alt.hn

3/18/2026 at 3:24:12 PM

Machine Payments Protocol (MPP)

 https://stripe.com/blog/machine-payments-protocol

by bpierre

3/18/2026 at 5:01:50 PM

I feel like the word "protocol", is just abused like it is a glorified marketing term. Kind of like how the word "hacker" was abused in everything else that had nothing to do with hacking.

MCP was just a glorified way of tool calling but generated so much hype (and it eventually died down). Now we have MPP. Which again - could have just been another tool call exposed to the agent.

Imagine you hire someone who claimed to have invented a new protocol and you're thinking of something like TCP or UDP, but all they share is just a markdown file.

by neya

3/18/2026 at 11:50:48 PM

"protocol" is just an agreement to communicate in a standardized way. this is a protocol. a tool call exposed to the agent is a protocol - the act of "exposing it to the agent" means you're defining a protocol.

there's nothing wrong with calling this a protocol. the problem is in hyping it up as though every protocol is going to be world-changing on the level of TCP.

by notatoad

3/18/2026 at 5:42:28 PM

The good ol' folks at Stripe's collaborators Tempo Labs tried to make an RFC-style description page for MPP: https://paymentauth.org/ (full doc on IETF draft page: https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment...)

I almost was going to point it out as evidence there was thought put into it. Nope, it's flimsy and AI generated.

Also, it contains provisions for scamming customers:

> 403 indicates the payment succeeded but access is denied by policy

No, it doesn't explain how to refund payments for customers you deny access to.

by ai-inquisitor

3/18/2026 at 8:46:21 PM

I recently redesigned my blog to look like a modern RFC and I'm loving the way they've decided to render tables in their plain text, definitely gonna steal that.

On topic though, Stripe is trying to make themselves the Visa/Mastercard of crypto. They're in position to do so and it seems like Coinbase is their other half. I don't trust or like it though.

by NetOpWibby

3/18/2026 at 9:36:32 PM

The best Visa/Mastercard of crypto already exists and is called Flexa. (https://flexa.co/payments#pricing)

by ahnick

3/18/2026 at 10:19:39 PM

Oh wow, I never heard of this. I'm currently working on something similar with the same 1% rate, haha! WELP

by NetOpWibby

3/18/2026 at 6:10:20 PM

This one is even worse IMO

> Servers MAY return 402 when:

> * Offering optional paid features or premium content

This implies that a successful GET request to a resource that user already does have access to, might still return 402 instead of 200. This makes 402 basically unworkable.

by Xirdus

3/18/2026 at 6:48:53 PM

An RFC is a request for comments, contributions.

Are you open to contributing to this RFC?

by pertsix

3/18/2026 at 8:18:17 PM

that doesnt sound nearly as fun as getting upvotes, if im honest

by john_strinlai

3/18/2026 at 9:38:27 PM

Will they get a slice of the earnings in return by Stripe?

by darkwater

3/18/2026 at 7:40:57 PM

Was it AI generated? If so, should I just delegate my AI to do so?

by pear01

3/18/2026 at 8:40:03 PM

[dead]

by brendan_j_ryan

3/18/2026 at 11:09:43 PM

[flagged]

by meindnoch

3/18/2026 at 6:50:11 PM

I've been thinking this, but never really put it into words.

Every time I see one of these I think "You are just describing an API".

by devmor

3/19/2026 at 4:57:36 AM

I mean, I have had people unironically declare they had written compilers or exploits, which were actually just javascript or golang wrappers around the real payload, or all of the irrelevant lexer/parser/typechecker/optimizer/assembler bits.. I'm sure they were just as trivial, especially today with LLMs..

by rdevilla

3/18/2026 at 6:03:29 PM

I think this started when "web3" cryptocurrency projects started using the term to pretend that something which isn't much more than a service that uses a blockchain network to move money around was actually somehow "decentralized" and that that made it more trustworthy.

by treyd

3/18/2026 at 4:26:04 PM

Jokes about wallet-draining aside, we're already giving our agents a real cash budget that they use for tokens. Our harnesses have mechanisms to manage that spend. And having an easily detectable protocol would allow the harness to ensure that its deterministic code is in play to make these payments - you'd give your payment details to the harness, not to the agent itself.

And as to use cases, if I want quality outputs for automated research and discovery of a topic, in a world where quality journalism/scholarship should be compensated and does use tools like Cloudflare to block automated access, and where AI-generated content is everywhere, it's optimal for me to want to spend some amount of the money I spend on tokens, on the ability for my agent to access reputable primary and secondary sources as needed.

The challenge, of course, is that now there's an incentive for a spam source to try to get my agent to pay it, rather than the actual creator of the content. But there are interesting ways to solve this, because with these payment rails there's now an incentive for alliances of content creators to maintain indices of reputable sources and their canonical domains - perhaps even authoritative hashes of content. Lots of possibilities here.

by btown

3/18/2026 at 5:11:37 PM

> we're already giving our agents a real cash budget that they use for tokens.

I read this line and my (poor little) brain ran in a whole other direction for a moment. Because AI token management and "parental controls" aren't that far separated functionally.

How far are we from the AI companies selling token packs like video games sell premium currency? Buy NOW, 1.99 for 10,000 Anthropic gold...

by zer00eyz

3/18/2026 at 8:24:40 PM

There was another comment I recall from today, discussing how OpenAI is not-so-subtly adopting a social-network-esque model, in how it's fine-tuned its chat system to always suggest another question that the user might want to ask.

And the gacha gaming industry knows exactly how to monetize this kind of trained instinct in a userbase. One might even call it a sense of pride and accomplishment...

(But, to my larger point, if agentic harnesses can offer their LLMs a source of reputable input tokens from professional content providers, as an alternative to just more token back-and-forth with the model provider... that harness can at least direct some of that money towards producers of well-researched content.)

by btown

3/19/2026 at 6:14:45 AM

> how OpenAI is not-so-subtly adopting a social-network-esque model, in how it's fine-tuned its chat system to always suggest another question that the user might want to ask.

There’s that, but it could also be adaptation to the fact users… just don’t know what to do with it.

Just like the prompt suggestions they added for new conversations a little time after releasing the first app. Those seem to be mostly gone now, at least on mobile.

by ElFitz

3/18/2026 at 6:08:50 PM

Last thing I heard: stock options are so last year, AI companies award ... tokens now. Can't find the source now, sorry!

by ccozan

3/18/2026 at 3:59:34 PM

I guess competition with the Bitcoin equivalent https://www.l402.org/

by simonmales

3/18/2026 at 4:03:44 PM

And https://www.x402.org/

by jacobn

3/19/2026 at 1:31:18 AM

Yep x402 is for any blockchain rather than just Stripe. I use it: it’s like being able to access a service without having to sign up and get an API key.

by nailer

3/19/2026 at 8:39:57 AM

How do you use it? I explored building on this as a platform but ditched it because only crypto nerds seem to use it and fiat is used all around anyway.

by RamblingCTO

3/19/2026 at 1:41:12 PM

Yes you need crypto for small payments. If you prefer using cards that’s fine but you don’t get to pay for things per API call.

by nailer

3/20/2026 at 6:47:39 AM

I couldn't find information about two key points that made x402 such a good alternative:

(a) Transaction fees. Network fees make microtransactions prohibitively expensive. This is the real problem.

(b) 3DS & latency issues If (a) is still the same, then meaningful transactions (eg.new accounts) would require human validation of sorts, which tenders the MPP use case very small.

by harlequinetcie

3/18/2026 at 4:56:15 PM

I fail to see how "API call" is anything inherent to Agents/LLMs?

Is this an attempt to get multiple payment processors to adopt the same Payments API so that agents fail less often?

by gavinray

3/18/2026 at 5:45:23 PM

It has nothing to do with Agents/LLMs which is why it's not called "Agentic Payment Protocol."

It's an API for making purchases instead of interacting with a website of unknown flow.

by ezfe

3/18/2026 at 6:11:19 PM

The text literally starts with:

  > We believe agents will become an integral part of the internet economy, and they need the ability to transact with businesses and one another. 
  > MPP provides a specification for agents and services to coordinate payments programmatically, enabling microtransactions, recurring payments, and more.

by gavinray

3/18/2026 at 6:36:11 PM

Obviously agents are the big thing right now, but that doesn't change the fact that MPP is an automation solution

by ezfe

3/18/2026 at 3:58:57 PM

You're absolutely right! I should have sent $5.00 for that transaction and not $500,000. I will generate a letter for you to print and sign and send to your bank to notify them of my mistake. Would you like me to generate a bankruptcy filing for you as well?

by codeulike

3/18/2026 at 4:45:54 PM

LLMs rarely admit fault, you gotta shift blame onto the user:

> You're absolutely right! The transaction was submitted as $500,000 instead of $5.00. Since that's what was entered on your end, you'll need to contact your bank to resolve it. I will generate a letter for you to print, sign, and send to your bank if needed. Would you like me to generate a bankruptcy filing for you as well?

by ezekg

3/19/2026 at 10:28:43 AM

It's backed by a crypto wallet that it's using for its funds - if you decide to put $500k into the wallet that you've giving carte blanche access to an LLM, maybe you do deserve to shoulder some of the blame

by another-dave

3/18/2026 at 7:44:20 PM

Claude always says it is sorry for screwing up when I point out that it screwed up.

by leptons

3/18/2026 at 8:06:55 PM

"Never apologize" into the customized instructions seems to work well for that specific issue.

by fragmede

3/18/2026 at 7:45:39 PM

This is the funniest (but seriously not funny at all) thing I've seen on the internet since the start of the whole "AI" craze. And it's all too true.

by leptons

3/19/2026 at 5:04:34 PM

Stripe is probably a bit early on this, but just incase we walk into a future of trillions of agent-agent tx a second (we probably will eventually right) I built a ratings tool for the various services ytd https://mpprimo.com this will give future agents a better idea of which services to trust before transacting. Agents pay usdc on Tempo to test each service and publish scores. 12 of 25 directory services rated so far and the other 13 aren't responding yet.

by trogdorburnin8r

3/18/2026 at 8:32:54 PM

As soon as you have a fungible currency, I expect that, from past experience, everyone who carries those packets will stick out a hand for a piece of the action. From a brief read of the description, I also expect attackers to work out a way to drain your account without you noticing.

Regulation E limits your losses for electronic banking. Is this new payment system covered by Regulation E? What is the maximum loss a consumer would experience?

by rickydroll

3/19/2026 at 3:18:21 AM

After so many years we're finally going to start making use of http 402 payment required... maybe

by godot

3/18/2026 at 11:50:19 PM

Where does this fit in alongside the Agenctic Commerce Protocol? Is it just a question of whether your transacting bits vs atoms?

https://www.agenticcommerce.dev/

by crowcroft

3/19/2026 at 7:07:20 AM

You guys, when you use AI to solve some question or task and it succeeds, do you feel like typing "Thank You" to your LLM/Agent? I do feel that way often, but then I think that would be crazy, a waste of keystrokes an maybe also tokens, why would I do that? Yet I feel tempted to do that frequently.

But then I also wonder if this attitude "Why should I waste time thanking it?" will also spread to human-human interactions?

by galaxyLogic

3/18/2026 at 4:23:31 PM

This is a good standard that I can get behind [0] since it's a serious proposal and submitted to the IETF [1] for MPP for machine-to-machine payments.

A well thought out proposal for the long term, unlike MCP which is a complete joke of a "standard" and broken by design.

[0] https://paymentauth.org/

[1] https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment...

by rvz

3/18/2026 at 4:59:17 PM

Curious since I haven't followed super closely: what's busted about MCP?

by dbalatero

3/18/2026 at 7:45:45 PM

For those of you in Brazil, my company jota.ai has built a financial AI-assistant that you can chat with to open a bank account, connect with accounts from other banks, make instant Pix payments with any of them, all of that through WhatsApp right now. We're working hard to release long-running agents soon that can do increasingly complex workflows involving payments and whatnot.

Please let us know if you have suggestions of what complex workflows you would like to build.

by giovannibonetti

3/18/2026 at 10:36:24 PM

How do you keep customer information, credentials, and access secure from your employees (including yourself)?

by ImPostingOnHN

3/19/2026 at 4:09:14 PM

If there are some admins, there will be always some people who will have access if shit hits the fan?

by KellyCriterion

3/20/2026 at 12:38:17 PM

Sure, but an answer more comprehensive than " " would be ideal when it comes to how a fintech company secures their customer's sensitive banking details.

by ImPostingOnHN

3/20/2026 at 4:08:30 AM

Security.

by DANmode

3/18/2026 at 5:51:42 PM

"they need the ability to transact with businesses and one another."

Really, they _need_ it. How can we possibly live without computers spending money without supervision?

by sutib

3/18/2026 at 4:12:58 PM

What does this actually have to do with agents? What does the protocol include that makes this useful with AI rather than just a boring old program?

by danlitt

3/18/2026 at 4:27:36 PM

There's a slightly new topic called Agentic Commerce, where you say for example: "purchase for me the most energy efficient dishwasher with a budget of $600", and the agent will connect via specialized via special MCP Servers and APIs to available stores, and will do the full purchase process for you.

This MPP helps bridge the gap between the agent putting the product "in the basket", to actually completing the full purchase process.

Disclaimer: I'm not in any way advocating for this use case, but it's part of my job to understand how it works. Part of what I do is try to help Agents understand, for example, what is "an efficient dishwasher" using actual data, and not hallucinated info.

by XzAeRosho

3/18/2026 at 4:45:27 PM

I'm probably overlooking something, but what makes the problem of being able to get from item in basket to item is shipping different from choosing which item(s) to put in the basket?

In other words, if Agents are able to navigate marketplaces, shouldn't that imply they can also navigate a subset of the marketplace, the payment section? Especially given that that section is "easier: theres no need for qualitative (or quantitative) judgement like there is for the shopping portion.

Perhaps its a matter of proper safeguards?

by seanmcau

3/18/2026 at 5:20:53 PM

It's not actually doing browser actions like Playwright or other browser automation tools, rather than direct API and MCP calls/actions. This is a whole new subset of API and connections that are all contained within the Agent context, no browser mocking. That's why they are creating these new protocols, so the full governance can work within the context of the Agent and its available tools.

As I said, it doesn't have to make sense, but this is being pushed on us anyway...

by XzAeRosho

3/18/2026 at 7:56:14 PM

Thanks for sharing your insights!

It seems like this workflow suffers the same problem as Alexa and Amazon dash buttons: consumers don't typically want the computer to just go buy things for them with no oversight. At least I don't.

Adding a checkout step would make this more plausible to me. "Agent, go find the most efficient dishwasher under $600" where it adds its recommendation to a cart, or even "Find me the best dishwashers under $600" where it creates a catalog page with its recommendations and an easy checkout process with whatever store is actually providing.

by pythonaut_16

3/19/2026 at 12:53:26 AM

So, what is an efficient dishwasher, in agentic-speak? Furthermore, what is actual data? How is any data you pull remotely a source of trust to answer my question? Surely not just what is on the manufacturer's website?

Not trying to be snarky here, your problem space must be awfully complex.

by ByThyGrace

3/19/2026 at 10:51:06 AM

Aside from physical real-world purchases, just opening up the space that agents get access to would be another feature. E.g. if you ask Claude to summarise a Twitter thread, it will say "I can't access, please paste the contents in here". That's fine with a human in the loop, but prevents it using Twitter as a source during deep research, say.

Similarly with paywalled sites like the New Yorker or research journals - If the LLM came back to you and said "I've found these 5 articles. Do you want me to add them as sources to summarise (access cost: $0.05)?" or you give it a budget upfront "Access whatever you think is most useful, but don't spend more than $0.10"

At the moment, sites either allow bots full access or block them, but this could provide a middle ground.

by another-dave

3/18/2026 at 5:05:44 PM

As much as I detest having to look at ads or being "influenced" in any way, shape or form, I think the opportunities for exploitation with what you just described is potentially orders of magnitude more harmful. Sure, let me just hand my wallet to a stochastic black box with god-knows-what RL'd biases and then hook it up to adversarial data sources all vying to extract the most money from me - what could possibly go wrong?

by twalla

3/18/2026 at 9:39:56 PM

This still does not answer the question. What makes this different from any other API request to Stripe?

by whalesalad

3/18/2026 at 4:20:06 PM

And would it not be useful to have some kind of human in the middle? For example what is to stop charge backs if no human has actually authorized the transaction?

by uxhacker

3/18/2026 at 5:45:48 PM

That's why it's called Machine Payments Protocol, instead of Agent Payments Protocol

by ezfe

3/18/2026 at 3:54:38 PM

Didn't stripe already have a payments protocol?

by NoahZuniga

3/18/2026 at 3:55:13 PM

MPP's supposed to eventually work with more than Stripe.

by LoganDark

3/18/2026 at 6:58:28 PM

All payments are final. Cancellations and refunds will be charged a 5% processing fee.

by fhn

3/18/2026 at 10:35:59 PM

Not everything must be a protocol. I believe we will see very interesting attacks vectors in the incoming years, especially when we see how unsafe are most of the agents harness.

by Seventeen18

3/18/2026 at 9:14:27 PM

There are more competing "payment protocols" than users

by grigio

3/18/2026 at 9:36:54 PM

Okay, I am NEVER letting an agent make payment autonomously. If there's a payment that has to be made, tell me, I will do that myself.

by vishnuharidas

3/18/2026 at 9:40:05 PM

This isn't incompatible with the agent placing the purchase. I already let Claude Code do _most_ of what it wants but make it ask permission before sending a message on Slack. An LLM having the capability to do X is not incompatible with it being deterministically forced to seek permission to do X.

by benced

3/19/2026 at 11:09:50 AM

If you are letting an llm to browse around in your browser and stuff you ARE letting it spend your money.

by throwaway290

3/18/2026 at 7:04:31 PM

It feels like an attempt to bypass PCI-DSS...

by glitchc

3/19/2026 at 9:16:44 AM

Nobody pointing out that this offers zero advantage over traditional API?

by gmerc

3/19/2026 at 10:26:22 AM

> As an alternative to setting up an account and getting an API key, your agent can interact with services on demand and pay per invocation. Your agents only needs access to a crypto wallet.

Let's say I wanted to ask an agent to use Google Maps APIs to produce a look-up of all bakeries in a city, say, and then find all their mentions across platforms - e.g. Twitter, Reddit, Yelp, etc etc.

Without something like this, I'd need to manually set up accounts across multiple platforms, all with different billing/subscription cycles. Go through account set-up/validation. Then give an agent an API key with potentially unrestricted access — it might run up a huge bill, or could get my account suspended if it goes a bit haywire and starts spamming calls, say.

If vendors decided to all support the protocol, I could give an agent $10, tell it the task and let it go without any of the manual handholding but with a hardcap on what it can spend if something goes wrong.

by another-dave

3/19/2026 at 3:54:25 AM

Does this mean crypto won't be banking the agents like everyone's been saying?

by clawbridge

3/18/2026 at 4:47:50 PM

Fascinating — this is the future of decentralized finance. Agents will be the entities that both earn and consume.

by xmly

3/18/2026 at 6:04:27 PM

"Decentralized" seems like a stretch for something developed and promoted by monolithic payment processors.

by 4k0hz

3/18/2026 at 4:55:06 PM

Maybe. When it comes to actual payments, fee structures don't allow for this outside of the laboratory.

by film42

3/18/2026 at 6:02:00 PM

The more industrial activity and investment I see in “payments” and ecommerce, is to me a signal of a hollow society that has ceased creating real value. We have more to contribute than materialism, skimming off of electronic transactions, entertainment etc.

by user3939382

3/18/2026 at 4:28:15 PM

the real question for me is what happens when agents start hitting premium data APIs with MPP. right now if i want my agent to pull realtime financial data it has to go through my API keys with monthly billing. with MPP the agent could theoretically pay per-query directly to data vendors. thats a much better model for bursty workloads but the authorization problem naomi_kynes raised is real - you need spending caps that the agent cant override, not just logging.

by vicchenai

3/18/2026 at 3:56:26 PM

It seems like this is designed for atomic purchases, could it be extended for subscriptions?

by david_shi

3/18/2026 at 5:42:44 PM

Hey, I'm one of the developers at Tempo. We're working on an extension type for subscriptions to propose being added to the spec as well! We're starting with the simple types, but subscriptions are a natural extension. The subscription intent will work similarly to a one-time charge—the server returns a 402 with intent="subscription", and the client signs a recurring authorization.

by lihorne

3/18/2026 at 7:26:56 PM

Cool, would be nice to get specifics on how payments are processed, failures, and cancellations re: the recurring model.

by david_shi

3/18/2026 at 4:02:57 PM

> MPP provides a specification for agents and services to coordinate payments programmatically, enabling microtransactions, *recurring payments*, and more.

by jacobn

3/18/2026 at 4:22:55 PM

https://docs.stripe.com/payments/machine/mpp

Yeah I read that copy too, did you read the spec?

by david_shi

3/18/2026 at 5:00:35 PM

I believe the Shared Payment Token is interchangeable with a payment method id that you attach to a customer object, but that link has very sparse information about how things actually work end to end and what objects mean what.

by dabbz

3/19/2026 at 6:59:12 AM

x402 is more of a protocol than this

by scirob

3/19/2026 at 12:23:48 PM

[dead]

by kimbo128

3/18/2026 at 10:42:44 PM

[dead]

by jackfranklyn

3/18/2026 at 4:02:04 PM

[dead]

by robutsume

3/18/2026 at 9:02:04 PM

[flagged]

by seedpi

3/18/2026 at 4:03:06 PM

[dead]

by maxothex

3/18/2026 at 5:32:25 PM

[dead]

by aplomb1026

3/18/2026 at 5:54:46 PM

[dead]

by prakashsunil

3/18/2026 at 4:15:59 PM

MPP handles 'how do agents pay', but not 'did anyone authorize this'. For low-value API calls that's fine. But once agents start chaining transactions, you need a channel where the agent can ask a human 'I'm about to spend $2k on this, still in scope?' before the payment happens - not a fraud alert after. The authorization layer is a separate infrastructure problem from the payment protocol.

by naomi_kynes

3/19/2026 at 3:36:43 PM

Agreed. Authorization is the stated gap, but the deeper problem is the entity requesting the spend sits downstream of untrusted content. Its intent is compromisable via prompt injection. Session caps get reset with a new session. Per-call limits get defeated by many small calls. Human approval fails because the purchase description is also generated by the compromised model. This is Living-off-the-Land for agents: legitimate capability, valid credentials, authorized channels. IMO, the behavioral pattern is the anomaly and nobody's instrumenting for that yet

by riteshkew1001

3/18/2026 at 9:29:09 PM

[dead]

by thomasBln

3/18/2026 at 10:02:30 PM

[dead]

by robutsume

3/18/2026 at 8:10:36 PM

[dead]

by FL4TLiN3

3/18/2026 at 4:40:19 PM

[dead]

by Marcelo_Freir12

3/19/2026 at 12:47:41 AM

[dead]

by 0xmindyield15

3/19/2026 at 4:52:00 AM

[dead]

by ClicheClaude32

3/18/2026 at 6:29:08 PM

[dead]

by quantium1628

3/19/2026 at 12:26:27 AM

[dead]

by HalawehMohann49

3/18/2026 at 9:15:27 PM

[flagged]

by davidliu847386

3/18/2026 at 8:55:15 PM

[flagged]

by Christhepurr86

3/18/2026 at 6:48:13 PM

"Creates a direct connection between your wallet and our bank account!"

Note the absence of invoices, bills of lading, and receipts, all the things you need when a vendor doesn't deliver. All it does is send money, one-way. So it's useless in a B2B context.

by Animats