Complete technical guide to implementing Instant Checkout for AI platforms. Enable customers to purchase products directly within ChatGPT, Perplexity, Claude, and Google AI conversations.
Official Reference: This guide is based on the ACP Agentic Checkout Specification. For the most up-to-date technical details, always refer to the official ACP documentation.
Instant Checkout allows customers to complete purchases directly within AI platform conversations (ChatGPT, Perplexity, Claude) without leaving the interface. It's built on the Agentic Commerce Protocol (ACP) and provides a seamless, secure checkout experience optimized for conversational AI.
Customer asks AI agent about products (e.g., "Find me wireless headphones for travel"). AI agent searches your product catalog and presents relevant options.
Customer decides to purchase. AI agent calls your ACP-compliant checkout API with product details, customer information, and conversation context.
Your system creates a secure checkout session, validates inventory, calculates shipping, and processes payment through your payment provider (Stripe, PayPal, etc.).
Upon successful payment, your system creates the order, reserves inventory, sends confirmation emails, and triggers fulfillment workflows.
AI agent receives real-time updates about order status and can answer customer questions about shipping, tracking, and delivery.
To integrate Instant Checkout, you must apply for merchant access through the ChatGPT Merchant Application Page. OpenAI reviews applications and provides API credentials upon approval. This typically takes 1-2 weeks for qualified merchants.
Customers complete purchases 3.5x faster without leaving the AI conversation
Seamless experience reduces friction and abandonment by 45%
Native mobile experience through AI apps (ChatGPT, Perplexity mobile)
Built on ACP with PCI DSS compliance and fraud protection
You'll need an account with a payment provider that supports ACP. Recommended options:
Register for ACP developer access to get API credentials:
# Install ACP SDK (Node.js example)
npm install @acp/checkout-sdk
# Install payment provider SDK
npm install stripe
# Environment variables (.env)
ACP_API_KEY=your_acp_api_key
ACP_WEBHOOK_SECRET=your_webhook_secret
STRIPE_SECRET_KEY=your_stripe_secret_key
STRIPE_PUBLISHABLE_KEY=your_stripe_publishable_key
DOMAIN=https://yourdomain.comThe core of Instant Checkout is the checkout session API. This endpoint receives product and customer information from AI agents and creates a secure checkout session.
// POST /checkouts - Create a checkout session
// Request from ChatGPT/AI Platform
{
"items": [
{
"id": "item_123",
"quantity": 2
}
],
"buyer": {
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"phone_number": "+1234567890"
},
"fulfillment_address": {
"name": "John Doe",
"line_one": "123 Main St",
"line_two": "Apt 4B",
"city": "San Francisco",
"state": "CA",
"country": "US",
"postal_code": "94105"
}
}
// Response to AI Platform
{
"id": "checkout_abc123",
"status": "ready_for_payment",
"currency": "usd",
"line_items": [
{
"id": "item_123",
"item": {
"id": "item_123",
"quantity": 2
},
"base_amount": 2000,
"discount": 0,
"total": 2000,
"subtotal": 2000,
"tax": 0
}
],
"fulfillment_options": [
{
"type": "shipping",
"id": "shipping_fast",
"title": "Express Shipping",
"subtitle": "2-3 business days",
"carrier": "Shipping Co",
"subtotal": 150,
"tax": 0,
"total": 150
}
],
"totals": [
{
"type": "subtotal",
"display_text": "Subtotal",
"amount": 2000
},
{
"type": "fulfillment",
"display_text": "Shipping",
"amount": 150
},
{
"type": "tax",
"display_text": "Tax",
"amount": 100
},
{
"type": "total",
"display_text": "Total",
"amount": 2250
}
]
}| Field | Type | Required | Description |
|---|---|---|---|
products | Array | Yes | Array of products to purchase |
customer | Object | Yes | Customer information and shipping address |
payment_method | String | Yes | Payment method ID or type |
metadata | Object | Recommended | AI platform, conversation ID, and tracking data |
{
"checkout_id": "chk_1234567890",
"checkout_url": "https://checkout.yourstore.com/chk_1234567890",
"status": "pending",
"expires_at": "2025-01-20T15:30:00Z",
"total": {
"subtotal": 299.99,
"shipping": 0.00,
"tax": 24.00,
"total": 323.99,
"currency": "USD"
},
"customer": {
"id": "cus_abc123",
"email": "customer@example.com"
}
}Most merchants use Stripe for payment processing due to its robust API, security features, and ACP compatibility.
// Delegated Payment Processing with Stripe
// When AI platform sends payment token
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
async function processACPPayment(checkoutSession, paymentData) {
// Payment data from AI platform includes delegated token
const { payment_method } = paymentData;
if (payment_method.type === 'delegated_token') {
// Use Stripe's Shared Payment Token
const paymentIntent = await stripe.paymentIntents.create({
amount: checkoutSession.totals.find(t => t.type === 'total').amount,
currency: checkoutSession.currency,
payment_method: payment_method.token, // spt_xxx from AI platform
confirm: true,
metadata: {
checkout_id: checkoutSession.id,
ai_platform: 'chatgpt'
}
});
if (paymentIntent.status === 'succeeded') {
// Create order in your system
const order = await createOrder({
checkout_id: checkoutSession.id,
customer: checkoutSession.buyer,
items: checkoutSession.line_items,
total: checkoutSession.totals.find(t => t.type === 'total').amount,
payment_intent_id: paymentIntent.id
});
return {
status: 'completed',
order_id: order.id,
confirmation_number: order.confirmation_number
};
}
}
throw new Error('Payment processing failed');
}Never handle raw credit card data directly. Always use your payment provider's tokenization system. Stripe, PayPal, and other providers handle PCI compliance for you when you use their SDKs correctly.
Webhooks allow your system to receive real-time notifications about checkout events. This is critical for order processing, inventory management, and customer communication.
// Webhook endpoint to handle instant checkout events
app.post('/webhooks/acp-checkout', async (req, res) => {
const event = req.body;
// Verify webhook signature
const signature = req.headers['x-acp-signature'];
if (!verifySignature(event, signature)) {
return res.status(401).json({ error: 'Invalid signature' });
}
switch (event.type) {
case 'checkout.session.created':
await handleCheckoutCreated(event.data);
break;
case 'checkout.session.completed':
await handleCheckoutCompleted(event.data);
break;
case 'checkout.session.failed':
await handleCheckoutFailed(event.data);
break;
}
res.json({ received: true });
});| Event Type | When It Fires | Action Required |
|---|---|---|
checkout.session.created | When checkout session is initiated | Log session, reserve inventory (optional) |
checkout.session.completed | When payment is successful | Create order, charge inventory, send confirmation |
checkout.session.failed | When payment fails or is declined | Release reserved inventory, log failure |
checkout.session.expired | When session expires (typically 24 hours) | Release reserved inventory, clean up session |
order.shipped | When order is shipped | Send tracking info to customer and AI platform |
order.delivered | When order is delivered | Request review, update order status |
Instant Checkout handles sensitive customer data and financial transactions. Implement all security best practices to protect your customers and your business from fraud and data breaches.
// Security best practices for ACP Instant Checkout
// 1. Authentication with Bearer Token
app.post('/checkouts', async (req, res) => {
const authHeader = req.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Unauthorized' });
}
const token = authHeader.substring(7);
const isValid = await verifyACPToken(token);
if (!isValid) {
return res.status(401).json({ error: 'Invalid token' });
}
// Process checkout...
});
// 2. Verify webhook HMAC signatures
function verifyWebhookSignature(payload, signature, timestamp) {
const crypto = require('crypto');
// Construct signed payload
const signedPayload = `${timestamp}.${JSON.stringify(payload)}`;
// Calculate HMAC
const hmac = crypto
.createHmac('sha256', process.env.ACP_WEBHOOK_SECRET)
.update(signedPayload)
.digest('hex');
// Compare signatures
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(hmac)
);
}
// 3. Inventory validation before checkout
async function validateInventory(items) {
for (const item of items) {
const product = await db.products.findById(item.id);
if (!product) {
throw new Error(`Product ${item.id} not found`);
}
if (product.availability !== 'in_stock') {
throw new Error(`Product ${item.id} is not available`);
}
if (product.stock_quantity < item.quantity) {
throw new Error(`Insufficient stock for ${item.id}`);
}
}
return true;
}
// 4. PCI Compliance - Never log sensitive data
function sanitizeLogData(data) {
const sanitized = { ...data };
// Remove sensitive fields
delete sanitized.payment_method;
delete sanitized.card_number;
delete sanitized.cvv;
return sanitized;
}Always test your integration thoroughly in sandbox mode before going live. Use test credentials provided by ACP and your payment provider.
| Card Number | Scenario | Expected Result |
|---|---|---|
4242 4242 4242 4242 | Successful payment | Payment succeeds |
4000 0000 0000 0002 | Card declined | Payment fails |
4000 0000 0000 9995 | Insufficient funds | Payment fails |
4000 0025 0000 3155 | 3D Secure authentication | Requires auth |
Our platform handles all the complexity for you—no coding required
Get Started