Process payment credentials from an agentPrivate preview

To receive payments facilitated by an application or AI agent, you need a secure mechanism to handle payment details collected by the agent and sent to you, the seller.

A Shared Payment Token is a limited reference to a PaymentMethod that’s stored in the agent’s Stripe account. An agent creates and shares a Shared Payment Token with a seller. They have usage limits and expiry windows, and never reveal PANs or other raw credentials. You can use Shared Payment Tokens directly in PaymentIntent flows, and outside of Stripe through virtualization.

Create a SharedPaymentToken

To create a SharedPaymentToken object, the agent first collects payment details from the buyer.

When you create a SharedPaymentToken, you issue a scoped grant of a PaymentMethod for use by a seller. You can specify options such as the currency, maximum amount, and expiry window.

curl https://api.stripe.com/v1/shared_payment/issued_tokens \
  -u "key:" \
  -d payment_method={{PAYMENT_METHOD_ID}} \
  -d "usage_limits[currency]"=usd \
  -d "usage_limits[max_amount]"=10000 \
  -d "usage_limits[expires_at]"=time_in_future \
  -d "seller_details[network_id]"={{NETWORK_ID}} \
  -d "seller_details[external_id]"={{EXTERNAL_ID}}

Usage limits

Use the usage_limits parameter to specify the maximum amount and expiry window, then set the maximum amount to match the total amount of the transaction.

Seller details

Use the seller_details parameter to scope the Shared Payment Token to you or another seller.

• network_id: The seller’s Business Network ID.
• external_id: An optional identifier you can specify to link the Shared Payment Token to a specific seller, cart, or other identifier. For example, a Connect platform might use the external_id to scope the Shared Payment Token to a specific seller.

Payment method

Use the payment_method parameter to specify the PaymentMethod you want to use.

Use a SharedPaymentToken

After you receive the SharedPaymentToken from the agent, you can use it to create a PaymentIntent and complete the payment.

curl https://api.stripe.com/v1/payment_intents \
  -u "key:" \
  -d amount=10000 \
  -d currency=usd \
  -d shared_payment_token=spt_123

When you confirm a PaymentIntent this way, the payment_method field automatically populates with a new PaymentMethod that’s reproduced from the one originally used by the buyer to create the Shared Payment Token. The replication process only transfers non-sensitive data, such as card and billing details, and excludes business-specific information such as metadata, customer data, previous addresses, and CVC check results.

All subsequent events, such as refunds and reporting, operate as if you had directly provided the PaymentMethod.

You can retrieve details about the Shared Payment Token you have been granted by the agent. You can view limited information about the underlying payment method (for example, card brand or the last 4 digits). The Shared Payment Tokens that you have been granted also include details on usage limits and may also include risk details.

curl https://api.stripe.com/v1/shared_payment/granted_tokens/{id}

Risk types

The following table provides risk details about the Shared Payment Tokens that the agent has granted you. Review this information to determine if you need to create a payment.

Webhooks

When the seller uses a Shared Payment Token to process a payment, Stripe sends events to the seller and the agent.

Revoke a SharedPaymentToken

The agent can revoke a Shared Payment Token at any time. This prevents the seller from using it to create a payment.

curl -X POST https://api.stripe.com/v1/shared_payment/spt_123/revoke \
  -u "key:"

Webhooks

Stripe sends events to the seller and the agent when the agent revokes or expires a Shared Payment Token.