Delegated Payment Spec
Payment Service Providers implement the Delegated Payment Spec to handle and secure Agentic Commerce transactions
Building with the Agentic Commerce Protocol is open to all. Instant Checkout in ChatGPT is currently available to approved partners. To apply to participate in Instant Checkout, fill out this form here.
Overview
The delegated payment spec allows OpenAI to securely share payment details with the merchant or its designated payment service provider (PSP). The merchant and its PSP then handle the transaction and process the related payment in the same manner as any other order and payment they collect.
Who is this spec for?
Directly integrating with OpenAI via the Delegated Payment Spec is only for PSPs or PCI DSS level 1 merchants using their own vaults. For others, Stripe's Shared Payment Token is the first Delegated Payment Spec-compatible implementation, with more PSPs coming soon.
How it works
- Buyers check out using their preferred payment method and save it in ChatGPT.
- The delegated payment payload is sent to the merchant's PSP or vault directly. The delegated payment is single-use and set with allowances.
- The PSP or vault returns a payment token scoped to the delegated payment outside of PCI scope.
- OpenAI forwards the token during the complete-checkout call to enable the merchant to complete the transaction.
Key points
- OpenAI is not the merchant of record. Under the Agentic Commerce Protocol, merchants bring their own PSP and process payments as they would for any other digital transaction.
- Single-use and constrained. The payment token is restricted by the delegated payment's max amount and expiry, helping protect users and prevent misuse.
- Merchant-owned payments. Settlement, refunds, chargebacks, and compliance remain with the merchant and their PSP.
- Security by design. The Delegated Payment Spec ensures PSP-returned credentials are narrowly scoped and cannot be used outside the defined limits of the user-approved purchase.
- PCI Scope. Directly integrating with the Delegated Payment Spec involves directly handling cardholder data (CHD) and may affect your PCI scope.
REST endpoints
POST /agentic_commerce/delegate_payment
Call direction: OpenAI -> PSP
Headers
| Field | Description | Example Value |
|---|---|---|
| Authorization | API Key used to make requests | Bearer api_key_123 |
| Accept-Language | The preferred locale for content like messages and errors | en-US |
| User-Agent | Information about the client making this request | ChatGPT/2.0 (Mac OS X 15.0.1; arm64; build 0) |
| Idempotency-Key | Key used to ensure requests are idempotent | idempotency_key_123 |
| Request-Id | Unique key for each request for tracing purposes | request_id_123 |
| Content-Type | Type of request content | application/json |
| Signature | Base64 encoded signature of the request body | eyJtZX... |
| Timestamp | Formatted as an RFC 3339 string | 2025-09-25T10:30:00Z |
| API-Version | API version | 2025-09-12 |
[Rest of the content continues with object definitions and other details...]