Nexus and AP2: Credential Provider + Settlement Rail
Published: 2026-03 | Based on AP2 specification, Google Cloud Blog, and Nexus implementation plans
Overview
Google's Agent Payments Protocol (AP2) defines how agents authorize and audit payments through a three-layer Mandate evidence chain. Nexus integrates into AP2 as a Credential Provider (CP) and Settlement Rail — receiving AP2 Mandates, settling funds through on-chain escrow, and issuing PaymentMandate VCs back into the AP2 evidence chain.
Nexus is compatible with AP2 and actively adapting its infrastructure to serve AP2 ecosystem merchants.
At a Glance
| Dimension | AP2 | Nexus |
|---|---|---|
| Originator | Google + 60 partners (2025) | Nexus Team |
| Layer | Payment authorization & audit trail | Settlement & fund custody |
| Core Mechanism | Verifiable Credential Mandates | On-chain escrow + state machine |
| Security Model | Cryptographic evidence chain | Escrow lock + auto-refund |
| Payment Methods | Cards, stablecoins, bank transfers | USDC (on-chain) |
| Dispute Approach | Evidence-based, post-hoc arbitration | Deterministic on-chain resolution |
| Crypto Signing | JCS + ECDSA P-256 | EIP-712 + secp256k1 |
| Transport | A2A, MCP | MCP, REST API, HTTP 402 |
AP2's Three-Layer Mandate Model
AP2 creates an unbroken evidence chain across three Verifiable Digital Credentials (VDCs):
┌──────────────────────────────────────────────────────┐
│ Layer 1: Intent Mandate │
│ "I want to buy noise-cancelling headphones < $300" │
│ Signed by: User (device key) │
│ Purpose: Captures authorization for agent-autonomy │
│ scenarios (human-not-present) │
├──────────────────────────────────────────────────────┤
│ Layer 2: Cart Mandate │
│ "I approve this cart: Sony WH-1000XM6, $279.99" │
│ Signed by: User (cryptographic signature) │
│ Purpose: Non-repudiable proof of exact purchase │
├──────────────────────────────────────────────────────┤
│ Layer 3: Payment Mandate │
│ "Funds settled via Nexus escrow, tx 0xabc..." │
│ Signed by: Credential Provider (Nexus) │
│ Purpose: Signals settlement to payment network │
└──────────────────────────────────────────────────────┘AP2 defines Layers 1 and 2. Layer 3 — PaymentMandate — is where Nexus plugs in.
How Nexus Integrates with AP2
Nexus acts as an AP2 Credential Provider: it receives CartMandate VCs from the AP2 ecosystem, translates them into its internal settlement format (NUPS), executes escrow-backed settlement, and issues PaymentMandate VCs back into the evidence chain.
AP2 Shopping Agent Nexus (Credential Provider)
│ │
│ 1. CartMandate VC │
│ (user-signed, items + total) │
├─────────────────────────────────────────→ │
│ │ 2. Verify JCS signature
│ │ 3. Parse & validate VC
│ │ 4. Translate CartMandate → NUPS Quote
│ │ 5. Execute escrow pipeline
│ │ (lock funds in smart contract)
│ │
│ 6. Checkout URL (HTTP 402) │
│ ←──────────────────────────────────────── │
│ │
│ [User signs escrow tx] │
│ │
│ │ 7. Detect ESCROWED on-chain
│ │ 8. Issue PaymentMandate VC
│ 9. PaymentMandate VC │
│ ←──────────────────────────────────────── │
│ │
│ (evidence chain complete: │
│ Intent → Cart → Payment) │What Changes, What Doesn't
| Component | Change |
|---|---|
| AP2 Adapter (new) | Parses CartMandate VCs, verifies JCS signatures, translates to NUPS |
| PaymentMandate Generator (new) | Issues signed VCs after escrow confirmation |
| Escrow Contract | Zero changes — same 13-state machine |
| Orchestration Pipeline | Zero changes — AP2 adapter feeds into existing pipeline |
| Webhook System | Zero changes |
| Existing NUPS Merchants | Zero changes, zero awareness |
The design principle: adapt at the edges, preserve the core.
Why AP2 Benefits from Nexus Settlement
AP2 Mandates provide post-hoc audit capability — if something goes wrong, the evidence chain proves who authorized what. But Mandates alone don't prevent fund loss. Nexus adds pre-emptive fund protection:
| Capability | AP2 Alone | AP2 + Nexus |
|---|---|---|
| Authorization proof | CartMandate VC (cryptographic) | CartMandate VC (same) |
| Fund protection | Depends on payment handler | Escrow lock before delivery |
| Non-delivery recourse | Evidence-based dispute (days/weeks) | Auto-refund on timeout (deterministic) |
| Dispute evidence | Mandate chain | Mandate chain + on-chain state transitions |
| Settlement privacy | Depends on payment handler | Confidential Token (ZK proofs) |
AP2 answers "who authorized this payment?" Nexus answers "are the funds safe until delivery?"
Dual-Path Architecture
Nexus supports two parallel paths — existing NUPS-native merchants and AP2 ecosystem merchants — through a single settlement infrastructure:
| Path A: NUPS Native | Path B: AP2 → Nexus | |
|---|---|---|
| Agent protocol | NUPS (Nexus native) | AP2 |
| Authorization | EIP-712 group signature | CartMandate VC (JCS + P-256) |
| Merchant discovery | skill.md / MCP tools | AP2 Shopping Agent |
| Quote format | NexusQuotePayload | CartMandate → auto-translated |
| Settlement | Escrow (same) | Escrow (same) |
| Evidence output | On-chain tx + webhook | On-chain tx + PaymentMandate VC |
Both paths converge at the orchestration pipeline. The escrow contract processes them identically.
The Evidence Chain Advantage
When Nexus settles an AP2 payment, the resulting evidence chain is stronger than either protocol alone:
- Intent Mandate (signed by user) — "I authorized up to $300 for headphones"
- Cart Mandate (signed by user) — "I approved this specific cart at $279.99"
- On-chain escrow record (smart contract) — "$279.99 USDC locked at block #N, released at block #M"
- Payment Mandate (signed by Nexus) — "Settlement completed, tx hash 0xabc..."
If a dispute arises, the arbitrator has cryptographic proof of user intent, user approval, fund custody, and settlement — covering every stage of the transaction.
Key Takeaways
Nexus is an AP2 Credential Provider. It receives CartMandate VCs from AP2 agents, settles via on-chain escrow, and issues PaymentMandate VCs to complete the three-layer evidence chain.
Mandates + Escrow = complete protection. AP2 provides audit-grade authorization proof. Nexus provides pre-emptive fund safety. Together they cover both "who authorized it" and "are the funds protected."
Zero changes to the settlement core. AP2 integration is an adapter at the protocol edge. The escrow contract, 13-state machine, and webhook system remain untouched — reducing risk and preserving battle-tested infrastructure.
Two paths, one settlement layer. NUPS-native merchants and AP2 ecosystem merchants both settle through the same escrow pipeline. Nexus becomes a settlement rail that serves multiple agent payment protocols.