Stripe Machine Payments Protocol: AI Agent Pay Guide
Stripe launches the Machine Payments Protocol with Tempo blockchain enabling AI agents to make autonomous payments. Agentic commerce integration guide.
Machine Payments Protocol
Settlement Currency
Transaction Settlement
Target Per-Transaction Cost
Key Takeaways
The missing piece for agentic commerce has always been payments. AI shopping agents can search, compare, and select — but completing a purchase requires a human to approve each transaction. Stripe's Machine Payments Protocol changes this by giving AI agents their own payment infrastructure: cryptographic identity, programmable spending controls, and sub-second settlement on a purpose-built blockchain.
Launched in March 2026, MPP is a developer preview that establishes the architectural pattern for autonomous machine payments even before it achieves mainstream merchant support. The partnership with Paradigm (one of crypto's largest investment firms) and Coinbase (USDC issuer and crypto infrastructure provider) signals that this is a serious infrastructure play, not a feature announcement.
This guide covers the technical architecture of MPP, the integration path for developers building agentic commerce applications, the spending control mechanisms that maintain human oversight, and the realistic limitations of what is and is not possible today. For broader context on where this fits in the evolution of agentic commerce protocols, MPP is the payment layer that complements application-level commerce protocols like ACP.
What Is Machine Payments Protocol
Machine Payments Protocol (MPP) is a Stripe product that provides the payment infrastructure for software agents to execute financial transactions autonomously. It has four primary components:
Each AI agent instance receives a programmable USDC wallet with a cryptographic identity. Wallets are managed through the Stripe Dashboard or API, with full transaction history, balance management, and funding capabilities.
The Tempo blockchain provides sub-second finality for machine payment transactions. It is a permissioned ledger purpose-built for machine-to-machine payments, eliminating the throughput and cost problems of general-purpose blockchain networks.
A programmable policy layer that defines what an agent can spend, where, when, and how much. Spending controls are set by the human principal and enforced at the protocol level — payments outside the defined bounds cannot be executed.
Stripe merchants with MPP enabled can accept payments from AI agents using the same Stripe Payment Intents flow, with agent-originated transactions identified by machine payment metadata for reporting and analytics.
The design goal is to make machine payments as reliable and developer-friendly as Stripe's existing payment processing — a simple API that abstracts away the complexity of the Tempo blockchain while inheriting Stripe's reliability, compliance, and dashboard tooling.
Tempo Blockchain Architecture
Stripe did not build MPP on an existing public blockchain — it co-developed Tempo specifically for machine payment use cases. The architectural choices reflect the requirements of autonomous machine transactions rather than the priorities of decentralized finance.
Ethereum confirmation times (12-15 seconds per block, often multiple blocks for finality) and Bitcoin times (10+ minutes) are incompatible with the responsiveness requirements of agent-driven commerce. An AI agent ordering a product needs payment confirmation in under a second to maintain a reasonable user experience for the human who initiated the agent task.
Tempo achieves sub-second finality through a permissioned validator set (Stripe, Coinbase, and select institutional partners) running a Byzantine Fault Tolerant consensus protocol optimized for throughput rather than permissionlessness.
Using USDC (Circle's dollar-backed stablecoin) as the settlement currency eliminates the price volatility risk that makes general cryptocurrency impractical for commerce. An agent that buys a $50 software subscription using a volatile cryptocurrency would face unpredictable costs as the crypto price moves. USDC provides dollar-denominated value stability with blockchain settlement properties.
Unlike public blockchains where all transactions are visible, Tempo transactions are private by default — visible only to the parties involved and Stripe's compliance infrastructure. This addresses the confidentiality requirements of enterprise procurement: a company does not want competitors to see every supplier payment in a public ledger.
Developer note: You do not interact with Tempo directly as a developer. All Tempo interactions are abstracted behind the Stripe MPP API. Your integration looks like a standard Stripe API call — the blockchain settlement happens transparently beneath the API surface.
How AI Agents Make Payments
The payment flow for an AI agent using MPP follows a clear sequence. Understanding this sequence is important for building reliable agentic commerce applications and for designing appropriate human oversight checkpoints.
Agent Authentication
Each agent instance authenticates with the MPP API using an agent-specific API key and wallet ID. The agent's cryptographic identity is verified against the Tempo ledger. This is separate from the operator's Stripe API key — individual agents have their own credentials that can be issued, rotated, and revoked independently.
Spending Control Check
Before initiating a payment, the MPP API checks the payment request against the configured spending controls: transaction amount limit, merchant category, allowlist status, and time-window budget. If the request violates any control, the API returns a SPENDING_CONTROL_EXCEEDED error without initiating settlement.
Payment Intent Creation
For compliant payments, the MPP API creates a Payment Intent on the merchant's Stripe account using the standard Payment Intents flow. The intent is tagged with machine payment metadata identifying the originating agent, allowing merchants to distinguish agent-initiated from human-initiated transactions in their reporting.
USDC Settlement on Tempo
Settlement occurs on the Tempo blockchain in under one second. USDC moves from the agent's wallet to the merchant's Stripe-linked wallet. The transaction is recorded on the Tempo ledger with a reference to the Stripe Payment Intent ID for auditability.
Confirmation and Webhook
Stripe fires the standard payment_intent.succeeded webhook to the merchant. A separate machine_payment.completed event fires to the operator's webhook endpoint with the agent ID, transaction ID, and settlement metadata. Both parties receive confirmation within 1-2 seconds of transaction initiation.
MPP vs Traditional Payment Rails
Understanding why traditional payment rails are unsuitable for autonomous machine payments — and what MPP specifically solves — clarifies where the protocol adds genuine value versus where it introduces new complexity.
- Card credentials stored in agent memory create data breach risk
- 3DS2 authentication flow requires human interaction
- Chargebacks and disputes require human-managed evidence
- No programmatic spending controls beyond card limits
- Fraud detection may flag automated purchasing patterns
- Cryptographic identity — no credential storage required
- No human authentication step in the payment flow
- Programmatic spending controls enforced at protocol level
- Machine payment metadata for automated reconciliation
- Built for high-frequency, low-value transaction patterns
The credit card comparison is instructive because storing a corporate card in an AI agent is the makeshift solution many teams are using today for agentic procurement. MPP replaces this with a purpose-built alternative that removes the credential exposure risk and adds programmatic controls that credit cards cannot provide.
Integration Guide for Developers
MPP integration follows Stripe's standard API patterns. If your application already uses Stripe, the integration complexity is moderate. New Stripe users will need to complete standard account setup and KYB verification before accessing MPP. For comprehensive payment integration guidance, our Stripe payment integration developer guide covers the foundational setup that MPP builds on.
Node.js — create agent wallet
const wallet = await stripe.machinePayments.wallets.create({
agent_id: 'agent_shopping_bot_prod',
currency: 'usdc',
spending_controls: {
per_transaction_limit: 10000, // $100.00 in cents
daily_limit: 50000, // $500.00 per day
merchant_categories: ['software', 'saas'],
},
});Initiate payment from agent
const payment = await stripe.machinePayments.create({
wallet_id: wallet.id,
amount: 2900, // $29.00
currency: 'usdc',
merchant_id: 'merch_xxx',
metadata: {
task_id: 'buy_subscription_task_123',
agent_reasoning: 'Monthly SaaS renewal',
},
});Handle webhook confirmation
// machine_payment.completed event
{
"type": "machine_payment.completed",
"data": {
"wallet_id": "mpw_xxx",
"agent_id": "agent_shopping_bot_prod",
"amount": 2900,
"tempo_tx_id": "tempo_abc123",
"settled_at": 1709900000
}
}The API surface is intentionally minimal. Creating a wallet, funding it with USDC, configuring spending controls, and initiating payments are the four core operations. The webhook model mirrors Stripe's existing event system, making it straightforward to integrate MPP events alongside other Stripe webhooks in an existing application.
Spending Controls and Compliance
Spending controls are the governance mechanism that makes autonomous machine payments safe to deploy. They define the envelope within which an agent can act without human approval and ensure that any payment outside that envelope requires explicit human authorization.
Maximum amount for a single payment. Payments above this threshold trigger a human authorization webhook.
e.g. $50 per transaction for SaaS subscriptions
Rolling budget windows that cap total agent spending over a time period. Resets automatically at the period boundary.
e.g. $200/day, $1,000/week across all transactions
Restrict payments to specific merchant category codes (MCCs) — the same categorization system used by credit card networks.
e.g. 5045 (computers), 7372 (software) only
Explicit list of approved merchant IDs. Payments to any merchant not on the list are blocked regardless of amount or category.
e.g. AWS, GitHub, Vercel, Cloudflare only
Limit when agents can make payments. Useful for ensuring agent transactions occur within business hours for oversight.
e.g. Mon-Fri 8:00 AM - 8:00 PM EST only
Cap on transaction frequency — prevents agents from making an unusually high number of transactions in a short window.
e.g. Maximum 10 transactions per hour
Compliance note: MPP transactions are subject to Stripe's AML and KYC requirements. Agent wallet operators must complete standard Stripe business verification. For regulated industries (financial services, healthcare), MPP transactions are subject to the same regulatory obligations as other digital payments. Consult your compliance team before deploying autonomous agent payments in regulated contexts.
Agentic Commerce Use Cases
MPP enables use cases that were previously impractical due to the need for human payment authorization. The following categories represent the most mature and technically feasible applications today, accounting for the current USDC-only limitation.
AI agents managing cloud infrastructure can autonomously purchase additional compute capacity during traffic spikes, renew expiring SaaS licenses, or buy required API credits when thresholds are hit. This is the highest-readiness use case because both the agent operator (a tech company) and the merchant (AWS, GitHub, Vercel) are infrastructure- native and crypto-capable.
Procurement agents can process approved vendor payments, handle recurring supplier invoices within approved limits, and execute purchase orders when inventory triggers are hit. The spending controls map directly to corporate procurement policies — amounts, vendors, and categories can be locked to match approval authority levels.
Consumer-facing AI shopping agents — “buy me the best flight to London next Tuesday under $400” — are the long-term vision but require fiat currency support and broad merchant acceptance. This use case will become practical when MPP adds fiat settlement and reaches mainstream merchant adoption, expected in 2026 H2.
The eCommerce dimension of MPP connects to a broader pattern in how AI is changing digital commerce. Our guide on eCommerce solutions explores how businesses can prepare their commerce infrastructure for a world where AI agents are significant buyers alongside human customers.
Risks and Current Limitations
MPP is a developer preview, and honest assessment of its current limitations is important for setting appropriate expectations when evaluating it for production use cases.
- USDC only — no fiat currency support
- Limited merchant acceptance — Stripe-only ecosystem
- USDC wallet funding required on both sides
- No cross-border regulatory approval in all markets
- Developer preview — APIs subject to change
- Agent compromise leads to spending control bypass attempts
- Prompt injection attacks directing agents to unauthorized merchants
- Blockchain finality — transactions cannot be reversed only refunded
- USDC regulatory risk if stablecoin regulation changes
- Vendor lock-in on Stripe's Tempo infrastructure
The most significant security risk specific to machine payments is prompt injection — an attacker embedding instructions in content that an AI agent processes, directing it to make unauthorized payments to attacker-controlled merchant accounts. The merchant allowlist spending control is the primary defense: if the agent can only pay pre-approved merchants, a redirected payment will fail the allowlist check regardless of the agent's reasoning.
Prepare for Agentic Commerce
Machine payments and AI shopping agents will change how buyers interact with your eCommerce platform. We help businesses evaluate and prepare their commerce infrastructure for the agentic commerce transition.
Related Articles
Continue exploring with these related guides