Google Pay)

• UCP operates on three layers:

  • Capabilities - Major Functional Domains:
    • Product Discovery: discovering products with semantic query support.
    • Cart: multi-item checkout, complex basket rules. Eg: BOGO, bundles, minimums
    • Identity Linking: obtain authorization to perform actions on behalf of a user.
    • Checkout: facilitating checkout sessions.
    • Order: Transaction history, tracking, returns.
    • Other vertical capabilities: loyalty programs & member benefits.
  • Extensions - Optional augmentation (e.g., discount codes, gift wrapping).
  • Services: lower-level communication layers used to exchange data. Eg: REST, MCP A2A

• Specifications:
  • Checkout Capability
  • Order Capability
  • Identity Linking Capability
  • Payment Handler

Active development: Product discovery with semantic search, cart operations with inventory validation, vertical-specific extension framework. See roadmap.

Implementation

Shopify MCP Architecture

Shopify implements UCP through two MCP servers that expose commerce primitives via JSON-RPC 2.0 protocol.

Catalog MCP Server

Enables AI agents to search and discover products across the global Shopify ecosystem, providing cross-merchant product discovery capabilities.

Authentication: OAuth client credentials flow returns JWT bearer tokens (60-minute TTL). All requests require Authorization: Bearer {token} header.

Endpoint: https://discover.shopifyapps.com/global/mcp

Core Tools:

1. search_global_products: Cross-merchant product search with filtering

   • Required: query (search terms), context (buyer demographics, preferences)
   • Filters: min_price, max_price, ships_to, ships_from, available_for_sale, requires_selling_plan (subscriptions), include_secondhand
   • Returns: Product list with titles, images, pricing, shop info, variants, UPIDs (Universal Product IDs)
   • Limit: 1-300 results (default 10)

2. get_global_product_details: Lookup by UPID for comprehensive product data

   • Required: upid (Base62-encoded Universal Product ID)
   • Optional: product_options (filter by color, size, etc.), option_preferences (rank option importance), variant_id (force specific variant), shop_id
   • Returns: All variants with pricing, options, shop details, availability, shipping info

Key Design Pattern: Search returns UPIDs → lookup uses UPIDs for details. This two-step pattern enables agents to narrow results before retrieving full product data.

Example Workflow:

// Step 1: Search
{
  "method": "tools/call",
  "params": {
    "name": "search_global_products",
    "arguments": {
      "query": "wireless headphones",
      "context": "noise-cancelling, budget-conscious",
      "max_price": 200,
      "ships_to": "US",
      "limit": 5
    }
  }
}

// Step 2: Get details with UPID from search results
{
  "method": "tools/call",
  "params": {
    "name": "get_global_product_details",
    "arguments": {
      "upid": "AbC123XyZ",
      "product_options": [{"key": "Color", "values": ["Black"]}]
    }
  }
}

Checkout MCP Server

Enables AI agents to create and manage checkout sessions, allowing buyers to complete purchases through a trusted UI.

Authentication: Same OAuth flow as Catalog MCP

Endpoint: https://{shop-domain}/api/ucp/mcp (merchant-specific)

Core Tools:

1. create_checkout: Initialize checkout session

   • Required: _meta.ucp.profile (agent UCP profile URI), currency, line_items (array with quantity and variant id)
   • Optional: buyer (email), fulfillment (shipping methods/destinations), payment (instruments)
   • Returns: Checkout ID, status, line items with totals, continue_url for trusted UI handoff, payment handlers

2. get_checkout: Retrieve current session state

   • Required: id (checkout session ID)
   • Returns: Current status, line items, totals, messages (errors/warnings)

3. update_checkout: Modify session

   • Supports: Line item changes, buyer info updates, shipping address, fulfillment method
   • Line items replacement: Sending new line_items array replaces existing cart

4. complete_checkout: Finalize order

   • Required: id, idempotency_key (UUID), payment.instrument_id, payment.credential
   • Only callable when status == "ready_for_complete"
   • Returns: order_id, order_permalink_url

5. cancel_checkout: Abandon session

   • Required: id, idempotency_key
   • Non-reversible, frees inventory holds

Status State Machine:

incomplete → requires_escalation → ready_for_complete → complete_in_progress → completed
           ↓
         canceled

• incomplete: Missing required info, check messages field for resolution steps
• requires_escalation: Needs buyer input unavailable via API, use continue_url for UI handoff
• ready_for_complete: All info collected, agent can call complete_checkout

Critical Design Principle: Payment collection occurs in trusted UI (via continue_url), not through agent. Agents never handle raw payment credentials. Checkout MCP receives tokenized payment data after user completes payment in secure interface.

OpenAI's Responses API includes native MCP support with authentication, enabling straightforward integration.

Demo Implementation: Terminal-Based Agentic Workflow

Built a terminal interface demonstrating end-to-end agentic commerce:

1. User query: "find wireless headphones under $200"
2. Agent queries Catalog MCP, returns results
3. User requests product details
4. User expresses purchase intent
5. Agent initiates checkout (merchant store or embedded interface)

Repository: Github - Agentic Commerce Terminal Chat

Engineering Requirements

1. System Prompt Design: LLM persona must balance autonomous progress with user confirmation requirements. Prompt defines tool invocation logic, state management across turns, and checkout progression. Poor calibration results in either unauthorized purchases or stalled workflows.

2. Incomplete Checkout Recovery: Implement explicit fallback paths for payment failures, invalid addresses, and inventory depletion. Silent failures or hallucinated completions break user trust.

3. Product Identification from Context: Extract product IDs from conversational references ("the second one", "the Sony model"). Requires mapping natural language to catalog entries before cart operations.

4. Authorization Flow: Identity linking must clearly communicate data access scope and maintain secure token management across conversation sessions.

Implementation Challenges

Context State Management: The primary engineering challenge is maintaining accurate product context across multi-turn conversations. LLMs without structured state tracking produce errors when users reference products ambiguously, modify quantities, or switch between categories.

Observed failure modes:

• Agent adds wrong product to cart when user says "the second one" after viewing multiple result sets
• Quantity mismatches when user revises order mid-conversation
• Product ID loss during context window shifts in long sessions

Required state architecture:

- Active catalog context (current search results)
- User preference constraints (price limits, categories, attributes)
- Cart state (selected products, quantities, variants)
- Checkout session (shipping, payment, order status)
- Auth tokens and profile access scope

Naive implementations relying solely on LLM conversation memory fail in production. Explicit state management with validation checkpoints is essential.

API State Synchronization: Race conditions occur when users modify intent faster than API calls complete. Example: user changes quantity while cart update is in-flight. Requires optimistic UI updates with conflict resolution or pessimistic locking with clear loading states.

Error Translation: Commerce APIs return technical errors (inventory insufficient, payment declined, address validation failed). Engineers must translate these into natural language that helps users resolve issues without exposing implementation details or confusing non-technical users. Simple string mapping is insufficient—contextual explanation improves recovery rates.

Conclusion

Technical Trajectory

Agentic commerce infrastructure is maturing rapidly. Near-term development areas include:

Vertical Protocol Extensions: Industries with complex procurement workflows (automotive, B2B, real estate) will require domain-specific extensions beyond horizontal commerce primitives. Expect specification work on multi-stakeholder approval flows, negotiation protocols, and customization pipelines.

Multi-Agent Orchestration: Single-agent architectures will evolve toward specialized agent coordination. A price comparison agent, reviews analyzer, and checkout executor could operate as microservices, requiring inter-agent communication protocols and distributed transaction management.

Context Persistence and Proactive Commerce: As identity linking matures, agents gain access to richer user data, enabling proactive purchase suggestions based on detected needs rather than explicit requests. This requires careful consent management and notification preferences at the protocol level.

Collaboration

If you're implementing agentic commerce systems and encountering state management issues, protocol integration challenges, or merchant-side architecture decisions, technical discussions are valuable for the ecosystem. Pattern sharing accelerates collective learning.

Contact:

• Spurtree Technologies

Agentic commerce protocols are open-source, implementation patterns are emerging, and the technical foundation is accessible. The architecture is still being defined through production deployments.