AP2 Challenge and Step-Up Flows
Before writing code
Fetch live docs:
- Fetch
https://ap2-protocol.org/specification/for challenge flow specification - Web-search
site:github.com google-agentic-commerce AP2 challenge OTP 3DS step-upfor implementation examples - Fetch
https://ap2-protocol.org/topics/privacy-and-security/for security context - Web-search
ap2 protocol 3DS2 OTP challenge redirectfor integration details
Conceptual Architecture
What Challenges Are
Challenges are additional authentication steps that any participant in the payment ecosystem can require during an AP2 transaction. They provide an extra layer of security beyond the mandate signatures.
When Challenges Occur
Any ecosystem participant may trigger a challenge:
- Payment Network — Requires 3DS2 for high-risk transactions
- Issuer/Bank — Requires OTP or biometric for verification
- Merchant — Requires confirmation for unusual orders
- Credentials Provider — Requires step-up for new payment methods
V0.1 Supported Challenge Types
AP2 V0.1 supports redirect challenges:
- 3DS2 (3D Secure 2.0) — Card network strong customer authentication
- OTP (One-Time Password) — SMS/email/app verification codes
- User is redirected to a trusted surface (not the agent) for resolution
Challenge Flow
1. Payment processing initiated
2. Network/Issuer determines challenge required
3. Challenge request returned to MPP
4. MPP sends challenge to Merchant Agent
5. Merchant Agent forwards to Shopping Agent (via A2A)
6. Shopping Agent redirects user to trusted surface
7. User completes challenge (enters OTP, completes 3DS)
8. Trusted surface confirms completion
9. Shopping Agent receives confirmation
10. Flow resumes from where the challenge was triggered
Redirect Pattern
The redirect challenge follows this pattern:
- Shopping Agent can't handle the challenge itself (security)
- User is redirected to the challenger's trusted surface
- This is a separate UI/page, not an agent conversation
- User interacts directly with the challenger's system
- Completion triggers a callback/redirect back to the flow
Key Design Decisions
Why redirect? Agent conversations are not trusted surfaces for authentication. The challenge must happen on a system controlled by the challenging entity.
Why A2A messaging? The challenge request and completion notification flow through the A2A protocol, keeping the multi-agent orchestration consistent.
Duplicate prevention: The protocol ensures that if one entity has already challenged the user, others are informed to avoid duplicate challenges.
OTP Implementation (from samples)
The reference sample implements OTP:
- MPP determines OTP required
- Sends OTP challenge via A2A to Shopping Agent
- Shopping Agent presents to user
- User enters code (test value: "123")
- Code returned to MPP for verification
- Payment proceeds if code is valid
3DS2 Integration
For 3DS2 (Strong Customer Authentication):
- Card network requires 3DS2 during authorization
- MPP receives 3DS challenge data
- Challenge forwarded to Shopping Agent
- User redirected to issuer's 3DS2 page
- User authenticates (biometric, SMS, etc.)
- Authentication result returned
- MPP retries authorization with 3DS result
Backward Compatibility
AP2 challenges are backward compatible with existing systems:
- Works with existing 3DS2 infrastructure
- Compatible with existing OTP systems
- Doesn't require payment networks to change their risk systems
- Adds agentic context without breaking existing flows
Best Practices
- Always redirect challenges to trusted surfaces — never handle auth in agent conversation
- Implement timeout handling for challenges (user may not respond)
- Support multiple challenge types (3DS, OTP, biometric)
- Handle challenge failure gracefully (retry or abort)
- Avoid duplicate challenges — check if user has already been challenged
- Log all challenges for audit and fraud analysis
- Test with various challenge scenarios in staging
- Implement fallback flows when challenges can't be completed
Fetch the specification for exact challenge message formats, redirect protocols, and completion callback schemas before implementing.