Shop Pay client_id request — kaimo (UK-based shopping agent)

[kilian1103]

Hi UCP team,

Requesting access to register kaimo as a UCP-compatible agent with Shop Pay delegated payment support (dev.shopify.shop_pay).

About kaimo:

kaimo is a UK based shopping agent at [kaimo.co.uk]. A buyer (or their own LLM agent) hands us a product URL plus a delivery address; we discover the merchant's UCP surface and drive the checkout on the buyer's behalf. We expose a buyer-facing HTTP API and a stdio MCP server, so agents (Claude, Cursor, etc.) can preview and place orders directly.

We are moving to a non-custodial model: the buyer pays the merchant directly with their own enrolled instrument via Shop Pay, funds never flow through kaimo, and we never touch raw card credentials. The merchant stays seller-of-record. Shop Pay's delegated Shop Token is exactly the primitive we need — single-use, buyer-authorized, no PAN on our side.

Use case for Shop Pay:

For Shopify merchants we want to complete checkout natively over UCP rather than redirect the buyer to a storefront, to: keep the experience inside the agent surface, avoid handling payment credentials entirely, offer one unified checkout across Shopify merchants, and reduce drop-off versus form-based checkout.

Technical readiness:

Already implemented against the current UCP spec:

• /.well-known/ucp discovery — parsing the ucp.services + ucp.capabilities shape (dev.ucp.shopping.cart / dev.ucp.shopping.checkout).
• JSON-RPC 2.0 tools/call MCP client: create_cart, create_checkout, get_checkout, complete_checkout, plus cancel_cart / cancel_checkout cleanup.
• OAuth 2.0 client_credentials exchange against https://api.shopify.com/auth/access_token, 60-min JWT, mint-fresh with
  refresh-before-expiry.
• Agent self-identification via meta["ucp-agent"].profile; public UCP agent profile served at our /.well-known/ucp-agent.json.
• Checkout status handling: ready_for_complete → complete; requires_escalation / non-terminal → graceful buyer handoff.
• Shop Pay instrument already wired per the handler spec (handler_id: shop_pay, credential: {type: shop_token, token},
  selected_instrument_id, billing address) — we just need a valid token to submit.

Intended Shop Pay flow:

Detect shop_pay in the merchant payment_handlers map → initialise delegated Shop Pay context → present the Shop Pay authorization surface to the buyer (web view at the authorize URL) → receive the Shop Token → wrap in the UCP Shop Pay instrument → submit via complete_checkout on the merchant's Checkout MCP → return order confirmation.

Security model:

Bearer-auth agent surface (fail-closed), per-key rate limiting, idempotency keys on create_checkout / complete_checkout keyed by our order id, single-use token never persisted, append-only audit ledger with GDPR pseudonymisation of buyer PII, ship-to-allow-list gate pre-placement. Post-token-spend failures surface loudly rather than silently retry, to prevent double charge.

What we're requesting:

A delegated-capable Shop Pay client_id for buyer-authorized payments.

Company details

• Product: kaimo — non-custodial UK shopping agent
• Company: kaimo
• Contact: Kilian Scheutwinkel / Founder
• Email: hello@kaimo.co.uk