Abstract

This specification defines payment method identifiers and how they are validated, and, where applicable, minted and formally registered with the W3C. Other specifications (e.g., the Payment Request API) make use of these identifiers to facilitate monetary transactions on the web platform.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

The working group will demonstrate implementation experience by producing an implementation report. The report will show two or more independent implementations passing each mandatory test in the test suite (i.e., each test the corresponds to a MUST requirement of the specification).

There has been no change in dependencies on other workings groups during the development of this specification.

Note

Please file any issues with this specification in the payment method identifiers repository on GitHub.

This document was published by the Web Payments Working Group as a Candidate Recommendation. This document is intended to become a W3C Recommendation. W3C publishes a Candidate Recommendation to indicate that the document is believed to be stable and to encourage implementation by the developer community. This Candidate Recommendation is expected to advance to Proposed Recommendation no earlier than 31 October 2017.

Please see the Working Group's implementation report.

Publication as a Candidate Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 March 2017 W3C Process Document.

1. Payment method identifiers (PMIs)

A payment method identifier is either a:

1.1 Validity

Specifications that rely on payment method identifiers MUST specify their own rules for handling invalid payment method identifiers.

The steps to validate a payment method identifier with a string pmi are given by the following algorithm. It returns true if the pmi is valid.

  1. Let url be the result of running the basic URL parser with pmi.
  2. If url is failure, validate a standardized payment method identifier with pmi and return the result.
  3. Otherwise, validate a URL-based payment method identifier passing url and return the result.

2. URL-based payment method identifiers

A URL-based payment method identifier is a URL that is valid as per the steps to validate a URL-based payment method identifier.

Note

Developers wanting to use a URL-based payment method identifier for a third party payment handler are encouraged to read the Payment Method Best Practice document.

2.1 Validation

The steps to validate a URL-based payment method identifier are given by the following algorithm. The algorithm takes a URL url as input and returns true if the URL is valid:

  1. If url's scheme is not "https", return false.
  2. If url's username or password is not the empty string, return false.
  3. Otherwise, return true.
Example 1: valid and invalid URL-based PMIs
const valid = [
  {
    supportedMethods: "https://example.com/pay",
  },
  {
    supportedMethods: "https://example.com/pay?version=1",
  },
  {
    supportedMethods: "https://example.com/pay/version/1",
  },
];

const invalid = [
  {
    // ❌ Uses http://, a username, and a password.
    supportedMethods: "http://username:password@example.com/pay",
  },
  {
    // ❌ Uses unknown URI scheme.
    supportedMethods: "unknown://example.com/pay",
  },
];

2.2 Comparison

User agents MUST perform comparisons of URL-based payment method identifiers using equals. [URL]

2.3 Fetching (dereferencing)

It is OPTIONAL for user agents to fetch a URL-based payment method identifier.

3. Standardized payment method identifiers

A standardized payment method identifier is a string that represents a standardized payment method.

The syntax of a standardized payment method identifier is given by the following [ABNF]: 

        stdpmi = part *( "-" part )
        part = 1loweralpha *( DIGIT / loweralpha )
        loweralpha =  %x61-7A

User agents MAY support zero or more standardized payment method identifiers listed in section 4. Registry of standardized payment methods .

3.1 Validity

The steps to validate a standardized payment method identifier are given by the following algorithm. The algorithm takes a string as input and returns true if the identifier is valid:

  1. Return true if string conforms to the syntax of a standardized payment method identifier. Otherwise, return false.
Note

3.2 Comparison

For standardized payment method identifiers, user agents MUST compare strings in a case-sensitive manner (code point for code point).

4. Registry of standardized payment methods

This section is non-normative.

Note

A standardized payment method is a payment method that has undergone standardization at the W3C, and is listed in this registry.

The Working Group has minted the following standardized payment method identifiers:

"basic-card"
The Basic Card Payment specification.

5. Privacy and security consideration

There are no known privacy or security concerns to be taken into considerations at this time.

A. References

A.1 Normative references

[ABNF]
Augmented BNF for Syntax Specifications: ABNF. D. Crocker, Ed.; P. Overell. IETF. January 2008. Internet Standard. URL: https://tools.ietf.org/html/rfc5234
[HTML]
HTML Standard. Anne van Kesteren; Domenic Denicola; Ian Hickson; Philip Jägenstedt; Simon Pieters. WHATWG. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[URL]
URL Standard. Anne van Kesteren. WHATWG. Living Standard. URL: https://url.spec.whatwg.org/
[WHATWG-FETCH]
Fetch Standard. Anne van Kesteren. WHATWG. Living Standard. URL: https://fetch.spec.whatwg.org/

A.2 Informative references

[payment-method-basic-card]
Basic Card Payment. Adrian Bateman; Zach Koch; Roy McElmurry; Marcos Caceres. W3C. 27 July 2017. W3C Working Draft. URL: https://www.w3.org/TR/payment-method-basic-card/
[payment-request]
Payment Request API. Adrian Bateman; Zach Koch; Roy McElmurry; Domenic Denicola; Marcos Caceres. W3C. 11 September 2017. W3C Working Draft. URL: https://www.w3.org/TR/payment-request/