UCP: Protocol Hub

Complete guide to the UCP protocol for agentic commerce: scope, discovery, REST/MCP/A2A bindings, implementation checklist, and best practices.

eLLMo AI Protocols Team

12 min read

UCP Agentic Commerce Checkout Universal Commerce Protocol Protocol Standards

Short orientation

When customers complete a purchase through an AI assistant, the checkout must use a common language so platforms, merchants, and payment providers can interoperate. When each integration is custom, you spend more time maintaining connections than growing sales. What happens when every AI surface speaks a different commerce language? You build more one-off integrations instead of scaling. This page is for technical leads, solution architects, and backend engineers implementing the Universal Commerce Protocol (UCP), the open standard for that common language, to enable agent-driven checkout without replatforming. It covers UCP's scope, roles and primitives, discovery and negotiation, REST/MCP/A2A bindings, payment handler patterns, AP2 mandates, and an end-to-end implementation checklist. Example payloads and pitfalls help teams launch faster and stay compliant. The guidance aligns with eLLMo AI's protocol-first, governance-forward approach.

Definition of UCP

The Universal Commerce Protocol (UCP) is an open standard for interoperable commerce between platforms (apps and agents), businesses (merchants of record), payment credential providers (wallets and identity), and payment service providers. When everyone uses the same discovery and negotiation model, platforms and businesses avoid N×N custom integrations. UCP provides discovery and negotiation via business and platform profiles, standard capabilities (e.g., checkout, order, identity linking) with extensible schemas, transport-agnostic services (REST core; MCP and A2A bindings), and decoupled, handler-based payments with optional AP2 mandates for cryptographic authorization.

References: UCP Core Concepts (ucp.dev); UCP Specification Overview (ucp.dev). Agentic Commerce Protocol Landscape 2025-2026 (eLLMo AI); API-first vs protocol-first for agentic commerce (eLLMo AI).

Protocol scope and primitives

UCP defines roles (Platform, Business, Credential Provider, PSP), capabilities as the core feature contracts, optional extensions that augment capabilities, transport bindings (REST, MCP, A2A), and payment handlers for tokenization and credential acquisition. When roles and capabilities are explicit, platforms and businesses can negotiate what is supported without guesswork.

Roles and primitives summary

Overview of UCP elements and their purpose.

Capability

Core feature contract. Examples: dev.ucp.shopping.checkout; dev.ucp.shopping.order.

Extension

Adds or augments types and flows. Example: dev.ucp.shopping.discount extends checkout.

Service

Transport and method mapping. REST (OpenAPI), MCP (OpenRPC), A2A (Agent Card).

Handler

Payment tokenization spec. Examples: com.google.pay; dev.shopify.shop_pay.

Capability and extension composition diagram for UCP shopping service.

UCP capability and extension composition

Architecture and API model

Business and platform publish profiles at well-known URIs and declare services, capabilities, extensions, and payment handlers. Each request can include the platform profile (e.g., UCP-Agent header) so the business can intersect capabilities and return the active set. REST is the core binding; MCP and A2A bindings map to UCP capability types for agent-native execution. Payments are separated by role: credential acquisition between platform and credential provider; completion between platform and business; capture between business and PSP. The optional AP2 mandates extension adds cryptographic, non-repudiable proof for autonomous or agent-led transactions.

High-level UCP architecture with platform, business, credential provider, and PSP, plus REST/MCP/A2A services and AP2 overlay.

UCP architecture: platform, business, credential provider, and PSP

Example: Business profile (/.well-known/ucp)

{
  "ucp": {
    "version": "2026-01-23",
    "services": {
      "dev.ucp.shopping": [
        {
          "version": "2026-01-23",
          "spec": "https://ucp.dev/specification/overview",
          "transport": "rest",
          "endpoint": "https://business.example.com/ucp/v1",
          "schema": "https://ucp.dev/2026-01-23/services/shopping/rest.openapi.json"
        },
        {
          "version": "2026-01-23",
          "transport": "mcp",
          "endpoint": "https://business.example.com/ucp/mcp"
        },
        {
          "version": "2026-01-23",
          "transport": "a2a",
          "endpoint": "https://business.example.com/.well-known/agent-card.json"
        }
      ]
    },
    "capabilities": {
      "dev.ucp.shopping.checkout": [{ "version": "2026-01-23" }],
      "dev.ucp.shopping.discount": [{ "version": "2026-01-23", "extends": "dev.ucp.shopping.checkout" }],
      "dev.ucp.shopping.fulfillment": [{ "version": "2026-01-23", "extends": "dev.ucp.shopping.checkout" }]
    },
    "payment_handlers": {
      "com.google.pay": [{ "id": "gpay_merchant_handler", "version": "2026-01-23" }]
    }
  },
  "signing_keys": [{ "kid": "business_2025", "kty": "EC", "crv": "P-256", "use": "sig", "alg": "ES256" }]
}

Use HTTPS endpoints and avoid trailing slashes on base endpoints. Spec and schema origins must match namespace authority.

Example: Create checkout (REST) with platform profile

POST /checkout-sessions HTTP/1.1
Host: business.example.com
Content-Type: application/json
Authorization: Bearer {token}
UCP-Agent: profile="https://agent.example.com/profiles/shopping-agent.json"

{
  "line_items": [
    { "sku": "SKU-123", "quantity": 1 },
    { "sku": "SKU-456", "quantity": 2 }
  ],
  "shipping_address": { "country": "US", "postal_code": "94105" }
}

Response includes negotiated capabilities and payment handlers (e.g., dev.ucp.shopping.checkout, dev.ucp.shopping.discount, com.google.pay config).

Example: Complete checkout with wallet token

POST /checkout-sessions/chk_123/complete HTTP/1.1
Host: business.example.com
Content-Type: application/json
Authorization: Bearer {token}

{
  "payment": {
    "instruments": [
      {
        "id": "pm_1",
        "handler_id": "gpay_merchant_handler",
        "type": "card",
        "selected": true,
        "credential": {
          "type": "PAYMENT_GATEWAY",
          "token": "{\"signature\":\"...\",\"protocolVersion\":\"ECv2\"...}"
        }
      }
    ]
  },
  "risk_signals": { "session_id": "abc_123_xyz", "score": 0.92 }
}

When AP2 is negotiated, include ap2.checkout_mandate and a payment credential containing a signed payment mandate.

Sequence diagram: create checkout, advertise capabilities, tokenize with credential provider, complete with business.

UCP checkout flow: create, advertise, tokenize, complete

Implementation checklist

Your roadmap to AI-first commerce

Profiles, discovery, and negotiation

Publish Business Profile at /.well-known/ucp with version, services (REST mandatory; MCP/A2A optional), capabilities, extensions, payment_handlers, and signing_keys. Implement platform profile and add UCP-Agent header to requests. Validate namespace and spec origin binding; compute capability intersection server-side.

Services and schemas

Expose REST service endpoint (OpenAPI) for shopping service. Optionally expose MCP (OpenRPC) and A2A (Agent Card) bindings. Resolve and compose schemas for active extensions (client or platform responsibility).

Checkout capability

Implement create, update, and complete endpoints for checkout sessions. Return active capabilities and payment_handlers in responses. Enforce idempotency on completion to prevent double-capture.

Payments and handlers

Advertise handler configs (e.g., wallet tokenization parameters). Filter handlers contextually by region and cart constraints. Keep opaque credentials unidirectional (platform to business); never echo back. Integrate with PSP for capture using handler-specific keys.

Extensions

Discounts: surface code and promotion inputs and reflect in totals. Fulfillment: support shipping options and quotes. Buyer consent: capture consent artifacts where needed. AP2 mandates: verify signed checkout and payment mandates if negotiated.

Orders and webhooks

Implement Order capability for async lifecycle updates (shipped, delivered, returns). Sign outbound webhooks with advertised signing_keys. Provide retry and signature verification guidance to platforms.

Security and governance

HTTPS everywhere; auth with standard headers. Log events without storing credentials; separate test and prod keys. Use time-bound credentials and clear from memory after use. Maintain audit trails and role-based access for enterprise governance.

To stay up to date, follow us on LinkedIn and sign up to our mailing list via our mailing list.

UCP implementation checklist at a glance

Implementation note: eLLMo AI can act as a protocol gateway: ingest your catalog and policies, normalize into a verified brand graph, and serve UCP, ACP, MCP, and A2A without replatforming. See Solutions for Brands for deployment patterns.

Common pitfalls and best practices

Treating UCP as 1:1 endpoint wrappers

When UCP is implemented as thin wrappers over legacy endpoints without intent semantics, capability intersection and extensions break. Model capabilities and schema composition; advertise extensions and handlers clearly.

Platform does not advertise its profile

When the platform omits its profile URI (e.g., UCP-Agent header), the business cannot intersect capabilities and may return a limited or incorrect set. Include the profile on every request.

Inconsistent catalog truth across endpoints

When product, pricing, or policies differ across endpoints, platforms get wrong totals and customers lose trust. Normalize into a single source of truth and verify totals against composed schemas.

Echoing or storing raw credentials

When credentials are echoed or stored beyond the token, PCI scope grows and risk increases. Keep credentials opaque and unidirectional; follow PCI-DSS scope minimization.

Overexposing handlers or unsupported payment methods

When handlers are advertised without context, users see options that do not apply (e.g., wrong region or cart). Filter handlers by region, cart rules, and business agreements.

Missing idempotency on completion

When completion requests are retried without idempotency keys, the same payment can be captured twice. Use idempotency keys on payment-capturing flows.

Skipping AP2 mandates for autonomous agents

When autonomous agents complete purchases without signed mandates, disputes lack cryptographic proof. Negotiate and validate AP2 mandates when non-repudiation is required.

Related protocols and standards

Agent Commerce Protocol (ACP)

End-to-end agent commerce orchestration across vendors and channels.

ACP Protocol Hub

Model Context Protocol (MCP)

Exposes UCP capabilities as LLM-callable tools.

MCP Protocol Hub

Spec: modelcontextprotocol.io

Agent-to-Agent (A2A)

Secure collaboration and delegation across agents; UCP can be an A2A extension.

A2A Protocol Hub

Spec: agent2agent.info

Agent Payments Protocol (AP2)

Cryptographic mandates for non-repudiable authorization in autonomous flows; works alongside UCP.

Spec: ap2-protocol.org

Related internal resources

Protocols hub (parent); Integrations hub (stack-first guides); Glossary: Agentic commerce; Blog: API-first vs protocol-first; Blog: Agentic Commerce Protocol Landscape 2025-2026.

FAQs

What problems does UCP solve?

It standardizes discovery, negotiation, checkout, and payments across platforms, businesses, and credential providers, reducing N×N integrations.

Is REST required to implement UCP?

REST is the core binding; MCP and A2A are optional but recommended for agent-native workflows.

How do payment handlers work?

The business advertises handler configs; the platform executes tokenization with the credential provider; the business captures funds with its PSP.

Do we need AP2 mandates?

Only when you need cryptographic, non-repudiable proof (e.g., autonomous agents, high-risk transactions).

How are versions handled?

Date-based (YYYY-MM-DD). Businesses process requests if platform version is less than or equal to business version; otherwise return version_unsupported.

How should discounts and fulfillment be represented?

As extensions to checkout; compose schemas client-side for validation and totals.

What security measures are mandatory?

HTTPS, signed webhooks, no echoing credentials, idempotent completion, and namespace and spec origin validation.

Can we implement UCP without replatforming?

Yes. eLLMo AI provides a protocol-native translation layer to serve UCP, ACP, MCP, and A2A on your existing stack.

Ready to implement UCP?

Get a protocol gateway and verified catalog across UCP, ACP, MCP, and A2A without replatforming.

Schedule a Demo