Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in
OverviewUpgrade your integration
Online payments
OverviewFind your use caseUse Managed Payments
Payment methods
Payment interfaces
Payment scenarios
In-person payments
Beyond payments

Process payment credentials from an agentPrivate preview

Learn how to create and use a SharedPaymentToken.

To receive payments facilitated by an application or AI agent, you need a secure mechanism to handle payment details collected by the agent and sent to you, the seller.

A shared payment token (SPT) is a limited reference to a payment method that’s stored in the agent’s Stripe account. It has usage limits and expiration windows, and never reveals PANs or other raw credentials. An agent creates an SPT, then shares it with you to use in payment intent flows, and outside of Stripe through virtualization.

Create a SharedPaymentToken

To create a SharedPaymentToken object, the agent first collects payment details from the buyer.

When creating an SPT, the agent issues a scoped grant of a PaymentMethod for your use as the seller. The agent can set options such as the currency, maximum amount, and expiration window.

Usage limits

The usage_limits parameter specifies the maximum amount and expiration window. The agent sets the maximum amount to match the total amount of the transaction.

Seller details

The seller_details parameter sets the scope of the SPT to you or another seller.

  • network_id: The seller’s Business Network ID.
  • external_id: An optional identifier that links the SPT to a specific seller, cart, or other identifier. For example, an agent interacting with a Connect platform might use the external_id to scope the SPT to a connected account.

Payment method

The payment_method parameter specifies the payment method selected by the customer to use for the purchase.

Use a shared payment token

After you receive the SPT from the agent, you can use it to create a PaymentIntent and complete the payment.

When you confirm a PaymentIntent this way, the payment_method field automatically populates with a new payment method that’s reproduced from the one originally used by the buyer to create the SPT. The replication process only transfers non-sensitive data, such as card and billing details, and excludes business-specific information such as metadata, customer data, previous addresses, and CVC check results.

All subsequent events, such as refunds and reporting, operate as if you directly provided the PaymentMethod.

You can retrieve details about the SPT that the agent grants you. You can view limited information about the underlying payment method (for example, card brand or the last 4 digits). The SPTs also include details on usage limits, and might also include risk details.

Risk types

The following table provides risk details about the SPTs the agent granted to you. Review this information to determine if you need to create a payment.

Risk typeDescriptionScore typeRecommendation
Fraudulent disputeLikelihood that the credential results in a fraudulent dispute.Integerblock or continue
Card testingLikelihood that the credential is card testing.Floatblock or continue
Stolen cardLikelihood that the credential is a stolen card.Integerblock or continue
Card issuer declineLikelihood that the card issuer declines the transaction.Floatblock or continue
BotLikelihood that the credential is being used by a bot.Floatblock or continue

Webhooks

When you use an SPT to process a payment, Stripe sends events to you and the agent.

EventDescriptionUse case
shared_payment.issued_token.usedThe agent receives this event when you use the SPT.Listen for this event to notify the buyer that the payment has been processed.
shared_payment.granted_token.usedYou receive this event when the SPT has been used.Listen for this event to confirm that the SPT has been used.

Revoke a Shared Payment Token

The agent can revoke an SPT at any time. You can’t create a payment with a revoked SPT.

Webhooks

Stripe sends events to you and the agent when the agent revokes or expires an SPT.

EventDescriptionUse case
shared_payment.issued_token.deactivatedThe SPT has been deactivated (revoked or expired). Event sent to agent.Listen for this event to track when an SPT is no longer valid.
shared_payment.granted_token.deactivatedThe SPT has been deactivated (revoked or expired). Event sent to the seller.Listen for this event to know when an SPT can no longer be used.
Was this page helpful?
YesNo