The Payment Request API provides a standard way to initiate payment requests from Web pages and applications. User agents implementing that API prompt the user to select a way to handle
the payment request, after which the user agent returns a payment response to the originating site. This specification defines capabilities that enable Web applications to handle payment requests.
Status of This Document
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
The Web Payments Working Group maintains a list of all bug
reports that the group has not yet addressed. This draft highlights some of the pending issues that are still to be discussed in the working group. No decision has been taken on the outcome of these issues including whether they are valid.
Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This document was published by the Web Payments Working Group as a Working Draft. This document is intended to become a W3C Recommendation.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate
to cite this document as other than work in progress.
The Web Payments Working Group seeks to streamline payments on the Web to help reduce "shopping cart abandonment" and make it easier to deploy new payment methods on the Web. It has published the Payment Request API [payment-request]
as a standard way to initiate payment requests from E-Commerce Web sites and applications.
A payment app is a Web application that can handle payment requests on behalf of the user. This specification defines a number of new Web platform features to handle payment requests:
An origin-based permission to handle payment request events.
An extension to the service worker registration interface (PaymentManager) to manage the definition, display, and user selection of PaymentInstruments.
A mechanism to respond to the PaymentRequestEvent.
This specification does not address how software built with operating-system specific mechanisms (e.g., "native mobile apps") handle payment requests.
The term "payment app" may be useful as a shorthand for "Web app that can handle payments with Payment Request API."
2. Conformance
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, NOT REQUIRED, SHOULD, and SHOULD NOT are to be interpreted as described in [RFC2119].
This specification defines one class of products:
Conforming user agent
A user agentMUST behave as described in this specification to be considered conformant. In this specification, user
agent means a Web browser or other interactive user
agent as defined in [HTML5].
User agents MAY implement algorithms given in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained by the specification's
algorithms.
A conforming Payment Handler API user agent MUST also be a
conforming implementation of the IDL fragments of this specification, as described in the “Web IDL” specification. [
WEBIDL-LS]
Note
3. Overview of Handling Payment Requests
In this document we envision the following flow:
An origin requests permission from the user to handle payment requests for a set of supported payment methods. For example, a user visiting a retail or bank site may be prompted to register a payment handler from that origin. The origin establishes
the scope of the permission but the origin's capabilities may evolve without requiring additional user consent.
[Optionally] the conditions under which the handler supports a given payment method; these capabilities play a role in matching computations.
Information used in the display of instruments supported by the payment handler.
When the merchant (or other payee) calls the [
payment-request] method show() (e.g., when the user pushes a button on a checkout page),
the user agent computes a list of candidate payment handlers, comparing the payment methods accepted by the merchant with those supported by registered payment handlers. For payment methods that support additional filtering, merchant and
payment handler capabilities are compared as part of determining whether there is a match.
The user agent displays a set of choices to the user: the registered instruments of the candidate payment
handlers. The user agent displays these choices using information (labels and icons) provided at registration or otherwise available from the Web app.
Once activated, the payment handler performs whatever steps are necessary to handle the payment
request, and return an appropriate payment response to the
payee. If interaction with the user is necessary, the payment
handler can open a window for that purpose.
The user agent receives a response asynchronously once the payment handler has finished handling the request. The response becomes the PaymentResponse (of [payment-request]).
Note
An origin may implement a payment app with more than one service worker and therefore multiple payment handlers may be registered per origin. The handler that
is invoked is determined by the selection made by the user of a payment
instrument. The service worker which stored the payment instrument with its
PaymentManager is the one that will be invoked.
3.1 Handling a Payment Request
This section is non-normative.
The logic of a payment handler is driven by the payment methods that it supports. Some payment methods, such as basic-card expect little to no
processing by the payment handler which simply returns payment card details in the response. It is then the job of the payee website to process the payment using the returned data as input.
In contrast, some payment methods, such as a crypto-currency payments or bank originated credit transfers, require that the payment handler initiate processing of the payment. In such cases the payment handler will return a payment reference, endpoint
URL or some other data that the payee website can use to determine the outcome of the payment (as opposed to processing the payment itself).
Handling a payment request may include numerous interactions: with the user through a new window or other APIs (such as [
WebCryptoAPI]) or with other services and origins through web requests or other means.
This specification does not address these activities that occur between the payment handler accepting the PaymentRequestEvent and the payment
handler returning a response. All of these activities which may be required to configure the payment handler and handle the payment request, are left to the implementation of the payment handler, including:
how the user establishes an account with an origin that provides payment services.
how an origin authenticates a user.
how communication takes place between the payee server and the payee Web application, or between a payment app origin and other parties.
Thus, an origin will rely on many other Web technologies defined elsewhere for lifecycle management, security, user authentication, user interaction, and so on.
This specification does not address how third-party mobile payment apps interact (through proprietary mechanisms) with user agents, or how user agents themselves provide simple payment app functionality.
Figure 2
Payment Handler API enables Web apps to handle payments. Other
types of payment apps may use other (proprietary) mechanisms.
4. Registration
4.1 Extension to the ServiceWorkerRegistration interface
This specification extends the ServiceWorkerRegistration interface with the addition of a paymentManager attribute.
The PaymentManager is used by payment apps to manage their associated instruments and supported
payment methods.
4.2.1 instruments attribute
This attribute allows manipulation of payment instruments associated with a service worker (and therefore its payment handler). To be a candidate payment handler, a handler must have at least one registered payment instrument to present to the user. That
instrument needs to match the payment methods and required capabilities specified by the payment request.
4.2.2 requestPermission() method
Note
The user agent is NOT REQUIRED to prompt the user to grant permission to the origin for each new supported payment method or new payment instrument.
When called, this method executes the following steps:
Let p be a new promise.
Return p and perform the remaining steps in parallel:
If permission is "prompt", ask the user whether allowing adding new payment instruments for the current settings object's origin is acceptable.
If it is, set permission to "granted", and "denied" otherwise.
Resolve p with permission.
4.2.3 userHint attribute
When displaying payment handler name and icon, the user agent may use this string to improve the user experience. For example, a user hint of "**** 1234" can remind the user that a particular card is available through this payment handler. When a agent
displays all payment instruments available through a payment handler, it may cause confusion to display the additional hint.
The PaymentInstruments interface represents a collection of payment instruments, each uniquely identified by an
instrumentKey. The instrumentKey identifier will be passed to the payment handler to indicate the
PaymentInstrument selected by the user, if any.
4.3.1 delete() method
When called, this method executes the following steps:
Let p be a new promise.
Return p and perform the remaining steps in parallel:
If the collection contains a PaymentInstrument with a matching instrumentKey, remove it from the collection and resolve p with true.
Otherwise, resolve p with false.
4.3.2 get() method
When called, this method executes the following steps:
Let p be a new promise.
Return p and perform the remaining steps in parallel:
The name member is a string that represents the label for this PaymentInstrument as it is usually displayed to the user.
icons member
The icons member is an array of image objects that can serve as iconic representations of the payment instrument when presented to
the user for selection.
The capabilities member is a list of payment-method-specific capabilities that this payment handler is capable of supporting
for this instrument. For example, for the
basic-card payment method, this object will consist of an object with two fields: one for supportedNetworks,
and another for supportedTypes.
The src member is used to specify the ImageObject's source.
It is a URL from which the user agent can fetch the image’s data.
sizes member
The sizes member is used to specify the
ImageObject's sizes. It follows the spec of sizes member in HTML link element,
which is a string consisting of an unordered
set of unique space-separated tokens which are ASCII case-insensitive that represents the dimensions of an image. Each keyword is either an
ASCII
case-insensitive match for the string "any", or a value that consists of two valid non-negative integers that do not have a leading U+0030 DIGIT ZERO (0) character and that are separated by a single U+0078 LATIN
SMALL LETTER X or U+0058 LATIN CAPITAL LETTER X character. The keywords represent icon sizes in raw pixels (as opposed to CSS pixels). When multiple image objects are available, a user agent MAY use the value to decide which icon is most suitable for a display context (and ignore any that are inappropriate). The parsing steps for the sizes member
MUST follow the parsing
steps for HTML link element sizes attribute.
type member
The type member is used to specify the
ImageObject's MIME type. It is a hint as to the media type of the image. The purpose of this member is to allow a user agent to ignore images
of media types it does not support.
4.3.9
Convert image objects
When this algorithm with inputImages parameter is invoked, the user agent must run the following steps:
According to the step 2.3, it is also possible to use the relative url for image.src. The following examples
illustrate how relative URL resolution works in different execution contexts.
Example 1: Resolving the relative URL of image.src in window context.
Example 2: Resolving the relative URL of image.src in service worker context.
// In this example, code is located in https://www.example.com/register/sw.jsconst instrumentKey = "c8126178-3bba-4d09-8f00-0771bcfd3b11";
await self.registration.paymentManager.paymentInstruments.set({
instrumentKey,
{
name: "My Bob Pay Account: john@example.com",
enabledMethods: ["https://bobpay.com/"],
icons: [{
src: "../bobpay/icon/lowres.webp",
sizes: "48x48",
type: "image/webp"
}]
});
const { storedInstrument } =
await registration.paymentManager.paymentInstruments.get(instrumentKey);
// storedInstrument.icons[0].src == "https://www.example.com/bobpay/icon/lowres.webp";
4.3.10 Registration Example
This section is non-normative.
The following example shows how to register a payment handler:
Example 3: Payment Handler Registration
button.addEventListener("click", async() => {
if (!window.PaymentManager) {
return; // not supported, so bail out.
}
const result = await PaymentManager.requestPermission();
if (result !== "granted") {
return;
}
const { registration } =
await navigator.serviceWorker.register('/sw.js');
// Excellent, we got it! Let's now set up the user's cards.await addInstruments(registration);
}, { once: true });
functionaddInstruments(registration) {
returnPromise.all([
registration.paymentManager.instruments.set(
"dc2de27a-ca5e-4fbd-883e-b6ded6c69d4f",
{
name: "Visa ending ****4756",
enabledMethods: ["basic-card"],
capabilities: {
supportedNetworks: ['visa'],
supportedTypes: ['credit']
}
}),
registration.paymentManager.instruments.set(
"c8126178-3bba-4d09-8f00-0771bcfd3b11",
{
name: "My Bob Pay Account: john@example.com",
enabledMethods: ["https://bobpay.com/"]
}),
registration.paymentManager.instruments.set(
"new-card",
{
name: "Add new credit/debit card to ExampleApp",
enabledMethods: ["basic-card"],
capabilities: {
supportedNetworks:
['visa','mastercard','amex','discover'],
supportedTypes: ['credit','debit','prepaid']
}
}),
]);
};
5. Origin and Instrument Display for Selection
After applying the matching algorithm defined in Payment Request API, the user agent displays a list of instruments from matching payment apps for the user to make a selection. This specification includes a limited number of display requirements; most
user experience details are left to implementers.
5.1 Ordering of Payment Handlers
The user agent MUST favor user-side order preferences (based on user configuration or behavior) over payee-side order preferences.
The user agent MUST display matching payment handlers in an order that corresponds to the order of supported payment methods provided by the payee, except where overridden
by user-side order preferences.
The user agent SHOULD allow the user to configure the display of matching payment handlers to control the ordering and define preselected defaults.
Issue 116: PR API payment method ordering and relation to this spec.
The second bullet above may be amended to remove explicit mention of ordering defined by the payee.
The following are examples of payment handler ordering:
For a given Web site, display payment handlers in an order that reflects usage patterns for the site (e.g., a frequently used payment handler at the top, or the most recently used payment handler at the top).
Enable the user to set a preferred order for a given site or for all sites.
If the origin of the site being visited by the user matches the origin of a payment handler, show the payment handler at the top of the list.
The Working Group has discussed two types of merchant preferences related to payment apps: (1) highlighting merchant-preferred payment apps already registered by the user and (2) recommending payment apps not yet registered by the user. The current draft
of the specification does not address either point, and the Working Group is seeking feedback on the importance of these use cases. Note that for the second capability, merchants can recommend payment apps through other mechanisms
such as links from their web sites.
5.2 Display of Instruments
The user agent MUST enable the user to select any displayed instrument.
At a minimum, we expect user agents to display an icon and label for each matching origin to help the user make a selection.
In some contexts (e.g., a desktop browser) it may be possible to improve the user experience by offering additional detail to the user. For example, if the user's "bank.com" origin knows about two credit cards (thus, two potential responses
to the same payment method "basic-card"), the user agent could display each credit card's brand and the last four digits of the card to remind the user which cards the origin knows about.
The Working Group is discussing how default payment instrument display could further streamline the user experience.
5.3 Selection of Instruments
Users agents may wish to enable the user to select individual displayed Instruments. The payment handler would receive information about the selected Instrument and could take action, potentially eliminating an extra click (first open the payment app
then select the Instrument).
Issue 117: Support for Abort() being delegated to Payment Handler
Payment Request API supports delegation of responsibility to manage an abort to a payment app. There is a proposal to add a paymentRequestAborted event to the Payment Handler interface. The event will have a respondWith method that takes a boolean parameter
indicating if the paymentRequest has been successfully aborted.
This attribute is a string that indicates the origin of the top level payee web page. The string MUST be formatted according to the "Unicode Serialization of an Origin" algorithm defined in section 6.1 of [RFC6454].
6.2.2 paymentRequestOrigin attribute
This attribute is a string that indicates the origin where a PaymentRequest was initialized.
When a PaymentRequest is initialized in the
topLevelOrigin, the attributes have the same value, otherwise the attributes have different values. For example, when a
PaymentRequest is initialized within an iframe from an origin other than topLevelOrigin, the value of this attribute is the origin of the iframe. The string MUST be formatted according to the "Unicode
Serialization of an Origin" algorithm defined in section 6.1 of [
RFC6454].
This sequence of PaymentDetailsModifier dictionaries contains modifiers for particular payment method identifiers (e.g., if
the payment amount or currency type varies based on a per-payment-method basis). It is populated from the
PaymentRequest using the Modifiers Population
Algorithm defined below.
This method is used by the payment handler to show a window to the user. When called, it runs the open window algorithm.
6.2.9 respondWith() method
This method is used by the payment handler to provide a
PaymentHandlerResponse when the payment successfully completes. When called, it runs the Respond to PaymentRequest
Algorithm with event and
handlerResponsePromise as arguments.
Should payment apps receive user data stored in the user agent upon explicit consent from the user? The payment app could request permission either at installation or when the payment app is first invoked.
The topLevelOrigin, paymentRequestOrigin,
paymentRequestId, methodData,
total, modifiers, and
instrumentKey members share their definitions with those defined
for PaymentRequestEvent
6.2.11
MethodData Population Algorithm
To initialize the value of the methodData, the user agent
MUST perform the following steps or their equivalent:
An invoked payment handler may or may not need to display information about itself or request user input. Some examples of potential payment handler displays include:
The payment handler opens a window for the user to provide an authorization code.
The payment handler opens a window that makes it easy for the user to confirm payment using default information for that site provided through previous user configuration.
When first selected to pay in a given session, the payment handler opens a window. For subsequent payments in the same session, the payment handler (through configuration) performs its duties without opening a window or requiring user interaction.
A payment handler that requires visual display and user interaction, may call openWindow() to display a page to the user.
Note
Since user agents know that this method is connected to the
PaymentRequestEvent, they SHOULD render the window in a way that is consistent with the flow and not confusing
to the user. The resulting window client is bound to the tab/window that initiated the
PaymentRequest. A single payment handlerSHOULD NOT be allowed to open more than one client window using this method.
This example shows how to write a service worker that listens to the
PaymentRequestEvent. When a PaymentRequestEvent is
received, the service worker opens a window to interact with the user.
The Web Payments Working Group plans to revisit these two examples.
Using the simple scheme described above, a trivial HTML page that is loaded into the payment handler window to implement the
basic card scheme might look like the following:
Example 5: Simple Payment Handler Window
<formid="form"><table><tr><th>Cardholder Name:</th><td><inputname="cardholderName"></td></tr><tr><th>Card Number:</th><td><inputname="cardNumber"></td></tr><tr><th>Expiration Month:</th><td><inputname="expiryMonth"></td></tr><tr><th>Expiration Year:</th><td><inputname="expiryYear"></td></tr><tr><th>Security Code:</th><td><inputname="cardSecurityCode"></td></tr><tr><th></th><td><inputtype="submit"value="Pay"></td></tr></table></form><script>window.addEventListener("message", function(e) {
var form = document.getElementById("form");
/* Note: message sent from payment app is available in e.data */
form.onsubmit = function() {
/* See https://w3c.github.io/webpayments-methods-card/#basiccardresponse */var basicCardResponse = {};
[ "cardholderName", "cardNumber","expiryMonth","expiryYear","cardSecurityCode"]
.forEach(function(field) {
basicCardResponse[field] = form.elements[field].value;
});
/* See https://w3c.github.io/payment-handler/#paymenthandlerresponse-dictionary */var paymentAppResponse = {
methodName: "basic-card",
details: details
};
e.source.postMessage(paymentAppResponse);
window.close();
}
});
</script>
8. Response
8.1 PaymentHandlerResponse dictionary
The PaymentHandlerResponse is conveyed using the following dictionary:
A JSON-serializable object that provides a payment
method specific message used by the merchant to process the transaction and determine successful fund transfer.
The user agent receives a successful response from the payment handler through resolution of the Promise provided to the
respondWith() function of the corresponding PaymentRequestEvent interface. The application is expected to resolve the Promise with a
PaymentHandlerResponse instance containing the payment response. In case of user cancellation or error, the application may signal failure
by rejecting the Promise.
If the Promise is rejected, the user agent MUST run the
payment app failure algorithm. The exact details of this algorithm are left to implementers. Acceptable behaviors include, but are not limited to:
Letting the user try again, with the same payment handler or with a different one.
[payment-request] defines an ID that parties in the ecosystem (including payment
app providers and payees) may use for reconciliation after network or other failures.
9. Security and Privacy Considerations
9.1 Information about the User Environment
The API does not share information about the user's registered payment handlers. Information from origins is only shared with the payee with the consent of the user.
Similarly, user agents should not share payment request information with any payment handler until the user has selected that payment handler.
9.2 User Consent before Payment
One goal of this specification is to minimize the user interaction required to make a payment. At the same time, user agents must not permit combinations of configurations that would enable invoking Web sites to invoke payment request
and receive payments silently.
Payment method security is outside the scope of this specification and is addressed by payment handlers that support those payment methods.
9.4 Payment App Authenticity
The user agent is not required to make available payment handlers that pose security issues. When a payment handler is unavailable for security reasons, the user agent should provide rationale to the payment handler developers (e.g., through
console messages) and may also inform the user to help avoid confusion.
Note
The Web Payments Working Group is also discussing Payment App authenticity; see the (draft) Payment Method
Manifest.
9.5 Supported Origin
Payment method manifests authorize origins to distribute payment apps for a given payment method. When the user agent is determining whether a payment handler matches the origin listed in a payment method manifest, the user agent uses
the scope URL of the payment handler's service worker registration.
9.6 Data Validation
Payees should validate that the data they have received through the paymentRequest API is what they expect (e.g., the total that was paid, etc.).
9.7 Private Browsing Mode
When the Payment Request API is invoked in a "private browsing mode," the user agent should launch payment handlers in a private context. This will generally prevent sites from accessing any previously-stored information. In turn, this
is likely to require either that the user log in to the origin or re-enter payment instrument details.
10. Dependencies
This specification relies on several other underlying specifications.
The term JSON-serialize applied to a given object means to run the algorithm specified by the original value of the JSON.stringify function on the supplied object, passing the supplied object as the sole argument, and return the resulting string. This can throw an exception.
Payment Method Identifiers
The terms payment method
identifier is defined by the Payment Method Identifier specification [payment-method-id].
When this specification says to throw an error, the user agent must throw an error as described in [WEBIDL]. When this occurs in a sub-algorithm, this results in termination of execution of the sub-algorithm and all ancestor algorithms until
one is reached that explicitly describes procedures for catching exceptions.
