UCP is not a single API. It is a layered, decentralized protocol stack that standardizes how AI agents interact with merchant backends. This page explains the architecture in practical terms.
UCP separates concerns into distinct layers. Each layer handles a specific responsibility:
| Layer | Responsibility | Key Mechanism |
|---|---|---|
| Discovery | How agents find merchants and learn their capabilities | /.well-known/ucp profile |
| Negotiation | How two parties agree on what to use | Capability intersection (server-selects) |
| Transport | How messages are exchanged | REST, MCP, A2A, Embedded |
| Business Logic | The actual commerce operations | Capabilities (checkout, catalog, etc.) |
| Payments | How money moves | AP2 (Agent Payments Protocol) |
| Identity | How agents are authenticated and authorized | OAuth 2.0, Agent Profiles |
There is no central UCP server. Like email, UCP uses DNS and well-known endpoints for peer-to-peer agent discovery. A merchant's domain is their identity. Their /.well-known/ucp file is their capability manifest.
UCP supports four transports. The same business logic can be exposed through multiple transports simultaneously. Merchants choose which to support; agents choose which to use.
Standard HTTP/JSON with OpenAPI 3.x schemas. The most straightforward transport. Each capability maps to REST endpoints. Discovery via GET /.well-known/ucp, then standard CRUD operations.
POST /checkout-sessions
GET /checkout-sessions/{id}
PUT /checkout-sessions/{id}
POST /checkout-sessions/{id}/complete
Model Context Protocol (JSON-RPC over HTTP). Works natively with Claude, Cursor, and any MCP-compatible agent framework. A merchant exposes UCP capabilities as MCP tools.
POST /mcp
Content-Type: application/json
{
"jsonrpc": "2.0",
"method": "checkout/create",
"params": {
"meta": {
"ucp-agent": {
"profile": "https://..."
}
}
}
}
Agent-to-Agent Protocol. For delegation between agents. One agent can delegate a shopping sub-task (including a purchase) to another, with credential handoff and authorization scope.
Embedded Commerce Protocol (ECP). Renders a merchant's checkout UI inside an agent surface. Supports bidirectional messaging, payment/address delegation, and agent branding. Born from Shopify's Checkout Kit.
UCP introduces a trust framework designed for agentic commerce, where the agent is an intermediary between buyer and merchant.
Agents define a profile so merchants can verify them and apply the right rate limits and tool access. Higher trust tiers unlock broader access, including direct checkout completion. Profiles are hosted at a well-known URL and referenced on every UCP request.
// REST: profile in header
UCP-Agent: profile="https://agent.example/profile"
// MCP: profile in params
{
"meta": {
"ucp-agent": {
"profile": "https://agent.example/profile"
}
}
}
UCP uses OAuth 2.0 for secure, authorized relationships between agents and merchants. Agents do not share user credentials. Instead, they obtain scoped tokens:
// Merchant's OAuth config at /.well-known/oauth-authorization-server
{
"issuer": "https://shop.example.com",
"authorization_endpoint": "https://shop.example.com/oauth2/authorize",
"token_endpoint": "https://shop.example.com/oauth2/token",
"scopes_supported": [
"dev.ucp.shopping.checkout",
"dev.ucp.shopping.order:read",
"dev.ucp.shopping.order:manage"
],
"grant_types_supported": ["authorization_code", "refresh_token"]
}
Every payment authorization is backed by cryptographic proof of user consent via AP2 payment mandates and verifiable credentials. This solves the "rogue agent" problem - an agent cannot complete a payment without provable user authorization.
Here is what happens when an agent first encounters a merchant:
https://merchant.com/.well-known/ucpsupported_versions for a compatible profileGET https://shop.example.com/.well-known/ucp
Accept: application/json
// Response:
{
"ucp": {
"version": "2026-04-08",
"services": {
"dev.ucp.shopping": [
{
"version": "2026-04-08",
"transport": "rest",
"endpoint": "https://shop.example.com/ucp/v1",
"schema": "https://ucp.dev/.../rest.openapi.json"
}
]
},
"capabilities": {
"dev.ucp.shopping.checkout": [...],
"dev.ucp.shopping.fulfillment": [...]
},
"payment_handlers": { ... }
}
}
requires constraintsThis entire flow is automated. The agent and merchant discover each other's capabilities through their profiles and the protocol handles compatibility. No emails, no Slack messages, no integration calls.
The checkout session moves through defined states:
// 1. Create checkout from cart
POST /checkout-sessions
{
"line_items": [{"product_id": "123", "quantity": 1}]
}
// Response: status = "incomplete"
// 2. Update checkout (add buyer info, fulfillment, etc.)
PUT /checkout-sessions/{id}
{
"buyer": { "email": "user@example.com", ... },
"fulfillment": { "methods": [...] }
}
// Response: status = "ready_for_complete"
// 3. Complete checkout (submit payment)
POST /checkout-sessions/{id}/complete
{
"payment": { "instrument": {...}, "credential": "..." }
}
// Response: status = "completed" OR "requires_escalation"
// 4. If escalation needed:
// Response includes continue_url for buyer to finalize in browser
// Agent can resume after buyer completes the step
// 5. Cancel if needed
DELETE /checkout-sessions/{id}
UCP delegates payments to AP2 (Agent Payments Protocol). The key architectural decision is separating instruments from handlers:
This separation means UCP is payment-agnostic. Any processor, any wallet. The merchant declares which handlers they support in their profile. The agent and merchant negotiate which to use. Payment handlers process the actual transaction using the merchant's existing payment infrastructure.
Not every transaction can be completed by an agent autonomously. UCP defines a clean escalation path:
status: "requires_escalation" with a continue_urlcontinue_url to the buyerUCP is designed so that no transaction gets stuck. If an agent can't complete it, the buyer can. If the buyer needs help, the agent facilitates. The protocol ensures commerce always reaches completion.