A practical guide to the new payment primitives that let AI agents spend money โ Stripe Link CLI, Issuing for Agents, the Machine Payments Protocol, Shared Payment Tokens, and the card networks racing to keep up.
Until 2026, an agent that needed to buy something either got handed a real card number (terrifying) or couldn't pay at all (useless). The new tools fix that with three ideas: scoped credentials, machine-native protocols, and consent flows that don't break user trust.
One-time-use cards, single-merchant tokens, and per-purchase spending limits. The agent can't reuse what it didn't earn.
Real-time approval notifications via the user's wallet app. The human sees what the agent wants to buy before money moves.
Open protocols like MPP (HTTP 402 + a payment header) let services charge agents without forcing them through human checkout flows.
The tools below all shipped โ or got a major upgrade โ in 2026. Each solves a different slice of "how does an agent actually pay for things?"
An open-source CLI (and MCP server) that lets an agent request a one-time-use card or a Shared Payment Token from your Link wallet. You approve every purchase from the Link app before credentials are released.
Install:
npm i -g @stripe/link-cli
# or run on demand
npx @stripe/link-cliUse it as an MCP server (Claude, Claude Code, or any MCP client) by adding to your .mcp.json:
{
"mcpServers": {
"link": {
"command": "npx",
"args": ["@stripe/link-cli", "--mcp"]
}
}
}What you get:
Two credential types are supported. By default, a spend request provisions a virtual card (PAN, CVC, expiry) for any standard checkout. For merchants on MPP, pass --credential-type "shared_payment_token" instead. Card details are written redacted to stdout; full PAN goes to --output-file with mode 0600.
Heads up: Link CLI is US-only at launch and capped at $500 per spend request.
The lower-level Issuing API, repackaged for agentic spend. Mint your own virtual VISA cards programmatically, with real-time authorization controls, fraud detection, and full transaction visibility โ all the primitives Link itself is built on.
Use this when you want to own the card lifecycle rather than hand off to Link's consent UI. Common shapes:
You write the rules: per-card limits, allowed MCCs, per-merchant constraints, and an authorization webhook that can approve or decline in real time. CardForAgent is built directly on this API โ and exposes it through MCP without you having to wire up Stripe yourself.
An open spec โ co-authored by Stripe and Tempo โ for agent-to-merchant payment over HTTP. Resurrects the long-dormant HTTP 402 Payment Required status code as a real, working part of the web.
Flow:
Early adopters already charging agents this way include Browserbase (headless browsers), Parallel Web Systems (web-access APIs), PostalForm (physical mail), Prospect Butcher Co. (sandwiches, genuinely), and Stripe Climate. From the merchant's side, MPP charges still appear in the normal Stripe Dashboard โ same fraud, tax, and refund tooling as any other payment.
Agents pay over MPP using either stablecoins directly, or fiat (cards / BNPL) via Shared Payment Tokens.
A scoped, machine-native credential. Think "a card number, but with a built-in expiry, an amount, a currency, and a single allowed merchant baked in." Backed by whatever payment method you already have in your wallet โ card, bank, eventually stablecoin.
SPTs solve the problem cards never could: an agent can hold one without holding the underlying credential, and the merchant gets paid through whatever rail makes sense (Visa, ACH, Mastercard Agent Pay, etc.). Stripe is rolling SPT support out beyond Link to Mastercard Agent Pay, Visa Intelligent Commerce, Affirm, and Klarna.
Mastercard's Agentic Payments Program, anchored on Agentic Tokens โ dynamic, single-purpose digital credentials a consumer can grant to an AI agent. Card-network-issued, not provider-issued, so it works wherever Mastercard works.
Visa's parallel program. TAP is an open framework letting merchants tell legitimate AI agents apart from scrapers and fraud bots โ a piece the rest of the stack assumes but didn't have.
An on-chain alternative: wallets purpose-built for agents to hold funds, send payments, swap tokens, earn yield, and transact without per-action human approval. Pairs naturally with MPP's stablecoin rail.
A rough mental model. Most real agents end up using two or three of these together.
| Tool | Best when | Skip when |
|---|---|---|
| Link CLI | A consumer-side agent (yours or someone else's) needs to buy on behalf of one user, with that user approving each purchase. | You're building B2B / multi-tenant infra, or operating outside the US. |
| Issuing for Agents | You want to be the issuer โ programmatic cards with your own controls, webhooks, and UX. Power-user / platform play. | You don't want to onboard with Stripe Issuing or operate the compliance surface. |
| CardForAgent | You want Issuing-style cards over MCP without integrating Stripe yourself. Top up, get a hosted MCP URL, done. | You need Connect-style platform issuing for end customers (use Stripe directly). |
| MPP / x402 | The merchant you want to pay supports it. Cleanest agent-native checkout โ no human form fills. | Buying from any normal e-commerce site (use a card credential instead). |
| SPTs | You want a single credential that abstracts over cards, bank, BNPL, and (soon) stablecoins. | The merchant only accepts a raw PAN. |
| Mastercard / Visa | You're a network-tier integrator or large merchant adopting agent rails directly. | You're a developer who just wants a card to pop out of an API call. |
| Coinbase Agentic Wallets | The agent's job is on-chain or settles in stablecoins. Pairs well with MPP. | You need card acceptance at any merchant that doesn't take crypto. |
CardForAgent gives you a virtual VISA card in seconds, accessible via MCP from Claude, Claude Code, or any MCP-compatible agent. No Stripe account required.
Get started