How to Make Your Store Buyable by AI Agents: Set Up Stripe's Machine Payments Protocol in One Afternoon
AI agents can't navigate persuasion-optimized checkout flows. Here's how to expose a machine-readable commercial API using Stripe's new tools.
Your Store Is Invisible to AI Agents Right Now — Here’s How to Fix That This Afternoon
You can make your store machine-readable in one afternoon. Not fully agent-native — that’s a longer project — but enough that when a purchasing agent arrives with intent and payment authority already in hand, it doesn’t bounce off your checkout flow like a human who forgot their password.
The thing most merchants are missing: Stripe’s machine payments protocol and shared payment tokens aren’t just a new payment method. They represent two fundamentally different architectures for agent commerce, and which one you support determines whether agents can buy from you at all. One-time use cards are an adapter — they let agents operate against checkout pages built for humans. Shared payment tokens are a machine-native rail — they let agents and merchants coordinate payment programmatically, without a human-shaped interface in the middle. Most stores today support neither. Getting to “supports one-time use cards” is an afternoon. Getting to “supports shared payment tokens” is a sprint. Both are worth understanding before you do either.
Here’s what you need, why it matters, and the specific steps to get there.
Why Agent-Readable Commerce Is Worth Your Time Right Now
Plans first. Then code.
Remy writes the spec, manages the build, and ships the app.
The Walmart data point is instructive even if you’re not Walmart. Wired reported that Walmart’s ChatGPT instant checkout test converted three times worse than simply sending shoppers back to Walmart’s own website. Daniel Danker, who oversees product and design at Walmart, called the experience “unsatisfying.” OpenAI’s own post-mortem acknowledged the initial version “did not offer the flexibility wanted” and pivoted toward product discovery with merchant checkout rather than inline purchasing.
The failure wasn’t that agents are bad at buying. The failure was structural: agents arrived at a checkout flow designed to persuade humans, and persuasion-optimized interfaces are actively hostile to software acting on someone’s behalf. The agent needed price, return policy, inventory status, payment options, and fulfillment constraints. The checkout page wanted to show it a hero image and a countdown timer.
That gap is the opportunity. Most of your competitors haven’t thought about this yet.
The shift happening underneath all of this is that payment authority is starting to travel with the task instead of waiting inside checkout. A buyer tells their agent “get me authentic single-origin coffee, spend up to $80.” The agent arrives at your store already knowing what it wants, already holding a scoped payment credential, already carrying the buyer’s preferences as constraints. If your store can’t surface machine-readable product data and accept a programmatic payment, the agent moves on. It doesn’t browse. It doesn’t get persuaded. It just leaves.
This is also why understanding how AI agents work structurally matters before you build for them — agents aren’t just automated humans, they’re software with explicit goals, bounded budgets, and no patience for ambiguity.
What You Need Before You Start
Stripe account with the right features enabled. You need access to Stripe’s agentic commerce suite, which as of mid-2025 is rolling out through Stripe Sessions announcements. Specifically: Link wallet for agents, the machine payments protocol, and issuing (for one-time use card acceptance). If you’re on a standard Stripe account, check your dashboard for “Agentic Commerce” under the product catalog — some features require explicit enablement.
A product catalog that’s actually machine-readable. This is the prerequisite most people skip. Before any payment infrastructure matters, an agent needs to understand what you sell. That means structured data: price (final, not “starting at”), inventory status, return policy in plain terms, fulfillment window, payment options accepted, and any constraints (subscription required, region-limited, etc.). If this lives only in marketing copy, you’re not ready.
Webhook infrastructure. Agent-initiated purchases may arrive without a human in the loop. Your fulfillment logic needs to handle programmatic orders without assuming someone is watching a confirmation screen.
Basic familiarity with Stripe’s API. This isn’t a no-code setup. You’ll be touching payment intent configuration and, for shared payment tokens, server-side validation logic.
The Four Steps to Agent-Compatible Commerce
Step 1: Expose a machine-readable product surface
Before an agent can buy from you, it needs to reason about what you sell. This is not SEO. SEO is about ranking a page against a query. This is about making your commercial reality legible to software.
Concretely: create a structured product feed that includes final price, inventory count or availability boolean, return policy (days, conditions, restocking fee if any), fulfillment SLA, accepted payment methods, and any identity or subscription requirements. JSON-LD on your product pages is the minimum. A dedicated /products.json endpoint is better. An actual API is best.
Remy doesn't write the code. It manages the agents who do.
Remy runs the project. The specialists do the work. You work with the PM, not the implementers.
The test: can a language model, given only your product page HTML, correctly answer “what is the return window, what does shipping cost, and is this item in stock”? If the answer requires reading between the lines of marketing copy, you’re not there yet.
Now you have a machine-readable product surface that an agent can reason against without hallucinating your policies.
Step 2: Configure Stripe Link for agent wallet access
Stripe’s Link wallet for agents lets a user grant an agent programmatic access to Link. When the agent creates a spend request, Link returns either a one-time use card or a shared payment token — depending on what the merchant supports and what the user has authorized.
In your Stripe dashboard, enable Link as a payment method if you haven’t already. Then update your Payment Intent creation to explicitly accept Link as a payment method type:
const paymentIntent = await stripe.paymentIntents.create({
amount: 8000,
currency: 'usd',
payment_method_types: ['card', 'link'],
metadata: {
agent_initiated: 'true',
buyer_intent: req.body.intent_summary
}
});The agent_initiated metadata flag matters for downstream fraud handling — Stripe Radar uses it to apply agent-specific risk rules rather than human-checkout heuristics. Tag agent-initiated transactions from the start; retrofitting this later is painful.
Now you have Link enabled and agent-initiated transactions flagged for appropriate risk treatment.
Step 3: Accept one-time use cards as the adapter layer
One-time use cards are the bridge between the agent economy and the existing commercial internet. An agent holding a one-time use card from Link can complete a purchase on any checkout flow that accepts standard card payments — including yours, right now, without any additional integration.
The catch: you need to make sure your fraud rules don’t reject them. One-time use cards have behavioral signatures that look unusual to rules tuned for human shoppers: no prior purchase history on that card number, no browser fingerprint, no session cookies, sometimes unusual velocity. Stripe Radar’s token theft defenses are specifically calibrated for agent-based fraud patterns, but you need to make sure you’re on a recent enough Radar ruleset and that you haven’t added custom rules that inadvertently block legitimate agent purchases.
Review your Radar rules for anything that blocks: cards with no prior transaction history, orders with no session cookie, purchases where billing and shipping addresses don’t match (agents often use the buyer’s billing address with a different shipping address), and high-velocity purchases from a single IP.
The fraud concern here is real. Stripe has already documented a pattern where a few thousand humans are running millions of agents to register fraudulent accounts and steal tokens. In AI SaaS specifically, one fraudulent free-trial user costs real compute dollars — unlike traditional SaaS where an extra user clicking around was nearly free. Your Radar configuration needs to distinguish between legitimate agent purchases and automated abuse, which is a different problem than distinguishing between human fraud and human legitimate purchases.
Now you have one-time use card acceptance working with appropriate fraud rules — the adapter layer is live.
Step 4: Implement shared payment tokens for the machine-native rail
Coding agents automate the 5%. Remy runs the 95%.
The bottleneck was never typing the code. It was knowing what to build.
This is the step that separates “agent-compatible” from “agent-native.” Shared payment tokens don’t go through a human-shaped checkout flow at all. The agent presents a scoped payment credential directly to your payment endpoint, your server validates it against Stripe’s machine payments protocol, and the transaction settles programmatically.
This requires a server-side endpoint that can receive and validate a payment token:
app.post('/agent-purchase', async (req, res) => {
const { payment_token, items, buyer_intent } = req.body;
// Validate the token against Stripe's machine payments protocol
const tokenValidation = await stripe.paymentTokens.validate(payment_token, {
merchant_id: process.env.STRIPE_MERCHANT_ID,
amount: calculateTotal(items),
currency: 'usd'
});
if (!tokenValidation.valid) {
return res.status(402).json({
error: 'invalid_payment_token',
message: tokenValidation.rejection_reason
});
}
// Token is valid and scoped — proceed with fulfillment
const order = await createOrder(items, tokenValidation.buyer_context);
await fulfillOrder(order);
res.json({
order_id: order.id,
fulfillment_eta: order.eta,
confirmation: order.confirmation_number
});
});The buyer_context from a validated token may include spend limits, merchant restrictions, approval state, and expiration. Your fulfillment logic should respect these — if the token is scoped to $50 and your order totals $60, reject it cleanly with a structured error rather than letting it fail at settlement.
Document your agent endpoint. Literally: create a /agent-api page that describes what your endpoint accepts, what it returns, what errors it surfaces, and what constraints apply. Agents need to know your cancellation policy, your error handling, and your recourse path. A commercially complete path — not just a payment endpoint.
Now you have a machine-native payment rail that agents can call directly, without a human-shaped checkout flow in the middle.
The Failure Modes Nobody Warns You About
Your fraud rules will fire on legitimate agent purchases. This is the most common failure. One-time use cards look like fraud to rules tuned for human behavior. Before you go live, run a test purchase using a Link agent wallet and check your Radar logs. If it’s flagged, trace which rule triggered and adjust.
Your product data is marketing copy, not structured data. “Free shipping on orders over $35” is not machine-readable. “$0 shipping when cart total ≥ $35.00 USD” is. Agents don’t infer. They parse. Go through your product pages and convert every policy statement into a structured fact.
Your webhook handler assumes a human is watching. Agent purchases may complete at 3am with no one monitoring your order queue. Your fulfillment webhook needs to handle errors, send confirmation to the buyer’s agent (not just a human email address), and log enough context to debug failures without a session replay.
You haven’t thought about metering for AI-adjacent products. If you sell anything with a usage component — API access, token budgets, compute time — the Stripe streaming payments architecture (Metronome for usage tracking, Tempo for stablecoin micro-payments) is worth understanding before agents start buying subscriptions and immediately consuming at scale. Waiting until end-of-month to settle creates real risk when the buyer is an agent that might not exist in 30 days. This is where platforms like MindStudio that orchestrate agent workflows across 200+ models and 1,000+ integrations become relevant — the agents consuming your API may themselves be running inside orchestration layers that have their own billing and usage patterns you’ll need to account for.
Day one: idea. Day one: app.
Not a sprint plan. Not a quarterly OKR. A finished product by end of day.
Your error messages are written for humans. “Something went wrong, please try again” is useless to an agent. Structured error responses with machine-readable codes, rejection reasons, and suggested remediation are what agents need to decide whether to retry, escalate to the human, or move to an alternative merchant.
Where to Take This Further
The four steps above get you to agent-compatible. The next layer is agent-preferred — being the merchant an agent remembers as a reliable answer.
That’s a brand question, but not the kind marketers are used to. Brand in the agent economy isn’t about how your landing page makes someone feel. It’s about whether you’re in the buyer’s preference layer: prior purchases, stated preferences, trust history, explicit dislikes. An agent can carry brand loyalty as a constraint without feeling brand loyalty. If a buyer has told their agent “I prefer this roaster,” the agent will route to you without you ever getting a chance to persuade it. If you’ve broken trust once — a late shipment, a wrong item, a hard-to-cancel subscription — the agent carries that too, permanently, without you getting a reset.
The practical implication: invest in fulfillment accuracy and support responsiveness before investing in agent discovery. Being discoverable by agents and then failing to fulfill correctly is worse than not being discoverable at all.
For builders who want to go further on the agent orchestration side — building purchasing agents rather than just accepting agent purchases — AI agents for product managers covers how to scope and deploy agents that interact with commerce systems, and AI agents for personal productivity shows the consumer-side patterns that will drive demand for agent-compatible merchants.
If you’re building the agent-facing API layer as a full-stack application rather than bolting it onto an existing store, tools like Remy take a different approach to that build: you write a spec — annotated markdown describing your endpoints, data types, auth requirements, and business rules — and it compiles into a complete TypeScript backend with database, auth, and deployment. The spec is the source of truth; the generated code is derived output. For an agent API where the contract matters more than the implementation, that’s a reasonable way to build.
The commercial surface of the internet is migrating from seller-controlled environments to buyer-controlled agents. You can either be legible to that migration or invisible to it. The infrastructure exists now. The afternoon is available.
