The Payment Request API [[!PAYMENT-REQUEST-API]] requires that merchants supply a list of identifiers for supported payment methods. This specification defines those identifier strings and how they are created.
The working group maintains a list of all bug reports that the group has not yet addressed. This draft highlights some of the pending issues that are still to be discussed in the working group. No decision has been taken on the outcome of these issues including whether they are valid. Pull requests with proposed specification text for outstanding issues are strongly encouraged.
This specification was derived from a report published previously by the Web Platform Incubator Community Group.
To use Payment Request API, merchants (or their service providers) must know how to handle payment method specific data for those methods they claim to accept. This allows the API to abstract away the details of specific payment methods and to add new ones over time without changing the API specification.
As part of using Payment Request API, the Web page provides an array of strings that identify accepted payment methods. This specification defines those strings.
This specification relies on several other underlying specifications.
When the party responsible for a payment method wishes to publish machine-readable information associated with the payment method, it does so with a URL. This URL approach offers at least two benefits: identifier decentralization and origins as a trust mechanism. In particular, owners of proprietary payment methods can use Web servers under their control to publish security information about authorized payment apps.
When URLs are used for payment method identifiers they MUST be absolute URLs including, at most, a scheme, host, port and path. The URL must be a potentially trustworthy URL as defined in the [[SECURE-CONTEXTS]] specification. Identifier URLs MUST have null query and fragment values.
User agents MUST use the following algorithm to determine whether two payment method identifiers that are URLs match:
W3C expects to publish a small number of payment method specifications that define abstractions across similar payment methods (such as credit card payments, tokenized payments, or credit transfers). W3C expects these payment methods will be implemented in a wide variety of third party payment apps. W3C identifies these payment methods with (short) strings; W3C expects to mint these strings in payment method specifications published by the Web Payments Working Group.
The syntax of W3C strings used as payment method identifiers is constrained by this regular expression:
[a-z0-9-]+
For W3C strings, user agents MUST use exact string matching.
For some payment methods, merchants may wish to express that they accept a payment method but only under certain conditions (e.g., "I only credit cards from brand A and debit cards from brand B"). The Web Payments Working Group has discussed several ways to support more sophisticated matching beyond initial payment method identifier matching.