ACP Merchant Onboarding Requirements

> To onboard as an ACP merchant, you need to meet requirements in two areas: a structured, trust-signal-complete product feed, and a fully implemented ACP Checkout Session API that passes conformance checks covering schema correctness, error handling, rate limits, and webhook delivery.

---

What Does ACP Merchant Onboarding Involve?

ACP merchant onboarding is the process of bringing a merchant's product data and transactional infrastructure into conformance with the Agentic Commerce Protocol so that AI agents — including ChatGPT Shopping with Instant Checkout — can discover, evaluate, and complete purchases with the merchant's store.

Onboarding has two distinct tracks that can be pursued in parallel. The first is the product data track: building a structured product feed that meets ACP field requirements, enrichment standards, and trust signal specifications. The second is the API track: implementing the five ACP Checkout Session endpoints, integrating with a supported PSP, configuring webhook delivery, and passing conformance certification.

A merchant can complete the data track without completing the API track — in that state, their products are discoverable and evaluable by AI agents but not yet programmatically purchasable via Instant Checkout. Full onboarding requires both tracks. This page documents what each track requires.

---

Track 1: Product Data Requirements

Required product fields: Every product in the feed must include a unique item ID, title, price (numeric, in the stated currency), currency code, and availability status (in stock or out of stock). These fields are the minimum for a product to be indexed and surfaced by a shopping assistant.

Recommended product fields: To compete effectively in AI agent evaluation, products should also include GTIN (Global Trade Item Number), MPN (Manufacturer Part Number), product images (at least one image URL), a product description, product category (using a taxonomy path), brand, and weight/dimensions where relevant.

Trust signal fields (required for Instant Checkout): ACP defines three trust signal fields that must be present for a merchant to support Instant Checkout: `accepts_returns` (boolean — whether the merchant accepts returns for this product), `return_deadline_days` (integer — how many days the buyer has to return the product), and `is_digital` (boolean — whether the product is a digital good). Without these fields, an agent cannot answer a buyer's likely pre-purchase questions about return eligibility, creating a confidence gap at the evaluation stage.

Structured variants: If a product has multiple options — size, colour, storage capacity, etc. — these must be encoded in the `variant_dict` field as a structured mapping rather than as free text in the product description. This allows agents to filter by variant programmatically when a buyer specifies attributes.

Q&A pairs: The `q_and_a` field accepts a JSON array of question-and-answer objects. Each entry provides a common buyer question and a factual answer about the specific product. This field gives agents pre-built responses to likely buyer queries and improves the quality of the evaluation the agent can perform on the merchant's behalf.

Structured reviews: The `reviews` field accepts a JSON array of structured review objects. Each review object includes reviewer name, rating, and review text. These are distinct from aggregate star ratings — structured reviews give agents narrative evidence of product quality to surface to buyers.

Sale pricing: If a product is on sale, the feed must include `sale_price` (numeric), `sale_price_start_date` (ISO 8601 date-time), and `sale_price_end_date` (ISO 8601 date-time). Using a sale price outside its declared date range is a data quality violation that will cause the agent to surface inaccurate pricing.

---

Track 2: API and Technical Requirements

Five Checkout Session endpoints: The merchant must implement and host five REST endpoints, all over HTTPS, returning JSON: 1. `POST /checkout_sessions` — create a session 2. `POST /checkout_sessions/{id}` — update a session 3. `POST /checkout_sessions/{id}/complete` — complete with PSP payment token 4. `POST /checkout_sessions/{id}/cancel` — cancel a session 5. `GET /checkout_sessions/{id}` — retrieve session state

Required request headers: Every request the agent sends will include:

• `Authorization: Bearer {api_key}` — the merchant authenticates the agent with an API key
• `Idempotency-Key` — a unique key the merchant must use to prevent duplicate order creation on retries
• `Request-Id` — a unique request identifier for tracing
• `Signature` — a Base64 encoded body signature the merchant must verify
• `Timestamp` — request timestamp the merchant should validate to prevent replay attacks

Webhook delivery: The merchant must emit `order.created` and `order.updated` events to the webhook endpoint provided by the AI platform. Webhooks must be signed with HMAC; the merchant must verify signatures on receipt. Webhook payloads carry the order object and current status, progressing through the full lifecycle: `created`, `manual_review`, `confirmed`, `canceled`, `shipped`, `fulfilled`.

Conformance certification: Before supporting Instant Checkout in ChatGPT, merchants must pass conformance checks across four areas: schema correctness (all required fields present in the correct format), error code standards (correct error codes and messages for all failure scenarios), rate limit handling (the endpoint correctly returns 429 responses with `Retry-After` headers when rate limited), and webhook delivery reliability (events are delivered consistently and signed correctly).

---

Implementation Checklist

• [ ] All products have item ID, title, price, currency, and availability
• [ ] Trust signals (`accepts_returns`, `return_deadline_days`, `is_digital`) present on all products
• [ ] `variant_dict` populated for all products with variants
• [ ] `q_and_a` JSON array populated with at least 3 Q&A pairs per product
• [ ] Sale pricing fields (`sale_price`, `sale_price_start_date`, `sale_price_end_date`) present where applicable
• [ ] Feed hosted at stable HTTPS URL, format is JSON-LD, CSV, TSV, or XML
• [ ] `POST /checkout_sessions` endpoint implemented and tested
• [ ] `POST /checkout_sessions/{id}` update endpoint implemented and tested
• [ ] `POST /checkout_sessions/{id}/complete` endpoint implemented with PSP token processing
• [ ] `POST /checkout_sessions/{id}/cancel` endpoint implemented
• [ ] `GET /checkout_sessions/{id}` endpoint implemented
• [ ] All five endpoints authenticate requests by verifying the API key
• [ ] Idempotency enforced on `complete` endpoint to prevent duplicate orders
• [ ] Signature verification implemented on all inbound requests
• [ ] Webhook delivery configured for `order.created` and `order.updated` events
• [ ] Webhook signatures verified on receipt using HMAC
• [ ] Conformance certification submitted and passed

Why It Matters for Merchants

Completing ACP onboarding is a one-time investment with a durable return. Once a merchant has passed conformance certification and submitted their product feed, they are permanently reachable by every ACP-compatible AI agent. As new AI assistants adopt the open standard, the merchant's store becomes accessible to each of them without any additional integration work.

The data quality requirements are also self-reinforcing benefits. A feed that passes ACP's trust signal and enrichment requirements is a better feed in every other channel too — Google Shopping, Meta Commerce Manager, and internal site search all benefit from more complete, structured product data. The investment in catalog quality for ACP compliance compounds across all commerce channels.

---

FeedBridge Relevance

FeedBridge covers the full product data track of ACP onboarding. The platform's Universal AI Engine generates all documented ACP enrichment fields — trust signals, `variant_dict`, `q_and_a` JSON arrays, structured reviews, and sale price fields — across eight product verticals. The AI Readiness Score measures Protocol Compliance (30% of total score), Content Quality (25%), AI Enrichment (30%), and Commerce Signals (15%), giving merchants a per-product view of onboarding readiness with actionable fix suggestions.

For the API track, FeedBridge provides the product data foundation and feed delivery infrastructure that the checkout endpoints depend on — specifically, product IDs and catalog data that the `POST /checkout_sessions` endpoint must reference accurately. FeedBridge does not build the checkout session endpoints on behalf of merchants; those remain the merchant's engineering responsibility or can be handled through an ACP-integrated PSP partner.

Merchants can assess their current ACP data readiness using the free AI Readiness Checker at feedbridge.ai/score before beginning the API track.

---

Frequently Asked Questions

Q: Can I use a third-party platform to build the ACP checkout endpoints? A: Yes. Some PSPs and commerce platforms are building ACP-integrated checkout solutions. If your PSP (Stripe, Adyen, or Braintree) provides an ACP-compatible checkout library, you can use that rather than building the endpoints from scratch.

Q: How often do I need to update my product feed? A: There is no mandated update frequency in the ACP specification. However, since agents use the feed to display pricing and availability to buyers, a stale feed with incorrect prices or unavailable products will cause fulfilment errors during checkout. FeedBridge supports configurable feed scheduling to keep feeds as current as the merchant's update cycle allows.

Q: What error codes does ACP define? A: The ACP specification defines error types for known failure scenarios including `out_of_stock`, `item_not_found`, `invalid_address`, and `payment_failed`. Merchants must return these standard codes — not custom error messages — for the agent to correctly surface the failure reason to the buyer.

Q: Do I need a separate ACP feed for each marketplace or AI surface? A: No. An ACP-compliant JSON-LD feed can be submitted to multiple surfaces. FeedBridge generates a single ACP feed per brand that can be hosted and referenced across all compatible surfaces.

Q: What happens during the manual review order status? A: If a merchant sets an order to `manual_review` status via the order webhook, the agent will display an appropriate message to the buyer indicating the order is under review. The merchant is expected to transition the order from `manual_review` to either `confirmed` or `canceled` within a reasonable timeframe and emit the corresponding webhook event.

---

Related Topics

Parent hub: ACP Implementation

Related concepts:

• What Is ACP?
• How ACP Works for Merchants
• ACP Product Feed Requirements
• ACP Checkout API Overview

• What Is ACP?

• AI Enrichment Scoring Explained
• Protocol Compliance Scoring Explained

Breadcrumb:

---

Source Documentation

| Claim | Source | Source Class | Reference | |---|---|---|---| | ACP five checkout session endpoints, request headers, conformance requirements | OpenAI ACP Checkout Spec | T1 – Official ACP Docs | https://developers.openai.com/commerce/specs/checkout/ | | ACP trust signals: accepts_returns, return_deadline_days, is_digital | FeedBridge Platform Capabilities April 2026 v2.0 | T1 – FeedBridge Internal | FeedBridge-Platform-Capabilities-April2026.md | | variant_dict, q_and_a, reviews, sale price fields | FeedBridge Platform Capabilities April 2026 v2.0 | T1 – FeedBridge Internal | FeedBridge-Platform-Capabilities-April2026.md | | AI Readiness Score dimensions and weights | FeedBridge Platform Capabilities April 2026 v2.0 | T1 – FeedBridge Internal | FeedBridge-Platform-Capabilities-April2026.md | | Order status lifecycle values | OpenAI ACP Checkout Spec | T1 – Official ACP Docs | https://developers.openai.com/commerce/specs/checkout/ |