7.3 KiB
| title | description | url |
|---|---|---|
| Web Payment APIs | A short talk on Web Payment APIs | https://captnemo.in/talks/webpayments/ |
Web Payment APIs
- nemo (RFCs We Love, May 2020)
whoami
TODO
webpayments
The goal is to create a safe, decentralized system and a set of open, patent and royalty-free specifications that allow people on the Web to send each other money as easily as they exchange instant messages and e-mail today.
W3C
- ActivityPub
- CGI
- CSS
- DOM
- HTML
- RDF
- SOAP
- SPARQL
- SVG
- XHTML
- XML
- XPath
demo
Before we start, let's do a quick demo of how it all comes together.
specifications*
See github.com/w3c/webpayments/wiki for a complete list
* working drafts
specifications*
- Payment Request API: how to initiate a payment
- Payment Method Identifiers: what is a payment method?
- Payment Method Manifest: definition of a payment method
- Payment Handler API: how a payment method is processed?
the talk
Try to understand how we can complete a payment entirely from within your browser without relying on any proprietary APIs (as a processor/merchant), and yet being compatible with any payment instrument.
definitions
The payment method: the means that the payer uses to pay the payee (e.g., a basic card payment). They are uniquely identified via a Payment Method Identifier (PMI)
The payment method provider establishes the ecosystem to support that payment method.
The details of how to fulfill a payment request for a given payment method is an implementation detail of a payment handler, which is a Web application that can handle a request for payment on behalf of the user.
examples
payment method: Paytm Wallet Account, UPI, Card, Gift Card, Voucher Code, Bitcoin.
Payment Method Identifier: https://paytm.com, https://npci.org.in/upi, basic-card
payment method provider: Razorpay, Stripe, PayPal, NPCI/UPI, your-bank-goes-here
Payment Method Identifier
- URL-based payment method identifier (say,
https://bitcoincore.org/orhttps://pay.wechat.com). - or a standardized payment method identifier (currently only
basic-cardis on the registry).
humanized: how to identify and categorize various payment methods?
Payment Method Manifest
allows the curators of a defined payment method or owners of a proprietary payment method to authorize (via a manifest file) which payment handlers may be used to fulfill the payment method.
humanized: defines the schema of a specific payment method. The one for basic-card is standardized in a specification already.
How to get to the manifest?
GET / HTTP/2
Host: alicepay.com
HTTP/2 204
Link: </pay/payment-manifest.json>; rel="payment-method-manifest"
What's inside a Manifest?
A payment method manifest tells the user-agent "how to process payments for a particular method".
URL: https://alicepay.com/pay/payment-manifest.json
{
"default_applications": ["app/webappmanifest.json"],
"supported_origins": [
"https://bobpay.xyz",
"https://alicepay.friendsofalice.example"
]
}
user-agent can go next to https://alicepay.com/pay/app/webappmanifest.json to install the AlicePay application.
supported_origins defines which origins can be trusted to install an application for this payment method.
What's inside a Manifest (1)
{
//...
"supported_origins": [
"https://beta.alicepay.com",
"https://bobpay.com"
]
}
A payment application hosted at either alicepay.com, beta.alicepay.com, or bobpay.com is now authorized for the payment method https://alicepay.com.
What's inside a Manifest (2)
{
//...
"supported_origins": "*"
}
any third party is allowed to support the payment method.
recap
So far, the user-agent has done the following:
- seen a
payment-method(we haven't gotten to how) - discovered the payment method manifest URL
- parsed the payment method manifest to determine the webapp manifest URL
- fetched the webapp manifest URL
- installed the payment method's application(s)
The application installation is based on W3C's Web App Manifest specification.
Payment Handler
Each payment handler defines:
- Steps to check if a payment can be made:
- Steps to respond to a payment request:
The structure of this object is specific to each payment method.
- Steps for when a user changes payment method (optional)
Steps that describe how to handle the user changing payment method or monetary instrument (e.g., from a debit card to a credit card)
overview
TODO: Move this higher?
Payment Request API
Future Scope
- Installing a payment app is clunky, maybe we can just install the service-worker directly.