Field Report
DialtoneApp | April 21, 2026
AI bot buying report: what agents can actually buy in 2026
Bot commerce is not one market. It is two markets wearing the same jacket. One side looks like retail stores teaching bots to read catalogs. The other looks like APIs teaching bots to pay for single HTTP actions.
That split matters. A shopping bot with a card and a budget can often get very far in a retail flow, but it still runs into checkout authority, fraud controls, shipping, and human consent. A wallet funded agent calling an x402 API can often finish the purchase in the protocol itself, but the goods are usually data, model calls, scraping, email, RPC, or agent skills.
This article is based on a local corpus of discovery examples, not a crawl of the whole internet. That limit is important. It is still enough to see the shape of the market: product discovery is becoming normal, autonomous settlement is ahead in API land, and credit card retail is close but still tangled in human checkout assumptions.
The corpus says the quiet part out loud
The internet is already publishing a lot of machine readable buying surface area, but it is uneven. Some files describe a product catalog. Some files describe a priced API. Some files describe an agent, a registry, or a marketplace. Some files only look useful until you inspect the payload and find an error wrapper or placeholder.
| Surface | Count |
|---|---|
| Total discovery files | 305 |
| Site directories with discovery files | 148 |
well-known-ucp.json | 79 |
products.json | 77 |
| Non empty product catalogs | 68 |
| Product records in valid catalogs | 1,962 |
| Variant price records in valid catalogs | 9,410 |
| API like files | 93 across 59 sites |
| Agent like files | 43 across 28 sites |
Total discovery files
305
Site directories with discovery files
148
well-known-ucp.json79
products.json77
Non empty product catalogs
68
Product records in valid catalogs
1,962
Variant price records in valid catalogs
9,410
API like files
93 across 59 sites
Agent like files
43 across 28 sites
The most useful retail signal is the UCP shopping pattern. It usually shows up beside a Shopify style products.json feed, which gives a bot product titles, vendors, types, tags, variants, prices, availability, and images.
UCP capabilities in the sample
| Capability | Count |
|---|---|
dev.ucp.shopping.checkout | 77 |
dev.ucp.shopping.fulfillment | 77 |
dev.ucp.shopping.catalog.search | 75 |
dev.ucp.shopping.catalog.lookup | 75 |
dev.ucp.shopping.discount | 73 |
dev.ucp.shopping.order | 73 |
dev.ucp.shopping.cart | 72 |
dev.ucp.shopping.checkout77
dev.ucp.shopping.fulfillment77
dev.ucp.shopping.catalog.search75
dev.ucp.shopping.catalog.lookup75
dev.ucp.shopping.discount73
dev.ucp.shopping.order73
dev.ucp.shopping.cart72
Payment handlers in the sample
| Handler | Count |
|---|---|
com.google.pay | 74 |
dev.shopify.card | 72 |
com.forter.tokenizer | 1 |
com.google.pay74
dev.shopify.card72
com.forter.tokenizer1
Seven products.json files were not usable as normal catalogs. They were error wrappers, unrelated payloads, or site specific response objects instead of aproducts list. Two product lists were empty. That is useful too, because a serious buyer bot has to treat discovery files as evidence, not truth.
bot_purchase_readiness =
discoverable_offer
+ explicit_price
+ callable_action
+ payment_authority
+ policy_boundary
subtract checkout_ambiguityRetail has the catalogs
The largest visible category is ordinary stores exposing bot readable catalogs and UCP shopping files. This is the world where an agent can browse variants, compare prices, prepare a cart, and sometimes initiate checkout.
| Category | Example sites | What they sell |
|---|---|---|
| Fashion, footwear, jewelry, bags | www.aloyoga.com, gymshark.com, www.reebok.com, www.campusshoes.com, redtape.com, giva.co, palmonas.com, mzwallace.com, www.davidsbridal.com, saya.pk, nishatlinen.com, libas.in | Apparel, shoes, bridal items, jewelry, bags, ethnicwear |
| Smart home, security, IoT, energy | august.com, lockly.com, wyze.com, www.aosulife.com, kunasystems.com, shelly.cloud, www.brilliant.tech, www.ezlo.com, sensibo.com, ecoflow.com, avm.de | Smart locks, cameras, routers, sensors, HVAC controls, power stations |
| Electronics, music, computing, media devices | boat-lifestyle.com, jbhifi.com.au, nzxt.com, fender.com, www.gibson.com, www.uaudio.com, nixplay.com, vaku.in, yotoplay.com | Audio gear, instruments, plug ins, PCs, earbuds, photo frames, kids audio cards |
| Home, decor, kitchen, food, general goods | brooklinen.com, parachutehome.com, daisonet.com, deodap.in, society6.com, www.pepstores.com, www.mccormick.com | Bedding, towels, kitchen goods, wall art, spices, home basics |
| Beauty, personal care, nutrition | discoverpilgrim.com, glossier.com, innovist.com, www.gharsoaps.shop, bodybuilding.com, morenutrition.de | Makeup, skincare, haircare, soaps, supplements, nutrition |
| Digital products and store software | myfonts.com, www.vwthemes.com, shrinetheme.com, www.hulkapps.com | Fonts, Figma templates, Shopify themes, Shopify apps |
| Books and publishing | www.versobooks.com, harpercollins.com, worldofbooks.com | Books, audiobooks, publishing catalog items |
| Travel, outdoor, sport | awaytravel.com, www.decathlon.com | Luggage, bags, tents, bikes, outdoor gear |
Fashion, footwear, jewelry, bags
Example sites
What they sell
Apparel, shoes, bridal items, jewelry, bags, ethnicwear
Smart home, security, IoT, energy
Example sites
What they sell
Smart locks, cameras, routers, sensors, HVAC controls, power stations
Electronics, music, computing, media devices
Example sites
What they sell
Audio gear, instruments, plug ins, PCs, earbuds, photo frames, kids audio cards
Home, decor, kitchen, food, general goods
Example sites
What they sell
Bedding, towels, kitchen goods, wall art, spices, home basics
Beauty, personal care, nutrition
Example sites
What they sell
Makeup, skincare, haircare, soaps, supplements, nutrition
Digital products and store software
Example sites
What they sell
Fonts, Figma templates, Shopify themes, Shopify apps
Books and publishing
Example sites
What they sell
Books, audiobooks, publishing catalog items
Travel, outdoor, sport
Example sites
What they sell
Luggage, bags, tents, bikes, outdoor gear
Many retail feeds looked sampled. A lot of sites exposed exactly 30 products. That is a discovery entry point, not necessarily complete inventory. The correct bot behavior is to treat the feed as a start, then use the advertised lookup, search, cart, checkout, order, fulfillment, and discount capabilities to move toward a live transaction.
APIs have cleaner prices
The most automation ready category is not physical retail. It is paid API work. These services frequently publish OpenAPI specs with fixed endpoint prices, request schemas, response schemas, and payment requirements. A bot can often know the price before it calls the endpoint.
| Service | What it sells | Pricing signal |
|---|---|---|
anybrowse.dev | Browser backed scraping, Google result crawling, SERP JSON, screenshots, MCP access | Prices such as $0.002, $0.003, and $0.005 USDC per request |
stableemail.dev | Email sends, inboxes, custom subdomains, message reads, top ups | $0.02 to send email, $1 for an inbox, $5 for a subdomain, $0.001 to read messages |
api.zeroreader.com, blockrun.ai, openrouter.ai, x402engine.app | AI model access or AI tool calls | Priced API work instead of a retail cart |
x402stt.dtelecom.org | Speech to text through an x402 proxy | A narrow paid capability with a clean HTTP shape |
publish.new, pull.md | Digital artifact publishing, purchase, and downloads | The file is the product |
well-knowns.resolved.sh | Datasets and queryable indexes of well known endpoints | A very bot shaped data market |
What it sells
Browser backed scraping, Google result crawling, SERP JSON, screenshots, MCP access
Pricing signal
Prices such as
$0.002, $0.003, and $0.005 USDC per requestWhat it sells
Email sends, inboxes, custom subdomains, message reads, top ups
Pricing signal
$0.02 to send email, $1 for an inbox, $5 for a subdomain, $0.001 to read messagesWhat it sells
AI model access or AI tool calls
Pricing signal
Priced API work instead of a retail cart
What it sells
Speech to text through an x402 proxy
Pricing signal
A narrow paid capability with a clean HTTP shape
What it sells
Digital artifact publishing, purchase, and downloads
Pricing signal
The file is the product
What it sells
Datasets and queryable indexes of well known endpoints
Pricing signal
A very bot shaped data market
Crypto, chain, and financial data services are even more aligned with bot buying. The customer is already software. The buyer often has a wallet. The product is often one result, one request, one dataset, one signed fact, or one RPC call.
| Service | Bot commerce shape |
|---|---|
x402.quicknode.com | Pay per request blockchain RPC access with SIWX auth, credits, network discovery, and JSON RPC calls |
api.nansen.ai | Smart money and market analytics |
emc2ai.io | AgentEinstein crypto intelligence skills including whale tracking, market movers, security scanning, and DeFi operations |
api.myceliasignal.com | Signed financial data and oracles across crypto, FX, commodities, and macro data |
x402.aibtc.com | Inference and blockchain utilities using x402 v2 on Stacks |
x402scan.com | Indexed x402 payment data, merchants, transfers, and stats |
Pay per request blockchain RPC access with SIWX auth, credits, network discovery, and JSON RPC calls
Smart money and market analytics
AgentEinstein crypto intelligence skills including whale tracking, market movers, security scanning, and DeFi operations
Signed financial data and oracles across crypto, FX, commodities, and macro data
Inference and blockchain utilities using x402 v2 on Stacks
Indexed x402 payment data, merchants, transfers, and stats
The registry and routing layer is the third API shaped cluster. These products are not always selling the final good. They sell discovery, trust, routing, registration, and coordination for other agents or paid APIs.
| Service | What it coordinates |
|---|---|
a2alist.ai | Directory of A2A and x402 implementations, registration, and discovery |
agentndx.ai | Registry for MCP servers, A2A agents, and x402 services |
agoragentic.com | Agent OS and marketplace router with registration, routing, execution, and commerce surfaces |
payanagent.com | Marketplace for agents and SaaS services to discover, hire, and pay each other using x402 |
relai.fi | Marketplace and management layer for x402 protected APIs, service keys, pricing, and analytics |
asterpay.io | Trust scoring, merchant payment endpoint discovery, and settlement |
scoutscore.ai | Trust verification for x402 services |
api.actiongate.xyz | x402 plus Stripe billing proxy for APIs and MCP servers |
Directory of A2A and x402 implementations, registration, and discovery
Registry for MCP servers, A2A agents, and x402 services
Agent OS and marketplace router with registration, routing, execution, and commerce surfaces
Marketplace for agents and SaaS services to discover, hire, and pay each other using x402
Marketplace and management layer for x402 protected APIs, service keys, pricing, and analytics
Trust scoring, merchant payment endpoint discovery, and settlement
Trust verification for x402 services
x402 plus Stripe billing proxy for APIs and MCP servers
Hybrid SaaS is messier. These files often name plans and prices, but the live flow still depends on browser checkout, account creation, recurring consent, or a billing provider that is not fully active yet.
| Site | Hybrid signal |
|---|---|
dialtoneapp.com | A commerce manifest for a $9.00/month membership, offer lookup, and a ready purchase intent endpoint with browser checkout fallback. |
www.inerrata.ai | Plan tiers from free to enterprise, card metadata, x402 support for API endpoints, auth and delegation details, and a pre launch billing state |
www.hulkapps.com | Shopify app product catalog with prices |
shrinetheme.com | Shopify theme and support products |
A commerce manifest for a
$9.00/month membership, offer lookup, and a ready purchase intent endpoint with browser checkout fallback.Plan tiers from free to enterprise, card metadata, x402 support for API endpoints, auth and delegation details, and a pre launch billing state
Shopify app product catalog with prices
Shopify theme and support products
What a bot can buy with a credit card and a budget
The strongest credit card pattern in this sample is UCP shopping plus a payment handler. The bot reads well-known-ucp.json, confirms shopping capabilities, loads product data, filters variants, builds a cart under budget, adds fulfillment details, and then tries a handler such as com.google.pay ordev.shopify.card.
retail_card_flow:
read: well-known-ucp.json
confirm: catalog, cart, checkout, fulfillment, order
load: products.json
filter: price, availability, variant, shipping_required
enforce: caller_budget
pay_with: com.google.pay | dev.shopify.card
fallback: human_approval | browser_checkout | issuer_challenge| Site | Catalog strength | Payment signal | Bot can probably do |
|---|---|---|---|
www.aloyoga.com | Apparel feed with variants and prices | UCP shopping, Google Pay, Shopify card | Search apparel, choose represented size or color, build cart, start checkout |
wyze.com / wyzecam.com | Camera and smart home catalog with prices and availability | UCP shopping, Google Pay, Shopify card | Buy cameras and accessories subject to account and payment checks |
parachutehome.com | Bedding and towel catalog with bundles, prices, images | UCP shopping, Google Pay, Shopify card | Buy home goods and bundles under budget |
brooklinen.com | Bedding, towels, home catalog | UCP shopping, Google Pay, Shopify card | Buy bedding, towels, robes, accessories |
myfonts.com | Digital font packages and bundles | UCP shopping, Google Pay, Shopify card | Buy digital font packages with less shipping friction |
www.uaudio.com | Audio plug ins, bundles, interfaces | UCP shopping, Google Pay, Shopify card | Buy digital plug ins or hardware depending on fulfillment |
fender.com / www.gibson.com | Guitars, basses, pedals, accessories | UCP shopping, Google Pay, Shopify card | Build cart, but high value items should get review |
www.decathlon.com | Outdoor and sports products | UCP shopping, Google Pay, Shopify card | Buy gear under budget, subject to availability and shipping |
Catalog strength
Apparel feed with variants and prices
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Search apparel, choose represented size or color, build cart, start checkout
Catalog strength
Camera and smart home catalog with prices and availability
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy cameras and accessories subject to account and payment checks
Catalog strength
Bedding and towel catalog with bundles, prices, images
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy home goods and bundles under budget
Catalog strength
Bedding, towels, home catalog
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy bedding, towels, robes, accessories
Catalog strength
Digital font packages and bundles
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy digital font packages with less shipping friction
Catalog strength
Audio plug ins, bundles, interfaces
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy digital plug ins or hardware depending on fulfillment
Catalog strength
Guitars, basses, pedals, accessories
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Build cart, but high value items should get review
Catalog strength
Outdoor and sports products
Payment signal
UCP shopping, Google Pay, Shopify card
Bot can probably do
Buy gear under budget, subject to availability and shipping
Budget enforcement is not standardized in retail. A bot can enforce the user budget locally by reading variant prices and refusing to choose products above the cap. That is useful, but it is not the same as a merchant level guarantee. API and x402 services usually have stronger budget semantics because endpoint prices are visible in the contract.
The working modes are therefore practical but limited. Assistant mode prepares the cart and asks the human. Delegated buying mode uses a stored tokenized card and spend cap until risk controls fire. Browser fallback opens Stripe Checkout or a merchant checkout page so the human can finish.
What a bot can buy without a credit card
The cleanest autonomous purchase loop in the sample is wallet funded API commerce. The server can return 402 Payment Required, the client attaches payment proof, and the same HTTP flow returns the product.
GET /v1/screenshot?url=https://example.com
response 402 Payment Required
price: 0.005 USDC
network: base
GET /v1/screenshot?url=https://example.com
X-PAYMENT: signed_payment_proof
response 200 application/json| Site | What the bot can buy | Payment model | Human approval likely |
|---|---|---|---|
stableemail.dev | Send email, buy inbox, buy subdomain, read messages | x402 or MPP, USDC on Base, Solana, Tempo | Usually no, if wallet and policy are approved |
anybrowse.dev | Scrape, crawl, search, screenshot, MCP tool call | x402, USDC on Base | Usually no, if budget allows |
renderself.com | Physical apparel for humans | x402, USDC on Base or Solana | Maybe, for shipping address, size, and physical delivery consent |
x402.quicknode.com | Blockchain RPC access | x402 and stablecoin credits | Usually no for low risk API calls |
emc2ai.io | Crypto intelligence agent skills | x402, USDC, BTC Lightning, Stripe mentioned | Depends on skill risk and spend cap |
publish.new | Artifact content downloads | x402 micropayments | Usually no for low cost digital goods |
well-knowns.resolved.sh | Queryable well known endpoint datasets | x402 micropayments | Usually no for low cost datasets |
x402.robtex.com | DNS, IP, Lightning, network intelligence | x402 | Usually no |
api.myceliasignal.com | Signed financial data and oracle outputs | Lightning or x402 style payment | Depends on financial policy |
What the bot can buy
Send email, buy inbox, buy subdomain, read messages
Payment model
x402 or MPP, USDC on Base, Solana, Tempo
Human approval likely
Usually no, if wallet and policy are approved
What the bot can buy
Scrape, crawl, search, screenshot, MCP tool call
Payment model
x402, USDC on Base
Human approval likely
Usually no, if budget allows
What the bot can buy
Physical apparel for humans
Payment model
x402, USDC on Base or Solana
Human approval likely
Maybe, for shipping address, size, and physical delivery consent
What the bot can buy
Blockchain RPC access
Payment model
x402 and stablecoin credits
Human approval likely
Usually no for low risk API calls
What the bot can buy
Crypto intelligence agent skills
Payment model
x402, USDC, BTC Lightning, Stripe mentioned
Human approval likely
Depends on skill risk and spend cap
What the bot can buy
Artifact content downloads
Payment model
x402 micropayments
Human approval likely
Usually no for low cost digital goods
What the bot can buy
Queryable well known endpoint datasets
Payment model
x402 micropayments
Human approval likely
Usually no for low cost datasets
What the bot can buy
DNS, IP, Lightning, network intelligence
Payment model
x402
Human approval likely
Usually no
What the bot can buy
Signed financial data and oracle outputs
Payment model
Lightning or x402 style payment
Human approval likely
Depends on financial policy
This is why the API side feels farther along. A bot buying a $0.005screenshot or a $0.02 email send is not the same as a bot buying a guitar, a smart lock, a subscription, or a PC. The lower the physical, legal, and financial consequence, the easier it is to authorize in advance.
The best files are honest about status, price, and authority
The best examples are not necessarily the flashiest. They are the ones that tell a bot what is live, what costs money, what payment rail is expected, what auth is needed, and where the flow still falls back to a human.
| Rank | Site | Why it ranks highly | What a bot can buy or do | Caveat |
|---|---|---|---|---|
| 1 | stableemail.dev | Excellent OpenAPI, endpoint prices, x402 and MPP payment info, SIWX flows, refunds, and operational constraints | Send email, buy inboxes, buy subdomains, top up, read messages | Wallet native and email has reputation risk |
| 2 | renderself.com | Strong agent only physical commerce with listings, agent registration, spending limits, order creation, x402 requirements, and order status | Buy physical apparel through an agent flow | Wallet payment plus shipping and size consent |
| 3 | dialtoneapp.com | Transparent hybrid SaaS example with commerce manifest, UCP style commerce, OpenAPI, offer lookup, legal links, and machine payment roadmap | Discover and initiate a $9/month membership flow | Live state is human Stripe checkout fallback |
| 4 | www.inerrata.ai | Broad discovery surface with commerce, UCP, OpenAPI, agent card, plan tiers, card metadata, x402 support, and docs links | Discover plans and interact with knowledge base APIs | pre_launch and billing provider pending_activation |
| 5 | anybrowse.dev | Clean paid OpenAPI with per endpoint prices and 402 responses | Scrape pages, crawl and search, return SERP JSON, screenshots, MCP tool service | Wallet native and scraping needs governance |
| 6 | x402.quicknode.com | Clear machine payable blockchain RPC access with auth, credits, drip, networks, discovery, and usage | Buy RPC access across many networks | Requires SIWX and stablecoin flow |
| 7 | emc2ai.io | Agent and OpenAPI pairing with skill descriptions, examples, tags, and per request pricing | Buy crypto analysis, whale tracking, smart money analysis, market data, security scans | Outputs and risk boundaries need verification |
| 8 | x402.aibtc.com | Clear x402 v2 service description, supported tokens, tiers, and useful endpoints | Buy LLM inference, blockchain utilities, hashing, KV storage | Chain specific payment model |
| 9 | well-knowns.resolved.sh | Strong data marketplace pattern with schemas, query endpoints, downloads, and daily deltas | Buy or query datasets of well known endpoints, agent cards, MCP servers, OIDC providers | Narrow audience, very clear for agents |
| 10 | publish.new | Simple artifact marketplace contract with list, upload, metadata, price, purchase, and content download endpoints | Publish and buy digital artifacts | Needs policy for rights and content handling |
| 11 | agoragentic.com | Broad router and marketplace API with registration, execution, commerce, agent cards, and OpenAPI surfaces | Register agents, route tasks, invoke services, expose commerce | Trust scoring and buyer policy matter |
| 12 | a2alist.ai | Public directory for protocol implementations with search, detail, registration, A2A endpoint, and API keys | Discover and register A2A and x402 services | More discovery than direct buying |
| 13 | api.myceliasignal.com | Signed financial data with clear oracle use cases | Buy price, FX, macro, commodity, and DLC oracle data | Specialized financial buyer |
| 14 | x402.robtex.com | Network intelligence API with clear premium endpoints | Buy DNS, IP, Lightning, and reputation data | Specialized network intelligence |
| 15 | agentndx.ai | Registry for agentic infrastructure | Discover MCP servers, A2A agents, and x402 services | Infrastructure discovery |
| 16 | payanagent.com | Agent marketplace positioning is clear | Discover and invoke agent and SaaS services | Marketplace trust remains the hard part |
| 17 | relai.fi | Management API for x402 protected APIs | Register APIs, manage keys, pricing, analytics | Seller infrastructure more than buyer storefront |
| 18 | scoutscore.ai | Trust verification is directly relevant to autonomous purchasing | Check trust scores before paying x402 services | Depends on score adoption |
Why it ranks highly
Excellent OpenAPI, endpoint prices, x402 and MPP payment info, SIWX flows, refunds, and operational constraints
What a bot can buy or do
Send email, buy inboxes, buy subdomains, top up, read messages
Caveat
Wallet native and email has reputation risk
Why it ranks highly
Strong agent only physical commerce with listings, agent registration, spending limits, order creation, x402 requirements, and order status
What a bot can buy or do
Buy physical apparel through an agent flow
Caveat
Wallet payment plus shipping and size consent
Why it ranks highly
Transparent hybrid SaaS example with commerce manifest, UCP style commerce, OpenAPI, offer lookup, legal links, and machine payment roadmap
What a bot can buy or do
Discover and initiate a
$9/month membership flowCaveat
Live state is human Stripe checkout fallback
Why it ranks highly
Broad discovery surface with commerce, UCP, OpenAPI, agent card, plan tiers, card metadata, x402 support, and docs links
What a bot can buy or do
Discover plans and interact with knowledge base APIs
Caveat
pre_launch and billing provider pending_activationWhy it ranks highly
Clean paid OpenAPI with per endpoint prices and 402 responses
What a bot can buy or do
Scrape pages, crawl and search, return SERP JSON, screenshots, MCP tool service
Caveat
Wallet native and scraping needs governance
Why it ranks highly
Clear machine payable blockchain RPC access with auth, credits, drip, networks, discovery, and usage
What a bot can buy or do
Buy RPC access across many networks
Caveat
Requires SIWX and stablecoin flow
Why it ranks highly
Agent and OpenAPI pairing with skill descriptions, examples, tags, and per request pricing
What a bot can buy or do
Buy crypto analysis, whale tracking, smart money analysis, market data, security scans
Caveat
Outputs and risk boundaries need verification
Why it ranks highly
Clear x402 v2 service description, supported tokens, tiers, and useful endpoints
What a bot can buy or do
Buy LLM inference, blockchain utilities, hashing, KV storage
Caveat
Chain specific payment model
Why it ranks highly
Strong data marketplace pattern with schemas, query endpoints, downloads, and daily deltas
What a bot can buy or do
Buy or query datasets of well known endpoints, agent cards, MCP servers, OIDC providers
Caveat
Narrow audience, very clear for agents
Why it ranks highly
Simple artifact marketplace contract with list, upload, metadata, price, purchase, and content download endpoints
What a bot can buy or do
Publish and buy digital artifacts
Caveat
Needs policy for rights and content handling
Why it ranks highly
Broad router and marketplace API with registration, execution, commerce, agent cards, and OpenAPI surfaces
What a bot can buy or do
Register agents, route tasks, invoke services, expose commerce
Caveat
Trust scoring and buyer policy matter
Why it ranks highly
Public directory for protocol implementations with search, detail, registration, A2A endpoint, and API keys
What a bot can buy or do
Discover and register A2A and x402 services
Caveat
More discovery than direct buying
Why it ranks highly
Signed financial data with clear oracle use cases
What a bot can buy or do
Buy price, FX, macro, commodity, and DLC oracle data
Caveat
Specialized financial buyer
Why it ranks highly
Network intelligence API with clear premium endpoints
What a bot can buy or do
Buy DNS, IP, Lightning, and reputation data
Caveat
Specialized network intelligence
Why it ranks highly
Registry for agentic infrastructure
What a bot can buy or do
Discover MCP servers, A2A agents, and x402 services
Caveat
Infrastructure discovery
Why it ranks highly
Agent marketplace positioning is clear
What a bot can buy or do
Discover and invoke agent and SaaS services
Caveat
Marketplace trust remains the hard part
17
Why it ranks highly
Management API for x402 protected APIs
What a bot can buy or do
Register APIs, manage keys, pricing, analytics
Caveat
Seller infrastructure more than buyer storefront
Why it ranks highly
Trust verification is directly relevant to autonomous purchasing
What a bot can buy or do
Check trust scores before paying x402 services
Caveat
Depends on score adoption
Best retail UCP files
Retail is harder to rank because many stores share the same structure. The strongest examples combine a usable product feed with complete shopping capabilities and payment handler metadata.
| Rank | Site | Why it is strong | Bot buying note |
|---|---|---|---|
| 1 | www.aloyoga.com | Clean UCP 2026-04-08 structure, search, checkout, cart, order, fulfillment, Google Pay, Shopify card, usable apparel data | Good for delegated apparel shopping if size, color, and budget are approved |
| 2 | wyze.com / wyzecam.com | Smart home catalog plus UCP shopping and payment capabilities | Good for accessories and cameras, but home security devices deserve explicit approval |
| 3 | myfonts.com | Digital catalog with font packages and bundles plus UCP checkout | Less shipping friction than physical goods |
| 4 | www.uaudio.com | Digital plug ins and bundles plus interfaces | Digital plug ins are lower friction, hardware needs shipping consent |
| 5 | parachutehome.com | Home goods catalog with bundles, prices, images, UCP checkout | Good for comparing towel and bedding bundles under budget |
| 6 | brooklinen.com | Bedding, towels, robes, accessories with UCP checkout | Good for repeat household purchasing after preferences are known |
| 7 | fender.com | Rich catalog and UCP shopping support | High value instruments should require approval |
| 8 | www.gibson.com | Similar to Fender with high value instruments and gear | Strong discovery, high purchase risk |
| 9 | www.decathlon.com | Broad sports and outdoor catalog with UCP checkout | Good for low cost gear, high value bikes require approval |
| 10 | awaytravel.com | Clear luggage, bags, bundles, accessories | Good for preference based luggage purchases with confirmation on high ticket items |
| 11 | giva.co / palmonas.com | Jewelry catalogs with prices and product types | Subjective and should usually ask for approval |
| 12 | www.vwthemes.com / shrinetheme.com | Digital themes and templates | Good for budget capped digital purchases if license terms are acceptable |
Why it is strong
Clean UCP 2026-04-08 structure, search, checkout, cart, order, fulfillment, Google Pay, Shopify card, usable apparel data
Bot buying note
Good for delegated apparel shopping if size, color, and budget are approved
Why it is strong
Smart home catalog plus UCP shopping and payment capabilities
Bot buying note
Good for accessories and cameras, but home security devices deserve explicit approval
Why it is strong
Digital catalog with font packages and bundles plus UCP checkout
Bot buying note
Less shipping friction than physical goods
Why it is strong
Digital plug ins and bundles plus interfaces
Bot buying note
Digital plug ins are lower friction, hardware needs shipping consent
Why it is strong
Home goods catalog with bundles, prices, images, UCP checkout
Bot buying note
Good for comparing towel and bedding bundles under budget
Why it is strong
Bedding, towels, robes, accessories with UCP checkout
Bot buying note
Good for repeat household purchasing after preferences are known
Why it is strong
Rich catalog and UCP shopping support
Bot buying note
High value instruments should require approval
Why it is strong
Similar to Fender with high value instruments and gear
Bot buying note
Strong discovery, high purchase risk
Why it is strong
Broad sports and outdoor catalog with UCP checkout
Bot buying note
Good for low cost gear, high value bikes require approval
Why it is strong
Clear luggage, bags, bundles, accessories
Bot buying note
Good for preference based luggage purchases with confirmation on high ticket items
11
Why it is strong
Jewelry catalogs with prices and product types
Bot buying note
Subjective and should usually ask for approval
Why it is strong
Digital themes and templates
Bot buying note
Good for budget capped digital purchases if license terms are acceptable
Weak or incomplete patterns
A discovery file can still be valuable even when it is incomplete. But a buyer bot should score these lower until live products, prices, purchase examples, or callable endpoints are visible.
| Pattern | Examples |
|---|---|
| Empty product catalogs | ethnc.com, linksys.com |
| Product files that were not normal catalogs | blurams.com, shields.io, umu.se, vevor.com, www.schadeautos.nl, zhipin.com, zr.ru |
| API docs that looked like 404 or placeholder payloads | Several Dolby and Umea University named files |
| UCP only with no local product catalog | fashionnova.com, nightcafe.studio, swann.com, teltonika.lt, vevo.com, wiki.gg, www.forter.com |
Empty product catalogs
Product files that were not normal catalogs
API docs that looked like 404 or placeholder payloads
Several Dolby and Umea University named files
UCP only with no local product catalog
The human is still in the loop, just in a better place
The naive version of bot commerce says an agent asks for permission every time. The better version says a human approves policy once, then the bot operates inside that policy until it hits a boundary.
policy:
web_scraping_budget: "$10/day"
digital_artifacts: "$2 each"
physical_goods: "ask first"
email_sending: "allowlist only"
recurring_billing: "human approval required"
trading_or_defi: "blocked unless separately mandated"| Human checkpoint | What still needs policy or approval |
|---|---|
| Payment authority | Attach card, wallet, Google Pay, or billing account. Set spend limits and allowed categories. Decide whether recurring charges and wallet payments can run automatically. |
| Card issuer and fraud review | 3DS or SCA, issuer approval, CVV refresh, fraud review, account login, CAPTCHA, bot mitigation, and billing address checks can still interrupt checkout. |
| Physical fulfillment | Shipping address, recipient data, delivery method, substitutions, returns, customs, age restrictions, and high value purchases need policy or approval. |
| Subscriptions and account creation | Recurring billing, terms acceptance, account identity, email verification, team seats, cancellation, and refund policy still need human consent or prior mandate. |
| Consequential API actions | Email sends, artifact publication, domains, code execution, trading, DeFi, and writes to shared systems need policy before automation. |
Payment authority
Attach card, wallet, Google Pay, or billing account. Set spend limits and allowed categories. Decide whether recurring charges and wallet payments can run automatically.
Card issuer and fraud review
3DS or SCA, issuer approval, CVV refresh, fraud review, account login, CAPTCHA, bot mitigation, and billing address checks can still interrupt checkout.
Physical fulfillment
Shipping address, recipient data, delivery method, substitutions, returns, customs, age restrictions, and high value purchases need policy or approval.
Subscriptions and account creation
Recurring billing, terms acceptance, account identity, email verification, team seats, cancellation, and refund policy still need human consent or prior mandate.
Consequential API actions
Email sends, artifact publication, domains, code execution, trading, DeFi, and writes to shared systems need policy before automation.
This is the right place for systems like mandates, scoped payment tokens, wallet spend limits, merchant allowlists, category rules, and audit logs. The goal is not to remove humans from authority. The goal is to stop making them approve every harmless low cost request while still forcing approval for physical, recurring, expensive, or consequential actions.
A practical buying matrix
| Buyer goal | Best current pattern | Credit card | Wallet or x402 | Human approval |
|---|---|---|---|---|
| Buy normal retail goods | UCP plus products.json plus payment handlers | Yes, if tokenized payment exists | Usually no | Often yes for final payment or shipping |
| Buy digital retail goods | UCP plus products.json, low shipping complexity | Yes | Sometimes | Less often, but licenses still matter |
| Subscribe to SaaS | Commerce manifest plus OpenAPI plus Stripe or card checkout | Yes, often through browser checkout | Sometimes | Usually yes because recurring billing |
| Call an AI model | OpenAPI plus x402 or MPP price metadata | Usually indirectly | Yes | Usually no if spend policy exists |
| Scrape, crawl, search web | OpenAPI plus x402 prices | Usually no | Yes | Policy approval recommended |
| Send email | OpenAPI plus x402 prices plus ownership and auth rules | Usually no | Yes | Policy approval strongly recommended |
| Buy blockchain, RPC, data | OpenAPI plus x402 or SIWX | Usually no | Yes | Depends on risk and spend |
| Buy physical goods through agent API | Product and order flow plus x402 | Usually no | Yes | Yes unless preapproved |
| Register or invoke agents | Agent card plus OpenAPI plus registry API | Usually no | Often | Depends on trust score and spend |
Buy normal retail goods
Best current pattern
UCP plus
products.json plus payment handlersCredit card
Yes, if tokenized payment exists
Wallet or x402
Usually no
Human approval
Often yes for final payment or shipping
Buy digital retail goods
Best current pattern
UCP plus
products.json, low shipping complexityCredit card
Yes
Wallet or x402
Sometimes
Human approval
Less often, but licenses still matter
Subscribe to SaaS
Best current pattern
Commerce manifest plus OpenAPI plus Stripe or card checkout
Credit card
Yes, often through browser checkout
Wallet or x402
Sometimes
Human approval
Usually yes because recurring billing
Call an AI model
Best current pattern
OpenAPI plus
x402 or MPP price metadataCredit card
Usually indirectly
Wallet or x402
Yes
Human approval
Usually no if spend policy exists
Scrape, crawl, search web
Best current pattern
OpenAPI plus
x402 pricesCredit card
Usually no
Wallet or x402
Yes
Human approval
Policy approval recommended
Send email
Best current pattern
OpenAPI plus
x402 prices plus ownership and auth rulesCredit card
Usually no
Wallet or x402
Yes
Human approval
Policy approval strongly recommended
Buy blockchain, RPC, data
Best current pattern
OpenAPI plus
x402 or SIWXCredit card
Usually no
Wallet or x402
Yes
Human approval
Depends on risk and spend
Buy physical goods through agent API
Best current pattern
Product and order flow plus
x402Credit card
Usually no
Wallet or x402
Yes
Human approval
Yes unless preapproved
Register or invoke agents
Best current pattern
Agent card plus OpenAPI plus registry API
Credit card
Usually no
Wallet or x402
Often
Human approval
Depends on trust score and spend
What a good buying bot should do before paying
- Discover the site surface: UCP, OpenAPI, agent cards, commerce manifests, product feeds.
- Classify the purchase: physical retail, digital retail, SaaS, API call, recurring use, agent invocation, data download, email, financial operation.
- Extract price and currency from variants, endpoint metadata, or plan data.
- Check budget and policy: single item cap, daily cap, merchants, categories, physical goods rule, recurring rule, email and code rules.
- Validate availability and terms: stock, shipping, taxes, fees, refunds, licenses, cancellation.
- Choose payment path: tokenized card, Google Pay, Shopify card, Stripe Checkout, x402, MPP, OAuth, bearer token, or SIWX.
- Ask for human approval when policy requires it.
- Record the transaction with source file, item or endpoint, price, payment method, approval token, order ID, or receipt.
Where this lands
The current state is not that bots can buy anything. It is more specific and more interesting. Bots can increasingly read what is for sale. They can price low cost digital actions. They can buy many API services autonomously if they have a wallet and a budget. They can prepare many retail purchases if they have card compatible payment handlers. They still hit human checkpoints for card authorization, fraud review, shipping, subscriptions, high value purchases, and risky actions.
The near term winning pattern is mixed: UCP for catalog, cart, checkout, fulfillment, discount, and order semantics; tokenized card or wallet handlers with explicit spend caps; OpenAPI for paid actions and SaaS account flows; agent cards for discovery and routing; human approval policies for anything recurring, physical, expensive, or consequential.