Payment Method Identifiers (original) (raw)

This specification defines payment method identifiers and how they are validated, and, where applicable, minted and formally registered with the W3C. Other specifications (e.g., the [[[payment-request]]]) make use of these identifiers to facilitate monetary transactions on the web platform.

The working group demonstrates implementation experience by producing an implementation report. The report shows two or more independent implementations passing each mandatory test in the test suite (i.e., each test corresponds to a MUST requirement of the specification).

There has been no change in dependencies on other workings groups during the development of this specification.

A payment method identifier is either a:

• [=URL-based payment method identifier=],
• or a [=standardized payment method identifier=].

Validity

Specifications that rely on [=payment method identifiers=] MUST specify their own rules for handling invalid payment method identifiers.

The steps to validate a payment method identifier with a string |pmi:string| are given by the following algorithm. It returns true if the |pmi| is valid.

1. Let |url:URL| be the result of running the [=basic URL parser=] with |pmi|.
2. If |url| is failure, [=validate a standardized payment method identifier=] with |pmi| and return the result.
3. Otherwise, [=validate a URL-based payment method identifier=] passing |url| and return the result.

URL-based payment method identifiers

A URL-based payment method identifier is a [=URL=] that is valid as per the steps to [=validate a URL-based payment method identifier=].

Developers wanting to use a URL-based payment method identifier for a third party payment handler are encouraged to read the Payment Method Best Practice document.

Validation

The steps to validate a URL-based payment method identifier are given by the following algorithm. The algorithm takes a [=URL=] |url:URL| as input and returns true if the URL is valid:

1. If |url|'s [=url/scheme=] is not "https", return false.

2. If |url|'s [=url/username=] or [=url/password=] is not the empty string, return false.

3. Otherwise, return true.

      const valid = [
        {
          supportedMethods: "https://example.com/pay",
        },
        {
          supportedMethods: "https://example.com/pay?version=1",
        },
        {
          supportedMethods: "https://example.com/pay/version/1",
        },
      ];
   
      const invalid = [
        {
          // ❌ Uses http://, a username, and a password.
          supportedMethods: "http://username:password@example.com/pay",
        },
        {
          // ❌ Uses unknown URI scheme.
          supportedMethods: "unknown://example.com/pay",
        },
      ];

Comparison

User agents MUST perform comparisons of [=URL-based payment method identifiers=] using [[URL]]'s [=URL/equal=].

Fetching (dereferencing)

It is OPTIONAL for user agents to [=fetch=] a [=URL-based payment method identifier=].

Standardized payment method identifiers

A standardized payment method identifier is a string that represents a [=standardized payment method=].

The syntax of a standardized payment method identifier is given by the following [[ABNF]]:

    stdpmi = part *( "-" part )
    part = 1loweralpha *( DIGIT / loweralpha )
    loweralpha =  %x61-7A
  

User agents MAY support zero or more [=standardized payment method identifiers=] listed in section [[[#registry]]].

Validity

The steps to validate a standardized payment method identifier are given by the following algorithm. The algorithm takes a |string:string| as input and returns true if the identifier is valid:

1. Return true if |string| conforms to the [=syntax of a standardized payment method identifier=]. Otherwise, return false.

Comparison

For [=standardized payment method identifiers=], user agents MUST perform string comparisons using [=string/is=].

Registry of standardized payment methods

A standardized payment method is a payment method that has undergone standardization at the W3C, and is listed in this registry.

At this time there are no [=standardized payment method identifiers=].

URL-based PMI and third-party payment handlers

Developers wanting to use a URL-based payment method identifier for a third party payment handler are encouraged to read the [[[payment-method-manifest]]] specification and the Payment Method Best Practice wiki page. Together, these documents describe how to manage the ecosystem of authorized payment handlers for a payment method, including just-in-time payment handler installation by the browser.

Security considerations

This specification does not introduce any new security considerations.

Privacy considerations

There are no known privacy or security concerns to be taken into considerations at this time.