The Agentic Protocol is a hybrid architectural standard that lets an autonomous AI agent move from reading a product page to settling a transaction. It combines Schema.org BuyAction (the discovery layer) with an OpenAPI endpoint flagged x-openai-isConsequential (the execution layer) and an emerging settlement layer like x402 or AP2. Standard schema describes what a product is; the Agentic Protocol exposes how a bot can acquire it. It's the transactional sibling of e-commerce AEO and the Universal Commerce Protocol.
1. The Engineering Hypothesis: The Affordance Gap
Current e-commerce stacks rely on visual affordances (buttons, modals) that are computationally expensive and brittle for AI agents to interpret through DOM scraping. As the Nike vs New Balance audit showed, relying on client-side rendering for critical transactional elements creates a massive readability barrier for bots. A human sees an "Add to Cart" button and the affordance is implied by the visual UI. An agent parses the DOM tree and, without explicit instruction, must use heuristic probability to guess which form triggers a purchase, introducing interaction cost and error risk. The hypothesis: by defining digital affordances with a potentialAction of type BuyAction pointing to a rigorous OpenAPI endpoint, you create a deterministic handshake that lets the agent bypass the brittle DOM and execute directly against the API.
2. Forensic Evidence
2.1 The Schema.org discovery layer
The correct semantic for a product page is BuyAction (the potential action available to the user), not SellAction. The critical property is target (type EntryPoint), which connects the semantic definition to the executable URL. Google already uses BuyAction to signal "online purchase, store pickup" capabilities, validating the pattern in production.
2.2 The OpenAI execution layer (OpenAPI)
Once an agent discovers the potential to buy, it needs a rigid contract to execute. Failure to provide it leads to the "Semantic Void" from the 1,500-site readability audit, where bots abandon the domain. OpenAI's GPT Actions impose strict constraints: a 45-second round-trip timeout (synchronous inventory-locking checkouts that exceed it will fail), a 100,000-character response body limit, and a mandatory x-openai-isConsequential: true flag on transactional endpoints, which forces a human-in-the-loop confirmation prompt and prevents autonomous bank draining.
3. The Unique Insight: The Protocol War (x402 vs AP2 vs TAP)
The industry is bifurcated on how to authorize machine-driven payments. Three competing standards matter.
Uses the HTTP 402 Payment Required status code; the server responds with a payment address (e.g. a Lightning invoice). This is bearer-asset security, ideal for micro-transactions and digital goods.
Google's enterprise standard. It relies on cryptographically signed "Mandates" where a user grants an agent a specific budget and scope, supporting "Verifiable Intent" and integrating with traditional, KYC-compliant bank rails.
Visa and Cloudflare's approach. Focuses on agent attestation (proving the bot is "signed by OpenAI") rather than the payment mechanic itself.
Strategic read: for high-value e-commerce, AP2 is the likely winner thanks to liability shifts and verifiable intent; for high-frequency, low-value API consumption, x402 offers superior friction reduction. Architects should plan for both rather than betting the checkout on one.
4. Reproduction Steps / The Fix
Retrofit your Product Detail Page to serve both human browsers and AI buyers. Step 1, inject the capability surface: add BuyAction to your Offer schema with an explicit EntryPoint and httpMethod as in Section 2.1. Step 2, configure the OpenAPI spec: the description fields act as the system prompt for the agent.
Step 3, implement security handshakes: immediately, enforce OBO (On-Behalf-Of) authentication so the agent passes a user-scoped OAuth token; for future-proofing, implement an HTTP 402 handler or AP2 "Mandate" verification on your checkout endpoint to prepare for wallet-native agents.
Can an AI agent actually buy from you?
The UCP compliance tool checks whether your product schema exposes a valid BuyAction and EntryPoint, the difference between being browsable and being purchasable by an agent.
Check your capability surface →The contrarian point that most commerce teams will resist: the "Add to Cart" button you spent years optimizing is, to an agent, the least reliable part of your store. Conversion-rate optimization tuned that button for a human eye and thumb, but a bot doesn't see color, copy, or placement; it sees a DOM it has to reverse-engineer. The next decade of commerce optimization isn't a better button, it's a machine-readable contract that makes the button irrelevant.
