The Payment Request API provides a standard way to initiate payment requests from Web pages and applications. User agents implementing that API prompt the user to select a way to handle the payment request, after which the user agent returns a payment response to the originating site. This specification defines capabilities that enable Web applications to handle payment requests.
Status of This Document
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
The Web Payments Working Group maintains a list of all bug
reports that the group has not yet addressed. This draft highlights some of the pending issues that are still to be discussed in the working group. No decision has been taken on the outcome of these issues including whether they are valid. Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This document was published by the Web Payments Working Group as a Working Draft. This document is intended to become a W3C Recommendation.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
The Web Payments Working Group seeks to streamline payments on the Web to help reduce "shopping cart abandonment" and make it easier to deploy new payment methods on the Web. It has published the Payment Request API [payment-request] as a standard way to initiate payment requests from E-Commerce Web sites and applications.
A payment app is a Web application that can handle payment requests on behalf of the user. This specification defines a number of new Web platform features to handle payment requests:
An origin-based permission to handle payment request events.
An extension to the service worker registration interface (PaymentManager) to manage the definition, display, and user selection of PaymentInstruments.
A mechanism to respond to the PaymentRequestEvent.
This specification does not address how software built with operating-system specific mechanisms (e.g., "native mobile apps") handle payment requests.
The term "payment app" may be useful as a shorthand for "Web app that can handle payments with Payment Request API."
2. Conformance
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, NOT REQUIRED, SHOULD, and SHOULD NOT are to be interpreted as described in [RFC2119].
This specification defines one class of products:
Conforming user agent
A user agentMUST behave as described in this specification to be considered conformant. In this specification, user
agent means a Web browser or other interactive user
agent as defined in [HTML5].
User agents MAY implement algorithms given in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained by the specification's algorithms.
A conforming Payment Handler API user agent MUST also be a
conforming implementation of the IDL fragments of this specification, as described in the “Web IDL” specification. [
WEBIDL-LS]
Note
3. Dependencies
This specification relies on several other underlying specifications.
The term JSON-serialize applied to a given object means to run the algorithm specified by the original value of the JSON.stringify function on the supplied object, passing the supplied object as the sole argument, and return the resulting string. This can throw an exception.
Payment Method Identifiers
The terms payment method
identifier is defined by the Payment Method Identifier specification [payment-method-id].
An origin requests permission from the user to handle payment requests for a set of supported payment methods. For example, a user visiting a retail or bank site may be prompted to register a payment handler from that origin. The origin establishes the scope of the permission but the origin's capabilities may evolve without requiring additional user consent. Although from a permissions perspective there is a single Web app per origin, this specification provides mechanisms to origins for flexible structuring and display of instruments and wallets.
[Optionally] the conditions under which the handler supports a given payment method; these capabilities play a role in matching computations.
Information for organizing the display and grouping of
instruments and
wallets supported by the payment handler.
When the merchant (or other payee) calls the [
payment-request] method show() (e.g., when the user pushes a button on a checkout page), the user agent computes a list of candidate payment handlers, comparing the payment methods accepted by the merchant with those supported by registered payment handlers. For payment methods that support additional filtering, merchant and payment handler capabilities are compared as part of determining whether there is a match.
The user agent displays a set of choices to the user: the registered instruments of the candidate payment handlers. The user agent displays and groups these choices according to information (labels and icons) provided at registration or otherwise available from the Web app.
Once activated, the payment handler performs whatever steps are necessary to handle the payment
request, and return an appropriate payment response to the
payee. If interaction with the user is necessary, the payment
handler can open a window for that purpose.
The user agent receives a response asynchronously once the payment handler has finished handling the request. The response becomes the PaymentResponse (of [payment-request]).
Note
An origin may implement a payment app with more than one service worker and therefore multiple payment handlers may be registered per origin. The handler that is invoked is determined by the selection made by the user of a payment
instrument. The service worker which stored the payment instrument with its
PaymentManager is the one that will be invoked.
4.1 Handling a Payment Request
This section is non-normative.
The logic of a payment handler is driven by the payment methods that it supports. Some payment methods, such as basic-card expect little to no processing by the payment handler which simply returns payment card details in the response. It is then the job of the payee website to process the payment using the returned data as input.
In contrast, some payment methods, such as a crypto-currency payments or bank originated credit transfers, require that the payment handler initiate processing of the payment. In such cases the payment handler will return a payment reference, endpoint URL or some other data that the payee website can use to determine the outcome of the payment (as opposed to processing the payment itself).
Handling a payment request may include numerous interactions: with the user through a new window or other APIs (such as [
WebCryptoAPI]) or with other services and origins through web requests or other means.
This specification does not address these activities that occur between the payment handler accepting the PaymentRequestEvent and the payment handler returning a response. All of these activities which may be required to configure the payment handler and handle the payment request, are left to the implementation of the payment handler, including:
how the user establishes an account with an origin that provides payment services.
how an origin authenticates a user.
how communication takes place between the payee server and the payee Web application, or between a payment app origin and other parties.
Thus, an origin will rely on many other Web technologies defined elsewhere for lifecycle management, security, user authentication, user interaction, and so on.
4.2 Structure of a Web Payment App
This section is non-normative.
Figure 1
A Web payment app is associated with an origin. Payment handlers
respond to PaymentRequestEvents. PaymentManagers manage the
definition, display, and user selection of PaymentInstruments. A
PaymentInstrument supports one or more payment methods. A
PaymentWallet contains one or more PaymentInstruments and may be
used to enhance the user experience (e.g., business wallet and
personal wallet).
4.3 Relation to Other Types of Payment Apps
This section is non-normative.
This specification does not address how third-party mobile payment apps interact (through proprietary mechanisms) with user agents, or how user agents themselves provide simple payment app functionality.
Figure 2
Payment Handler API enables Web apps to handle payments. Other
types of payment apps may use other (proprietary) mechanisms.
5. Registration
5.1 Extension to the ServiceWorkerRegistration interface
This specification extends the ServiceWorkerRegistration interface with the addition of a paymentManager attribute.
The PaymentManager is used by payment apps to manage their associated wallets, instruments and supported payment methods.
5.2.1 instruments attribute
This attribute allows manipulation of payment instruments associated with a service worker (and therefore its payment handler). To be a candidate payment handler, a handler must have at least one registered payment instrument to present to the user. That instrument needs to match the payment methods and required capabilities specified by the payment request.
5.2.2 wallets attribute
This attribute is used to group payment instruments (e.g., to group together "business account" payment instruments separately from "personal account" payment instruments). Developers can provide a name and icon for such a group. The use of this grouping mechanism by payment handlers is completely optional. If payment handlers use this grouping mechanism, then matching payment instruments that do not appear in any groups should still be presented to users by the user agent for selection.
Issue 98: Support grouped display of payment instruments?
Should the API support providing grouping information ("wallets") to the user agent? What should requirements be on user agents to display or provide for user interaction with this information?
5.2.3 requestPermission() method
Note
The user agent is NOT REQUIRED to prompt the user to grant permission to the origin for each new supported payment method.
When called, this method executes the following steps:
If permission is "prompt", ask the user whether allowing adding new payment instruments for the current settings object's origin is acceptable. If it is, set permission to "granted", and "denied" otherwise.
The PaymentInstruments interface represents a collection of payment instruments, each uniquely identified by an
instrumentKey. The instrumentKey identifier will be passed to the payment handler to indicate the
PaymentInstrument selected by the user.
5.3.1 delete() method
When called, this method executes the following steps:
Let p be a new promise.
Run the following steps in parallel:
If the collection contains a PaymentInstrument with a matching instrumentKey, remove it from the collection and resolve p with true.
Otherwise, resolve p with false.
Return p
5.3.2 get() method
When called, this method executes the following steps:
The name member is a string that represents the label for this PaymentInstrument as it is usually displayed to the user.
icons member
The icons member is an array of image objects that can serve as iconic representations of the payment instrument when presented to the user for selection.
The capabilities member is a list of payment-method-specific capabilities that this payment handler is capable of supporting for this instrument. For example, for the basic-card payment method, this object will consist of an object with two fields: one for supportedNetworks, and another for
supportedTypes.
The src member is used to specify the ImageObject's source. It is a URL from which the user agent can fetch the image’s data.
sizes member
The sizes member is used to specify the ImageObject's sizes. It follows the spec of sizes member in HTML link element, which is a string consisting of an unordered
set of unique space-separated tokens which are ASCII case-insensitive that represents the dimensions of an image. Each keyword is either an
ASCII
case-insensitive match for the string "any", or a value that consists of two valid non-negative integers that do not have a leading U+0030 DIGIT ZERO (0) character and that are separated by a single U+0078 LATIN SMALL LETTER X or U+0058 LATIN CAPITAL LETTER X character. The keywords represent icon sizes in raw pixels (as opposed to CSS pixels). When multiple image objects are available, a user agent MAY use the value to decide which icon is most suitable for a display context (and ignore any that are inappropriate). The parsing steps for the sizes member MUST follow the parsing steps for
HTML link element sizes attribute.
type member
The type member is used to specify the ImageObject's MIME type. It is a hint as to the media type of the image. The purpose of this member is to allow a user agent to ignore images of media types it does not support.
5.8
Convert image objects
When this algorithm with inputImages parameter is invoked, the user agent must run the following steps:
According to the step 2.3, it is also possible to use the relative url for image.src. The following examples illustrate how relative URL resolution works in different execution contexts.
Example 1: Resolving the relative URL of image.src in window context.
After applying the matching algorithm defined in Payment Request API, the user agent displays a list of instruments from matching payment apps for the user to make a selection. This specification includes a limited number of display requirements; most user experience details are left to implementers.
6.1 Ordering of Payment Handlers
The user agent MUST favor user-side order preferences (based on user configuration or behavior) over payee-side order preferences.
The user agent MUST display matching payment handlers in an order that corresponds to the order of supported payment methods provided by the payee, except where overridden by user-side order preferences.
The user agent SHOULD allow the user to configure the display of matching payment handlers to control the ordering and define preselected defaults.
Issue 116: PR API payment method ordering and relation to this spec.
The second bullet above may be deleted based on PR API issue
481.
The following are examples of payment handler ordering:
For a given Web site, display payment handlers in an order that reflects usage patterns for the site (e.g., a frequently used payment handler at the top, or the most recently used payment handler at the top).
Enable the user to set a preferred order for a given site or for all sites.
If the origin of the site being visited by the user matches the origin of a payment handler, show the payment handler at the top of the list.
The Working Group has discussed two types of merchant preferences related to payment apps: (1) highlighting merchant-preferred payment apps already registered by the user and (2) recommending payment apps not yet registered by the user. The current draft of the specification does not address either point, and the Working Group is seeking feedback on the importance of these use cases. Note that for the second capability, merchants can recommend payment apps through other mechanisms such as links from their web sites.
6.2 Display of Instruments
The user agent MUST enable the user to select any displayed instrument.
At a minimum, we expect user agents to display an icon and label for each matching origin to help the user make a selection.
In some contexts (e.g., a desktop browser) it may be possible to improve the user experience by offering additional detail to the user. For example, if the user's "bank.com" origin knows about two credit cards (thus, two potential responses to the same payment method "basic-card"), the user agent could display each credit card's brand and the last four digits of the card to remind the user which cards the origin knows about.
Issue: Display
In issue
98 there has been push-back to always requiring display of instruments (e.g., on a mobile devices). User agents can incrementally show instruments. Or user agents can return an empty instrumentKey and it becomes the payment app's responsibility to display instruments to the user.
6.3 Grouping of Instruments
At times, the same origin may wish to group instruments with greater flexibility and granularity than merely "by origin." These use cases include:
White label wallets - one origin provides wallet services for multiple vendors
Multiple user profiles with a single provider (e.g., business wallet vs personal wallet)
Multiple instruments held with a single provider
A Wallet is a grouping of instruments for display purposes.
To enable developers to build payment apps in a variety of ways, we decouple the registration (and subsequent display) of instruments from how payment handlers respond to a PaymentRequestEvent. However, the user agent is responsible for communicating the user's selection in the event.
6.4 Selection of Instruments
Users agents may wish to enable the user to select individual displayed Instruments. The payment handler would receive information about the selected Instrument and could take action, potentially eliminating an extra click (first open the payment app then select the Instrument).
Issue: selection
Again related to issue 98: Should we require that, if displayed, individual instruments must be selectable? Or should we allow flexibility that instruments may be displayed, but selecting any one invokes all registered payment handlers? One idea that has been suggested: the user agent (e.g., on a mobile device) could first display the app-level icon/logo. Upon selection, the user agent could display the Instruments in a submenu.
Issue 117: Support for Abort() being delegated to Payment Handler
Payment Request API supports delegation of responsibility to manage an abort to a payment app. There is a proposal to add a paymentRequestAborted event to the Payment Handler interface. The event will have a respondWith method that takes a boolean parameter indicating if the paymentRequest has been successfully aborted.
This attribute is a string that indicates the origin of the top level payee web page. The string MUST be formatted according to the "Unicode Serialization of an Origin" algorithm defined in section 6.1 of [RFC6454].
7.2.2 paymentRequestOrigin attribute
This attribute is a string that indicates the origin where a PaymentRequest was initialized. When a PaymentRequest is initialized in the
topLevelOrigin, the attributes have the same value, otherwise the attributes have different values. For example, when a
PaymentRequest is initialized within an iframe from an origin other than topLevelOrigin, the value of this attribute is the origin of the iframe. The string MUST be formatted according to the "Unicode
Serialization of an Origin" algorithm defined in section 6.1 of [
RFC6454].
This sequence of PaymentDetailsModifier dictionaries contains modifiers for particular payment method identifiers (e.g., if the payment amount or currency type varies based on a per-payment-method basis). It is populated from the
PaymentRequest using the Modifiers Population
Algorithm defined below.
Should payment apps receive user data stored in the user agent upon explicit consent from the user? The payment app could request permission either at installation or when the payment app is first invoked.
The topLevelOrigin, paymentRequestOrigin,
paymentRequestId, methodData,
total, modifiers, and
instrumentKey members share their definitions with those defined for PaymentRequestEvent
7.2.11
MethodData Population Algorithm
To initialize the value of the methodData, the user agent
MUST perform the following steps or their equivalent:
An invoked payment handler may or may not need to display information about itself or request user input. Some examples of potential payment handler displays include:
The payment handler opens a window for the user to provide an authorization code.
The payment handler opens a window that makes it easy for the user to confirm payment using default information for that site provided through previous user configuration.
When first selected to pay in a given session, the payment handler opens a window. For subsequent payments in the same session, the payment handler (through configuration) performs its duties without opening a window or requiring user interaction.
A payment handler that requires visual display and user interaction, may call openWindow() to display a page to the user.
Note
Since user agents know that this method is connected to the
PaymentRequestEvent, they SHOULD render the window in a way that is consistent with the flow and not confusing to the user. The resulting window client is bound to the tab/window that initiated the
PaymentRequest. A single payment handlerSHOULD NOT be allowed to open more than one client window using this method.
This example shows how to write a service worker that listens to the
PaymentRequestEvent. When a PaymentRequestEvent is received, the service worker opens a window to interact with the user.
The Web Payments Working Group plans to revisit these two examples.
Using the simple scheme described above, a trivial HTML page that is loaded into the payment handler window to implement the
basic card scheme might look like the following:
Example 5: Simple Payment Handler Window
<formid="form"><table><tr><th>Cardholder Name:</th><td><inputname="cardholderName"></td></tr><tr><th>Card Number:</th><td><inputname="cardNumber"></td></tr><tr><th>Expiration Month:</th><td><inputname="expiryMonth"></td></tr><tr><th>Expiration Year:</th><td><inputname="expiryYear"></td></tr><tr><th>Security Code:</th><td><inputname="cardSecurityCode"></td></tr><tr><th></th><td><inputtype="submit"value="Pay"></td></tr></table></form><script>window.addEventListener("message", function(e) {
var form = document.getElementById("form");
/* Note: message sent from payment app is available in e.data */
form.onsubmit = function() {
/* See https://w3c.github.io/webpayments-methods-card/#basiccardresponse */var basicCardResponse = {};
[ "cardholderName", "cardNumber","expiryMonth","expiryYear","cardSecurityCode"]
.forEach(function(field) {
basicCardResponse[field] = form.elements[field].value;
});
/* See https://w3c.github.io/payment-handler/#paymenthandlerresponse-dictionary */var paymentAppResponse = {
methodName: "basic-card",
details: details
};
e.source.postMessage(paymentAppResponse);
window.close();
}
});
</script>
9. Response
9.1 PaymentHandlerResponse dictionary
The PaymentHandlerResponse is conveyed using the following dictionary:
A JSON-serializable object that provides a payment
method specific message used by the merchant to process the transaction and determine successful fund transfer.
The user agent receives a successful response from the payment handler through resolution of the Promise provided to the
respondWith() function of the corresponding PaymentRequestEvent dictionary. The application is expected to resolve the Promise with a PaymentHandlerResponse instance containing the payment response. In case of user cancellation or error, the application may signal failure by rejecting the Promise.
If the Promise is rejected, the user agent MUST run the
payment app failure algorithm. The exact details of this algorithm are left to implementers. Acceptable behaviors include, but are not limited to:
Letting the user try again, with the same payment handler or with a different one.
[payment-request] defines an ID that parties in the ecosystem (including payment app providers and payees) may use for reconciliation after network or other failures.
10. Security and Privacy Considerations
10.1 Information about the User Environment
The API does not share information about the user's registered payment handlers. Information from origins is only shared with the payee with the consent of the user.
Similarly, user agents should not share payment request information with any payment handler until the user has selected that payment handler.
10.2 User Consent before Payment
One goal of this specification is to minimize the user interaction required to make a payment. At the same time, user agents must not permit combinations of configurations that would enable invoking Web sites to invoke payment request and receive payments silently.
Payment method security is outside the scope of this specification and is addressed by payment handlers that support those payment methods.
10.4 Payment App Authenticity
Note
The Web Payments Working Group is also discussing Payment App authenticity; see the (draft) Payment Method
Manifest.
10.5 Data Validation
Payees should validate that the data they have received through the paymentRequest API is what they expect (e.g., the total that was paid, etc.).
10.6 Private Browsing Mode
When the Payment Request API is invoked in a "private browsing mode," the user agent should launch payment handlers in a private context. This will generally prevent sites from accessing any previously-stored information. In turn, this is likely to require either that the user log in to the origin or re-enter payment instrument details.
