tools402 × Google AP2
Google's Agent Payments Protocol (AP2) landed in September 2025 with 60 launch partners. tools402 is natively compatible — four touchpoints, no shim required. This page documents how the pieces line up.
X-AP2-Mandate-Accepted response header and, for agents that don't have one yet, we offer a native EIP-712 builder at /v1/agent/identity.
The four touchpoints
HTTP 402 quote
Every paid endpoint returns a deterministic 402 Payment Required body with accepts array, atomic price, USDC asset, and recipient wallet — the universal contract AP2 agents read before paying.
Mandate-aware settlement
The x402 middleware tags every successful settlement with X-AP2-Mandate-Accepted: transfer-with-authorization, signalling that an EIP-3009 gasless mandate is valid as the payment vehicle.
Audit trail
GET /v1/_audit/<txHash> returns the on-chain settlement proof for any paid call, satisfying the AP2 requirement that every Intent Mandate redemption be independently verifiable.
Native Intent Mandate builder
POST /v1/agent/identity builds and verifies canonical EIP-712 typed data for an AP2 IntentMandate — for agents without an existing AP2 SDK. $0.001/call.
What is an Intent Mandate?
An Intent Mandate is a structured, user-signed message that authorizes an AI agent to spend up to a fixed amount of USDC for a specific intent within a time window. It's the AP2 equivalent of a one-shot prepaid card with policy rules baked in.
tools402's native canonical form (EIP-712, chain id 8453 = Base mainnet):
{
domain: {
name: "tools402-ap2",
version: "1",
chainId: 8453,
verifyingContract: "0x0000000000000000000000000000000000000000"
},
types: {
IntentMandate: [
{ name: "agent", type: "address" },
{ name: "description", type: "string" },
{ name: "max_spend_atomic", type: "uint256" },
{ name: "expires_at", type: "uint256" },
{ name: "nonce", type: "bytes32" }
]
},
primaryType: "IntentMandate",
message: {
agent: "0xAGENT_WALLET",
description: "Summarise the latest 3 arXiv quantum papers",
max_spend_atomic: "50000",
expires_at: 1740960000,
nonce: "0x…32 bytes…"
}
}Build a mandate
curl -X POST https://api.tools402.dev/v1/agent/identity \
-H "X-Payment: <EIP-3009 session token>" \
-H "Content-Type: application/json" \
-d '{
"action": "build",
"agent_wallet": "0xAGENT_WALLET",
"intent_description":"Summarise latest 3 arXiv quantum papers",
"max_spend_atomic": 50000,
"expires_at": 1740960000
}'Verify a signature
curl -X POST https://api.tools402.dev/v1/agent/identity \
-H "X-Payment: <EIP-3009 session token>" \
-H "Content-Type: application/json" \
-d '{
"action": "verify",
"typed_data": { … },
"signature": "0x…65 bytes…"
}'
# → { valid: true, recovered_address: "0xAGENT_WALLET", expired: false }Why USDC on Base?
AP2 is payment-rail agnostic — credit card, bank transfer, stablecoin. tools402 chose USDC on Base (Coinbase's L2) for three reasons:
- Atomic-grain pricing. Tools cost $0.0001 to $0.250. Cards can't price below ~$0.30 without eating the floor in interchange.
- Programmatic. Agents already hold USDC — no card-vault step, no PCI scope, no chargebacks.
- Verifiable. Every settlement is on-chain at basescan.org/address/0x3b9F…59e.
Compatibility matrix
| AP2 requirement | tools402 implementation | Status |
|---|---|---|
| Payment-rail neutrality | USDC on Base via EIP-3009 or external facilitator (Coinbase/Cloudflare/PayAI) | ✓ |
| Intent Mandate semantics | EIP-712 typed data, max_spend + expires + nonce | ✓ |
| Mandate redemption signal | X-AP2-Mandate-Accepted header on every paid response | ✓ |
| Independent audit | /v1/_audit/<txHash> + Basescan | ✓ |
| Refundability | On-chain refund possible — wallet-to-wallet, no chargeback window | ✓ |
| User consent (KYC, identity) | Out of scope — tools402 never sees a human user; the agent's owner signs the mandate off-platform | — |
References
- AP2 spec
- github.com/google-agentic-commerce/AP2
- x402 spec
- x402.org
- EIP-712
- eips.ethereum.org/EIPS/eip-712
- EIP-3009
- eips.ethereum.org/EIPS/eip-3009
- tools402 audit
- basescan.org/address/0x3b9F…59e