Back to Blog

A2A Protocol Implementation: A Complete Technical Guide

Ultrion TeamJuly 18, 202614 min read

A2A Protocol Implementation: A Complete Technical Guide

The Agent-to-Agent (A2A) protocol enables AI agents from different vendors, frameworks, and organizations to communicate, collaborate, and transact with each other. Implementing A2A is essential for building multi-agent systems that go beyond single-vendor silos.

This guide provides a complete technical walkthrough of A2A protocol implementation β€” from architecture and message flow to production deployment and security considerations.

What Is the A2A Protocol?

The A2A (Agent-to-Agent) protocol is a standardized communication layer that enables AI agents to:

  1. Discover each other through agent cards
  2. Negotiate capabilities and establish sessions
  3. Exchange messages, tasks, and data
  4. Collaborate on complex multi-step workflows
  5. Transact β€” pay for services rendered by other agents

If MCP connects agents to tools, A2A connects agents to each other. Together, they form the complete communication stack for the AI agent economy.

Read the overview: A2A Protocol: The Complete Guide

A2A Protocol Architecture

Core Components

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚              Agent Application               β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚           A2A Client Layer                   β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚
β”‚  β”‚ Discovery β”‚  β”‚ Messagingβ”‚  β”‚  Task    β”‚  β”‚
β”‚  β”‚  Module   β”‚  β”‚  Engine  β”‚  β”‚ Manager  β”‚  β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚            Transport Layer                   β”‚
β”‚    (HTTP/2, WebSocket, gRPC)                β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚           Security Layer                     β”‚
β”‚  (TLS, JWT, OAuth2, Signatures)             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Agent Cards

Every A2A-compatible agent publishes an agent card β€” a standardized JSON document that describes:

{
  "name": "invoice-processor",
  "version": "2.1.0",
  "description": "Processes invoices in EU formats (DE, AT, CH, FR)",
  "capabilities": ["invoice-extraction", "vat-calculation", "archiving"],
  "a2a_version": "1.0",
  "endpoints": {
    "message": "https://agent.example.com/a2a/message",
    "task": "https://agent.example.com/a2a/task",
    "subscribe": "https://agent.example.com/a2a/subscribe"
  },
  "authentication": {
    "type": "oauth2",
    "token_endpoint": "https://agent.example.com/auth/token"
  },
  "pricing": {
    "model": "per-invocation",
    "amount": 0.05,
    "currency": "EUR"
  }
}

Message Flow

A typical A2A interaction follows this flow:

  1. Discovery β€” Agent A finds Agent B via its agent card
  2. Authentication β€” Agent A authenticates with Agent B
  3. Task Request β€” Agent A sends a task to Agent B
  4. Processing β€” Agent B processes the task (may involve MCP skills)
  5. Response β€” Agent B returns the result
  6. Payment β€” If applicable, payment is settled

Implementing A2A: Step by Step

Step 1: Set Up the A2A Server

from a2a import A2AServer, AgentCard, capability

# Define your agent card
card = AgentCard(
    name="european-compliance-checker",
    version="1.0.0",
    description="Checks GDPR and EU AI Act compliance for documents",
    capabilities=["gdpr-check", "ai-act-classification"],
    a2a_version="1.0",
    pricing={"model": "per-invocation", "amount": 0.15, "currency": "EUR"}
)

# Create the server
server = A2AServer(card, host="0.0.0.0", port=8080)

Step 2: Register Capabilities

@server.capability("gdpr-check")
async def check_gdpr(document_url: str, check_types: list[str]):
    """
    Check a document for GDPR compliance.
    
    Args:
        document_url: URL of the document to check
        check_types: Types of checks (consent, data_minimization, retention, etc.)
    
    Returns:
        Compliance report with violations and recommendations
    """
    doc = await fetch_document(document_url)
    violations = []
    
    if "consent" in check_types:
        violations.extend(check_consent_basis(doc))
    if "data_minimization" in check_types:
        violations.extend(check_data_minimization(doc))
    if "retention" in check_types:
        violations.extend(check_retention_policy(doc))
    
    return {
        "compliant": len(violations) == 0,
        "violations": violations,
        "recommendations": generate_recommendations(violations),
        "checked_at": datetime.utcnow().isoformat()
    }

Step 3: Implement Authentication

from a2a.auth import OAuth2Provider

auth = OAuth2Provider(
    token_endpoint="/auth/token",
    validate_token=validate_jwt_token,
    scopes=["gdpr-check", "ai-act-classification"]
)
server.set_auth_provider(auth)

Step 4: Enable Payments (via SkillExchange)

from skillexchange import PaymentGateway

payments = PaymentGateway(
    skill_id="european-compliance-checker",
    pricing_model="per-invocation",
    amount=0.15,
    currency="EUR"
)

@server.middleware
async def charge_per_invocation(request, response, next):
    result = await next(request, response)
    if result.success:
        await payments.charge(
            buyer_id=request.auth.user_id,
            amount=0.15,
            metadata={"task_id": request.task_id}
        )
    return result

Step 5: Start the Server

if __name__ == "__main__":
    server.run(tls_cert="/certs/fullchain.pem", tls_key="/certs/privkey.pem")

A2A Client Implementation

On the other side, you need an A2A client to call other agents:

from a2a import A2AClient

# Discover an agent
client = A2AClient()
agent = await client.discover("european-compliance-checker")

# Authenticate
await client.authenticate(
    agent=agent,
    client_id="my-agent-id",
    client_secret=os.environ["AGENT_SECRET"]
)

# Send a task
result = await client.send_task(
    agent=agent,
    capability="gdpr-check",
    input={
        "document_url": "https://docs.example.com/policy.pdf",
        "check_types": ["consent", "data_minimization", "retention"]
    }
)

print(f"Compliant: {result['compliant']}")
print(f"Violations: {result['violations']}")

A2A vs MCP: When to Use Which

Aspect MCP A2A
Connection type Agent β†’ Tool Agent β†’ Agent
Communication Request/Response Message-based, streaming
Discovery Skill marketplace Agent card registry
Use case Invoke a specific capability Collaborate on complex tasks
State Stateless Stateful sessions
Payments Per-invocation Negotiated contracts

Most production systems need both β€” MCP for tool invocation, A2A for agent collaboration.

Read more: MCP vs A2A: Which Protocol Should You Use?

Multi-Agent Orchestration with A2A

A2A enables sophisticated multi-agent patterns:

Pattern 1: Sequential Pipeline

Agent A β†’ Agent B β†’ Agent C, each adding value in sequence.

Pattern 2: Fan-Out/Fan-In

One coordinator agent dispatches tasks to multiple specialist agents, then aggregates results.

Pattern 3: Peer Negotiation

Agents negotiate prices, terms, and capabilities directly.

Pattern 4: Hierarchical Delegation

A master agent delegates subtasks to worker agents.

Learn more: Multi-Agent Orchestration Patterns

Security Considerations for A2A

Authentication

Every A2A interaction must be authenticated:

  • OAuth2 with PKCE for agent-to-agent auth
  • JWT tokens with short expiry (15 minutes)
  • Mutual TLS for high-trust environments

Authorization

Implement capability-based authorization:

@require_scope("gdpr-check")
async def check_gdpr(...):
    ...

Data Protection (GDPR)

For European deployments:

  • Encrypt all data in transit (TLS 1.3) and at rest (AES-256)
  • Minimize data β€” only send what's necessary between agents
  • Log all interactions for audit trails
  • Support right to erasure β€” delete data on request

Input Validation

from pydantic import BaseModel, HttpUrl

class GDPRCheckInput(BaseModel):
    document_url: HttpUrl
    check_types: list[str]  # validated against allowed values
    
    @validator("check_types")
    def validate_check_types(cls, v):
        allowed = {"consent", "data_minimization", "retention", "cross_border"}
        if not set(v).issubset(allowed):
            raise ValueError(f"Invalid check types. Allowed: {allowed}")
        return v

Security deep-dive: Security Best Practices for AI Agent Skills

Deploying A2A Agents on SkillExchange

SkillExchange provides A2A infrastructure:

  • Agent registry β€” publish your agent card
  • Discovery API β€” find other A2A-compatible agents
  • Payment gateway β€” handle inter-agent transactions
  • Monitoring β€” track agent interactions and costs

Publishing Your Agent

# Register your agent on SkillExchange
curl -X POST https://skillexchange.market/api/a2a/register \
  -H "Authorization: Bearer $SKILLX_TOKEN" \
  -d @agent-card.json

Finding Other Agents

# Search for agents with specific capabilities
curl https://skillexchange.market/api/a2a/agents?capabilities=translation,de-fr

Explore the A2A API: How A2A Protocol Enables Agent Commerce

Testing Your A2A Implementation

Unit Testing

import pytest

@pytest.mark.asyncio
async def test_gdpr_check_capability():
    result = await check_gdpr(
        document_url="https://example.com/test.pdf",
        check_types=["consent"]
    )
    assert result["compliant"] is not None
    assert isinstance(result["violations"], list)

Integration Testing

Test against real A2A servers:

@pytest.mark.integration
async def test_a2a_roundtrip():
    client = A2AClient()
    agent = await client.discover("european-compliance-checker")
    result = await client.send_task(agent, "gdpr-check", {...})
    assert result.status == "completed"

More on testing: AI Agent Testing: Complete QA Guide

Conclusion

Implementing the A2A protocol is the key to building truly autonomous multi-agent systems. By following this guide, you can build, deploy, and monetize A2A-compatible agents that collaborate with other agents across the SkillExchange ecosystem.

The combination of MCP (for tool invocation) and A2A (for agent collaboration) gives you the complete communication stack needed for production AI agent deployments in Europe and beyond.

Ready to deploy your A2A agent? Get started on SkillExchange today.

Newsletter

Enjoying this article?

Get weekly insights on building and selling AI skills, MCP tools, and creator economics. Join 2,000+ AI builders and creators.

No spam. Unsubscribe anytime.

Related Articles

Ready to try AI skills?

Browse the marketplace and discover skills for your AI agents.

Browse Skills