Tag: OAuth 2.0 token revocation RFC 7009

AP2 Token Revocation: Securely Remove Agent Payment Credentials

An AI agent just completed its last authorized procurement run for a vendor you terminated this morning. The contract is closed. The relationship is over. But the agent’s payment credential is still live. It remains scoped to your payment rail. It can still initiate a six-figure purchase order.

March 18, 2026

AP2 Token Revocation: Securely Remove Agent Payment Credentials