How A2A Protocol Works: Technical Guide for Engineers

How A2A Protocol Works: Technical Guide for Engineers

Written by: Mariana Fonseca, Editorial Team, AI Growth Agent

Key Takeaways for Implementers

  • The A2A protocol standardizes how AI agents discover each other, authenticate, delegate tasks, and coordinate across different frameworks and vendors.
  • Agents publish an Agent Card at /.well-known/agent-card.json to enable discovery, declare capabilities, and support signed verification for security.
  • Tasks follow a nine-state lifecycle with support for streaming updates via SSE, polling, and secure artifact delivery upon completion.
  • A2A complements MCP by handling horizontal agent-to-agent coordination while MCP manages vertical tool and data access within a single agent.

How A2A Works Step by Step

  1. Discovery. A client agent issues an unauthenticated GET to /.well-known/agent-card.json on the remote host. The response is an Agent Card that declares the remote agent’s name, endpoint, capabilities, skills, supported transports, and security schemes.
  2. Authentication. The client reads the securitySchemes field from the Agent Card and negotiates credentials before any task is sent. Supported schemes include API keys, HTTP Bearer, OAuth 2.0, OpenID Connect, and mutual TLS, with version negotiation carried in the A2A-Version HTTP header.
  3. Task submission. The client sends a tasks/send or tasks/sendSubscribe JSON-RPC 2.0 request over HTTPS containing a Message with one or more typed Part objects. The server creates a Task with a unique identifier and an initial state of submitted.
  4. Execution and progress. The remote agent processes the task opaquely. The client receives state transitions and intermediate results via Server-Sent Events (SSE) as TaskStatusUpdateEvent and TaskArtifactUpdateEvent messages, or polls via tasks/get if streaming is not advertised.
  5. Artifact delivery. On reaching a terminal state, the server returns one or more Artifact objects, each containing a parts array of typed content. The SSE stream closes and the task is complete.

Want a spec-accurate walkthrough of A2A tailored to your stack? Book a kickoff and get a technical content plan within a week.

How A2A Agent Discovery Works in Practice

Agent discovery in A2A centers on a public Agent Card served at a predictable location. In A2A v1.0, an Agent Card is served as a public JSON document at the well-known URI /.well-known/agent-card.json. The top-level fields defined by the spec are: name, description, version, provider, supportedInterfaces[], capabilities, defaultInputModes, defaultOutputModes, skills[], securitySchemes, security, and signatures.

Each entry in skills[] carries an id, name, description, inputModes, outputModes, tags, and examples. The capabilities object advertises boolean flags for streaming, pushNotifications, and stateTransitionHistory, which determine which progress-update mechanisms the client may use.

The discovery flow follows three concrete steps. First, the client’s A2ACardResolver fetches the card. Second, it stores a RemoteAgentConnection keyed by card.name. Third, it injects the serialized agent information into the orchestrating agent’s system prompt so the client knows which remote skills are available without hardcoded configuration.

A2A v0.3 introduced Signed Agent Cards; v1.0 made them load-bearing. An AgentCardSignature is computed as a JSON Web Signature (RFC 7515) over a canonicalized form of the card using the JSON Canonicalization Scheme (RFC 8785). Callers verify the signature before trusting any advertised capability or authentication scheme, which prevents card spoofing at the discovery layer.

Need clearer Agent Card docs and diagrams for your developer hub? Book a demo to see how we turn specs into adoption-ready guides.

A2A Task Lifecycle Explained

The A2A Task state machine gives every task a predictable lifecycle. A2A v1.0 defines a full Task state machine with nine named states: TASK_STATE_SUBMITTED, TASK_STATE_WORKING, TASK_STATE_INPUT_REQUIRED, TASK_STATE_AUTH_REQUIRED, TASK_STATE_COMPLETED, TASK_STATE_FAILED, TASK_STATE_CANCELED, TASK_STATE_REJECTED, and TASK_STATE_UNSPECIFIED.

States group into three categories: Running (submitted, working), Paused (input-required, auth-required), and Finished (completed, failed, canceled, rejected). A task in input-required pauses until the client sends additional message parts in the same contextId. A task in auth-required pauses until the client supplies the credentials described in the status message.

Terminal states each carry specific semantics. TASK_STATE_COMPLETED returns final Artifacts and closes the SSE stream, TASK_STATE_FAILED emits an error code and description before closing, TASK_STATE_CANCELED releases resources and closes, and TASK_STATE_REJECTED returns a descriptive error.

Artifacts are the concrete deliverables of a completed task. Each Artifact carries an artifactId, a name, and a parts array. Supported Part kinds are TextPart for human-readable content, DataPart for structured JSON payloads, and FilePart for binary content referenced by URI or inline. Artifacts can be streamed incrementally using append and lastChunk flags on TaskArtifactUpdateEvent messages before the task reaches a terminal state.

Want diagrams and state tables your engineers will actually use? Book a kickoff and we will map your A2A task flows into clear documentation.

A2A Protocol Authentication

A2A treats authentication as a discoverable contract that sits beside the protocol, not inside it. Agent Cards declare supported securitySchemes covering OAuth2, API keys, HTTP Bearer, mTLS, and OpenID Connect, plus a security array declaring required scopes. Actual enforcement occurs through enterprise identity providers rather than within the protocol itself.

A2A v1.0 uses mTLS between agents inside the same trust boundary and OAuth 2.1 with scoped tokens across boundaries. Credentials must be scoped per caller per skill, and root keys must never be shared.

Signed Agent Cards add a cryptographic identity layer at discovery time. As discussed in the discovery section, Signed Agent Cards provide cryptographic identity verification alongside a web-aligned architecture that supports familiar security and load-balancing patterns for high-scale reliability.

Version negotiation uses the A2A-Version HTTP request header. The agent card is signed with JSON Web Signature (JWS) using JCS canonicalization, and version negotiation uses the A2A-Version header. This approach allows clients and servers to agree on a compatible spec revision before any task work begins.

Need to explain your A2A security model to architects and CISOs? Book a demo to see security-focused content that earns trust and references.

A2A vs MCP in Real Deployments

The A2A and MCP protocols solve different parts of the multi-agent problem. A2A is a horizontal protocol for agent-to-agent coordination across vendor boundaries, while MCP is a vertical protocol for connecting a single agent to external tools, APIs, and data sources. The two protocols are explicitly complementary. A2A defines how agents communicate and coordinate across organizational boundaries, while MCP defines how agents connect to internal tools and data sources.

Dimension A2A MCP Source
Primary purpose Agent-to-agent task delegation across vendor boundaries Single-agent access to tools, APIs, and data sources Atlan
Client-server model Fluid roles: same agent can be client or server depending on task Strict hierarchy: model always initiates, tool server always responds Tyk
Task handling Stateful; defines full lifecycle (submitted, working, input-required, completed, failed, canceled) Stateless; each tool execution is an independent transaction Atlan
Core primitives Agent Card, Task, Message, Part, Artifact Tools (actions), Resources (data), Prompts (templated instructions) Atlan / CodiLime

Production systems use both in sequence: A2A routes tasks to specialized agents that then use MCP to pull governed context from tools and data sources.

Want to position your platform as the reference for A2A and MCP together? Book a kickoff and we will design a comparison hub that attracts engineers.

Production Considerations for A2A

Authentication hardening. Production A2A endpoints should be treated as standard HTTP services with default-deny egress, allowlisted peer agents, and rate-limiting per caller. Beyond network-level controls, credential scoping is critical. Credentials must be scoped per caller per skill, and root keys must never be shared, to prevent lateral movement if one agent is compromised. Verify Signed Agent Cards before trusting any advertised capability so that enforced security schemes match the agent’s actual identity.

Error handling and observability. Common production pitfalls include treating A2A like a simple REST API (losing streaming and stateful task benefits), publishing vague Agent Cards that hinder routing, failing to set per-caller budgets leading to token spend drain, and omitting distributed tracing across agent chains. Observability requires propagating W3C traceparent headers across HTTP hops and logging stable task IDs to enable end-to-end tracing across framework boundaries.

Streaming versus polling. Progress updates are available via three mechanisms gated by the Agent Card: polling (always available via tasks/get), streaming (SSE over HTTP when advertised), and webhooks (push notifications when advertised). A dropped stream can be resumed with a full state snapshot via resubscribe. For long-running tasks, SSE streaming reduces latency and avoids polling overhead. This benefit comes with tradeoffs, because the client must handle reconnection logic and the server must maintain task state durably.

A2A v0.3.0 does not define a machine-readable skill I/O schema such as JSON Schema, which means LLM planners must rely on natural-language skill descriptions for deterministic orchestration. This gap affects routing logic and should be considered when designing skills. Additionally, authorization in A2A occurs after task acceptance, creating an authorization creep risk where remote agents may discover required internal skills or MCP tools only after the task has been submitted. Scoping OAuth tokens tightly per skill at submission time mitigates this risk.

Need to document production runbooks and failure modes for your A2A rollout? Book a demo and we will show you how we turn hard-won lessons into searchable playbooks.

Frequently Asked Questions

What is the A2A protocol and who governs it?
The Agent-to-Agent (A2A) protocol is an open specification for agent discovery, task delegation, and cross-framework coordination. Google launched it in April 2025 and donated it to the Linux Foundation in June 2025, where it is maintained under the Apache 2.0 license. As of April 2026, more than 150 organizations support it, including Microsoft, AWS, Salesforce, SAP, ServiceNow, and IBM. Microsoft has integrated A2A into Azure AI Foundry and Copilot Studio, and AWS added support through Amazon Bedrock AgentCore Runtime.

How complex is it to implement A2A in an existing agent system?
The core integration points are straightforward. You publish an Agent Card at the well-known endpoint, implement the JSON-RPC 2.0 task methods (tasks/send, tasks/get, tasks/cancel, and optionally tasks/sendSubscribe), and wire authentication per the declared security schemes. Production-ready SDKs exist for Python, JavaScript/TypeScript, Java, Go, and .NET, which handle typed models for Agent Cards, tasks, messages, parts, and artifacts. The primary implementation complexity lies in durable task state management, SSE reconnection handling, and scoped credential provisioning per caller per skill rather than in the protocol mechanics themselves.

Can A2A agents built on different frameworks actually interoperate?
Yes. A2A standardizes only the communication interface, leaving each agent’s internal model, memory, and toolchain untouched. Documented cross-framework deployments include a Google ADK purchasing concierge orchestrating a CrewAI burger seller and a LangGraph pizza seller, and a Microsoft Semantic Kernel travel planner delegating to remote agents on Azure App Service. The protocol boundary is the HTTP/JSON-RPC interface and the Agent Card contract, and what runs behind that boundary is irrelevant to the client.

What is the relationship between A2A and MCP in a production system?
As explained in the A2A vs MCP section above, they solve adjacent problems. MCP handles vertical tool access within a single agent, while A2A handles horizontal coordination between agents across vendors and organizations. In production, most systems require both, with MCP providing capability execution and A2A handling peer delegation and task lifecycle management.

What are the most common failure modes in A2A production deployments?
The documented failure modes are: vague Agent Cards that cause routing failures because the orchestrator cannot determine which agent to delegate to, missing per-caller token budgets that lead to uncapped spend, omitting distributed tracing headers that make cross-agent debugging opaque, treating the protocol as stateless REST and losing streaming and task-state benefits, and authorization creep where a remote agent discovers it needs broader permissions only after a task has been accepted. Mitigations include detailed skill descriptions in Agent Cards, scoped OAuth 2.1 tokens per skill, W3C traceparent propagation, and SSE-first task submission for any non-trivial workload.

Want FAQ content that matches how your engineers actually talk and search? Book a kickoff and we will turn your A2A knowledge into a living FAQ.

Conclusion: Turning A2A Expertise into Authority

The A2A protocol provides a complete, spec-aligned contract for multi-agent systems. It defines Agent Cards at /.well-known/agent-card.json for discovery, a nine-state Task machine for lifecycle management, typed Artifacts for structured output delivery, SSE streaming for real-time progress, and OAuth 2.1 plus mTLS for authentication across trust boundaries. The v1.0 stable release, now maintained by the Linux Foundation with broad industry support, removes many barriers to production deployment that earlier drafts left open.

Engineers evaluating or implementing A2A need precise, current documentation that tracks spec changes as they happen. Fragmented sources and stale guides create implementation risk at the same moment the protocol is being written into enterprise infrastructure at AWS, Azure, and Google Cloud.

AI Growth Agent maps the full universe of A2A-related queries, from head terms like “how A2A protocol works” to the long tail of implementation-specific questions engineers actually ask, and produces living, self-healing content that earns citations in AI search. The same engine that builds authority for A2A topics extends across every technical domain a brand needs to own.

Ready to turn your A2A implementation into the resource other teams cite? Book a kickoff and see your first technical article live within a week.