The authority pattern under [[agentic-commerce]]: the user (or business buyer) grants an AI agent permission to spend on their behalf within explicit limits — merchant scope, max amount, time window, allowed product categories, and approval gates for irreversible spend above a threshold. Delegated purchasing is what makes an agent's commerce action *authorized* rather than abusive; it sits above [[agent-payments]] (the credential layer) and connects to the broader [[action-approval]] discipline. Implementations include OpenAI ChatGPT spending controls, Visa AI-enabled controls, and per-agent budget rules in B2B procurement platforms (IBM watsonx Orchestrate, SAP, Coupa).
Example
A finance team delegates monthly software-renewal purchasing to a procurement agent with these limits: SaaS vendor list of 47 approved suppliers, max single charge $2,500, max monthly total $25,000, human approval required above $1,000 per charge, and a 24-hour cancellation window after each order. The agent renews 38 routine subscriptions automatically over the month and routes 4 high-value or off-list requests to the finance manager for explicit approval — reducing renewal-administration time by ~80% while keeping every irreversible spend under explicit human authorization.
Frequently asked questions
What should the delegation policy include?
At minimum: (1) merchant or merchant-category allow-list, (2) per-transaction and aggregate spend caps, (3) time window for the authority, (4) categories the agent may not buy in, (5) approval threshold above which a human must confirm, and (6) a cancellation window before fulfillment for reversibility. A 'kill switch' that revokes delegation immediately is operationally important — separate from the protocol limits.
Is delegated purchasing only for consumers?
No — the larger near-term opportunity is B2B procurement. Procurement-side agents that handle renewals, replenishment, and routine sourcing operate under delegation policies that codify the company's purchasing rules. The protocol layer is the same; the policy is more complex (approval matrices, GL coding, vendor risk checks). See [[ai-procurement-agent]] for the broader workflow.
How does this relate to action approval?
[[action-approval]] is the in-flight gate ('this specific transaction needs a human OK before it executes'). Delegated purchasing is the standing policy ('here's what the agent may do without asking'). The two compose: a well-designed system uses a permissive standing delegation for low-risk routine spend and reserves action approval for transactions that exceed the delegation's bounds.