Agentic Commerce on Cloudflare
Agentic Commerce / Merchants

For Cloudflare merchants

Make your site work with AI agents —
safely.

AI agents are starting to do two distinct things on merchant sites: buy on behalf of real customers, and call tools as part of an assistant flow. Each one needs a different answer at the edge. We ship a merchant playbook for both.

Pick the one that matches the question you're trying to answer. Both playbooks can run side-by-side on the same site.

Payments — Ready today

Accept agent payments (TAP)

AI agents pay on behalf of real customers via Visa's Trusted Agent Protocol. You verify the agent is legitimate, hand the verified tokenised PAN to your existing processor, and the transaction settles like any other card payment. Six phases, end-to-end, with TAPKit shipping the cryptographic verification.

Open the TAP playbook →

Tool access — In progress

Govern agent tool calls (WebMCP)

AI agents call your MCP tools — to search your catalogue, fetch a product, complete a checkout. You decide which agents are allowed to call which tools, with cryptographic identity at the edge and a kill switch you can flip without a redeploy. Three phases: expose, govern, observe.

Open the WebMCP playbook →

Which one is for me?

"AI agents are about to buy from my site."
Start with TAP →
"My MCP server is reachable from the internet and I'm worried about who's hitting it."
Start with WebMCP →
"Both — eventually."
Pick whichever one you have a deadline on. The two playbooks are independent — you can adopt the second after the first is in production. They share the same underlying signature standard, so layering one on top of the other is straightforward.

How they fit together.

TAP and WebMCP answer different merchant questions, but they share the same underlying plumbing — both verify cryptographic signatures on incoming requests, both rely on Cloudflare KV for replay protection, both run as Workers in front of your origin.

TAP — at /checkout

Verifies that the agent paying for a cart is a legitimate, registered agent acting in payer intent. The signed payload carries a Visa-issued tokenised PAN. Your existing payment processor settles the transaction. The protocol is co-developed with Visa.

TAP merchant playbook →

WebMCP — at /mcp

Verifies that an agent calling your tools is who it claims to be, applies per-agent and per-tool rules, makes sure the request body wasn't tampered with, and gives you a kill switch. Built on Web Bot Auth — an IETF draft authored by Cloudflare.

WebMCP merchant playbook →

One Worker, two routes

If you end up adopting both, you can run TAPKit on your /checkout route and the WebMCP middleware on /mcp from the same Worker. They don't conflict; they're checking different things on different paths.

Different questions

TAP asks "is this a legitimate paying agent?". WebMCP asks "should this agent see this tool at all?". They overlap on proving who the agent is, but each one enforces different rules afterwards.