Key Takeaways
- Stripe SPT (Shared Payment Token) is a single-use token that lets AI agents complete payments without directly handling consumer credentials
- March 2026 integrations with Visa, Mastercard, Affirm, and Klarna made SPT the only primitive that unifies cards, BNPL, and network tokens in a single interface
- SPT functions as the fiat payment layer within Stripe's higher-level MPP (Machine Payments Protocol), forming the foundation of the agentic commerce payment stack
What Is a Stripe Shared Payment Token (SPT)?
In September 2025, Stripe released the Agentic Commerce Protocol (ACP) in collaboration with OpenAI. At the core of this protocol — which powers ChatGPT's "Instant Checkout" feature — is the Shared Payment Token (SPT).
Traditional e-commerce payments assumed a linear flow: a consumer enters card details on a merchant's checkout page, and the merchant processes the payment. In the world of agentic commerce, however, AI platforms become the starting point for purchases. A consumer tells ChatGPT "buy this jacket," and the AI agent mediates the payment with the merchant.
The fundamental problem this creates is: who holds the card information? Storing card details on AI platforms introduces security risks, while forwarding them directly to merchants expands the potential for leakage through intermediaries. SPT is Stripe's answer to this problem.
How SPT Works Under the Hood
How does SPT actually function? Let's trace the payment flow based on Stripe's official documentation.
When a consumer confirms a purchase on the AI platform, Stripe immediately issues an SPT. Three constraints are baked into this token. First, it is scoped to a specific merchant — the issued SPT can only be used at one designated merchant. Second, the amount ceiling is tied to the cart total — charges exceeding the approved amount are impossible. Third, it has a time limit measured in minutes — eliminating any room for reuse or replay attacks.
The AI platform sends this SPT identifier to the merchant via an API request, and the merchant uses it to create a PaymentIntent. Crucially, the merchant receives only the token — they never touch the consumer's card number, CVV, or any underlying credentials.
There's a notable design choice here. Merchants can process the SPT through Stripe or through a different payment provider. Stripe's decision not to enforce processor lock-in despite being the token issuer reads as a strategy that prioritizes ecosystem adoption over immediate processing revenue. However, even when another provider handles the transaction, Stripe Radar's risk scores remain available — meaning Stripe retains control of the fraud detection layer regardless.
What SPT Really Means — Compared to Card-on-File
The clearest way to understand SPT's significance is to place it alongside traditional card-on-file payments.
| Dimension | Traditional Card-on-File | Stripe SPT |
|---|---|---|
| Credential sharing | Merchant stores card details | Only token shared; credentials never exposed |
| Scope | Merchant-wide, no expiration | Scoped to specific transaction, amount, and time limit |
| Revocation | Consumer must request merchant | Consumer or AI platform can revoke instantly |
| Fraud detection | Depends on merchant-side tools | Stripe Radar evaluates every transaction in real time |
| Supported methods | Cards only | Cards, BNPL (Affirm/Klarna), network tokens |
What emerges from this comparison is that SPT is not merely a "new token format" but a design built to address the risk model unique to agent-mediated transactions. In agentic payments, decision-making and execution are separated — consumers don't directly operate a checkout screen. In this "human-absent payment" model, scoped limits and instant revocation become essential safety mechanisms.
According to Stripe's 2025 annual letter, agentic commerce maturity stood at Level 1–2 as of 2025 — the transition from AI auto-filling checkout forms to AI assisting with product selection. Today's SPT is optimized for this early stage, and the fully autonomous purchasing envisioned at "Level 4–5" will likely require further extensions.
Radar Integration — How Fraud Detection Changes
Fraud risk in agentic commerce differs qualitatively from traditional e-commerce fraud. "The AI bought it without my permission" is emerging as a new chargeback category.
SPT addresses this through deep integration with Stripe Radar. According to Stripe's blog, Radar uses signals from the SPT and device graph alongside billions of data points across the entire network to perform real-time risk assessment. Specific signals relayed to merchants include: likelihood of fraudulent disputes, card testing activity, stolen card usage, and issuer decline probability.
With standard card-on-file payments, merchants must rely on their own fraud detection tools. With SPT transactions, risk intelligence accumulated across Stripe's entire network is automatically attached — reducing the burden on individual merchants to build proprietary fraud systems. Radar reports an average 38% fraud reduction, and this layer is a critical component underwriting SPT's reliability.
That said, this also deepens dependence on Stripe's ecosystem. Since SPT fraud detection is embedded in Radar, risk assessment accuracy remains tied to Stripe even when merchants process SPTs through other providers.
The March 2026 BNPL and Network Token Expansion
SPT's scope expanded dramatically with the March 2026 announcement. Stripe made three simultaneous expansions.
First came support for Visa Intelligent Commerce and Mastercard Agent Pay network tokens. Each card network had been developing its own agent payment tokens with different APIs and authentication flows, creating integration burdens for merchants. SPT abstracts these network tokens, allowing merchants to support both Visa and Mastercard through a single interface.
Next came BNPL support through the Affirm partnership. Affirm's installment options became available via SPT, enabling AI agents to select "pay in 4" on behalf of consumers. Klarna announced a similar integration.
The problem Klarna highlighted when announcing this integration was telling. In previous agentic payment flows, AI defaulted to card-on-file, effectively freezing out alternative payment methods including BNPL from automated checkout. Consumer choice was being narrowed by technical constraints — a blind spot in agentic commerce that SPT has now resolved.
These three expansions established Stripe as "the only provider supporting both agentic network tokens and BNPL tokens in agentic commerce through a single primitive." Etsy and URBN (parent company of Anthropologie, Free People, and Urban Outfitters) have already adopted SPT.
SPT and MPP — Stripe's Full Payment Stack
Understanding SPT requires seeing its relationship with the higher-level MPP (Machine Payments Protocol). Stripe's MPP, announced in March 2026, is an open protocol for AI agents to autonomously execute payments against APIs, MCP servers, and HTTP endpoints.
The relationship is hierarchical. MPP defines the overall agent-to-agent payment protocol, and SPT handles fiat payments (cards, BNPL) within that framework. MPP also natively supports stablecoin payments, settling on Tempo's Layer 1 blockchain. In short, SPT functions as MPP's "fiat payment layer" — they are complementary, not competing.
| Protocol | Provider | Payment Methods | Primary Use Case |
|---|---|---|---|
| SPT | Stripe | Cards, BNPL, network tokens | Consumer payments via AI platforms |
| MPP | Stripe | Stablecoins + fiat via SPT | Autonomous agent-to-agent payments |
| x402 | Linux Foundation (Coinbase-led) | Stablecoins | HTTP-native micropayments |
| AP2 | Fiat (signed Mandates) | Agent-to-agent authorization and settlement | |
| Visa Intelligent Commerce | Visa | Visa network tokens | Agent payments via card networks |
This two-layer payment stack reflects the flexibility agentic commerce demands. Consumer-facing transactions will center on card and BNPL payments via SPT, while agent-to-agent micropayments and API billing will use stablecoins. Stripe's design attempts to house both payment patterns within a single framework.
Meanwhile, competing protocols like x402 and Google's AP2 also exist. x402 specializes in stablecoin payments via the HTTP 402 status code, and AP2 targets agent-to-agent settlement through cryptographically signed Mandates. Within the payment gaps that a16z identified, SPT is positioned to capture the fiat payment de facto standard.
What E-Commerce Businesses Should Do Now
So how should e-commerce businesses approach SPT? The immediate priorities narrow to three areas.
First, monitor Stripe's agentic commerce developments closely. SPT specifications are evolving rapidly — supported payment methods tripled in just six months from the September 2025 ACP launch. Regularly reviewing Stripe's agentic commerce documentation and assessing impact on your payment stack is essential.
Second, verify alignment with card network initiatives. Visa Intelligent Commerce and Mastercard Agent Pay have their own token specifications independent of SPT. If you use Stripe, SPT handles this automatically. If you use a different payment provider, individual integration with each network may be necessary.
Third, prepare for an era where payment reliability directly impacts merchant evaluation. AI agents are learning to use payment failure rates and chargeback rates as "merchant quality" signals. Adopting SPT is one countermeasure, but foundational work — product data quality, clear return policies — matters just as much.
Conclusion
Stripe SPT is a limited, temporary, and traceable token designed to underwrite the reliability of "human-absent payments" in agentic commerce. Its design philosophy of converging cards, BNPL, and stablecoins into a single primitive has the potential to dramatically reduce integration burden for merchants navigating a fragmenting agent payment market. The standardization race for payment protocols is just beginning, but the conditions for SPT to become the fiat-side de facto standard are falling into place.
