A2A Protocol: Complete Guide to Agent-to-Agent Communication
In This Guide
- What Is the A2A Protocol
- Why A2A Exists
- Architecture and Core Concepts
- Agent Cards and Discovery
- Task Lifecycle
- Messages, Parts, and Artifacts
- Streaming and Push Notifications
- A2A vs MCP: Complementary Protocols
- Security and Authentication
- The A2A Ecosystem in 2026
- Getting Started with A2A
- Explore This Topic
What Is the A2A Protocol
The Agent2Agent protocol is a communication standard built on JSON-RPC 2.0 over HTTP(S) that defines how AI agents discover each other, negotiate interaction modalities, and collaborate on tasks. Google announced A2A in April 2025 with support from over 50 technology partners, and the protocol quickly gained traction because it solved a problem that no existing standard addressed: enabling opaque agents to work together without exposing their internal memory, tools, or reasoning processes.
The word "opaque" is central to understanding A2A's design philosophy. When two agents collaborate through A2A, neither agent needs to know how the other works internally. A research agent built on LangGraph can delegate a data visualization task to a CrewAI agent without knowing what models, tools, or prompts that agent uses. The A2A protocol handles the communication layer, letting each agent maintain full control over its own implementation while still participating in collaborative workflows.
This is fundamentally different from how most agent frameworks handle multi-agent communication. Frameworks like LangGraph, CrewAI, and AutoGen all support multi-agent patterns, but they require all agents to exist within the same framework, share the same runtime, and often expose their internal state to each other. A2A removes these constraints entirely. A Python agent running on AWS can collaborate with a Java agent running on Azure through standard HTTP requests, with no shared code, no shared runtime, and no shared memory.
The protocol defines a small, focused set of operations: discovering agent capabilities through Agent Cards, creating and managing tasks, exchanging messages with rich content types, and receiving streaming updates as work progresses. This simplicity is deliberate. A2A provides the communication layer and nothing else, leaving each agent framework free to handle reasoning, planning, memory, and tool use however it chooses.
Why A2A Exists
By early 2025, the AI agent ecosystem had a glaring gap. The Model Context Protocol (MCP) had successfully standardized how agents connect to tools and data sources, but there was no equivalent standard for how agents connect to each other. Every multi-agent system was a walled garden. If you built agents in CrewAI, those agents could only collaborate with other CrewAI agents. LangGraph agents could only work with LangGraph agents. Cross-framework collaboration required custom API development for every pair of frameworks you wanted to connect.
This created a fragmented landscape that limited what multi-agent systems could accomplish. Organizations running specialized agents on different platforms had no standard way to coordinate them. A customer support agent built on one framework could not hand off complex cases to a technical troubleshooting agent built on another. A research agent could not delegate specific analysis tasks to a domain-specific agent running on a completely different stack. Each connection required bespoke integration work.
A2A addresses this by providing a vendor-neutral wire protocol that any agent can implement regardless of its underlying framework, model provider, or deployment environment. Google designed the protocol with five core principles: enabling collaboration between opaque agents, supporting multiple interaction modes (text, forms, files, structured data), handling both quick synchronous tasks and long-running asynchronous operations, working within enterprise security constraints, and maintaining compatibility with existing agent frameworks rather than replacing them.
The distinction between MCP and A2A is worth emphasizing because the two protocols are designed to work together, not compete. MCP connects agents to passive tools and data sources. A database does not negotiate, plan, or make decisions. It responds to queries. MCP is perfect for this interaction pattern. A2A connects agents to other agents, entities that can reason, ask clarifying questions, refuse requests, and produce complex multi-step outputs. The two protocols address different layers of the agent communication stack, and production systems typically use both.
Architecture and Core Concepts
A2A uses a client-server model where one agent acts as the client (the one initiating the request) and another acts as the server (the one performing the work). These roles are not fixed. An agent that serves requests from one client might itself be a client to another agent, creating chains and hierarchies of collaboration. Every A2A interaction flows through standard HTTP, making the protocol compatible with existing infrastructure including load balancers, API gateways, firewalls, and monitoring tools.
The client initiates communication by sending a task to the server agent. A task is the fundamental unit of work in A2A. It represents a discrete piece of work that the client wants the server to perform, along with all the context and constraints needed to complete it. Tasks have unique identifiers, lifecycle states, and contain ordered sequences of messages that record the conversation between client and server as work progresses.
The JSON-RPC 2.0 foundation provides a proven, well-understood message format. Every A2A request is a JSON-RPC call with a method name and structured parameters. Every response follows JSON-RPC conventions for success results and error codes. This means developers working with A2A do not need to learn a novel protocol format. If you have worked with any JSON-RPC based system before, A2A's wire format will feel immediately familiar.
The protocol defines a specific set of methods that map to the core operations: tasks/send for submitting a new task or adding a message to an existing task, tasks/get for checking task status, tasks/cancel for aborting a running task, tasks/sendSubscribe for streaming task updates, and tasks/pushNotification methods for configuring webhook-based async notifications. Agent Cards are retrieved via a standard HTTP GET to the agent's well-known URL.
Agent Cards and Discovery
Before two agents can collaborate, the client agent needs to know what the server agent can do. A2A handles this through Agent Cards, JSON documents that describe an agent's identity, capabilities, supported interaction modes, and connection details. Every A2A-compliant agent serves its Agent Card at a well-known URL path: /.well-known/agent.json.
An Agent Card contains several key fields. The name and description provide human-readable identification. The url field specifies the endpoint where the agent accepts A2A requests. The skills array lists the specific capabilities the agent offers, each with its own name, description, and optional input/output schema. The supportedModes field declares whether the agent handles text, structured forms, file uploads, or other content types.
Skills are the most important part of the Agent Card because they tell client agents exactly what tasks the server can handle. A data analysis agent might list skills like "generate-chart," "run-regression," and "summarize-dataset." Each skill includes a description detailed enough for a client agent (or its underlying LLM) to understand when and how to use it. The optional JSON Schema definitions for inputs and outputs let client agents validate their requests before sending them, reducing round trips and error handling.
The Agent Card also includes authentication requirements so the client knows what credentials to provide when connecting. An agent might require OAuth 2.0 tokens, API keys, or no authentication at all for public demo endpoints. By publishing auth requirements in the Agent Card, A2A avoids the discovery problem where a client sends an unauthenticated request, gets rejected, and then has to figure out what authentication scheme to use.
Discovery itself can happen in several ways. A client agent might have the server's Agent Card URL hardcoded in its configuration. A multi-agent orchestrator might maintain a registry of known agents and their Card URLs. In more advanced deployments, agents can discover each other dynamically by querying a shared registry service. The A2A specification focuses on the Card format and the well-known URL convention, while leaving the broader discovery infrastructure to implementers.
Task Lifecycle
Every piece of work in A2A is represented as a task, and every task moves through a defined set of lifecycle states. Understanding these states is essential because they determine what operations are valid at any point in the collaboration and how the client should interpret the server's responses.
A task starts in the submitted state when the client sends it to the server. This means the server has received the request and acknowledged it, but has not yet started processing. From submitted, the task transitions to working when the server begins execution. The working state indicates active processing, and the server may send partial results, status updates, or streaming messages while in this state.
The input-required state is one of A2A's most distinctive features. It allows the server agent to pause work and ask the client for additional information. A research agent might start analyzing a topic, realize it needs clarification about the scope, and transition the task to input-required with a message asking the client to specify the time period. The client then sends a new message with the requested information, and the task transitions back to working. This back-and-forth conversation is what makes A2A suitable for complex, nuanced tasks that cannot be fully specified in a single request.
Tasks end in one of three terminal states. completed means the server finished the work successfully and the results are available in the task's artifacts. canceled means either the client or server terminated the task before completion. failed means the server encountered an error it could not recover from. Terminal states are final, a task cannot transition out of a terminal state.
The task object carries a history of all messages exchanged between client and server, along with any artifacts the server produced. This history provides a complete audit trail of the collaboration, which matters for debugging, compliance, and understanding how a result was reached. Client agents can retrieve the full task state at any time using the tasks/get method.
Messages, Parts, and Artifacts
Communication within a task happens through messages, and each message contains one or more parts. Parts are the actual content units, supporting text, files, and structured JSON data. This multi-part design lets agents exchange rich, complex information within a single message rather than being limited to plain text.
A TextPart carries a simple text string. A FilePart carries a file reference, either as inline base64-encoded data or as a URI pointing to a downloadable location. A DataPart carries structured JSON, which is particularly useful for passing parameters, configuration objects, or machine-readable results between agents. A single message can mix these part types freely. An agent might respond with a TextPart containing a summary, a DataPart containing structured analysis results, and a FilePart containing a generated chart image.
Artifacts are the outputs of a completed task. When a server agent finishes its work, it packages the results as artifacts attached to the task. Each artifact contains one or more parts (using the same part types as messages) and includes metadata about the content type and structure. Artifacts represent the deliverable output of the collaboration, while messages represent the conversation that produced it.
The separation between messages and artifacts is intentional. Messages are the dialogue between agents, the back-and-forth of requests, clarifications, and status updates. Artifacts are the final work products. A client agent that delegates a report generation task will see a stream of messages as the server works (status updates, clarification requests, progress notes) and then a set of artifacts containing the actual report when the task completes. This lets client agents handle in-progress communication differently from final results.
Streaming and Push Notifications
A2A supports two mechanisms for receiving real-time updates from server agents: streaming via Server-Sent Events (SSE) and push notifications via webhooks. Both are optional, and agents can operate in a simple synchronous request-response mode if real-time updates are not needed.
Streaming uses the tasks/sendSubscribe method instead of the standard tasks/send. When a client sends a task using sendSubscribe, the server keeps the HTTP connection open and streams events back as the task progresses. These events include task status transitions (submitted, working, completed), new messages from the server, and partial artifacts as they are generated. The SSE format is widely supported by HTTP clients and provides a clean, standards-based way to receive a stream of typed events over a single connection.
Push notifications are designed for long-running tasks where keeping an HTTP connection open is impractical. The client configures a webhook URL where it wants to receive updates, and the server sends HTTP POST requests to that URL as the task progresses. Push notifications include authentication tokens so the client can verify that updates are genuinely coming from the server. This mechanism works well for tasks that take minutes or hours to complete, where maintaining an open SSE connection would be wasteful.
The choice between streaming and push notifications depends on the task duration and infrastructure constraints. Streaming is simpler to implement and provides lower-latency updates, making it the better choice for tasks that complete within seconds or minutes. Push notifications are more robust for long-running tasks and work better in environments with load balancers, proxies, or firewalls that might terminate idle connections.
A2A vs MCP: Complementary Protocols
The most common question about A2A is how it relates to the Model Context Protocol (MCP). The short answer: they solve different problems and are designed to work together. MCP standardizes how agents access tools and data. A2A standardizes how agents communicate with each other. A well-architected agent system typically uses both.
MCP follows a host-client-server model where the AI model is always the decision maker. The model decides when to call a tool, what arguments to pass, and how to interpret the results. The MCP server is a passive provider of capabilities that responds to requests but does not initiate actions, ask questions, or exercise judgment. This is exactly the right model for tools like database queries, file operations, API calls, and search engines.
A2A follows a peer model where both participants are autonomous agents capable of independent reasoning. When an agent delegates a task through A2A, the server agent decides how to accomplish it. It might use its own MCP connections to access tools, invoke sub-agents through additional A2A calls, ask the client for clarification, or refuse the request entirely. The server agent is not a passive tool, it is a peer with its own goals, constraints, and capabilities.
Consider a practical example. An executive assistant agent receives a request to "analyze Q2 sales and prepare a presentation." Using MCP, the assistant connects to a CRM database (MCP server) and a file system (MCP server) to retrieve raw data. Using A2A, the assistant delegates the statistical analysis to a data science agent (A2A server) and the slide creation to a design agent (A2A server). The data science agent might use its own MCP connections to access analysis libraries. The design agent might use its own MCP connections to access template systems. Each agent operates independently, using the protocols that match the type of interaction: MCP for tools, A2A for peer agents.
The practical guideline is straightforward: if the other system needs to reason, plan, or make decisions, use A2A. If the other system needs to execute a defined operation and return a result, use MCP. Some systems sit at the boundary, and A2A includes conventions for wrapping MCP servers as minimal A2A agents when needed for interoperability.
Security and Authentication
A2A is designed for enterprise environments where security is non-negotiable. The protocol supports multiple authentication mechanisms, with OAuth 2.0 and API keys being the most common in production deployments. Authentication requirements are published in the Agent Card, so client agents know exactly what credentials to provide before making their first request.
The Agent Card's authentication section specifies the auth schemes the server accepts, the token endpoints for OAuth flows, and the scopes required for different operations. This upfront declaration eliminates the trial-and-error authentication discovery that plagues many API integrations. A client agent reads the Agent Card, acquires the necessary credentials, and includes them in every subsequent request.
Transport security is handled at the HTTP level through TLS (HTTPS). The A2A specification strongly recommends HTTPS for all production deployments, and many implementations reject plaintext HTTP connections entirely. Because A2A runs on standard HTTP infrastructure, it benefits from all existing transport security mechanisms including certificate management, mutual TLS, and network-level access controls.
The opacity principle provides an additional security layer. Because A2A agents do not expose their internal tools, memory, or reasoning processes, a compromised or malicious client cannot extract proprietary algorithms, training data, or system prompts from a server agent. The client can only interact through the published A2A interface, which limits the attack surface to the defined protocol operations.
For push notifications, the protocol includes a verification mechanism. When a client registers a webhook URL for receiving async updates, the server and client exchange authentication tokens that are included in every push notification. The client verifies these tokens before processing any incoming notification, preventing spoofed updates from unauthorized sources.
The A2A Ecosystem in 2026
Since its April 2025 announcement, A2A has grown from a Google proposal to a broadly adopted standard. The protocol launched with support from over 50 companies including Salesforce, SAP, ServiceNow, MongoDB, Elastic, Intuit, Workday, and Deloitte. By mid-2026, that number has grown significantly as more organizations recognize the value of standardized agent interoperability.
Official SDKs are available in four languages. The Python SDK (pip install a2a-sdk) is the most mature, with comprehensive support for building both clients and servers, streaming, push notifications, and integration with popular agent frameworks. The JavaScript SDK (npm install @a2a-js/sdk) targets Node.js environments and TypeScript-first development. The Go SDK targets high-performance server implementations. The Java SDK serves enterprise environments that standardize on the JVM.
Framework integrations are available for every major agent platform. LangGraph, CrewAI, AutoGen, Google ADK, and the Anthropic Agent SDK all have A2A adapters that expose agents built on these frameworks as A2A-compliant servers with minimal code. This means developers do not need to rewrite their agents to participate in A2A, they add an adapter layer that translates between the framework's native interface and the A2A protocol.
The DeepLearning.AI course on A2A, built in partnership with Google Cloud and IBM Research, has introduced thousands of developers to the protocol through hands-on tutorials covering server implementation, client development, orchestration patterns, and the relationship between A2A and MCP. The course uses real examples with multiple frameworks to demonstrate cross-framework agent collaboration.
Enterprise adoption is accelerating as organizations move from single-agent prototypes to multi-agent production systems. The pattern that drives most enterprise A2A adoption is the specialized agent team: a set of agents, each expert in a specific domain (finance, legal, engineering, customer service), that collaborate on cross-functional tasks through A2A. This approach lets organizations build and maintain agents independently while still enabling complex, coordinated workflows.
Getting Started with A2A
The fastest path to working with A2A depends on your starting point. If you already have agents built on a supported framework, start by adding an A2A adapter to expose them as A2A servers. The framework-specific guides in this section cover the exact steps for LangGraph, CrewAI, Google ADK, and other popular platforms.
If you are building from scratch, the Python SDK is the recommended starting point. Install it with pip install a2a-sdk, define your agent's skills and capabilities, implement the task handler function, and start the server. A basic A2A server can be running in under 50 lines of Python. The SDK handles all protocol details including JSON-RPC parsing, Agent Card serving, task state management, and streaming support.
For client-side development, the SDK provides a client class that handles Agent Card fetching, task submission, streaming, and error handling. Building a client that discovers a remote agent, sends a task, and processes the results requires about 20 lines of code. The SDK's async API works naturally with Python's asyncio for building responsive client applications.
The recommended learning path is: understand Agent Cards by reading and writing them, build a simple A2A server that handles one skill, build a client that sends tasks to that server, add streaming support, then explore multi-agent orchestration patterns. The articles in this section follow this progression.