The Agent-to-Agent (A2A) protocol from Google is the open standard that enables AI agents built by different teams, using different frameworks, and running on different infrastructure to discover, communicate, and collaborate — the missing interoperability layer for enterprise multiagent AI systems. Published in April 2025 and adopted by 50+ technology partners, A2A addresses the fragmentation problem that was making multiagent enterprise AI architecture dependent on single-framework solutions. This guide covers the A2A specification, implementation patterns, and enterprise architecture for cross-agent communication.
What Is the A2A Protocol?
Agent-to-Agent (A2A) Protocol — Definition
An open standard HTTP-based protocol for communication between AI agents, enabling: (1) Agent discovery — an Agent Card (JSON metadata document at a standardised URL) advertises an agent's capabilities, skills, input/output formats, and authentication requirements; (2) Task delegation — an orchestrator agent sends tasks to specialist agents via standardised JSON messages; (3) Streaming responses — agents can stream responses back to orchestrators via Server-Sent Events; (4) Authentication — standard OAuth 2.0 and API key support for agent-to-agent authentication. A2A is intentionally transport-layer-agnostic — any agent framework (LangGraph, CrewAI, AutoGen, custom) can implement A2A.
The Agent Card: Discovery Foundation
The Agent Card is the DNS record of the A2A ecosystem — a JSON metadata file hosted at /.well-known/agent.json on any agent's base URL. It advertises what the agent can do and how to interact with it.
📋 Agent Card Fields
name: human-readable agent namedescription: what this agent doesurl: base URL for A2A interactionsskills: array of skill objects with name, description, input/output schemasauthentication: supported auth methods (OAuth, API key)
🔄 Task Lifecycle
- Orchestrator sends task via POST to agent's task endpoint
- Task has unique ID, input message, and required output schema
- Agent streams progress updates via SSE — orchestrator can poll or stream
- Final result returned with status (completed, failed, requires_input)
50+
Technology partners supporting A2A at launch — including Atlassian, Box, Cohere, Intuit, Langchain, MongoDB, PayPal, Salesforce, SAP, and ServiceNow. Enterprise adoption is accelerating rapidly
MCP
A2A and MCP are complementary, not competing: MCP connects agents to tools and data sources; A2A connects agents to other agents. The combination — MCP for tool access, A2A for agent orchestration — forms a complete enterprise AI integration architecture
Apache 2.0
A2A specification licence — fully open, no vendor lock-in. Any framework can implement A2A without licence constraints. Google's openness with the specification is the key factor driving multi-vendor adoption
Enterprise A2A Architecture Patterns
🎭
Orchestrator-Worker Pattern
An orchestrator agent (LangGraph, AutoGen) discovers specialist agents via their Agent Cards and delegates subtasks via A2A. Example: research orchestrator delegates to web search agent, document analysis agent, and citation verification agent — each built with different tools, running on different infrastructure. Orchestrator combines their outputs without needing to know each agent's internal implementation.
🏢
Cross-Team Agent Registry
Enterprise Agent Registry: a catalogue of Agent Cards for all agents deployed across business units. Any team can discover and invoke any other team's agent via A2A without one-to-one integration work. Security: each agent enforces its own authentication — OAuth for regulated capabilities, API keys for internal agents. Implement the registry as a simple directory service or via a Backstage
internal developer portal plugin.
🔌
SaaS Agent Integration
SaaS vendors (Salesforce, ServiceNow, SAP) publish A2A-compliant Agent Cards for their AI agents. Your enterprise orchestrator discovers and invokes them via A2A — CRM intelligence, ticket management, ERP queries — without custom integration code per vendor. This is the promise of A2A for enterprise: write one A2A orchestrator that works with any vendor's A2A-compliant agent automatically.
🛡️
Security Model
A2A authentication follows OAuth 2.0 standards — agents include their supported auth methods in the Agent Card. For enterprise internal agents: use your existing OAuth 2.0 / OIDC infrastructure (Okta, Azure AD) to issue tokens for agent-to-agent calls. For external SaaS agents: API keys or OAuth client credentials. Each agent enforces access control independently — no central A2A authority, no single point of failure.