Agentic Commerce on Cloudflare
Agentic Commerce / Something else

For everyone else in the stack

Payment scheme, issuer,
or just curious?

Agentic commerce is a shared problem. Merchants and agent builders are the first two audiences we've built for on Cloudflare, but they're not the whole picture. If you're working on any other piece of this — agent registries, payment rails, tokenisation, consumer identity, research, standards — we'd like to hear from you.

Who this lane is for.

Not exhaustive. If you recognise yourself in any of these descriptions, the "get in touch" path below is the right one.

Payment schemes and networks

You're Visa, Mastercard, an issuer, or a new network building agent-aware rails. You want to know how Cloudflare's edge plugs into your agent registry, how merchants on our platform can trust your signatures, and what our roadmap looks like for supporting additional protocols.

Payment processors

Stripe, Adyen, or another processor handling the actual card transaction after a merchant accepts an agent request. You'll usually not need to change anything — the tokenised PAN arrives via your existing interface — but some edge cases (dispute routing, agent attribution) are worth a conversation.

Standards and policy

You're working on agent-commerce standards (AP2, Visa TAP, Mastercard Agent Pay), consumer-protection frameworks, or regulatory positions. Cloudflare sees a large slice of traffic and is actively engaged in these conversations.

Research and analysis

You're researching the agent-commerce landscape — market sizing, threat modelling, academic work on agent trust protocols. Happy to share the shape of what we're seeing in production traffic and the questions we're wrestling with.

Just curious

You read about agents buying things and wanted to understand what's actually happening behind the scenes. Welcome. Most of what's on this site is public; explore the merchant and agent-builder lanes for the concrete tools, and the Visa TAP spec for the protocol.

Something we haven't thought of

The above is not exhaustive. If agentic commerce intersects your work in a way the other two lanes don't capture, that's exactly the conversation we want to have.

Resources while you're here.

A lot of the adjacent picture is already well-documented elsewhere on Cloudflare's developer docs or in the public standards. If you're researching, exploring, or just orienting, these are the authoritative starting points.

  • Trusted Agent Protocol (TAP) spec ↗

    Visa's open-source protocol for trusted agent recognition at the merchant edge. Cloudflare co-developed TAP; our implementation (TAPKit) is the canonical Cloudflare-native reference.

    Standard

  • RFC 9421 — HTTP Message Signatures ↗

    The underlying IETF standard that TAP builds on. If you're working on signature verification in another context — an API, a CDN, a custom trust layer — this is the primary reference.

    Standard

  • Cloudflare Verified Bots ↗

    Cloudflare's existing directory for legitimate automated traffic. Trusted-agent authentication is a natural extension of the same trust model that already admits search crawlers, monitoring bots, and scrapers-with-a-pass.

    Platform

  • Cloudflare Agents SDK ↗

    If you're curious what an agent runtime actually looks like, this is the shipping reference. Stateful TypeScript agents on Durable Objects, three commands to deploy.

    Platform

  • llms.txt ↗

    An open proposal for sites to publish structured context for AI agents — a machine-readable product-catalog / knowledge-base manifest. The TAPKit reference merchant serves one as an example.

    Adjacent standard

  • Cloudflare AI blog ↗

    Ongoing writing on where agents, bots, and AI traffic intersect Cloudflare's network. Not agentic-commerce specific but closely adjacent.

    Reading

Still want to talk?

If the resources above don't cover what you're after, drop a note with who you are, what you're working on, and what would be most useful.

A dedicated alias is being set up. Until then, inquiries route through Matthew Conroy (mconroy@cloudflare.com).

Email → Back to the front door