Back to ProtocolsProtocol Guides

A2A: Protocol Hub

Complete guide to the A2A protocol for agentic commerce: scope, API model, implementation checklist, and best practices.

eLLMo AI Protocols Team
eLLMo AI Protocols Team
14 min read
A2AAgentic CommerceAgent-to-AgentProtocol Standards

Short orientation

When agents from different platforms need to work together—discovering capabilities, exchanging messages, coordinating tasks—they must speak a common protocol. When each agent stack uses custom APIs, you spend more time wiring integrations than scaling collaboration. What happens when every AI assistant uses a different handshake? You build one-off bridges instead of interoperable agent networks. This page is for technical leads, solution architects, and backend engineers implementing the Agent-to-Agent (A2A) protocol, the open standard for secure, auditable agent collaboration. It covers A2A's scope, canonical data model (AgentCard, Task, Message, Artifact, Part), abstract operations and transport bindings, discovery and security, and an end-to-end implementation checklist. Example payloads and pitfalls help teams launch faster and stay compliant. The guidance aligns with eLLMo AI's protocol-first, governance-forward approach.

Definition of A2A

A2A (Agent-to-Agent) is an open protocol enabling independent agents to discover one another, exchange messages, coordinate task lifecycles, and share artifacts securely across frameworks and vendors. It standardizes a canonical data model (AgentCard, Task, Message, Artifact, Part), abstract operations (SendMessage, SubscribeToTask, GetTask), and transport bindings (JSON-RPC/HTTP, REST, SSE/gRPC) to deliver interoperable, auditable collaboration for agentic commerce.

Source: A2A Core Specification

Protocol scope and primitives

A2A v1.0 organizes concerns into three layers: canonical data model, abstract operations, and protocol bindings.

Source: A2A Core Specification

A2A three-layer model showing canonical data model, abstract operations, and protocol bindings.

A2A Three-Layer Model

Canonical entities

Core data structures that form the foundation of A2A protocol.

1

AgentCard

Advertises an agent's identity, capabilities, endpoints, versions.

2

Task

Durable unit of work with lifecycle states (submitted, working, input-required, completed, canceled, failed).

3

Message

Interaction payload (multi-part).

4

Artifact

Output from a task (e.g., file, JSON, structured result).

5

Part

Atomic content unit (text, file reference, binary, form, media).

Task lifecycle states reference table

StateDescriptionAllowed Transitions
submittedCreated, queuedworking, canceled
workingIn progressinput-required, completed, failed, canceled
input-requiredPaused for more inputworking, canceled
completedFinished successfullyNone (terminal)
canceledTerminated by client or policyNone (terminal)
failedError or policy violationNone (terminal)

Discovery mechanisms

Three primary methods for discovering A2A-enabled agents.

1

Open discovery

.well-known agent-card.json under service domain

2

Curated registry

Enterprise-managed directories

3

Private discovery

API-based exchanges for proprietary agents

Security primitives

Essential security mechanisms for agent-to-agent communication.

1

Authentication

OAuth2/JWT, W3C DID-based identity

2

Transport

TLS/mTLS

3

Optional end-to-end encryption

Payload-level encryption for sensitive data

Architecture and API model

A2A architecture follows a three-layer model that separates data structures, operations, and transport mechanisms.

Agent discovery via .well-known agent-card.json, curated registry, and private API paths.

Agent Discovery Mechanisms

A2A in the protocol landscape

A2A coordinates with MCP (capability discovery), UCP (product/offer distribution), and ACP (commerce flows). The diagram below shows how these protocols work together in agentic commerce.

A2A within agentic commerce: MCP for capability discovery, UCP/ACP for commerce flows, A2A for inter-agent orchestration.

A2A Protocol Interplay in Agentic Commerce

A2A three-layer model

Three distinct layers that enable vendor-neutral agent collaboration.

1

Layer 1: Canonical data model

AgentCard, Task, Message, Artifact, Part

2

Layer 2: Abstract operations

SendMessage, SendStreamingMessage, GetTask, ListTasks, CancelTask, SubscribeToTask

3

Layer 3: Protocol bindings

JSON-RPC over HTTP, REST, SSE/gRPC

Version negotiation and service parameters

Use explicit headers for compatibility:

  • A2A-Version: e.g., 1.0
  • A2A-Extensions: comma-separated extension identifiers (if any)

Enforce strict schema validation for forward/backward compatibility.

Source: A2A Core Specification

Agent discovery via .well-known

curl -H "Accept: application/json" https://brand.example/.well-known/agent-card.json

Minimal AgentCard (schema fragment)

{
  "name": "BrandCommerceAgent",
  "description": "Order, inventory, and policy-aware commerce agent",
  "url": "https://api.brand.example/a2a",
  "version": "1.0.0",
  "capabilities": {
    "streaming": true,
    "pushNotifications": true
  },
  "endpoints": {
    "rpc": "https://api.brand.example/a2a/rpc",
    "events": "https://api.brand.example/a2a/events"
  },
  "security": {
    "auth": ["oauth2-jwt", "mtls"],
    "did": "did:web:brand.example"
  }
}

Source: A2A Discovery; Data Structures

Core JSON-RPC operations (HTTP)

Standard operations for agent-to-agent communication.

1

SendMessage

Submit a message and receive a reply or task reference

2

SendStreamingMessage

Same as above with streaming parts

3

GetTask / ListTasks / CancelTask

Manage task lifecycle

4

SubscribeToTask

Real-time updates (via SSE or gRPC)

Example: SendMessage (JSON-RPC over HTTP)

POST /a2a/rpc HTTP/1.1
Host: api.brand.example
Content-Type: application/json
Authorization: Bearer eyJhbGciOi...
A2A-Version: 1.0

{
  "jsonrpc": "2.0",
  "method": "SendMessage",
  "params": {
    "message": {
      "role": "user",
      "parts": [
        {"type": "text", "text": "Find in-stock SPF 50 sunscreen under $40 and start checkout."}
      ],
      "contextId": "conv-9c2d",
      "metadata": {
        "locale": "en-US",
        "currency": "USD"
      }
    }
  },
  "id": "req-001"
}

Example: SendMessage result (direct message or task handle)

{
  "jsonrpc": "2.0",
  "result": {
    "message": {
      "role": "agent",
      "parts": [
        {"type": "text", "text": "I found 3 products. Would you like me to add #2 to cart?"}
      ]
    },
    "task": {
      "id": "task-7f88",
      "status": {"state": "working", "message": "Orchestrating checkout"}
    }
  },
  "id": "req-001"
}

Example: SubscribeToTask via SSE

GET /a2a/events?taskId=task-7f88 HTTP/1.1
Host: api.brand.example
Accept: text/event-stream
Authorization: Bearer eyJhbGciOi...
A2A-Version: 1.0

Event stream (server → client)

event: task.update
data: {"task":{"id":"task-7f88","status":{"state":"working","message":"Inventory reserved"}}}

event: task.update
data: {"task":{"id":"task-7f88","status":{"state":"completed","message":"Order #17293 placed"}}}

Example: CancelTask

{
  "jsonrpc": "2.0",
  "method": "CancelTask",
  "params": {"taskId": "task-7f88"},
  "id": "req-009"
}

Minimal server sketch (for evaluation only)

# Pseudocode: JSON-RPC handler
def handle_rpc(req):
    method = req["method"]; params = req.get("params", {})
    if method == "SendMessage":
        # Validate auth, version, schema
        # Route to executor; optionally create task
        return {"message": {"role": "agent","parts":[{"type":"text","text":"Ack"}]}}
    if method == "GetTask":
        # Return durable task state
        return {"task": lookup_task(params["taskId"])}
    if method == "CancelTask":
        # Idempotently cancel and emit event
        return {"task": cancel_task(params["taskId"])}
    raise MethodNotFound()

How eLLMo AI fits

eLLMo connects your existing catalog and business policies to AI agents without rebuilding your tech stack. We organize and verify your product information so every AI-driven interaction reflects your real inventory, pricing, and brand rules. When customers ask AI assistants to find, recommend, or purchase your products, they get accurate answers and your business gets completed orders. You gain complete visibility into how agents are discovering and converting your customers.

See: Agentic Commerce; Solutions for Brands

Implementation checklist

Your roadmap to AI-first commerce

1

Discovery and metadata

Publish .well-known AgentCard at https:///.well-known/agent-card.json. Include endpoints (rpc, events), capabilities (streaming, pushNotifications), version, and security fields. Register in internal directory/registry if used.

2

Security and identity

Enforce TLS; enable mTLS for trusted partner interop. Support OAuth2/JWT (bearer) and/or DID-based identity for agents. Optionally enable E2E encryption for sensitive parts/artifacts. Map agent roles to RBAC and policy guardrails; log all decisions (audit).

3

Protocol and bindings

Implement JSON-RPC/HTTP methods: SendMessage, SendStreamingMessage, GetTask, ListTasks, CancelTask. Provide SSE or gRPC for SubscribeToTask and resumable streams. Add version headers (A2A-Version; A2A-Extensions) and strict schema validation. Normalize media types; validate Parts (text, file, form, binary) early.

4

Task model and durability

Persist task states (submitted, working, input-required, completed, canceled, failed). Generate server-side task IDs; ensure idempotency and safe retries. Emit task.update events and support subscription recovery.

5

Commerce orchestration (with eLLMo)

Bridge MCP capability discovery and validation to A2A actions. Use UCP/ACP for catalog/offers and checkout flows; return artifacts with verifiable outcomes. Enforce brand policy hooks (returns, shipping, eligibility) at decision points.

6

Observability and SLOs

Structured logs with taskId, contextId, version, extension IDs. Metrics: task latency, completion rate, cancel/fail distributions, stream error rate. Tracing across MCP→A2A→UCP/ACP hops.

7

Rollout and governance

Staging agents with canary traffic; version pinning. Backward-compatibility tests for AgentCard and RPC schemas. Periodic review of AgentCard content, secrets hygiene, and dependency SBOM.

To stay up to date, follow us on LinkedIn and sign up to our mailing list via our mailing list.

Common pitfalls and best practices

Pitfall: Endpoint wrapping without intent semantics

Do not expose 1:1 API wrappers; convey intent and constraints in Messages and AgentCard capabilities. See: API-first vs Protocol-first.

Pitfall: Overexposed tools

Limit dangerous operations; require explicit consent/policy checks for critical actions (payments, fulfillment).

Pitfall: Inconsistent catalog truth

Keep catalog, price, and inventory synchronized; stale artifacts erode trust. See: Protocol Landscape.

Pitfall: Unbounded autonomy

Implement guardrails, quotas, and circuit breakers for agent-to-agent loops.

Pitfall: Weak version governance

Opaque changes to AgentCard or RPC payloads cause breakage; always rev and document.

Pitfall: Ignoring post-purchase

Expose returns, warranty, and support capabilities to complete the lifecycle. See: API-first vs Protocol-first.

Best practice: Task as source of truth

Treat Task as the durable source of truth; events are derived, not authoritative.

Best practice: Validate media types

Validate media types and size limits for Parts and Artifacts.

Best practice: Resumable streaming

Use resumable streaming and subscription recovery for long-running tasks.

Best practice: Sign AgentCards

Sign AgentCards (DID), rotate credentials, and scan for secrets leakage.

Best practice: Policy hooks

Add policy hooks at every critical decision (eligibility, privacy, payments).

Best practice: Correlation IDs

Instrument with correlation IDs across MCP, A2A, and UCP/ACP transactions.

Related protocols and standards

1

MCP (Model Context Protocol)

Capability discovery, validation, consent, and lifecycle. Often the entry point before A2A coordination.

2

UCP (Universal Commerce Protocol)

Product/offer distribution and transactional interoperability.

3

ACP (Agent Commerce Protocol)

Commerce flows and negotiation; complements UCP and feeds artifacts back via A2A.

4

AP2 (Agent Payments)

Payments authorization and settlement, often invoked via A2A-mediated workflows.

5

Agentic Commerce (Glossary)

Foundational concept for this protocol family.

Related internal resources

FAQs

What problems does A2A solve that APIs alone don't?

A2A formalizes agent discovery, intent exchange, task lifecycle, and streaming collaboration across vendors and frameworks with consistent security and versioning. It's interoperable where point-to-point APIs are bespoke.

How does A2A relate to MCP?

Use MCP to expose and validate capabilities with consent; then use A2A to coordinate multi-agent collaboration and task execution. They are complementary. Source: A2A Core; eLLMo blog.

Do I need to replatform to adopt A2A?

No. A protocol gateway or translation layer (eLLMo) can map A2A messages to your existing REST/GraphQL services and commerce stack. Source: eLLMo API-first vs Protocol-first.

What transports should I start with?

JSON-RPC over HTTP for requests and SSE or gRPC for streaming task updates. Add REST facades if needed for selective operations. Source: A2A Core.

How do I secure agent interactions?

Use TLS/mTLS for transport, OAuth2/JWT or DID for identity, optional E2E encryption for sensitive payloads, and strict RBAC + policy guardrails. Source: A2A Discovery; Enterprise-ready features.

What should go in my AgentCard?

Name/description, version, capabilities (streaming, push), RPC/events endpoints, auth methods, DID, and any supported extensions. Source: A2A Discovery.

How do I prevent runaway agent loops?

Bound autonomy with timeouts, quotas, explicit user consent for critical actions, and circuit breakers; log all cross-agent invocations.

How do I measure success?

Track task completion rates, time-to-completion, error/cancel ratios, streaming reliability, and downstream conversion/GMV when orchestrating commerce flows.

Ready to implement A2A?

Connect with our team to see A2A, MCP, UCP, and ACP running on your existing stack in under four hours.

Join Our Mailing List

Stay tuned. Join our mailing list to be among the first to experience the future of search. We'll be in touch with news and updates.

We respect your privacy. Unsubscribe at any time.