Your AI Agent Can Buy Without Seeing Your Card

When your agent checks out on your behalf, the worst version is it handling your raw card number. Stripe's Shared Payment Token system fixes this. The flow: user authorizes on your platform. Stripe issues an SPT — scoped to one merchant, one amount ceiling, expiring in five minutes: stripe.shared_payment_tokens.create — merchant acme corp, amount ceiling 49.99, expires in 300 seconds. Your agent passes the token to the merchant. Stripe validates scope and amount server-side. If the agent tries to charge more, or tries a different merchant, it's rejected at the API layer. No raw card numbers in your agent's context. No credential leaks. No runaway spend. SPTs expanded at Sessions 2026 to cover Mastercard Agent Pay, Visa Intelligent Commerce, Affirm, and Klarna — all through a single primitive. Link in bio.