MongoDB as the Mandate Ledger for Agentic Commerce: Supporting A2A, AP2 & UCP

Agentic commerce is here! Retailers and technologists are faced with the task of creating new architectures to support trustworthy, secure, and auditable agentic commerce. The tech sector has moved quickly to meet this challenge with a new wave of agentic protocols. The industry is moving fast: following the launch of Agent to Agent Protocol (A2A) in April 2025, Google launched Agents Payments Protocol (AP2) in Sept 2025, followed by Unified Commerce Protocol (UCP) in January 2026.

For retailers, it is not a conceptual shift; it is an architectural mandate. Supporting agent-driven transactions requires more than exposing APIs; it requires building a trusted execution environment where intent, authorization, and payment actions can be verified, persisted, and audited in real time. To support these protocols, they must introduce a mandate layer: a dedicated data architecture that records and enforces machine-authorized transactions as immutable, verifiable artifacts. 

This is where MongoDB will play a part in the agentic commerce architecture of tomorrow. This blog post explains what that architecture looks like, why a Mandate Ledger Service becomes a foundational system, and how protocols such as UCP and AP2 define the operational model retailers must prepare to support.

The evolution of commerce protocols: UCP and AP2

For retailers, preparing for agentic commerce means mapping new protocols to systems already in the estate. The Universal Commerce Protocol (UCP) defines how external agents discover and interact with commerce capabilities, while the AP2 (Agent Payments Protocol) defines how those interactions are authorized, executed, and audited.

In practice, UCP sits at the edge of the retail platform. It exposes machine-readable capabilities through a well-known endpoint backed by existing services such as catalog, pricing, cart, checkout, and order management. Retailers do not replace these systems; they make them discoverable and callable by authorized agents through standardized interfaces.

AP2 operates within the trust and transaction layer. It governs how agent actions are permitted, what may be purchased, and how payment is executed using verifiable mandates persisted in a Mandate Ledger Service. This introduces a new architectural responsibility: a mandate layer that records authorization and execution as immutable, auditable artifacts integrated with identity, payment, and compliance controls.

Figure 1. UCP conversation vs.AP2 commitment.

In operational terms, UCP enables agents to find and use your capabilities; AP2 ensures those capabilities can be exercised securely, provably, and at scale.

The Agent Payments Protocol & mandates as a new standard for trust

AP2 defines how parties interact securely in agentic commerce environments, regardless of the underlying payment method. Rather than relying on proprietary integrations or hard-coded trust relationships, AP2 introduces a standardized, verifiable trust framework.

At the core of AP2 is the concept of the mandate.

Mandates are tamper-proof digital contracts that represent authorization throughout an agentic transaction lifecycle. Conceptually, they function as domain-specific verifiable digital credentials (VDCs): cryptographically verifiable artifacts that bind intent, authorization, and execution rights to an identifiable principal. The protocol supports multiple mandate types, including intent mandates (what an agent is allowed to do), cart mandates (what is being purchased), and payment mandates (how and when funds may be transferred).

Figure 2. The mandate.

This guarantees non-repudiation: if an agent executes a transaction within the bounds of an authorized mandate, that action is provable and enforceable. This is essential for dispute resolution, compliance, and regulatory review as autonomous systems take on greater responsibility.

AP2 assumes the presence of a Mandate Ledger Service: a protective layer between agents and the database. Agents never modify mandate data. All interactions are validated, recorded, and preserved as append-only artifacts. Architectural choices at this layer are critical to ensuring trust, performance, and scalability.

MongoDB as the mandate ledger service

AP2 is a protocol-level innovation, but for retailers, its value is realized only when it is operationalized as a system they own and run. Supporting AP2 requires building a Mandate Ledger Service: a dedicated data layer that enforces immutability, validates authorization, persists mandates as append-only records, and scales to autonomous, high-concurrency workloads. This is not an enhancement to existing commerce databases; it is a new trust infrastructure that sits alongside identity, payment, and order systems. MongoDB is well-suited to serve as the foundation for this mandate layer, providing the durability, governance, and horizontal scalability required to make agent-authorized transactions verifiable and auditable at production scale.

Because AP2 artifacts are defined in JSON, MongoDB’s document-native model can persist mandates, policies, and agent states in their native structure without transformation. This eliminates resistance between the protocol and the data layer, allowing schemas to evolve alongside new mandate types or lifecycle stages without disruptive migrations, downtime, or replatforming.

Figure 3. Payment and mandate document model.

Security and governance are built in. Fine-grained RBAC (role-based access control), encryption at rest and in transit, and configurable retention policies align with the requirements of regulated commerce environments. This ensures mandates are not only immutable but also properly controlled and auditable.

MongoDB’s unified document model reduces fragmentation by keeping intent, authorization, and execution context together. This improves transactional accuracy and consistency in complex, multi-agent workflows where ambiguity can quickly erode trust.

Figure 4. Adaptability, security, accuracy, and performance.

Performance is equally critical. Agentic commerce introduces bursty, concurrent workloads driven by autonomous decisions rather than human pacing. MongoDB’s horizontally scalable architecture is designed to handle high-throughput, low-latency transactions across distributed environments, ensuring mandate validation and persistence do not become bottlenecks.

Mandates function as permanent, append-only contracts within the AP2 architecture. Immutability is achieved at the solution level through the Mandate Ledger Service, which restricts direct modification and records mandate lifecycle events as controlled, verifiable entries. MongoDB can support this pattern by persisting mandates as versioned documents and enforcing access controls so changes are recorded as new states rather than in-place edits.

This architectural approach enables consistent auditability across agent interactions. Authorizations, executions, and outcomes can be reconstructed from recorded mandate history, supporting compliance, dispute resolution, and operational transparency as commerce becomes increasingly autonomous.

The architectural foundation for agentic commerce

Agentic commerce reframes digital transactions around intent, and for retailers, this shift is primarily architectural. Readiness is defined not by new channels or interfaces, but by the ability to expose capabilities for agent discovery and to execute transactions within a verifiable trust framework. UCP externalizes what your commerce platform can do; AP2 governs how those capabilities are authorized, executed, and audited.

The practical implication for retailers is clear: establish a mandate layer and operate a Mandate Ledger Service that records authorization and execution as controlled, append-only artifacts integrated with identity, payment, and compliance systems. This trust infrastructure becomes a first-class component of the retail estate, enabling secure participation in an agent-driven ecosystem without fragmenting core commerce services.

By operationalizing AP2 with a scalable, governed data foundation such as MongoDB, retailers can support machine-speed transactions while preserving auditability, control, and resilience. Organizations that invest in this architecture now position themselves to convert intent into execution reliably, as zero-click commerce moves from emerging pattern to operational norm.