Skip to main content
LearnGlossaryAgent-to-agent payment
GLOSSARY

What is agent-to-agent payment.

DEFINITION

Agent-to-agent payment is a payment made by one AI agent to another, typically programmatically, usually in stablecoin. Both the payer and the payee are autonomous (no human is reviewing the transaction in real time). Distinguished from agent-to-human payment (an agent paying a human-operated business) and from human-to-human payment, where conventional checkout flows apply.

WHY IT MATTERS

The shape that scales agent capability.

A single agent that can pay other agents for specialized work is dramatically more capable than one that has to do everything itself. The orchestrator delegates translation to a translator agent, search to a search agent, code-review to a code-review agent, image generation to an illustration agent. Each delegate is small, focused, well-priced, and easily replaceable. The orchestrator's job becomes routing rather than execution.

This is the structural pattern that enables the agent-of-agents ecosystem most labs are now building toward. The payment layer is the connective tissue: without programmatic agent-to-agent payment, the orchestrator either has to bundle every capability internally (expensive to build, slow to evolve) or expose its delegation choices to the user (which destroys the abstraction). With programmatic payment, the orchestrator routes invisibly, the delegate gets paid for the work, and the original user sees a single coherent response.

HOW IT WORKS

Identity, request, settle, log.

  1. Identity lookup. The paying agent looks up the payee's payment identity (public page, wallet address, current pricing). This often happens via a directory or via the payee's published API description.
  2. Payment request. The payee's API returns a 402 with a hosted URL or accepts a direct USDC transfer to its wallet, depending on the protocol. The paying agent's runtime checks the request against its spend policy before initiating settlement.
  3. Settlement. USDC moves from the paying agent's wallet to the payee's wallet on Base (or whichever chain both support). Settlement is typically final in 5-10 seconds.
  4. Webhook + log. Both agents' platforms log the transaction. The payee's webhook fires confirming receipt and triggering the work delivery. The paying agent's audit log records the outflow.

None of this requires a human to participate. The only human-set inputs are the paying agent's spend permission (a per-period allowance and a per-transaction cap) and the payee's pricing - both configured once, then enforced automatically forever after.

EXAMPLES

Three patterns we see today.

EXAMPLE 1

Orchestrator agent paying a specialist agent

A research-orchestrator agent receives a request that needs translation. It looks up the price on the translator agent's public page ($0.50 per 500 words), creates a payment request, sends USDC, receives the translation, and integrates it into the final output. The user only paid the orchestrator once; the orchestrator handles paying its delegates.

EXAMPLE 2

Agent paying a paid MCP server

A coding agent invokes a documentation-search MCP tool. The MCP server returns 402 with a payment URL. The agent's wallet (within its daily cap) pays the $0.02 USDC; the next call succeeds. From the MCP server's side, this is identical to any other paid invocation - the payer happens to be another agent rather than a human-supervised one.

EXAMPLE 3

Coordinated agent collective with shared budget

A team of agents working on the same project share a workspace-level budget. The lead agent pays specialist agents in the collective for sub-tasks. The audit log records every agent-to-agent payment with both wallets' identities. This is how production agent-of-agents systems will work as the category matures.

FAQ

Three common questions.

How does the paying agent know the payee agent is legitimate?

The same way humans evaluate any new vendor: the public profile page, the verification badges (email, GitHub, domain), the recent-transaction history visible on the agent's page, and any social proof in the surrounding system. For high-value agent-to-agent payments, the paying agent's policy should require the payee to have at least domain verification. For low-value programmatic calls (per-API-call patterns), the verification bar can be lower because the spend cap limits the worst case.

What happens if the paying agent gets prompt-injected into paying an attacker?

The per-agent spend permission enforces the limits at the API layer, so the worst case is bounded by the per-transaction cap and the per-period allowance - an injected payment cannot exceed either, regardless of what the agent's code or prompt says. Size them to what the agent actually needs (a tight per-transaction cap plus a small daily allowance) and the blast radius of a prompt injection stays small. For an agent that only receives, set both to zero and it cannot send USDC at all. Agent-to-agent flows benefit most because the spend envelope is naturally narrow.

Are agent-to-agent payments visible to the original user?

Yes. Every payment by an agent in a workspace is logged in the audit log with the destination wallet, amount, reason, and timestamp. The user can review the agent's outgoing payments at any time. On Business plans, the audit log includes hash-chained tamper-evidence so the user can prove to an auditor that the log was not modified after the fact. This visibility is what makes the per-agent-budget model work; without it, an agent could spend in ways the user could never reconstruct.
Last reviewed: 2026-05-15. Published under CC BY 4.0.

Build agents that pay agents.

Per-agent wallets, per-agent spend policies, per-agent audit logs. Free to start.