UCP payment handler specification
Schema: /schemas/payment-handlers/stripe_spt.json
Stripe Shared Payment Token (SPT): agent-minted, merchant-scoped. Lets agents pay with a Stripe-managed funding source without sharing raw payment credentials.
AgentScore binding for Stripe Shared Payment Tokens (SPT) in UCP. SPTs let the agent pay with a Stripe-managed funding source (card, bank, Link wallet) without sharing raw payment credentials. The agent mints an SPT on its own Stripe account scoped to the merchant's profile id, presents it on the 402 retry, and the merchant captures the PaymentIntent server-side. Funding-source variety (own Stripe account, Link CLI, etc.) lives at the client/instruction layer (the 402 body's `agent_instructions.how_to_pay.stripe_spt` and `compatible_clients.stripe_spt`), not in this rail config.
The schema for the binding's `config` object lives at /schemas/payment-handlers/stripe_spt.json. The wrapper fields (id, version, spec, schema, config) are defined by UCP itself.
Fields:
rail (string (const)): Always `stripe-spt` (kebab-case rail identifier; distinct from the snake_case UCP namespace key).profile_id (string): Stripe profile id; the merchant-side network identifier the agent's SPT is scoped to.Example config:
{
"rail": "stripe-spt",
"profile_id": "profile_5xKvNqM9BaH"
}End-to-end flow from the merchant's 402 challenge to settlement:
accepts[] including a stripe-spt entry carrying the merchant's profile_id. The 402 body also carries agent_instructions.how_to_pay.stripe_spt with the SPT mint instructions and the merchant's profile id.profile_id, with a single-use nonce + amount. Stripe returns the SPT string.X-Stripe-Spt is the common convention).paymentIntents.create with the SPT + idempotency key. Stripe verifies scope, captures funds, and returns the PaymentIntent.Merchant-side responsibilities once the agent's payment credential arrives on the retry leg:
X-Stripe-Spt).stripe.paymentIntents.create({ shared_payment_token, amount, currency, ... }) server-side. Stripe verifies the SPT is scoped to the merchant's profile_id and returns a PaymentIntent.profile_id. The merchant's Stripe account validates the scope server-side; an SPT minted for profile_A cannot be redeemed by merchant_B.paymentIntents.create so a retry from the same agent against the same SPT is safe.agentscore-pay (npm: @agent-score/pay). See docs.agentscore.com/integrations/pay-cli