P402 Logo
P402.io

AP2 Mandates

Cryptographic spending constraints for agents.

Concept

Instead of giving an agent your private key, you sign a Mandate. This mandate is a policy document enforced by the P402 Router.

Intent Mandate

"Allow agent X to spend up to $10 on Compute."

Payment Mandate

"Settle this specific invoice for $0.05."

Auto-Provisioned Mandates (CDP Sessions)

When you create a session with wallet_source: "cdp" and an agent_id, P402 automatically issues a payment mandate — no separate API call needed.

POST /api/v2/sessions
{
  "wallet_source": "cdp",
  "agent_id": "my-autonomous-agent",
  "budget_usd": 10.00,
  "expires_in_hours": 24
}

// Response includes:
// "policy": { "ap2_mandate_id": "mnd_..." }

All auto-pay calls through this session are enforced against the mandate. Budget overruns return 403 MANDATE_BUDGET_EXCEEDED.

Manual Mandate Creation

For non-CDP sessions or custom mandate constraints:

POST /api/a2a/mandates
{
  "mandate": {
    "type": "intent",
    "user_did": "did:key:zUser...",
    "agent_did": "did:key:zAgent...",
    "constraints": {
      "max_amount_usd": 50.00,
      "allowed_categories": ["inference", "search"],
      "valid_until": "2026-12-31T23:59:59Z"
    },
    "signature": "0x..." // EIP-712 Signature
  }
}