Getting Started with Visa's Trusted Agent Protocol

Welcome to the developer platform for the Trusted Agent Protocol! This content is provided for merchants and infrastructure providers who want to securely recognize and transact with Visa-approved AI agents. As agentic traffic and commerce become more prevalent, Visa's Trusted Agent Protocol provides a verifiable, cryptographic standard to help merchants differentiate legitimate agents from nefarious bots or web crawlers.

This following are the two key resources needed to get started:

1. The Trusted Agent Protocol: This is the official rulebook that details the technical processes for recognizing a Visa-approved agent, including the cryptographic standards (RFC9421), required message signature fields, and the process for validating an agent's intent. 
2. Sample Code Implementation: To make the protocol concrete, we provide practical code examples. These snippets demonstrate the use of public keys and how to  construct the signature_base strings, which are the critical first steps in verifying an agent's signature on your end.

The core of the protocol is simple: a trusted agent will include a message signature in its request to your server. A merchant's primary task is to validate this signature. To do this, a merchant system will need to reconstruct the signature_base string using attributes from the request and then use the agent's public key to verify the signature. This process ensures the request, and thus the agent, is authentic, unaltered, and comes from a trustworthy source. Additionally the protocol describes signatures to enable consumer recognition and payment.

Continue to the pages in the sidebar to dive into the specifics of the protocol and how you can implement the Trusted Agent Protocol.