Payment Request API [[!PAYMENT-REQUEST-API]] provides a standard - way to initiate payment requests from Web pages and - applications. User agents implementing that API prompt the user to - select a way to handle the payment request, after which the user - agent returns a payment response to the originating site. This - specification defines capabilities that enable Web applications - to handle payment requests.
-- We have changed the title of this specification but left the identifier as-is. We are likely to want to assign it a new URL prior to FPWD. -
-The Web Payments Working Group maintains - a list of all bug reports that the group has not yet addressed. - This draft highlights some of the pending issues that are still to - be discussed in the working group. No decision has been taken on - the outcome of these issues including whether they are valid. Pull - requests with proposed specification text for outstanding issues - are strongly encouraged.
-The Web Payments Working Group seeks to streamline payments on the Web to - help reduce "shopping cart abandonment" and make it easier to deploy - new payment methods on the Web. It has published the Payment Request - API [[!PAYMENT-REQUEST-API]] as a standard way to initiate payment - requests from E-Commerce Web sites and applications.
- -A payment app is a Web application that manages - payment requests on behalf of the user by supporting one or more - payment methods. To enable a Web application to handle payment requests, - this specification defines:
- -This specification does not address how software built with - operating-system specific mechanisms (e.g., "native mobile - apps") handle payment requests.
-- This specification defines one class of products: -
+Payment Request API [[!PAYMENT-REQUEST-API]] provides a + standard way to initiate payment requests from Web pages and + applications. User agents implementing that API prompt the user + to select a way to handle the payment request, after which the + user agent returns a payment response to the originating site. + This specification defines capabilities that enable Web + applications to handle payment requests.
+We have changed the title of this specification + but left the identifier as-is. We are likely to want to assign + it a new URL prior to FPWD.
+The Web Payments Working Group maintains a + list of all bug reports that the group has not yet + addressed. This draft highlights some of the pending issues + that are still to be discussed in the working group. No + decision has been taken on the outcome of these issues + including whether they are valid. Pull requests with proposed + specification text for outstanding issues are strongly + encouraged.
+The Web Payments Working Group seeks to streamline payments + on the Web to help reduce "shopping cart abandonment" and make + it easier to deploy new payment methods on the Web. It has + published the Payment Request API [[!PAYMENT-REQUEST-API]] as a + standard way to initiate payment requests from E-Commerce Web + sites and applications.
+A payment app is a Web + application that manages payment requests on behalf of the user + by supporting one or more payment methods. To enable a Web + application to handle payment requests, this specification + defines:
+This specification does not address how software built with + operating-system specific mechanisms (e.g., "native mobile + apps") handle payment requests.
+This specification defines one class of products:
- A user agent MUST behave as described in this specification - in order to be considered conformant. In this specification, user agent means a Web - browser or other interactive user agent as defined in [[!HTML5]]. -
-- User agents MAY implement algorithms given in this - specification in any way desired, so long as the end result is - indistinguishable from the result that would be obtained by the - specification's algorithms. -
-- A conforming Payment Handler API user agent MUST also be a - conforming implementation of the IDL fragments - of this specification, as described in the - “Web IDL” specification. [[!WEBIDL]] -
- - -A user agent MUST behave as described in this + specification in order to be considered conformant. In this + specification, user agent means a Web browser or + other interactive user agent as defined in + [[!HTML5]].
+User agents MAY implement algorithms given in this + specification in any way desired, so long as the end result + is indistinguishable from the result that would be obtained + by the specification's algorithms.
+A conforming Payment Handler API user agent MUST also be + a conforming implementation of the IDL fragments + of this specification, as described in the “Web IDL” + specification. [[!WEBIDL]]
+ +This specification relies on several other underlying specifications.
+This specification relies on several other underlying + specifications.
DOMException and the following DOMException types - from [[!DOM4]] are used:
-| Type | -Message (optional) | -
|---|---|
AbortError |
- The operation was aborted | -
InvalidStateError |
- The object is in an invalid state | -
SecurityError |
- The operation is only supported in a secure context | -
OperationError |
- The operation failed for an operation-specific reason. | -
The following DOMException types from [[!WEBIDL]] are used:
-| Type | -Message (optional) | -
|---|---|
NotAllowedError |
- The request is not allowed by the user agent or the - platform in the current context. | -
DOMException and the following DOMException + types from [[!DOM4]] are used:
+| Type | +Message (optional) | +
|---|---|
AbortError |
+ The operation was aborted | +
InvalidStateError |
+ The object is in an invalid state | +
SecurityError |
+ The operation is only supported in a secure + context | +
OperationError |
+ The operation failed for an operation-specific + reason. | +
The following DOMException types from [[!WEBIDL]] are + used:
+| Type | +Message (optional) | +
|---|---|
NotAllowedError |
+ The request is not allowed by the user agent or the + platform in the current context. | +
In this document we envision the following flow:
- -In this document we envision the following flow:
+This specification does not address activities outside this flow, including:
-Thus, an origin will rely on many other Web technologies defined - elsewhere for lifecycle management, security, user authentication, - user interaction, and so on.
- -This specification does not address activities outside this + flow, including:
+Thus, an origin will rely on many other Web technologies + defined elsewhere for lifecycle management, security, user + authentication, user interaction, and so on.
+
- The Service Worker specification defines a ServiceWorkerRegistration interface
- [[!SERVICE-WORKERS]], which this specification extends.
-
The Service Worker specification defines a
+ ServiceWorkerRegistration interface
+ [[!SERVICE-WORKERS]], which this specification extends.
partial interface ServiceWorkerRegistration {
readonly attribute PaymentAppManager paymentAppManager;
};
-
interface PaymentAppManager {
attribute PaymentAppOptions options;
attribute PaymentWallets wallets;
};
- options attributeIs "options" the right term here? We don't want this to - get conflated with "PaymentOptions" in the payment request - specification. Other alternatives might be "instruments" or "accounts." -
-wallets attribute+
options attributeIs "options" the right term here? We + don't want this to get conflated with "PaymentOptions" in + the payment request specification. Other alternatives + might be "instruments" or "accounts."
+wallets attribute
interface PaymentAppOptions {
Promise<boolean> delete(DOMString optionKey);
Promise<PaymentAppOption> get(DOMString optionKey);
@@ -396,19 +377,16 @@
PaymentAppOption details);
};
-
- Where it appears, The optionKey parameter is a unique
- identifier for the option; it will be passed to the payment handler to
- indicate the PaymentAppOption selected by the user.
-
TODO: flesh out details after the WG reaches general - consensus on the shape of this API.
-+Where it appears, The
+optionKeyparameter is + a unique identifier for the option; it will be passed to the + payment handler to indicate the PaymentAppOption + selected by the user.TODO: flesh out details after the WG reaches + general consensus on the shape of this API.
+
dictionary PaymentAppOption {
required DOMString name;
sequence<ImageObjects> icons;
@@ -418,43 +396,36 @@
name membername member is a string that
+ represents the label for this payment option as it is
+ usually displayed to the user.icons membericons member is an array of image
+ objects that can serve as iconic representations of the
+ payment option when presented to the user for
+ selection.enabledMethods membername member is a string that represents the
- label for this payment option as it is usually displayed
- to the user.
- icons membericons member is an array of image objects that
- can serve as iconic representations of the payment
- option when presented to the user for selection.
- enabledMethods memberenabledMethods
- member lists the payment method identifiers of the
- payment methods enabled by this option.
- capabilities membercapabilities
- member contains a list of payment-method-specific capabilities
- that this payment handler is capable of supporting for this option.
- For example, for the basic-card payment method,
- this object will consist of an object with two fields: one for
- supportedNetworks, and another for
- supportedTypes.
-
+ The enabledMethods
+ member lists the payment method identifiers of the
+ payment methods enabled by this option.
+
+ capabilities membercapabilities
+ member contains a list of payment-method-specific
+ capabilities that this payment handler is capable of
+ supporting for this option. For example, for the
+ basic-card payment method, this object will
+ consist of an object with two fields: one for
+ supportedNetworks, and another for
+ supportedTypes.
interface PaymentWallets {
Promise<boolean> delete(DOMString walletKey);
Promise<WalletDetails> get(DOMString walletKey);
@@ -464,18 +435,13 @@
WalletDetails details);
};
-
-
- Where it appears, The walletKey parameter is a unique
- identifier for the wallet.
-
TODO: flesh out details after the WG reaches general - consensus on the shape of this API.
-Where it appears, The walletKey parameter is
+ a unique identifier for the wallet.
TODO: flesh out details after the WG reaches + general consensus on the shape of this API.
+
dictionary WalletDetails {
required DOMString name;
@@ -485,30 +451,23 @@
name membername member is a string that represents the
- label for this wallet as it is usually displayed
- to the user.
- icons membericons member is an array of image objects
- that can serve as iconic representations of the wallet when
- presented to the user for selection.
- optionKeys memberThe following example shows how to register a payment handler:
-+
name member is a string that
+ represents the label for this wallet as it is usually
+ displayed to the user.icons membericons member is an array of image
+ objects that can serve as iconic representations of the
+ wallet when presented to the user for selection.optionKeys memberThe following example shows how to register a payment + handler:
+
navigator.serviceWorker.register('/exampleapp.js')
.then(function(registration) {
registration.paymentAppManager.options.set(
@@ -562,96 +521,123 @@
});
});
- - The Editors will update the payment method identifier syntax in this - and other examples to align with [[!METHOD-IDENTIFIERS]], once a final - format has been agreed upon. -
-After applying the matching algorithm defined in Payment Request API, - the user agent displays a list of matching origins for the user to make - a selection. This specification includes a limited number of display - requirements; most user experience details are left to user agents.
- -The following are examples of payment handler ordering:
-The user agent MUST enable the user to select any displayed Option.
- -Issue 98. There has been pushback to always requiring display of options (e.g., on a mobile devices). User agents can incrementally show options. Or user agents can return an empty option ID and it becomes the payment app's responsibility to display options to the user.
-At times, the same origin may wish to group options with - greater flexibility and granularity than merely "by origin." These - use cases include:
-A Wallet is a grouping of Options for - display purposes.
- -To enable developers to build payment apps in a variety of - ways, we decouple the registration (and subsequent display) of - Options from how payment handlers respond to paymentrequest - events. However, the user agent is responsible for communicating - the user's selection in the event.
+The + Editors will update the payment method identifier syntax in + this and other examples to align with + [[!METHOD-IDENTIFIERS]], once a final format has been agreed + upon.
+Users agents may wish to enable the user to select individual displayed Options. The payment handler would receive information about the selected option and could take action, potentially eliminating an extra click (first open the payment app then select the option).
- -Issue 98. Should we require that, if displayed, individual Options must be selectable? Or should we allow flexibility that Options may be displayed, but selecting any one invokes all registered payment handlers? One idea that has been suggested: the user agent (e.g., on a mobile device) could first display the app-level icon/logo. Upon selection, the user agent could display the Options in a submenu.
+After applying the matching algorithm defined in Payment + Request API, the user agent displays a list of matching origins + for the user to make a selection. This specification includes a + limited number of display requirements; most user experience + details are left to user agents.
+The following are examples of payment handler + ordering:
+The user agent MUST enable + the user to select any displayed Option.
++ Issue 98. There has been pushback to always requiring + display of options (e.g., on a mobile devices). User agents + can incrementally show options. Or user agents can return an + empty option ID and it becomes the payment app's + responsibility to display options to the user.
+At times, the same origin may wish to group options with + greater flexibility and granularity than merely "by origin." + These use cases include:
+A Wallet is a grouping of Options + for display purposes.
+To enable developers to build payment apps in a variety of + ways, we decouple the registration (and subsequent display) + of Options from how payment handlers respond to + paymentrequest events. However, the user agent is responsible + for communicating the user's selection in the event.
+Users agents may wish to enable the user to select + individual displayed Options. The payment handler would + receive information about the selected option and could take + action, potentially eliminating an extra click (first open + the payment app then select the option).
++ Issue 98. Should we require that, if displayed, + individual Options must be selectable? Or should we allow + flexibility that Options may be displayed, but selecting any + one invokes all registered payment handlers? One idea that + has been suggested: the user agent (e.g., on a mobile device) + could first display the app-level icon/logo. Upon selection, + the user agent could display the Options in a submenu.
+- Once the user has selected an Option, the user agent - fires a paymentrequest event with a Payment App Request, - and uses the subsequent Payment App Response to create a PaymentReponse - for [[!PAYMENT-REQUEST-API]]. -
-++ -Payment Handler Invocation, Display and Response
+Once the user has selected an Option, the user agent fires a + paymentrequest event with a Payment App Request, and + uses the subsequent Payment App Response to create a + PaymentReponse for [[!PAYMENT-REQUEST-API]].
++ -Payment App Request
The payment app request is + conveyed using the following dictionary: +dictionary PaymentAppRequest { DOMString origin; sequence<PaymentMethodData> methodData; @@ -660,401 +646,378 @@-Payment App Request
DOMString optionId; };-
- -- -
originattribute- - This attribute a string that indicates the origin of the - payee web page. It MUST be formatted according to the - "Unicode - Serialization of an Origin" algorithm defined in section 6.1 of - [[!RFC6454]]. -
-- -
methodDataattribute- - This attribute contains
-PaymentMethodData- dictionaries containing the payment method identifiers for the - payment methods that the web site accepts and any associated - payment method specific data. - It is populated from the - PaymentRequest using the Method Data Population Algorithm - defined below. -- -
totalattribute- - This attribute indicates the total amount being requested for payment. - It is initialized with a structured clone of the -
-totalfield of thePaymentDetailsprovided - when the corresponding PaymentRequest object was instantiated. -- -
displayItems- - The sequence of line items optionally provided by the payee. - It is initialized with a structured clone of the -
-displayItemsfield of thePaymentDetailsprovided - when the corresponding PaymentRequest object was instantiated. -- -
modifiersattribute- - This sequence of
-PaymentDetailsModifierdictionaries - contains modifiers for particular payment method identifiers (e.g., - if the payment amount or currency type varies based on a - per-payment-method basis). It is populated from the - PaymentRequest using the Modifiers Population Algorithm - defined below. -- -
optionIdattribute- - This attribute indicates the PaymentAppOption selected by - the user. It corresponds to the
-idfield provided during - registration. -See issue 91 for discussion about the inclusion of line items in the Payment App Request.
- -- - Method Data Population Algorithm -
-- To initialize the value of the
-methodData, the user agent - MUST perform the following steps or their equivalent: --
+- - Set registeredMethods to an empty set. -
-- - For each PaymentAppOption option in the - payment handler's
-PaymentAppManager.options, add all entries in - option.enabledMethodsto - registeredMethods. -- - Create a new empty
-Sequence. -- - Set dataList to the newly created
-Sequence. -- - For each item in -
PaymentRequest@[[\methodData]] in the - corresponding payment request, perform the following steps: --
-- - Set inData to the item under consideration. -
-- - Set commonMethods to the set intersection of - inData.
-supportedMethods- and registeredMethods. -- - If commonMethods is empty, skip the remaining substeps - and move on to the next item (if any). -
-- - Create a new
-PaymentMethodDataobject. -- - Set outData to the newly created -
-PaymentMethodData. -- - Set outData.
-supportedMethodsto - a list containing the members of commonMethods. -- - Set outData.data to a structured clone of - inData.
-data. -- - Append outData to dataList. -
-- - Set
methodDatato dataList. ++
+- +
originattribute- + This attribute a string that indicates the origin + of the payee web page. It MUST be formatted + according to the "Unicode + Serialization of an Origin" algorithm defined in + section 6.1 of [[!RFC6454]]. +
+- +
methodDataattribute- + This attribute contains
+PaymentMethodData+ dictionaries containing the payment method + identifiers for the payment methods that the + web site accepts and any associated payment method + specific data. It is populated from the + PaymentRequest using the Method Data Population + Algorithm defined below. +- +
totalattribute- + This attribute indicates the total amount being requested + for payment. It is initialized with a structured + clone of the
+totalfield of the +PaymentDetailsprovided when the + corresponding PaymentRequest object was + instantiated. +- +
displayItems- + The sequence of line items optionally provided by the + payee. It is initialized with a structured clone + of the
+displayItemsfield of the +PaymentDetailsprovided when the + corresponding PaymentRequest object was + instantiated. +- +
modifiersattribute- + This sequence of
+PaymentDetailsModifier+ dictionaries contains modifiers for particular payment + method identifiers (e.g., if the payment amount or + currency type varies based on a per-payment-method + basis). It is populated from the PaymentRequest + using the Modifiers Population Algorithm defined + below. +- +
optionIdattribute- + This attribute indicates the PaymentAppOption + selected by the user. It corresponds to the +
+idfield provided during registration. +See + issue 91 for discussion about the inclusion of line items + in the Payment App Request.
++ -Method Data Population Algorithm
+To initialize the value of the
+methodData, + the user agent MUST perform the following steps or their + equivalent:+
-- Set registeredMethods to an empty + set.
+- For each PaymentAppOption option in + the payment handler's +
-PaymentAppManager.options, add all entries + in option.enabledMethodsto + registeredMethods.- +- Modifiers Population Algorithm -
-- To initialize the value of the
-modifiers, the user agent - MUST perform the following steps or their equivalent: --
+- - Set registeredMethods to an empty set. -
-- - For each PaymentAppOption option in the - payment handler's
-PaymentAppManager.options, add all - entries in option.enabledMethodsto - registeredMethods. -- - Create a new empty
-Sequence. -- - Set modifierList to the newly created -
-Sequence. -- - For each item in +
- Create a new empty
+Sequence.- Set dataList to the newly created +
+Sequence.- For each item in +
+PaymentRequest@[[\methodData]] in + the corresponding payment request, perform the following + steps: ++
+- Set inData to the item under + consideration.
+- Set commonMethods to the set + intersection of + inData.
+supportedMethodsand + registeredMethods.- If commonMethods is empty, skip the + remaining substeps and move on to the next item (if + any).
+- Create a new
+PaymentMethodData+ object.- Set outData to the newly created +
+PaymentMethodData.- Set + outData.
+supportedMethodsto a + list containing the members of + commonMethods.- Set outData.data to a structured + clone of inData.
+data. +- Append outData to + dataList.
+- Set
+methodDatato + dataList.+ Modifiers Population Algorithm
+To initialize the value of the
+modifiers, + the user agent MUST perform the following steps or their + equivalent:+
+- Set registeredMethods to an empty + set.
+- For each PaymentAppOption option in + the payment handler's +
+PaymentAppManager.options, add all entries + in option.enabledMethodsto + registeredMethods. +- Create a new empty
+Sequence.- Set modifierList to the newly created +
+Sequence.- For each item in
-PaymentRequest@[[\paymentDetails]].modifiers- in the corresponding payment request, perform the following steps: --
- - Set inModifier to the item under consideration. -
-- - Set commonMethods to the set intersection of + in the corresponding payment request, perform the + following steps: +
+
-- Set inModifier to the item under + consideration.
+- Set commonMethods to the set + intersection of inModifier.
-supportedMethods- and registeredMethods. -- - If commonMethods is empty, skip the remaining substeps - and move on to the next item (if any). -
-- - Create a new
-PaymentDetailsModifierobject. -- - Set outModifier to the newly created -
-PaymentDetailsModifier. -- - Set outModifier.
-supportedMethodsto - a list containing the members of commonMethods. -- - Set outModifier.
-totalto a structured - clone of inModifier.total. -- - Set outModifier.
+additionalDisplayItems+ and registeredMethods.- If commonMethods is empty, skip the + remaining substeps and move on to the next item (if + any).
+- Create a new
+PaymentDetailsModifier+ object.- Set outModifier to the newly created +
+PaymentDetailsModifier.- Set + outModifier.
+supportedMethods+ to a list containing the members of + commonMethods.- Set outModifier.
+totalto + a structured clone of + inModifier.total. +- Set + outModifier.
-additionalDisplayItemsto a structured clone of inModifier.additionalDisplayItems. -- - Append outModifier to modifierList. -
-- - Set
+modifiersto modifierList. +- Append outModifier to + modifierList.
+- Set
+modifiersto + modifierList.- -Invocation
- -- Extension to
-ServiceWorkerGlobalScope-- The Service Worker specification defines a -
-ServiceWorkerGlobalScopeinterface [[!SERVICE-WORKERS]], - which this specification extends. -+Invocation
++ -Extension to
+ServiceWorkerGlobalScopeThe Service Worker specification defines a +
+ServiceWorkerGlobalScopeinterface + [[!SERVICE-WORKERS]], which this specification extends.partial interface ServiceWorkerGlobalScope { attribute EventHandler onpaymentrequest; };--
- -- -
onpaymentrequestattribute- - The
-onpaymentrequestattribute is an event handler - whose corresponding event handler event type is -paymentrequest. -The PaymentRequestEvent interface represents a received - payment request. -
- +- The
-paymentrequestEvent -- The PaymentRequestEvent represents a received payment - request. -
-++
+- +
onpaymentrequestattribute- + The
+onpaymentrequestattribute is an + event handler whose corresponding event + handler event type ispaymentrequest. +The PaymentRequestEvent interface represents a + received payment request.
++ The
+paymentrequestEventThe PaymentRequestEvent represents a received + payment request.
+[Exposed=ServiceWorker] interface PaymentRequestEvent : ExtendableEvent { readonly attribute PaymentAppRequest appRequest; void respondWith(Promise<PaymentAppResponse>appResponse); };--
-- -
appRequestattribute- - This attribute contains the payment app request associated - with this payment request. -
-- -
respondWithmethod- - This method is used by the payment handler to provide a - PaymentAppResponse when the payment successfully completes. -
-- Upon receiving a payment request by way of -
+PaymentRequest.show()and subsequent user selection of a - payment handler, the user agent MUST run the following steps or their equivalent: -+
+- +
appRequestattribute- + This attribute contains the payment app request + associated with this payment request. +
+- +
respondWithmethod- + This method is used by the payment handler to provide a + PaymentAppResponse when the payment successfully + completes. +
+Upon receiving a payment request by way of +
PaymentRequest.show()and subsequent user + selection of a payment handler, the user agent MUST + run the following steps or their equivalent:+
- Let registration be the service worker registration corresponding to the payment handler selected by the user.
-- If registration is not found, reject the Promise that - was created by
PaymentRequest.show()with a - DOMException whose value "InvalidStateError" and - terminate these steps. +- If registration is not found, reject the + Promise that was created by +
-PaymentRequest.show()with a + DOMException whose value + "InvalidStateError" and terminate these steps.- Invoke the Handle Functional Event algorithm with a - service worker registration of registration and - callbackSteps set to the following steps: +
- Invoke the Handle Functional Event algorithm + with a service worker registration of + registration and callbackSteps set + to the following steps:
-
- Set global to the global object that was provided - as an argument.
-- Create a trusted event, - e, that uses the -
+PaymentRequestEventinterface, with the - event typepaymentrequest, which does not bubble, - cannot be canceled, and has no default action.- Set global to the global object that + was provided as an argument.
+- Create a trusted event, e, that + uses the
PaymentRequestEvent+ interface, with the event type +paymentrequest, which does not bubble, + cannot be canceled, and has no default action. +- Set the
appRequestattribute of - e to a new PaymentAppRequest instance, - populated as described in - . + e to a new PaymentAppRequest + instance, populated as described in .- Dispatch e to global.
-- Wait for all of the promises in the extend lifetime - promises of e to resolve.
-- If the payment handler has not provided a payment app - response as described in , reject the Promise that - was created by
PaymentRequest.show()with a - DOMException whose value "OperationError". +- Wait for all of the promises in the extend + lifetime promises of e to resolve. +
+- If the payment handler has not provided a + payment app response as described in + , reject + the Promise that was created by +
PaymentRequest.show()with a + DOMException whose value + "OperationError". +- -- Payment Handler Windows -
- -An invoked payment handler may or may not need to display information - about itself or request user input. Some examples of potential - payment handler displays include:
- --
- -- The payment handler opens a window for the user to provide an authorization code.
-- The payment handler opens a window that makes it easy for the user to confirm payment using default information for that site provided through previous user configuration.
-- When first selected to pay in a given session, the payment handler - opens a window. For subsequent payments in the same session, the payment handler (through configuration) performs its duties without opening a window or requiring user interaction.
-See issue 97 for discussion about opening window in a way that is consistent with payment flow and not confusing to the user. For example, there is consensus that in a desktop environment, a payment handler should not open a window in a new browser tab, as this is too dissociated from the checkout context.
- -User agents SHOULD display the origin of a running payment handler to the user.
- -- - -Payment App Response
- - The payment app response is conveyed using the following - dictionary: -++ +Payment Handler Windows
+An invoked payment handler may or may not need to display + information about itself or request user input. Some examples + of potential payment handler displays include:
++
+- The payment handler opens a window for the user to + provide an authorization code.
+- The payment handler opens a window that makes it easy + for the user to confirm payment using default information + for that site provided through previous user + configuration.
+- When first selected to pay in a given session, the + payment handler opens a window. For subsequent payments in + the same session, the payment handler (through + configuration) performs its duties without opening a window + or requiring user interaction.
+See + issue 97 for discussion about opening window in a way + that is consistent with payment flow and not confusing to the + user. For example, there is consensus that in a desktop + environment, a payment handler should not open a + window in a new browser tab, as this is too dissociated from + the checkout context.
+User agents SHOULD display the origin of a running payment + handler to the user.
++ -Payment App Response
The payment app response + is conveyed using the following dictionary: +dictionary PaymentAppResponse { DOMString methodName; object details; };-- methodNameattribute- The payment method identifier for the payment method - that the user selected to fulfil the transaction. - -- detailsattribute- A JSON-serializable object that provides a payment - method specific message used by the merchant to process the - transaction and determine successful fund transfer. - - -- The user agent receives a successful response from the payment handler - through resolution of the Promise provided to the
-respondWith- function of the corresponding PaymentRequestEvent dictionary. - The application is expected to resolve the Promise with a -PaymentAppResponseinstance containing the - payment response. In case of user cancellation or error, the - application may signal failure by rejecting the Promise. -- If the Promise is rejected, the user agent MUST run the payment app - failure algorithm. The exact details of this algorithm is left for - user agent implementers to decide on. Acceptable behaviors include, - but are not limited to: -
--
-- - Letting the user try again, with the same payment handler or with a - different one. -
-- - Rejecting the Promise that was created by -
-PaymentRequest.show(). -- If this Promise is successfully resolved, the user agent MUST run the - user accepts the payment request algorithm as defined in - [[!PAYMENT-REQUEST-API]], replacing steps 6 and 7 with these steps or - their equivalent: -
--
- -- - Set appResponse to the
-PaymentAppResponse- instance used to resolve the - PaymentRequestEvent.respondWithPromise. -- - If appResponse.
-methodNameis not present or - not set to one of the values from - PaymentRequestEvent.appRequest, run the payment app - failure algorithm and terminate these steps. -- - Create a structured clone of - appResponse.
-methodName- and assign it to - response.methodName. -- - If appResponse.
-detailsis not present, run the - payment app failure algorithm and terminate these steps. -- - Create a structured clone of - appResponse.
-details- and assign it to - response.details. -The following example shows how to respond to a payment request:
-++
- +
methodNameattribute- + The payment method identifier for the payment + method that the user selected to fulfil the + transaction. +
+- +
detailsattribute- + A JSON-serializable object that provides a + payment method specific message used by the + merchant to process the transaction and determine + successful fund transfer. +
+- +
The user agent receives a successful response from the + payment handler through resolution of the Promise + provided to the
+respondWithfunction of the + corresponding PaymentRequestEvent dictionary. The + application is expected to resolve the Promise with a +PaymentAppResponseinstance containing the + payment response. In case of user cancellation or error, + the application may signal failure by rejecting the + Promise.If the Promise is rejected, the user agent MUST run + the payment app failure algorithm. The exact + details of this algorithm is left for user agent + implementers to decide on. Acceptable behaviors include, + but are not limited to:
++
+- Letting the user try again, with the same payment + handler or with a different one.
+- Rejecting the Promise that was created by +
+PaymentRequest.show().If this Promise is successfully resolved, the user + agent MUST run the user accepts the payment request + algorithm as defined in [[!PAYMENT-REQUEST-API]], + replacing steps 6 and 7 with these steps or their + equivalent:
++
+- Set appResponse to the +
+PaymentAppResponseinstance used to + resolve the + PaymentRequestEvent.respondWith+ Promise. +- If appResponse.
+methodName+ is not present or not set to one of the values from + PaymentRequestEvent.appRequest, run + the payment app failure algorithm and + terminate these steps. +- Create a structured clone of + appResponse.
+methodNameand + assign it to + response.methodName. +- If appResponse.
+detailsis + not present, run the payment app failure + algorithm and terminate these steps. +- Create a structured clone of + appResponse.
+detailsand assign + it to response.details. +The following example shows how to respond to a + payment request:
+paymentRequestEvent.respondWith(new Promise(function(accept,reject) { /* ... processing may occur here ... */ accept({ @@ -1068,26 +1031,30 @@- -Payment App Response
}); });- [[!PAYMENT-REQUEST-API]] defines a
-paymentRequestID- that parties in the ecosystem (including payment app providers - and payees) may use for reconciliation after network or other - failures.- +Example of handling the
-paymentrequestevent- This example shows how to write a service worker that listens to the - paymentrequest event. When a payment request event is received, the - service worker opens a window in order to interact with the user. -
- -Per issue 97, we expect not to use clients.OpenWindow and instead await a proposal for a new openClientWindow method. We will need to update these examples.
- - -+[[!PAYMENT-REQUEST-API]] defines a +
+ + +paymentRequestIDthat parties in the + ecosystem (including payment app providers and payees) + may use for reconciliation after network or other + failures.+ - -Example of handling the
+paymentrequest+ eventThis example shows how to write a service worker that + listens to the paymentrequest event. When a payment request + event is received, the service worker opens a window in order + to interact with the user.
+Per + issue 97, we expect not to use + clients.OpenWindow and instead await a proposal for a new + openClientWindow method. We will need to update these + examples.
+self.addEventListener('paymentrequest', function(e) { e.respondWith(new Promise(function(resolve, reject) { self.addEventListener('message', listener = function(e) { @@ -1109,10 +1076,12 @@-Example of handling the
})); });paymentrequesteventUsing the simple scheme described above, a trivial HTML page that is - loaded into the payment handler window to implement the basic - card scheme might look like the following:
-+Using the simple scheme described above, a trivial HTML + page that is loaded into the payment handler window to + implement the basic card scheme might look like the + following:
+<html> <body> <form id="form"> <table> <tr><th>Cardholder Name:</th><td><input name="cardholderName"></td></tr> @@ -1148,50 +1117,70 @@- -Example of handling the
}); </script> </body> </html>paymentrequestevent- -Security and Privacy Considerations
-- -Information about the User Environment
--
-- The API does not share information about the user's registered payment handlers. Information from origins is only shared with the payee with the consent of the user.
-- Similarly, user agents should not share payment request information with any payment handler until the user has selected that payment handler.
-- -User Consent before Payment
--
-- One goal of this specification is to minimize the user interaction required to make a payment. At the same time, user agents must not permit combinations of configurations that would enable invoking Web sites to invoke payment request and receive payments silently.
-- -Secure Communications
--
-- See Service Worker security considerations
-- Payment method security is outside the scope of this specification and is addressed by payment handlers that support those payment methods.
-- -Payment App Authenticity
-The Web Payments Working Group is also discussing - Payment App authenticity; see the (draft) Payment Method Manifest.
-- Data Validation
--
+- Payees should validate that the data they have received through the paymentRequest API is what they expect (e.g., the total that was paid, etc.).
-- Private Browsing Mode
--
+- When the Payment Request API is invoked in a "private browsing mode," the user agent should launch payment handlers in a private context. This will generally prevent sites from accessing any previously-stored information. In turn, this is likely to require either that the user log in to the origin or re-enter payment instrument details.
-+ -Security and Privacy Considerations
++ +Information about the User Environment
++
+- The API does not share information about the user's + registered payment handlers. Information from origins is + only shared with the payee with the consent of the + user.
+- Similarly, user agents should not share payment request + information with any payment handler until the user has + selected that payment handler.
++ +User Consent before Payment
++
+- One goal of this specification is to minimize the user + interaction required to make a payment. At the same time, + user agents must not permit combinations of configurations + that would enable invoking Web sites to invoke payment + request and receive payments silently.
++ +Secure Communications
++
+- See + Service Worker security considerations +
+- Payment method security is outside the scope of this + specification and is addressed by payment handlers that + support those payment methods.
++ +Payment App Authenticity
+The Web Payments Working Group is also + discussing Payment App authenticity; see the (draft) + Payment Method Manifest.
++ +Data Validation
++
+- Payees should validate that the data they have received + through the paymentRequest API is what they expect (e.g., + the total that was paid, etc.).
++ Private Browsing Mode
++
+- When the Payment Request API is invoked in a "private + browsing mode," the user agent should launch payment + handlers in a private context. This will generally prevent + sites from accessing any previously-stored information. In + turn, this is likely to require either that the user log in + to the origin or re-enter payment instrument details.
+