{"title":"Agentic Payments integration with ACP checkout flow","category":"default","creationDate":1772813040,"content":"<p>Integrate with our delegated payment API when your agent platform acts a token vault during the <a href=\"https:\/\/developers.openai.com\/commerce\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Agentic Commerce Protocol (ACP)<\/a> checkout flow, where your agent collects and tokenizes the shopper's payment details on behalf of the merchant. Adyen stores the credential and returns an ACP token that your agent passes to the merchant. The merchant uses the token to process the payment with Adyen.<\/p>\n<div class=\"notices green\">\n<p>If you want to integrate with the <a href=\"https:\/\/developers.google.com\/pay\/api\/universal-commerce-protocol\/overview\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Universal Commerce Protocol<\/a> instead, refer to our <a href=\"\/payment-methods\/google-pay\/api-only\/google-pay-token-decryption\">documentation on how to handle Google Pay tokens with Adyen<\/a>.<\/p>\n<\/div>\n<h2>Requirements<\/h2>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that you have set up an integration that follows the <a href=\"https:\/\/developers.openai.com\/commerce\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Agentic Commerce Protocol (ACP)<\/a>.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>User role<\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that your Adyen credential (API key) has the following user role: <ul><li markdown=\"1\"><strong>Agentic Commerce<\/strong><\/li><\/ul>.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Limitations<\/strong><\/td>\n<td style=\"text-align: left;\"><ul><li markdown=\"1\">Compliance: your agent platform must meet PCI DSS Level 1 compliance.<\/li><li markdown=\"1\">You must complete our security review to approve your platform.<\/li><\/ul><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Setup steps<\/strong><\/td>\n<td style=\"text-align: left;\">Before you begin, reach out to your Adyen Account Manager or our <a href=\"https:\/\/ca-test.adyen.com\/ca\/ca\/contactUs\/support.shtml?form=other\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Support Team<\/a> for the following: <ul><li markdown=\"1\">Access to Delegated Payment.<\/li><li markdown=\"1\">Your dedicated Agentic Commerce authentication token.<\/li><li markdown=\"1\">Enable your Adyen merchant accounts for Agentic Commerce.<\/li><\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How it works<\/h2>\n<p>Endpoint URL for your delegated payments:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Environment<\/th>\n<th style=\"text-align: left;\">Endpoint URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">Test<\/td>\n<td style=\"text-align: left;\"><code>https:\/\/pal-test.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment<\/code><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Live<\/td>\n<td style=\"text-align: left;\"><code>https:\/\/pal-live.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>When the shopper initiates a transaction using your agent platform, the following flow occurs:<\/p>\n<ol>\n<li>The shopper enters their payment details in your agent platform.<\/li>\n<li>Your agent platform sends the payment (card number or network token) data to Adyen by making a <code>\/agentic_commerce\/delegate_payment<\/code> request.<\/li>\n<li>Adyen validates the credentials and returns a merchant-scoped ACP token to your agent platform.<\/li>\n<li>Your agent platform sends the ACP token to your checkout application.<\/li>\n<li>The merchant's checkout application makes a <code>\/payments<\/code> request including the ACP token.<\/li>\n<li>Adyen authorizes the payment and returns the payment result to your checkout application.<\/li>\n<\/ol>\n<div id=\"mermaid-6a352592c3753-wrapper\"><div id=\"mermaid-6a352592c3753\" class=\"mermaid-shortcode loading\">CnNlcXVlbmNlRGlhZ3JhbQphdXRvbnVtYmVyCnBhcnRpY2lwYW50IFNob3BwZXIKcGFydGljaXBhbnQgUGxhdGZvcm0gYXMgWW91ciBhZ2VudCBwbGF0Zm9ybQpwYXJ0aWNpcGFudCBBZHllbgpwYXJ0aWNpcGFudCBBcHAgYXMgTWVyY2hhbnQgQ2hlY2tvdXQgQXBwbGljYXRpb24KCiAgICBTaG9wcGVyLT4+UGxhdGZvcm06IEVudGVycyBwYXltZW50IGRldGFpbHMKICAgIFBsYXRmb3JtLT4+QWR5ZW46IC9hZ2VudGljX2NvbW1lcmNlL2RlbGVnYXRlX3BheW1lbnQKICAgIEFkeWVuLS0+PlBsYXRmb3JtOiBNZXJjaGFudC1zY29wZWQgQUNQIHRva2VuCiAgICBQbGF0Zm9ybS0+PkFwcDogU2VuZHMgQUNQIHRva2VuCiAgICBBcHAtPj5BZHllbjogL3BheW1lbnRzIChpbmNsdWRlcyBBQ1AgdG9rZW4pCiAgICBBZHllbi0tPj5BcHA6IFBheW1lbnQgcmVzdWx0IChBdXRob3JpemVkKQo=<\/div><\/div>\n<h2>Send a delegated payment request through the agent platform<\/h2>\n<p>Make a POST <code>\/agentic_commerce\/delegate_payment<\/code> request through your agent platform, including the following:<\/p>\n<p>Headers:<\/p>\n<table>\n<thead>\n<tr>\n<th>Header<\/th>\n<th>Required<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>Authorization<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>Use the following format: <code>Bearer &lt;YOUR_AGENTIC_TOKEN&gt;<\/code>. <br> If you enter a standard API key, you get the 401 Unauthorized error.<\/td>\n<\/tr>\n<tr>\n<td><code>Content-Type<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td><strong>application\/json<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>API-Version<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td><strong>2025-09-29<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>Accept-Language<\/code><\/td>\n<td><\/td>\n<td>The preferred locale for content like messages and errors. For example: <strong>en-US<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>User-Agent<\/code><\/td>\n<td><\/td>\n<td>Your platform name and version. For example: <strong>MyPlatform\/2.0<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>Idempotency-Key<\/code><\/td>\n<td><\/td>\n<td>A unique value, such as a universally unique identifier (UUID), to prevent duplicate transactions. If the same key is sent with the same body, the original response is returned. If sent with a different body, a 400 <code>idempotency_conflict<\/code> error is returned.<\/td>\n<\/tr>\n<tr>\n<td><code>Request-Id<\/code><\/td>\n<td><\/td>\n<td>Unique trace identifier for each request. For example: <strong>request_id_123<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>Signature<\/code><\/td>\n<td><\/td>\n<td>The Base64 HMAC-SHA256 signature of the request body.<\/td>\n<\/tr>\n<tr>\n<td><code>Timestamp<\/code><\/td>\n<td><\/td>\n<td>The time the request as an RFC 3339 string. For example: <strong>2025-09-25T10:30:00Z<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Body:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter name<\/th>\n<th>Required<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>payment_method.type<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td><strong>card<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.card_number_type<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The type of card number. Possible values: <ul><li markdown=\"1\"><strong>fpan<\/strong><\/li><li markdown=\"1\"><strong>network_token<\/strong><\/li><li markdown=\"1\"><strong>dpan<\/strong><\/li><\/ul><\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.number<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The card number, network token, or DPAN. Must be 12\u201319 digits.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.metadata<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>Arbitrary key-value pairs. Pass an empty object <code>{}<\/code> if unused.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.reason<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td><strong>one_time<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.max_amount<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The maximum amount the payment method can be charged, in minor currency units.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.currency<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The three-letter <a href=\"https:\/\/en.wikipedia.org\/wiki\/ISO_4217\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">ISO 4217<\/a> currency code. For example: <strong>USD<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.checkout_session_id<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The ACP checkout session identifier that this token is bound to.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.merchant_id<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The Adyen merchant account code for the merchant this token charges.<\/td>\n<\/tr>\n<tr>\n<td><code>allowance.expires_at<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The token expiry timestamp, formatted as an ISO 8601 string. The token cannot be used after this time.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.name<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The shopper's full name.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.line_one<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The first line of the shopper's street address.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.city<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The city of the shopper's address.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.state<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The state or province of the shopper's address, following <a href=\"https:\/\/en.wikipedia.org\/wiki\/ISO_3166-2\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">ISO 3166-2<\/a>.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.country<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The country of the shopper's address. Two-letter <a href=\"https:\/\/en.wikipedia.org\/wiki\/ISO_3166-1_alpha-2\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">ISO 3166-1 alpha-2<\/a> code.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.postal_code<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The postal code of the shopper's address.<\/td>\n<\/tr>\n<tr>\n<td><code>risk_signals[].type<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The type of risk signal. Currently only <strong>card_testing<\/strong> is supported.<\/td>\n<\/tr>\n<tr>\n<td><code>risk_signals[].score<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The numerical risk score from your platform's fraud engine.<\/td>\n<\/tr>\n<tr>\n<td><code>risk_signals[].action<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>The recommended action. Possible values: <ul><li markdown=\"1\"><strong>authorized<\/strong><\/li><li markdown=\"1\"><strong>manual_review<\/strong><\/li><li markdown=\"1\"><strong>blocked<\/strong><\/li><\/ul> A value of <strong>blocked<\/strong> or <strong>manual_review<\/strong> prevents tokenization.<\/td>\n<\/tr>\n<tr>\n<td><code>metadata<\/code><\/td>\n<td><span class=\"hint--bottom\" data-hint=\"Required\" markdown=\"1\"><img style=\"width: 25px;\" alt=\"Required\" src=\"\/user\/pages\/reuse\/image-library\/01.icons\/required\/required.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/span><\/td>\n<td>Arbitrary key-value pairs for correlation at the request level. Pass an empty object <code>{}<\/code> if unused.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.exp_month<\/code><\/td>\n<td><\/td>\n<td>The card expiry month. For example: <strong>11<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.exp_year<\/code><\/td>\n<td><\/td>\n<td>The card expiry year (four digits). For example: <strong>2030<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.name<\/code><\/td>\n<td><\/td>\n<td>The cardholder name.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.cvc<\/code><\/td>\n<td><\/td>\n<td>The card security code (CVC\/CVV). Must be 3\u20134 digits.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.cryptogram<\/code><\/td>\n<td><\/td>\n<td>The cryptogram for a network token or DPAN. Include when <code>card_number_type<\/code> is <strong>network_token<\/strong> or <strong>dpan<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.eci_value<\/code><\/td>\n<td><\/td>\n<td>The Electronic Commerce Indicator. Relevant for liability shift qualification.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.checks_performed<\/code><\/td>\n<td><\/td>\n<td>An array of checks already performed on the card. Possible values: <ul><li markdown=\"1\"><strong>avs<\/strong><\/li><li markdown=\"1\"><strong>cvv<\/strong><\/li><li markdown=\"1\"><strong>ani<\/strong><\/li><li markdown=\"1\"><strong>auth0<\/strong><\/li><\/ul><\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.iin<\/code><\/td>\n<td><\/td>\n<td>The first six to eight digits of the card number (Issuer Identification Number).<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.display_brand<\/code><\/td>\n<td><\/td>\n<td>The card brand for display. For example: <strong>visa<\/strong>, <strong>mc<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.display_last4<\/code><\/td>\n<td><\/td>\n<td>The last four digits of the original card number, for display to the shopper. Must be exactly 4 digits.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.display_card_funding_type<\/code><\/td>\n<td><\/td>\n<td>The card funding type. Possible values: <ul><li markdown=\"1\"><strong>credit<\/strong><\/li><li markdown=\"1\"><strong>debit<\/strong><\/li><li markdown=\"1\"><strong>prepaid<\/strong><\/li><\/ul><\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.display_wallet_type<\/code><\/td>\n<td><\/td>\n<td>The digital wallet type, if the card came from a wallet.<\/td>\n<\/tr>\n<tr>\n<td><code>payment_method.virtual<\/code><\/td>\n<td><\/td>\n<td>Set to <strong>true<\/strong> if this is a virtual card.<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.line_two<\/code><\/td>\n<td><\/td>\n<td>The second line of the shopper's street address (apartment, suite, unit).<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address.phone_number<\/code><\/td>\n<td><\/td>\n<td>The contact phone number.<\/td>\n<\/tr>\n<tr>\n<td><code>session_context.ip_address<\/code><\/td>\n<td><\/td>\n<td>The IP address from which the agent acts on behalf of the shopper.<\/td>\n<\/tr>\n<tr>\n<td><code>session_context.user_agent<\/code><\/td>\n<td><\/td>\n<td>The user-agent string from the agent's session with the shopper.<\/td>\n<\/tr>\n<tr>\n<td><code>session_context.accept_language<\/code><\/td>\n<td><\/td>\n<td>The Accept-Language header value from the shopper's session.<\/td>\n<\/tr>\n<tr>\n<td><code>session_context.session_id<\/code><\/td>\n<td><\/td>\n<td>The session identifier of the agent's session with the shopper.<\/td>\n<\/tr>\n<tr>\n<td><code>session_context.device_fingerprint<\/code><\/td>\n<td><\/td>\n<td>The device fingerprint from the device on which the agent acts.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n   \n<div id=\"tabF21Yp\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;Card number&quot;,&quot;content&quot;:&quot;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n    &lt;code-sample :title=\\&quot;&#039;Example request body with card number&#039;\\&quot; :id=\\&quot;&#039;delegated-payment-request-card&#039;\\&quot; :code-data=\\&quot;[{&amp;quot;language&amp;quot;:&amp;quot;bash&amp;quot;,&amp;quot;tabTitle&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;content&amp;quot;:&amp;quot;curl -X POST https:\\\\\\\/\\\\\\\/pal-test.adyen.com\\\\\\\/paltokenization\\\\\\\/servlet\\\\\\\/Recurring\\\\\\\/Agentic\\\\\\\/acp\\\\\\\/v1\\\\\\\/agentic_commerce\\\\\\\/delegate_payment \\\\\\\\\\\\n-H \\\\&amp;quot;Authorization: Bearer YOUR_AGENTIC_TOKEN\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;User-Agent: MyPlatform\\\\\\\/2.0\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Idempotency-Key: idempotency_key_123\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Request-Id: request_id_123\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Content-Type: application\\\\\\\/json\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Signature: YOUR_SIGNATURE\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Timestamp: 2025-09-25T10:30:00Z\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;API-Version: 2025-09-29\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Accept-Language: en-US\\\\&amp;quot; \\\\\\\\\\\\n-d &#039;{\\\\n  \\\\&amp;quot;payment_method\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;type\\\\&amp;quot;: \\\\&amp;quot;card\\\\&amp;quot;,\\\\n    \\\\&amp;quot;card_number_type\\\\&amp;quot;: \\\\&amp;quot;fpan\\\\&amp;quot;,\\\\n    \\\\&amp;quot;number\\\\&amp;quot;: \\\\&amp;quot;4111111111111111\\\\&amp;quot;,\\\\n    \\\\&amp;quot;exp_month\\\\&amp;quot;: \\\\&amp;quot;03\\\\&amp;quot;,\\\\n    \\\\&amp;quot;exp_year\\\\&amp;quot;: \\\\&amp;quot;2030\\\\&amp;quot;,\\\\n    \\\\&amp;quot;name\\\\&amp;quot;: \\\\&amp;quot;Jane Doe\\\\&amp;quot;,\\\\n    \\\\&amp;quot;cvc\\\\&amp;quot;: \\\\&amp;quot;737\\\\&amp;quot;,\\\\n    \\\\&amp;quot;metadata\\\\&amp;quot;: {\\\\n      \\\\&amp;quot;issuing_bank\\\\&amp;quot;: \\\\&amp;quot;example_bank\\\\&amp;quot;\\\\n    }\\\\n  },\\\\n  \\\\&amp;quot;allowance\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;reason\\\\&amp;quot;: \\\\&amp;quot;one_time\\\\&amp;quot;,\\\\n    \\\\&amp;quot;max_amount\\\\&amp;quot;: 2500,\\\\n    \\\\&amp;quot;currency\\\\&amp;quot;: \\\\&amp;quot;usd\\\\&amp;quot;,\\\\n    \\\\&amp;quot;checkout_session_id\\\\&amp;quot;: \\\\&amp;quot;cs_123\\\\&amp;quot;,\\\\n    \\\\&amp;quot;merchant_id\\\\&amp;quot;: \\\\&amp;quot;ADYEN_MERCHANT_ACCOUNT\\\\&amp;quot;,\\\\n    \\\\&amp;quot;expires_at\\\\&amp;quot;: \\\\&amp;quot;2025-10-09T07:20:50Z\\\\&amp;quot;\\\\n  },\\\\n  \\\\&amp;quot;billing_address\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;name\\\\&amp;quot;: \\\\&amp;quot;Jane Doe\\\\&amp;quot;,\\\\n    \\\\&amp;quot;line_one\\\\&amp;quot;: \\\\&amp;quot;123 Main St\\\\&amp;quot;,\\\\n    \\\\&amp;quot;city\\\\&amp;quot;: \\\\&amp;quot;San Francisco\\\\&amp;quot;,\\\\n    \\\\&amp;quot;country\\\\&amp;quot;: \\\\&amp;quot;US\\\\&amp;quot;,\\\\n    \\\\&amp;quot;postal_code\\\\&amp;quot;: \\\\&amp;quot;94105\\\\&amp;quot;\\\\n  },\\\\n  \\\\&amp;quot;risk_signals\\\\&amp;quot;: [\\\\n    {\\\\n      \\\\&amp;quot;type\\\\&amp;quot;: \\\\&amp;quot;card_testing\\\\&amp;quot;,\\\\n      \\\\&amp;quot;score\\\\&amp;quot;: 2,\\\\n      \\\\&amp;quot;action\\\\&amp;quot;: \\\\&amp;quot;authorized\\\\&amp;quot;\\\\n    }\\\\n  ],\\\\n  \\\\&amp;quot;metadata\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;source\\\\&amp;quot;: \\\\&amp;quot;agentic_platform\\\\&amp;quot;,\\\\n    \\\\&amp;quot;campaign\\\\&amp;quot;: \\\\&amp;quot;q4\\\\&amp;quot;\\\\n  }\\\\n}&#039;&amp;quot;}]\\&quot; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n   &quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:1,&quot;relation&quot;:&quot;&quot;},{&quot;title&quot;:&quot;Network token&quot;,&quot;content&quot;:&quot;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n    &lt;code-sample :title=\\&quot;&#039;Example request body with network token&#039;\\&quot; :id=\\&quot;&#039;delegated-payment-request-network-token&#039;\\&quot; :code-data=\\&quot;[{&amp;quot;language&amp;quot;:&amp;quot;bash&amp;quot;,&amp;quot;tabTitle&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;content&amp;quot;:&amp;quot;curl -X POST https:\\\\\\\/\\\\\\\/pal-test.adyen.com\\\\\\\/paltokenization\\\\\\\/servlet\\\\\\\/Recurring\\\\\\\/Agentic\\\\\\\/acp\\\\\\\/v1\\\\\\\/agentic_commerce\\\\\\\/delegate_payment \\\\\\\\\\\\n-H \\\\&amp;quot;Authorization: Bearer YOUR_AGENTIC_TOKEN\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;User-Agent: MyPlatform\\\\\\\/2.0\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Idempotency-Key: idempotency_key_123\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Request-Id: request_id_123\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Content-Type: application\\\\\\\/json\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Signature: YOUR_SIGNATURE\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Timestamp: 2025-09-25T10:30:00Z\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;API-Version: 2025-09-29\\\\&amp;quot; \\\\\\\\\\\\n-H \\\\&amp;quot;Accept-Language: en-US\\\\&amp;quot; \\\\\\\\\\\\n-d &#039;{\\\\n  \\\\&amp;quot;payment_method\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;type\\\\&amp;quot;: \\\\&amp;quot;card\\\\&amp;quot;,\\\\n    \\\\&amp;quot;card_number_type\\\\&amp;quot;: \\\\&amp;quot;network_token\\\\&amp;quot;,\\\\n    \\\\&amp;quot;number\\\\&amp;quot;: \\\\&amp;quot;4111111111111111\\\\&amp;quot;,\\\\n    \\\\&amp;quot;exp_month\\\\&amp;quot;: \\\\&amp;quot;03\\\\&amp;quot;,\\\\n    \\\\&amp;quot;exp_year\\\\&amp;quot;: \\\\&amp;quot;2030\\\\&amp;quot;,\\\\n    \\\\&amp;quot;name\\\\&amp;quot;: \\\\&amp;quot;Jane Doe\\\\&amp;quot;,\\\\n    \\\\&amp;quot;cryptogram\\\\&amp;quot;:\\\\&amp;quot;gXc5UCLnM6ckD7pjM1TdPA==\\\\&amp;quot;,\\\\n    \\\\&amp;quot;cvc\\\\&amp;quot;: \\\\&amp;quot;737\\\\&amp;quot;,\\\\n    \\\\&amp;quot;metadata\\\\&amp;quot;: {\\\\n      \\\\&amp;quot;issuing_bank\\\\&amp;quot;: \\\\&amp;quot;example_bank\\\\&amp;quot;\\\\n    }\\\\n  },\\\\n  \\\\&amp;quot;allowance\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;reason\\\\&amp;quot;: \\\\&amp;quot;one_time\\\\&amp;quot;,\\\\n    \\\\&amp;quot;max_amount\\\\&amp;quot;: 2500,\\\\n    \\\\&amp;quot;currency\\\\&amp;quot;: \\\\&amp;quot;usd\\\\&amp;quot;,\\\\n    \\\\&amp;quot;checkout_session_id\\\\&amp;quot;: \\\\&amp;quot;cs_123\\\\&amp;quot;,\\\\n    \\\\&amp;quot;merchant_id\\\\&amp;quot;: \\\\&amp;quot;ADYEN_MERCHANT_ACCOUNT\\\\&amp;quot;,\\\\n    \\\\&amp;quot;expires_at\\\\&amp;quot;: \\\\&amp;quot;2025-10-09T07:20:50Z\\\\&amp;quot;\\\\n  },\\\\n  \\\\&amp;quot;billing_address\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;name\\\\&amp;quot;: \\\\&amp;quot;Jane Doe\\\\&amp;quot;,\\\\n    \\\\&amp;quot;line_one\\\\&amp;quot;: \\\\&amp;quot;123 Main St\\\\&amp;quot;,\\\\n    \\\\&amp;quot;city\\\\&amp;quot;: \\\\&amp;quot;San Francisco\\\\&amp;quot;,\\\\n    \\\\&amp;quot;country\\\\&amp;quot;: \\\\&amp;quot;US\\\\&amp;quot;,\\\\n    \\\\&amp;quot;postal_code\\\\&amp;quot;: \\\\&amp;quot;94105\\\\&amp;quot;\\\\n  },\\\\n  \\\\&amp;quot;risk_signals\\\\&amp;quot;: [\\\\n    {\\\\n      \\\\&amp;quot;type\\\\&amp;quot;: \\\\&amp;quot;card_testing\\\\&amp;quot;,\\\\n      \\\\&amp;quot;score\\\\&amp;quot;: 2,\\\\n      \\\\&amp;quot;action\\\\&amp;quot;: \\\\&amp;quot;authorized\\\\&amp;quot;\\\\n    }\\\\n  ],\\\\n  \\\\&amp;quot;metadata\\\\&amp;quot;: {\\\\n    \\\\&amp;quot;source\\\\&amp;quot;: \\\\&amp;quot;agentic_platform\\\\&amp;quot;,\\\\n    \\\\&amp;quot;campaign\\\\&amp;quot;: \\\\&amp;quot;q4\\\\&amp;quot;\\\\n  }\\\\n}&#039;&amp;quot;}]\\&quot; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n   &quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:1,&quot;relation&quot;:&quot;&quot;}]\"\n            :should-update-when-url-changes='false'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<ol start=\"2\">\n<li>\n<p>Get the ACP token (<code>id<\/code>) from the HTTP 201 Created response. <a id=\"acp_response\"><\/a><\/p>\n<p>The response includes the following:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter<\/th>\n<th>Type<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>id<\/code><\/td>\n<td>String<\/td>\n<td>The ACP token identifier. This is Adyen's Recurring Detail Reference. Pass this as <code>paymentMethod.storedPaymentMethodId<\/code> in the POST <code>\/payments<\/code> request.<\/td>\n<\/tr>\n<tr>\n<td><code>created<\/code><\/td>\n<td>String (ISO 8601)<\/td>\n<td>The timestamp when the token was created.<\/td>\n<\/tr>\n<tr>\n<td><code>created_at<\/code><\/td>\n<td>String (ISO 8601)<\/td>\n<td>Alias for <code>created<\/code>. Same value.<\/td>\n<\/tr>\n<tr>\n<td><code>metadata<\/code><\/td>\n<td>Object<\/td>\n<td>Correlation metadata. Contains <code>recurringDetailReference<\/code>, <code>source<\/code>, <code>merchant_id<\/code>, and <code>shopperReference<\/code>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Example HTTP 201 Created response'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n   \\\"id\\\": \\\"FKSPNCQ8HXSKGK82\\\",\\n   \\\"created\\\": \\\"2026-02-23T23:50:55.482694934+01:00\\\",\\n   \\\"created_at\\\": \\\"2026-02-23T23:50:55.482694934+01:00\\\",\\n   \\\"metadata\\\": {\\n       \\\"recurringDetailReference\\\": \\\"FKSPNCQ8HXSKGK82\\\",\\n       \\\"source\\\": \\\"agent_checkout\\\",\\n       \\\"merchant_id\\\": \\\"ADYEN_MERCHANT_ACCOUNT\\\",\\n       \\\"shopperReference\\\": \\\"CHECKOUT_SESSION_ID\\\"\\n   }\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<p>The ACP token:<\/p>\n<ul>\n<li>Is merchant-scoped and bound to a single merchant account (<code>allowance.merchant_id<\/code>) and checkout session (<code>allowance.checkout_session_id<\/code>).<\/li>\n<li>Cannot be used across unauthorized merchant accounts, for a different session, or for an amount that exceeds <code>allowance.max_amount<\/code>.<\/li>\n<li>Does not expose raw card data.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>The merchant makes a payment request with the ACP token<\/h2>\n<p>The merchant makes a a POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a> request through their checkout application, including:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter name<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>shopperReference<\/code><\/td>\n<td>The <code>checkout_session_id<\/code> value from the response in the <code>\/checkout_session<\/code> response from your agent platform.<\/td>\n<\/tr>\n<tr>\n<td><code>paymentMethod.storedPaymentMethodId<\/code><\/td>\n<td>The <a href=\"#acp_response\">ACP token from the agent platform<\/a>.<\/td>\n<\/tr>\n<tr>\n<td><code>merchantAccount<\/code><\/td>\n<td>Your merchant account.<\/td>\n<\/tr>\n<tr>\n<td><code>amount.value<\/code><\/td>\n<td>The value of the payment, in minor units.<\/td>\n<\/tr>\n<tr>\n<td><code>amount.currency<\/code><\/td>\n<td>The three-character ISO currency code.<\/td>\n<\/tr>\n<tr>\n<td><code>shopperInteraction<\/code><\/td>\n<td><strong>ContAuth<\/strong><\/td>\n<\/tr>\n<tr>\n<td><code>recurringProcessingModel<\/code><\/td>\n<td><strong>UnscheduledCardOnFile<\/strong><\/td>\n<\/tr>\n<tr>\n<td><code>reference<\/code><\/td>\n<td>Your reference for the order.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div data-component-wrapper=\"code-sample\">\n    <code-sample :title=\"'Example payment request including the ACP'\" :id=\"'payments-request-acp'\" :code-data=\"[{&quot;language&quot;:&quot;bash&quot;,&quot;tabTitle&quot;:&quot;&quot;,&quot;content&quot;:&quot;curl https:\\\/\\\/checkout-test.adyen.com\\\/v72\\\/payments \\\\\\n-H 'x-api-key: ADYEN_API_KEY' \\\\\\n-H \\&quot;idempotency-key: YOUR_IDEMPOTENCY_KEY\\&quot; \\\\\\n-H 'content-type: application\\\/json' \\\\\\n-d '{\\n   \\&quot;shopperReference\\&quot; : \\&quot;csn_01AB2A3XYZ9ABC\\&quot;,\\n   \\&quot;paymentMethod\\&quot; : {\\n      \\&quot;storedPaymentMethodId\\&quot; : \\&quot;FKSPNCQ8HXSKGK82\\&quot;\\n   },\\n   \\&quot;merchantAccount\\&quot; : \\&quot;ADYEN_MERCHANT_ACCOUNT\\&quot;,\\n   \\&quot;amount\\&quot; : {\\n      \\&quot;currency\\&quot; : \\&quot;USD\\&quot;,\\n      \\&quot;value\\&quot; : \\&quot;2500\\&quot;\\n   },\\n   \\&quot;shopperInteraction\\&quot; : \\&quot;ContAuth\\&quot;,\\n   \\&quot;recurringProcessingModel\\&quot; : \\&quot;UnscheduledCardOnFile\\&quot;,\\n   \\&quot;reference\\&quot;: \\&quot;your-order-reference-123-abc\\&quot;\\n}'&quot;}]\" :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<p>The response include the following:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>pspReference<\/code><\/td>\n<td>Our unique identifier for the transaction.<\/td>\n<\/tr>\n<tr>\n<td><code>resultCode<\/code><\/td>\n<td>Indicates the current status of the payment.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div data-component-wrapper=\"code-sample\">\n    <code-sample :title=\"'Example response for an authorized payment'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n  \\\"pspReference\\\": \\\"W78NTVXSJV84L675\\\",\\n  \\\"resultCode\\\": \\\"Authorised\\\"\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<h2>Test and go live<\/h2>\n<p>Use the test environment to verify your integration end-to-end before going live.<\/p>\n<p>Test endpoint:<\/p>\n<p><code>https:\/\/pal-test.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment<\/code><\/p>\n<h3>Test checklist<\/h3>\n<p>To verify your integration, confirm the following:<\/p>\n<ol>\n<li>Your API key holds the Agentic Commerce role.<\/li>\n<li>A well-formed request with only required fields returns HTTP 201.<\/li>\n<li>A full request with all optional fields populated returns HTTP 201.<\/li>\n<li>A request with <code>card_number_type<\/code>: <strong>network_token<\/strong> and a <code>cryptogram<\/code> is handled correctly.<\/li>\n<li>A request with <code>card_number_type<\/code>: <strong>dpan<\/strong> and a <code>cryptogram<\/code> is handled correctly.<\/li>\n<li>Omitting <code>payment_method.number<\/code> returns HTTP 400 with <code>code<\/code>: <strong>invalid_card<\/strong> and <code>param<\/code>: <strong>payment_method.number<\/strong>.<\/li>\n<li>An unknown <code>allowance.merchant_id<\/code> returns HTTP 400 with <code>code<\/code>: <strong>invalid_card<\/strong> and <code>param<\/code>: <strong>allowance.merchant_id<\/strong>.<\/li>\n<li>A malformed <code>allowance.expires_at<\/code> returns HTTP 400 with <code>code<\/code>: <strong>invalid_card<\/strong> and <code>param<\/code>: <strong>allowance.expires_at<\/strong>.<\/li>\n<li>A request with <code>risk_signals[].action<\/code>: <strong>blocked<\/strong> rejects tokenization.<\/li>\n<li>The same request sent twice with the same <code>Idempotency-Key<\/code> returns HTTP 201 with the same <code>id<\/code>.<\/li>\n<li>The same <code>Idempotency-Key<\/code> sent with a different body returns HTTP 400 with <code>code<\/code>: <strong>idempotency_conflict<\/strong>.<\/li>\n<li>The returned <code>id<\/code> used in a POST <code>\/payments<\/code> request to the test endpoint returns an <strong>Authorised<\/strong> result.<\/li>\n<\/ol>\n<h3>Go live<\/h3>\n<p>When you are ready to go live, use the live endpoint URL:<\/p>\n<p><code>https:\/\/pal-live.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment<\/code><\/p>\n<h2>Possible HTTP status codes<\/h2>\n<table>\n<thead>\n<tr>\n<th>HTTP<\/th>\n<th>Type<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>201<\/td>\n<td>\u2014<\/td>\n<td>Token created. Use <code>id<\/code> as <code>paymentMethod.storedPaymentMethodId<\/code> in the POST <code>\/payments<\/code> request.<\/td>\n<\/tr>\n<tr>\n<td>400<\/td>\n<td><code>invalid_request<\/code><\/td>\n<td>Validation failure. Inspect <code>type<\/code>, <code>code<\/code>, and <code>param<\/code>. Do not retry without fixing the request.<\/td>\n<\/tr>\n<tr>\n<td>500<\/td>\n<td><code>processing_error<\/code><\/td>\n<td>Unexpected Adyen-side error. Retry once after a short delay.<\/td>\n<\/tr>\n<tr>\n<td>503<\/td>\n<td><code>service_unavailable<\/code><\/td>\n<td>Upstream dependency temporarily down. Retry with exponential backoff.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Errors<\/h2>\n<p>All error responses share the same JSON schema:<\/p>\n<table>\n<thead>\n<tr>\n<th>Field<\/th>\n<th>Type<\/th>\n<th>Always present<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>type<\/code><\/td>\n<td>String<\/td>\n<td>Yes<\/td>\n<td>The error category. Determines your handling strategy.<\/td>\n<\/tr>\n<tr>\n<td><code>code<\/code><\/td>\n<td>String<\/td>\n<td>Yes<\/td>\n<td>Machine-readable code with specific detail.<\/td>\n<\/tr>\n<tr>\n<td><code>message<\/code><\/td>\n<td>String<\/td>\n<td>Yes<\/td>\n<td>Human-readable description of the error.<\/td>\n<\/tr>\n<tr>\n<td><code>param<\/code><\/td>\n<td>String<\/td>\n<td>No<\/td>\n<td>JSONPath of the offending field. Only present on validation errors.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Error types<\/h3>\n<table>\n<thead>\n<tr>\n<th>Type<\/th>\n<th>Handling<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>invalid_request<\/code><\/td>\n<td>The request body failed validation or contains invalid data. Check the <code>param<\/code> field for the offending path. Fix the request before retrying.<\/td>\n<\/tr>\n<tr>\n<td><code>rate_limit_exceeded<\/code><\/td>\n<td>Your platform exceeded the allowed request rate. Retry with exponential backoff.<\/td>\n<\/tr>\n<tr>\n<td><code>processing_error<\/code><\/td>\n<td>An unexpected internal error on Adyen's side. Retry once after a short delay. If the error persists, contact Adyen support.<\/td>\n<\/tr>\n<tr>\n<td><code>service_unavailable<\/code><\/td>\n<td>An internal dependency is temporarily unavailable. Retry with exponential backoff. If unavailability persists beyond a few minutes, surface an error to the shopper.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Error codes<\/h3>\n<table>\n<thead>\n<tr>\n<th>Code<\/th>\n<th>Type<\/th>\n<th>When it occurs<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>invalid_card<\/code><\/td>\n<td><code>invalid_request<\/code><\/td>\n<td>A required field is missing, has an invalid format, or <code>allowance.merchant_id<\/code> cannot be resolved. The <code>param<\/code> field identifies the specific path.<\/td>\n<\/tr>\n<tr>\n<td><code>duplicate_request<\/code><\/td>\n<td><code>invalid_request<\/code><\/td>\n<td>The <code>Idempotency-Key<\/code> was already used for a successful request with the same body. The original 201 response is returned. Treat this as a successful idempotent replay.<\/td>\n<\/tr>\n<tr>\n<td><code>idempotency_conflict<\/code><\/td>\n<td><code>invalid_request<\/code><\/td>\n<td>The <code>Idempotency-Key<\/code> was reused but the request body differs from the original. Generate a new <code>Idempotency-Key<\/code> for the new request.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","url":"https:\/\/docs.adyen.com\/online-payments\/agentic-commerce\/agent-platform\/agentic-payments-acp","articleFields":{"description":"Learn to delegate payments to Adyen from your agent platform in the ACP checkout flow.","robots":"noindex,nofollow","feedback_component":true,"filters_component":false,"decision_tree":"[]","page_id":"c0534720-fc87-46dd-a25c-68851cd294c0","last_edit_on":"06-03-2026 17:04"},"algolia":{"url":"https:\/\/docs.adyen.com\/online-payments\/agentic-commerce\/agent-platform\/agentic-payments-acp","title":"Agentic Payments integration with ACP checkout flow","content":"Integrate with our delegated payment API when your agent platform acts a token vault during the Agentic Commerce Protocol (ACP) checkout flow, where your agent collects and tokenizes the shopper's payment details on behalf of the merchant. Adyen stores the credential and returns an ACP token that your agent passes to the merchant. The merchant uses the token to process the payment with Adyen.\n\nIf you want to integrate with the Universal Commerce Protocol instead, refer to our documentation on how to handle Google Pay tokens with Adyen.\n\nRequirements\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nMake sure that you have set up an integration that follows the Agentic Commerce Protocol (ACP).\n\n\nUser role\nMake sure that your Adyen credential (API key) has the following user role: Agentic Commerce.\n\n\nLimitations\nCompliance: your agent platform must meet PCI DSS Level 1 compliance.You must complete our security review to approve your platform.\n\n\nSetup steps\nBefore you begin, reach out to your Adyen Account Manager or our Support Team for the following: Access to Delegated Payment.Your dedicated Agentic Commerce authentication token.Enable your Adyen merchant accounts for Agentic Commerce.\n\n\n\nHow it works\nEndpoint URL for your delegated payments:\n\n\n\nEnvironment\nEndpoint URL\n\n\n\n\nTest\nhttps:\/\/pal-test.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment\n\n\nLive\nhttps:\/\/pal-live.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment\n\n\n\nWhen the shopper initiates a transaction using your agent platform, the following flow occurs:\n\nThe shopper enters their payment details in your agent platform.\nYour agent platform sends the payment (card number or network token) data to Adyen by making a \/agentic_commerce\/delegate_payment request.\nAdyen validates the credentials and returns a merchant-scoped ACP token to your agent platform.\nYour agent platform sends the ACP token to your checkout application.\nThe merchant's checkout application makes a \/payments request including the ACP token.\nAdyen authorizes the payment and returns the payment result to your checkout application.\n\nCnNlcXVlbmNlRGlhZ3JhbQphdXRvbnVtYmVyCnBhcnRpY2lwYW50IFNob3BwZXIKcGFydGljaXBhbnQgUGxhdGZvcm0gYXMgWW91ciBhZ2VudCBwbGF0Zm9ybQpwYXJ0aWNpcGFudCBBZHllbgpwYXJ0aWNpcGFudCBBcHAgYXMgTWVyY2hhbnQgQ2hlY2tvdXQgQXBwbGljYXRpb24KCiAgICBTaG9wcGVyLT4+UGxhdGZvcm06IEVudGVycyBwYXltZW50IGRldGFpbHMKICAgIFBsYXRmb3JtLT4+QWR5ZW46IC9hZ2VudGljX2NvbW1lcmNlL2RlbGVnYXRlX3BheW1lbnQKICAgIEFkeWVuLS0+PlBsYXRmb3JtOiBNZXJjaGFudC1zY29wZWQgQUNQIHRva2VuCiAgICBQbGF0Zm9ybS0+PkFwcDogU2VuZHMgQUNQIHRva2VuCiAgICBBcHAtPj5BZHllbjogL3BheW1lbnRzIChpbmNsdWRlcyBBQ1AgdG9rZW4pCiAgICBBZHllbi0tPj5BcHA6IFBheW1lbnQgcmVzdWx0IChBdXRob3JpemVkKQo=\nSend a delegated payment request through the agent platform\nMake a POST \/agentic_commerce\/delegate_payment request through your agent platform, including the following:\nHeaders:\n\n\n\nHeader\nRequired\nDescription\n\n\n\n\nAuthorization\n\nUse the following format: Bearer &lt;YOUR_AGENTIC_TOKEN&gt;.  If you enter a standard API key, you get the 401 Unauthorized error.\n\n\nContent-Type\n\napplication\/json.\n\n\nAPI-Version\n\n2025-09-29.\n\n\nAccept-Language\n\nThe preferred locale for content like messages and errors. For example: en-US.\n\n\nUser-Agent\n\nYour platform name and version. For example: MyPlatform\/2.0.\n\n\nIdempotency-Key\n\nA unique value, such as a universally unique identifier (UUID), to prevent duplicate transactions. If the same key is sent with the same body, the original response is returned. If sent with a different body, a 400 idempotency_conflict error is returned.\n\n\nRequest-Id\n\nUnique trace identifier for each request. For example: request_id_123.\n\n\nSignature\n\nThe Base64 HMAC-SHA256 signature of the request body.\n\n\nTimestamp\n\nThe time the request as an RFC 3339 string. For example: 2025-09-25T10:30:00Z.\n\n\n\nBody:\n\n\n\nParameter name\nRequired\nDescription\n\n\n\n\npayment_method.type\n\ncard.\n\n\npayment_method.card_number_type\n\nThe type of card number. Possible values: fpannetwork_tokendpan\n\n\npayment_method.number\n\nThe card number, network token, or DPAN. Must be 12\u201319 digits.\n\n\npayment_method.metadata\n\nArbitrary key-value pairs. Pass an empty object {} if unused.\n\n\nallowance.reason\n\none_time.\n\n\nallowance.max_amount\n\nThe maximum amount the payment method can be charged, in minor currency units.\n\n\nallowance.currency\n\nThe three-letter ISO 4217 currency code. For example: USD.\n\n\nallowance.checkout_session_id\n\nThe ACP checkout session identifier that this token is bound to.\n\n\nallowance.merchant_id\n\nThe Adyen merchant account code for the merchant this token charges.\n\n\nallowance.expires_at\n\nThe token expiry timestamp, formatted as an ISO 8601 string. The token cannot be used after this time.\n\n\nbilling_address.name\n\nThe shopper's full name.\n\n\nbilling_address.line_one\n\nThe first line of the shopper's street address.\n\n\nbilling_address.city\n\nThe city of the shopper's address.\n\n\nbilling_address.state\n\nThe state or province of the shopper's address, following ISO 3166-2.\n\n\nbilling_address.country\n\nThe country of the shopper's address. Two-letter ISO 3166-1 alpha-2 code.\n\n\nbilling_address.postal_code\n\nThe postal code of the shopper's address.\n\n\nrisk_signals[].type\n\nThe type of risk signal. Currently only card_testing is supported.\n\n\nrisk_signals[].score\n\nThe numerical risk score from your platform's fraud engine.\n\n\nrisk_signals[].action\n\nThe recommended action. Possible values: authorizedmanual_reviewblocked A value of blocked or manual_review prevents tokenization.\n\n\nmetadata\n\nArbitrary key-value pairs for correlation at the request level. Pass an empty object {} if unused.\n\n\npayment_method.exp_month\n\nThe card expiry month. For example: 11.\n\n\npayment_method.exp_year\n\nThe card expiry year (four digits). For example: 2030.\n\n\npayment_method.name\n\nThe cardholder name.\n\n\npayment_method.cvc\n\nThe card security code (CVC\/CVV). Must be 3\u20134 digits.\n\n\npayment_method.cryptogram\n\nThe cryptogram for a network token or DPAN. Include when card_number_type is network_token or dpan.\n\n\npayment_method.eci_value\n\nThe Electronic Commerce Indicator. Relevant for liability shift qualification.\n\n\npayment_method.checks_performed\n\nAn array of checks already performed on the card. Possible values: avscvvaniauth0\n\n\npayment_method.iin\n\nThe first six to eight digits of the card number (Issuer Identification Number).\n\n\npayment_method.display_brand\n\nThe card brand for display. For example: visa, mc.\n\n\npayment_method.display_last4\n\nThe last four digits of the original card number, for display to the shopper. Must be exactly 4 digits.\n\n\npayment_method.display_card_funding_type\n\nThe card funding type. Possible values: creditdebitprepaid\n\n\npayment_method.display_wallet_type\n\nThe digital wallet type, if the card came from a wallet.\n\n\npayment_method.virtual\n\nSet to true if this is a virtual card.\n\n\nbilling_address.line_two\n\nThe second line of the shopper's street address (apartment, suite, unit).\n\n\nbilling_address.phone_number\n\nThe contact phone number.\n\n\nsession_context.ip_address\n\nThe IP address from which the agent acts on behalf of the shopper.\n\n\nsession_context.user_agent\n\nThe user-agent string from the agent's session with the shopper.\n\n\nsession_context.accept_language\n\nThe Accept-Language header value from the shopper's session.\n\n\nsession_context.session_id\n\nThe session identifier of the agent's session with the shopper.\n\n\nsession_context.device_fingerprint\n\nThe device fingerprint from the device on which the agent acts.\n\n\n\n   \n\n    \n        \n        \n    \n\n\n\n\nGet the ACP token (id) from the HTTP 201 Created response. \nThe response includes the following:\n\n\n\nParameter\nType\nDescription\n\n\n\n\nid\nString\nThe ACP token identifier. This is Adyen's Recurring Detail Reference. Pass this as paymentMethod.storedPaymentMethodId in the POST \/payments request.\n\n\ncreated\nString (ISO 8601)\nThe timestamp when the token was created.\n\n\ncreated_at\nString (ISO 8601)\nAlias for created. Same value.\n\n\nmetadata\nObject\nCorrelation metadata. Contains recurringDetailReference, source, merchant_id, and shopperReference.\n\n\n\n\n\n\nThe ACP token:\n\nIs merchant-scoped and bound to a single merchant account (allowance.merchant_id) and checkout session (allowance.checkout_session_id).\nCannot be used across unauthorized merchant accounts, for a different session, or for an amount that exceeds allowance.max_amount.\nDoes not expose raw card data.\n\n\n\nThe merchant makes a payment request with the ACP token\nThe merchant makes a a POST  \/payments request through their checkout application, including:\n\n\n\nParameter name\nDescription\n\n\n\n\nshopperReference\nThe checkout_session_id value from the response in the \/checkout_session response from your agent platform.\n\n\npaymentMethod.storedPaymentMethodId\nThe ACP token from the agent platform.\n\n\nmerchantAccount\nYour merchant account.\n\n\namount.value\nThe value of the payment, in minor units.\n\n\namount.currency\nThe three-character ISO currency code.\n\n\nshopperInteraction\nContAuth\n\n\nrecurringProcessingModel\nUnscheduledCardOnFile\n\n\nreference\nYour reference for the order.\n\n\n\n\n    \n\nThe response include the following:\n\n\n\nParameter\nDescription\n\n\n\n\npspReference\nOur unique identifier for the transaction.\n\n\nresultCode\nIndicates the current status of the payment.\n\n\n\n\n    \n\nTest and go live\nUse the test environment to verify your integration end-to-end before going live.\nTest endpoint:\nhttps:\/\/pal-test.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment\nTest checklist\nTo verify your integration, confirm the following:\n\nYour API key holds the Agentic Commerce role.\nA well-formed request with only required fields returns HTTP 201.\nA full request with all optional fields populated returns HTTP 201.\nA request with card_number_type: network_token and a cryptogram is handled correctly.\nA request with card_number_type: dpan and a cryptogram is handled correctly.\nOmitting payment_method.number returns HTTP 400 with code: invalid_card and param: payment_method.number.\nAn unknown allowance.merchant_id returns HTTP 400 with code: invalid_card and param: allowance.merchant_id.\nA malformed allowance.expires_at returns HTTP 400 with code: invalid_card and param: allowance.expires_at.\nA request with risk_signals[].action: blocked rejects tokenization.\nThe same request sent twice with the same Idempotency-Key returns HTTP 201 with the same id.\nThe same Idempotency-Key sent with a different body returns HTTP 400 with code: idempotency_conflict.\nThe returned id used in a POST \/payments request to the test endpoint returns an Authorised result.\n\nGo live\nWhen you are ready to go live, use the live endpoint URL:\nhttps:\/\/pal-live.adyen.com\/paltokenization\/servlet\/Recurring\/Agentic\/acp\/v1\/agentic_commerce\/delegate_payment\nPossible HTTP status codes\n\n\n\nHTTP\nType\nDescription\n\n\n\n\n201\n\u2014\nToken created. Use id as paymentMethod.storedPaymentMethodId in the POST \/payments request.\n\n\n400\ninvalid_request\nValidation failure. Inspect type, code, and param. Do not retry without fixing the request.\n\n\n500\nprocessing_error\nUnexpected Adyen-side error. Retry once after a short delay.\n\n\n503\nservice_unavailable\nUpstream dependency temporarily down. Retry with exponential backoff.\n\n\n\nErrors\nAll error responses share the same JSON schema:\n\n\n\nField\nType\nAlways present\nDescription\n\n\n\n\ntype\nString\nYes\nThe error category. Determines your handling strategy.\n\n\ncode\nString\nYes\nMachine-readable code with specific detail.\n\n\nmessage\nString\nYes\nHuman-readable description of the error.\n\n\nparam\nString\nNo\nJSONPath of the offending field. Only present on validation errors.\n\n\n\nError types\n\n\n\nType\nHandling\n\n\n\n\ninvalid_request\nThe request body failed validation or contains invalid data. Check the param field for the offending path. Fix the request before retrying.\n\n\nrate_limit_exceeded\nYour platform exceeded the allowed request rate. Retry with exponential backoff.\n\n\nprocessing_error\nAn unexpected internal error on Adyen's side. Retry once after a short delay. If the error persists, contact Adyen support.\n\n\nservice_unavailable\nAn internal dependency is temporarily unavailable. Retry with exponential backoff. If unavailability persists beyond a few minutes, surface an error to the shopper.\n\n\n\nError codes\n\n\n\nCode\nType\nWhen it occurs\n\n\n\n\ninvalid_card\ninvalid_request\nA required field is missing, has an invalid format, or allowance.merchant_id cannot be resolved. The param field identifies the specific path.\n\n\nduplicate_request\ninvalid_request\nThe Idempotency-Key was already used for a successful request with the same body. The original 201 response is returned. Treat this as a successful idempotent replay.\n\n\nidempotency_conflict\ninvalid_request\nThe Idempotency-Key was reused but the request body differs from the original. Generate a new Idempotency-Key for the new request.\n\n\n","type":"page","locale":"en","boost":16,"hierarchy":{"lvl0":"Home","lvl1":"Online payments","lvl2":"Adyen Agentic","lvl3":"Agent platform","lvl4":"Agentic Payments integration with ACP checkout flow"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/","lvl1":"https:\/\/docs.adyen.com\/online-payments","lvl2":"https:\/\/docs.adyen.com\/online-payments\/agentic-commerce","lvl3":"https:\/\/docs.adyen.com\/online-payments\/agentic-commerce\/agent-platform","lvl4":"\/online-payments\/agentic-commerce\/agent-platform\/agentic-payments-acp"},"levels":5,"category":"Online Payments","category_color":"green","tags":["Agentic","Payments","integration","checkout"]}}