index.html

<!DOCTYPE html>
<html>
  <head>
    <title>Web Payments Browser API 1.0</title>
    <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
    <!--
      === NOTA BENE ===
      For the three scripts below, if your spec resides on dev.w3 you can check them
      out in the same tree and use relative links so that they'll work offline,
     -->
    <link rel="stylesheet" href="spec.css">
    <script src='//www.w3.org/Tools/respec/respec-w3c-common' async class='remove'></script>
    <script src='utils.js' async class='remove'></script>
    <script type="text/javascript" class="remove">
var respecConfig = {
  // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
  specStatus:           "CG-DRAFT",

  // the specification's short name, as in http://www.w3.org/TR/short-name/
  shortName:            "web-payments-browser-api",

  // if you wish the publication date to be other than today, set this
  // publishDate:  "2009-08-06",

  // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
  // and its maturity status
  // previousPublishDate:  "1977-03-15",
  // previousMaturity:  "WD",

  // if there a publicly available Editor's Draft, this is the link
  edDraftURI:           "https://wicg.github.io/web-payments-browser-api/",

  // if this is a LCWD, uncomment and set the end of its review period
  // lcEnd: "2009-08-05",

  // editors, add as many as you like
  // only "name" is required
  editors: [
      { name: "Manu Sporny", url: "https://manu.sporny.org/",
        company: "Digital Bazaar, Inc.", companyURL: "http://digitalbazaar.com/" },
      { name: "Dave Longley", url: "https://github.com/dlongley",
        company: "Digital Bazaar, Inc.", companyURL: "http://digitalbazaar.com/" },

  ],

  // authors, add as many as you like.
  // This is optional, uncomment if you have authors as well as editors.
  // only "name" is required. Same format as editors.

  authors: [
    { name: "Manu Sporny", url: "https://manu.sporny.org/",
      company: "Digital Bazaar, Inc.", companyURL: "http://digitalbazaar.com/" },
    { name: "Dave Longley", url: "https://github.com/dlongley",
      company: "Digital Bazaar, Inc.", companyURL: "http://digitalbazaar.com/" },
  ],

  // extend the bibliography entries
  //localBiblio: {},

  // name of the WG
  wg:           "W3C Web Payments Community Group",

  // URI of the public WG page
  wgURI:        "http://www.w3.org/community/webpayments/",

  // name (with the @w3c.org) of the public mailing to which comments are due
  wgPublicList: "public-webpayments",

  // URI of the patent status for this WG, for Rec-track documents
  // !!!! IMPORTANT !!!!
  // This is important for Rec-track documents, do not copy a patent URI from a random
  // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
  // Team Contact.
  wgPatentURI:  "",
  maxTocLevel: 4,
  preProcess: [ ] /*,
  alternateFormats: [ {uri: "diff-20111214.html", label: "diff to previous version"} ],
  */
};
    </script>
    <style>
.sequence-diagram {
  margin: auto;
}
    </style>
</head>

<body>
<section id="abstract">
  <p>
This document outlines a low-level API for registering <a>payment app</a>s,
requesting payments, and acknowledge payment requests using a polyfillable
browser API. There is also a higher-level ecommerce
<a href="https://github.com/w3c/webpayments/wiki/Checkout-API">Checkout API</a> that utilizes
this low-level API.
  </p>
</section>

<section id="sotd">

  <p>There are a number of ways that one may participate in the development of
    this specification:</p>

  <ul>
    <li>Ad-hoc technical discussion primarily occurs on the public community mailing list:
      <a href="http://lists.w3.org/Archives/Public/public-webpayments/">public-webpayments@w3.org</a></li>

    <li><a href="http://payswarm/minutes/">Public Web Payments Community Group teleconferences</a>
    are held on Wednesdays at 1600UTC every other week.</li>

    <li>Specification bugs and issues should be reported in the
      <a href="https://github.com/web-payments/web-payments.org/issues">issue tracker</a>
      if you do not want to send an e-mail to the public-webpayments mailing
      list.</li>

    <li><a href="https://github.com/web-payments/web-payments.org/tree/master/">Source code</a>
      for the specification can be found on Github.</li>

  </ul>
</section>

<section class="informative">
  <h1>Introduction</h1>

  <p>
This API enables a web application to initiate payment for a product or
service by calling a <code>navigator.payment.request()</code> method. The
implementation of this feature is expected to be provided by a JavaScript
polyfill at first, and if deployment is successful, native browser
implementations will surface to enhance usability and transaction
security.
  </p>
  <section class="informative">
    <h2>About this Document</h2>

    <p>This document is a detailed specification for an application programming
      interface (API) for initiating payments from within a browser
      environment. The document is primarily intended for the following
      audiences:</p>

    <ul>
      <li>Software developers who want to understand the design decisions and
        algorithms behind the API.</li>
      <li>Software developers who want to implement the API.</li>
    </ul>
  </section>
  <section>
    <h3>How this Document is Organized</h3>

    <p>
This document is organized as follows:
    </p>

    <ul>
        <li>
<a href="#terminology">Section 2: Terminology</a> defines basic terminology
used throughout this document.
      </li>
      <li>
<a href="#a-basic-purchase-flow">Section 3: A Basic Purchase Flow</a> describes
the basic payment flow at a high-level.
      </li>
      <li>
<a href="#detailed-flows">Section 4: Detailed Flows</a> describes each
flow provided by the browser API in detail.
      </li>
      <li>
<a href="#the-application-programming-interface">Section 5:
The Application Programming Interface</a> defines the browser API for
registering, initiating, and acknowledging payments.
      </li>
    </ul>
  </section>
</section>

  <section class="normative">
    <h2>Terminology</h2>

    <div data-include="//w3c.github.io/webpayments-ig/latest/common/terms.html"
      data-oninclude="restrictReferences">
    </div>

  </section>

</section>

<section>
  <h2>A Basic Purchase Flow</h2>

  <p>
The diagram below outlines a basic payment flow with no errors. The basic
flow starts out with the <a>payee</a> offering the <a>payer</a> a
payment request. The <a>payer</a>'s user agent then helps them select a
<a>payment app</a> that is compatible with one of the <a>payment method</a>s
offered in the payment request. The <a>payment app</a> is responsible for
processing the request and returning a payment acknowledgement to the user
agent. How the <a>payment app</a> processes the request is an implementation
detail; it may be done locally or the request may be sent to a 3rd party for
processing. The flow ends with the user agent returning the payment
acknowledgement the payee for processing and, if no errors occurred, the
delivery of the good or service to the payer. There may be additional steps
following the receipt of a payment acknowledgement that the payee must perform
to execute the actual payment, such as communicating with their own
<a>payment service provider</a>, but these are specific to the
<a>payment method</a> used.
  </p>

  <script type='text/jumly+sequence'>
@found "Payee server (merchant)", ->
  @message "display offer", "Payer browser (customer)", ->
    @message "click 'Pay'", "Payee server (merchant)", ->
      @reply "payment request", "Payer browser (customer)"
    @message "select payment app", "Payment App", ->
      @message "(optional) select payment instrument", "Payment App"
      @alt
        "3rd party NOT required": ->
          @message "process request", "Payment App", ->
        "3rd party required": ->
          @message "payment request + (optional) payment instrument", "Payer payment processor (wallet)", ->
            @message "process request", ->
              @reply "payment response", "Payment App", ->
      @reply "payment acknowledgement", "Payer browser (customer)", ->
    @reply "payment acknowledgement", "Payee server (merchant)"
  @message "process acknowledgement", ->
    @message "deliver good/service", "Payer browser (customer)"
  </script>

  <ol class="algorithm">
    <li>
The <a>payee</a>'s web page calls <code>navigator.payment.request(req)</code>.
    </li>
    <li>
The <a>payment mediator</a> scans the list of previously registered
<a>payment app</a>s and finds matches that support
<code>paymentMethod</code> in <code>acceptablePayment</code> in
<code>request</code>.
    </li>
    <li>
A <a>payment app</a> is selected by the payment mediator or the <a>payer</a>.
The process MAY consist of one or more of the following steps:
      <ol class="algorithm">
        <li>
If there is only one payment app that matches, that is automatically set
to the <em>selected <a>payment app</a></em>.
        </li>
        <li>
If there is a pre-existing preference set by the <a>payer</a> that narrows the
selection of the <a>payment app</a> to one match, the match is set to the
<em>selected <a>payment app</a></em>.
        </li>
        <li>
If there is more than one potential match, the <a>payer</a> is asked which
app they would like to use and the selection is set to the
<em>selected <a>payment app</a></em>.
        </li>
        <li>
If there are no matches, the <a>payer</a> is notified and may be taken to an
alternate flow where a matching <a>payment app</a> is acquired.
        </li>
      </ol>
    </li>
    <li>
If the <a>payment app</a> optionally requests the payer to select a
payment instrument.
    </li>
    <li>
If the <a>payment app</a> does not require the use of a
3rd party <a>payment service provider</a> or <a>payment processor</a>
(e.g. cryptocurrency), then the payment is processed locally.
    </li>
    <li>
If the <a>payment app</a> or <a>payment method</a> requires the use of a 3rd
party payer <a>payment service provider</a> or <a>payment processor</a> (e.g.
push-payment that uses a PayPal/Google Wallet-like instrument, ACH, ISO20022
style instrument):
      <ol class="algorithm">
        <li>
The <a>payment app</a> forwards the <code>request</code> and
<em>selected <a>payment instrument</a></em> (if previously
selected) to the 3rd party for approval.
        </li>
        <li>
The <a>payment processor</a>
        </li>
      </ol>
    </li>
    <li>
The <a>payment app</a> creates the payment acknowledgement, which includes any
potential errors that occurred, and passes it to the
<code>navigator.payment.acknowledge()</code> method. This
method sends the payment acknowledgement to the Web application that called
<code>navigator.payment.request()</code> by resolving the Promise returned
from that method.
    </li>
    <li>
If the <a>payment method</a> requires the payment flow to continue to a
3rd party payee <a>payment service provider</a> or <a>payment processor</a>
(e.g. pull-payment like non-EMV magstripe credit card with embossed PAN and
CVV2, or tokenized credit card):
      <ol class="algorithm">
        <li>
The payee's Web application forwards the appropriate information
(e.g. payment approval token) from the payment acknowledgement to their
<a>payment service provider</a> or <a>payment processor</a>, which executes
the payment.
        </li>
      </ol>
    </li>
    <li>
The payee delivers goods/services to the payer.
    </li>
  </ol>
</section>

<section>
  <h2>Detailed Flows</h2>
  <p class="issue">
Describe the payment flow in detail here using Adrian's flow diagram and Ian's
steps.
  </p>

  <section>
    <h3>Payment App Registration</h3>
    <ol>
      <li>
The <a>payer</a> navigates to a <a>payment app</a> provider website
(like their bank) to sign up.</li>
      </li>
      <li>
During sign up, the <code>navigator.payment.registerApp()</code> call is made
to register a <a>payment app</a>:
      <pre class="example highlight" title="Example of a payment app registration">
var app = {
  id: 'https://bank.example.com/app/',
  type: 'PaymentApp',
  name: 'ExampleBank App',
  image: 'https://bank.example.com/icons/app.png',
  url: 'https://bank.example.com/app/',
  supportedPaymentMethod: [
    'https://w3id.org/payment-methods#Visa',
    'https://w3id.org/payment-methods#MasterCard'
  ]
};

// register the <a>payment app</a> - at this point, the <a>payee interface</a>
// asks the person for approval to register the new <a>payment app</a>
var registration = navigator.payment.registerApp(app);

// called when the registration completes
registration.then(function(result) {
  // app has been registered, do something
}).catch(function(err) {
  // app has not been registered, do something
});
        </pre>
      </li>
    </ol>
  </section>

  <section>
    <h3>Processing a Payment Request</h3>

    <p class="issue">
Additional parts of the Payment Request may be digitally signed (such as
payment method-specific data). For push-based payment methods, it is important
that the payer's payment service provider can verify that certain pieces of
information in the payment request have not been altered.
    </p>

    <p class="issue">
Can we make `type` a default attribute with a value of `PaymentRequest`? If
not, we may want to exclude it here and mention it in the extension section.
    </p>

    <ol>
      <li>
The <a>payer</a> navigates to a <a>payee</a>'s website.</li>
      <li>
The <a>payer</a> finds an item to buy and initiates the payment flow
(by clicking a button, swiping, speaking a voice command, etc.).
      </li>
      <li>
The <a>payee</a> application generates a signed payment request that
contains enough information to process the payment:
      <pre class="example highlight" title="Example of a payment request">
var request = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'https://w3id.org/payment-methods#Visa',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }
};

// request payment and get a promise that will resolve to
// a payment acknowledgement
var payment = navigator.payment.request(request);

// called when the payment request has been processed
payment.then(function(acknowledgement) {
  // payment request was at least partially processed, do something with the
  // acknowledgement, such as check its approval code or forward an approval
  // token to actually execute the payment
}).catch(function(err) {
  // payment request failed
});
      </pre>
      </li>
    </ol>
  </section>

  <section>
    <h3>Generating a Payment Acknowledgement</h3>

    <p class="issue">
Additional parts of the Payment Acknowledgment may be digitally signed (such as
payment method-specific data). For push-based payment methods, this is one
mechanism that a payee can use to verify that a payment was processed.
    </p>

    <p class="issue">
Can we make `type` a default attribute with a value of `PaymentAcknowledgement`?
If not, we may want to exclude it here and mention it in the extension section.
    </p>

    <ol>
      <li>
The <a>payee</a>'s <a>payment app</a> receives a payment request (for a
Web-based payment app, this is done via
<code>navigator.payment.getPendingRequest</code>), obtains and authenticates
the payer's <a>payment instrument</a> information, and gets approval to proceed
with the payment from the <a>payer</a>.
      </li>
      <li>
Once approval has been provided by the <a>payer</a>, the payment
acknowledgement is transmitted to the <a>payee</a>'s web application.
      </li>
      <li>
The <a>payment app</a> or a <a>payment service processor</a> it works with
generates a payment acknowledgement message
that contains enough information to verify that the payment
request has completed successfully (or has failed). The <a>payment app</a>
resolves the Promise that the <a>payer</a>'s web application is waiting on
by calling <code>navigator.payment.acknowledge</code> and passing the
payment acknowledgement message.
        <pre class="example highlight" title="Example of a payment acknowledgement">
// Web-based payment app gets request via `getPendingRequest`
navigator.payment.getPendingRequest().then(function(paymentRequest) {
  // process payment request ...

  // generate acknowledgement
  var acknowledgement = {
    type: 'PaymentAcknowledgement',
    description: 'Payment to ExampleMerch for widgets',
    payment: {
      paymentMethod: 'https://w3id.org/payment-methods#Visa',
      status: 'authorized',
      approvalCode: '10025AB',
      paymentAmount: {
        amount: '4.35',
        currency: 'USD'
      }
    }
  };

  // acknowledge that the payment was processed
  navigator.payment.acknowledge(acknowledgement);
});
        </pre>
      </li>
    </ol>
  </section>
</section>

<section>
  <h2>The Application Programming Interface</h2>

  <p class="issue">
This browser-based API is provided for convenience purposes only. The
existence of the API is absolutely not a requirement for the basic operation
of the Web Payments protocol. No browser API is necessary in order for a
Web application to initiate payment and receive an acknowledgement of the
result of the payment.
  </p>

  <p>This API provides a clean mechanism that enables developers to
    initiate payments in a user agent.
    A conformant user agent MUST implement the entirety of the
    following API.</p>

  <section>
    <h3>Object Interfaces</h3>

    <section>
      <h4>PaymentApplication</h4>

      <pre class="idl">
interface PaymentApplication {
  attribute DOMString id;
  attribute (DOMString or Sequence &lt;DOMString&gt;) type;
  attribute DOMString name;
  attribute DOMString image;
  attribute DOMString url;
  attribute (DOMString or Sequence &lt;DOMString&gt;) supportedPaymentMethod;
};
      </pre>

      <p>
A <a><code>PaymentApplication</code></a> describes a <a>payment app</a>,
primarily for the purposes of registration.
      </p>
      <dl>
        <dt><code>id</code></dt>
        <dd>
A URL identifier for the <a>payment app</a> that will be used by the
implementation to differentiate one payment application from another. For
example: <code>"https://bank.example.com/generic-brand-rewards-app"</code>
        </dd>
        <dt><code>type</code></dt>
        <dd>
A type identifier associated with the object, typically set to
<code>"PaymentApplication"</code>. The set of available types MAY be extended
in the future to add things like <code>"OfflineApplication"</code> to identify
payment applications that are capable of running in an offline mode.
        </dd>
        <dt><code>name</code></dt>
        <dd>
Human readable text that will be used to identify the payment application.
This text MAY be displayed to the <a>payer</a> in a <a>payment app</a>
selection interface. For example, <code>"Red Bank Visa Card"</code>.
        </dd>
        <dt><code>image</code></dt>
        <dd>
A URL to a brand image or logo associated of the payment application. This
image MAY be displayed to the <a>payer</a> in a <a>payment app</a> selection
interface. For example:
<code>"https://bank.example.com/generic-brand-rewards-app.png"</code>
        </dd>
        <dt><code>url</code></dt>
        <dd>
The target URL for the <a>PaymentRequest</a>. This URL should be capable of
processing a pending payment request, generating a payment acknowledgement,
and responding with the final result. For example:
<code>"https://bank.example.com/web-payments"</code>
        </dd>
        <dt><code>supportedPaymentMethod</code></dt>
        <dd>
One or more payment method identifiers, which may be simple strings or URLs.
For example, <code>"VisaLegacy"</code> or
<code>"https://newnetwork.example.com/methods/SuperCard"</code>
        </dd>
      </dl>

      <pre class="example highlight">
var app = {
  id: 'https://bank.example.com/generic-brand-rewards-app',
  type: 'PaymentApplication',
  name: 'ExampleBank App',
  image: 'https://bank.example.com/icons/app.png',
  url: 'https://bank.example.com/web-payments/',
  supportedPaymentMethod: [
    'VisaLegacy', 'VisaTokenized', 'https://newnetwork.example.com/methods/SuperCard'
  ]
};
      </pre>
    </section>

    <section>
      <h4>PaymentRequest</h4>

      <pre class="idl">
interface PaymentRequest {
  attribute (DOMString or Sequence &lt;DOMString&gt;) type;
  attribute DOMString description;
  attribute (AcceptablePayment or Sequence &lt;AcceptablePayment&gt;) acceptablePayment;
};
      </pre>

      <p>
A <a><code>PaymentRequest</code></a> expresses a payment that is requested
by a <a>payee</a>.
      </p>
      <dl>
        <dt><code>type</code></dt>
        <dd>
An type identifier associated with the object, typically set to
<code>"PaymentRequest"</code>. The set of available types MAY be extended
in the future to add things like <code>"SubscriptionRequest"</code> to identify
payment requests that may have some recurring quality to them.
        </dd>
        <dt><code>description</code></dt>
        <dd>
A human-readable description of the reason the payment request was initiated.
This text MAY be displayed to the <a>payer</a> in a payment interface.
For example, <code>"Payment for widgets from Acme Anvil Emporium"</code>.
        </dd>
        <dt><code>acceptablePayment</code></dt>
        <dd>
One or more ways that the <a>payee</a> can accept payment for the request.
        </dd>
      </dl>
      <pre class="example highlight">
var request = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'VisaTokenized',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }
};
      </pre>

      <pre class="idl">
interface AcceptablePayment {
  attribute (DOMString or Sequence &lt;DOMString&gt;) paymentMethod;
  attribute FinancialAmount paymentAmount;
};
      </pre>

      <p>
An <a><code>AcceptablePayment</code></a> expresses the terms under which a
payment request may be fulfilled.
      </p>
      <dl>
        <dt><code>paymentMethod</code></dt>
        <dd>
One or more payment method identifiers, which may be simple strings or URLs.
For example, <code>"VisaLegacy"</code> or
<code>"https://newnetwork.example.com/methods/SuperCard"</code>

        </dd>
        <dt><code>paymentAmount</code></dt>
        <dd>
The amount of financial value requested by the <a>payee</a>.
        </dd>
      </dl>

      <pre class="idl">
interface FinancialAmount {
  attribute DOMString amount;
  attribute DOMString currency;
};
      </pre>
      <p>
A <a><code>FinancialAmount</code></a> interface is used to express a scalar
financial value.
      </p>
      <dl>
        <dt><code><dfn>currency</dfn></code></dt>
        <dd>
<code>currency</code> is a string containing a three-character alphaneumeric
code for the currency as defined by [[!ISO4217]] or a URL for a currency
identifier. For example, <code>"USD"</code> for US Dollars or
<code>"https://example.com/currencies/experimental-XYZ"</code> for a new
experimental currency.
        </dd>
        <dt><code><dfn>amount</dfn></code></dt>
        <dd>
A string containing the decimal monetary value. The string MUST use a single
U+002E FULL STOP character as the decimal separator. The string MUST begin
with a single U+002D HYPHEN-MINUS character if the value is negative. All
other characters must be characters in the range U+0030 DIGIT ZERO (0) to
U+0039 DIGIT NINE (9).
<div class="note">
The string should match the regular expression
<code>^-?[0-9]+(\.[0-9]+)?$</code>.
</div>
        </dd>
      </dl>

      <p>The following example shows how to represent $55.00 US Dollars.</p>
      <pre class="example highlight">
{
  amount: "55.00"
  currency: "USD",
}
      </pre>
    </section>

    <section>
      <h4>PaymentAcknowledgement</h4>

      <pre class="idl">
interface PaymentAcknowledgement {
  attribute (DOMString or Sequence &lt;DOMString&gt;) type;
  attribute DOMString description;
  attribute Payment payment;
};
      </pre>

      <p>
A <a><code>PaymentAcknowledgement</code></a> expresses the result of processing
a payment request.
      </p>
      <dl>
        <dt><code>type</code></dt>
        <dd>
An type identifier associated with the object, typically set to
<code>"PaymentAcknowledgement"</code>. The set of available types MAY be
extended in the future to add things like <code>Receipt</code> to identify
acknowledgements that contain receipt information.
        </dd>
        <dt><code>description</code></dt>
        <dd>
Human readable text that will be used to identify what the payment was for.
This text MAY be displayed to the <a>payer</a>. For example,
<code>"Payment to ExampleMerch for widgets"</code>.
        </dd>
        <dt><code>payment</code></dt>
        <dd>
Information such as the payment method used and the payment amount. Payment
method specific information, such as the status of the payment, may also be
included. The presence and meaning of this extra information is dependent on
the payment method. The payment information may be used by the <a>payee</a> or
their associated <a>payment service provider</a> to, for example, finalize a
payment or display information to the <a>payer</a>.
        </dd>
      </dl>

      <pre class="example highlight">
var acknowledgement = {
  type: 'PaymentAcknowledgement',
  description: 'Payment to ExampleMerch for widgets',
  payment: {
    paymentMethod: 'https://w3id.org/payment-methods#Visa',
    status: 'authorized',
    approvalCode: '10025AB',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }
};
      </pre>
    </section>

    <section>
      <h4>Payment</h4>

      <pre class="idl">
interface Payment {
  attribute DOMString paymentMethod;
  attribute FinancialAmount paymentAmount;
};
      </pre>

      <p>
A <a><code>Payment</code></a> expresses details of a payment such as the
payment method used and the payment amount.
      </p>
      <dl>
        <dt><code>paymentMethod</code></dt>
        <dd>
One or more payment method identifiers, which may be simple strings or URLs.
For example, <code>"VisaLegacy"</code> or
<code>"https://newnetwork.example.com/methods/SuperCard"</code>
        </dd>
        <dt><code>paymentAmount</code></dt>
        <dd>
The <code>FinancialAmount</code> associated with the payment.
        </dd>
      </dl>

      <pre class="example highlight">
var payment = {
  paymentMethod: 'https://w3id.org/payment-methods#Visa',
  paymentAmount: {
    amount: '4.35',
    currency: 'USD'
  }
};
      </pre>
    </section>

  </section>

  <section>
    <h3>NavigatorPayment</h3>

    <p>Navigator Payment is the name of the high-level programming
      interface that Web developers use to initiate payments. If MUST be
      made available via the <code>navigator.payment</code> object.</p>

    <dl title="interface NavigatorPayment" class="idl">
      <dt>Promise registerApp()</dt>
      <dd>
        <p>
Typically called by a <a>payment service provider</a> to register a
<a>payment app</a> for later use during a payment request.
        </p>
        <dl class="parameters">
          <dt>PaymentApplication app</dt>
          <dd>
A description of the <a>payment app</a>.
          </dd>
          <dt>object options</dt>
          <dd>
A set of options to use when registering the payment app.
          </dd>
        </dl>
      </dd>
      <dt>Promise request()</dt>
      <dd>
        <p>
Typically called by a <a>payee</a> to initiate a payment.
        </p>
        <dl class="parameters">
          <dt>PaymentRequest request</dt>
          <dd>
Typically called by a <a>payee</a> to request a payment.
          </dd>
          <dt>object options</dt>
          <dd>
A set of options to use when requesting payment.
          </dd>
        </dl>
      </dd>
      <dt>Promise getPendingRequest()</dt>
      <dd>
        <p>
Called by a <a>payment app</a> to get the pending payment request. The returned
Promise resolves to the request.
        </p>
      </dd>
      <dt>void acknowledge()</dt>
      <dd>
        <p>
Typically called by a <a>payment app</a> to acknowledge that a payment request
has been processed.
        </p>
        <dl class="parameters">
          <dt>PaymentAcknowledgement acknowledgement</dt>
          <dd>
Describes the result of a payment request.
          </dd>
          <dt>object options</dt>
          <dd>
A set of options to use when processing the payment acknowledgement.
          </dd>
        </dl>
      </dd>
    </dl>

  </section> <!-- end of NavigatorPayment -->
</section>

<section>
  <h2>Extensibility</h2>

  <p>
In general, the WebIDL descriptions provided in this specification outline
the specific interfaces, properties, and values that an implementation MAY
depend on. It is expected that other properties and values will be stored in
objects that implement the various interfaces in this specification (e.g.
<a>PaymentApplication</a>, <a>PaymentRequest</a>,
<a>PaymentAcknowledgement</a>, etc.). While this specification does
not suggest a single extension mechanism, it does anticipate
extensibility. To that end,
  </p>

  <ul>
    <li>
Implementations MUST preserve unrecognized properties and their
associated values.
    </li>
    <li>
Another specification [LINK_TBD] explains how to extend the
parameters used with this API using JSON-LD.
    </li>
  </ul>

  <p class="issue">
The Working Group seeks feedback from the Web community on that
specification and how well it furthers interoperability needs in the
payments ecosystem. To provide feedback, see the
<a href="#h-sotd">status section</a> above.
  </p>
</section>

  <!-- section>
    <h3>Extending Messages Using JSON-LD</h3>

    <p>
The interfaces in this specification (e.g.
<a>PaymentApplication</a>, <a>PaymentRequest</a>,
<a>PaymentAcknowledgement</a>, etc.)
are designed to optionally accept JSON-LD objects. In
order to ensure a JSON-LD object can be passed to the API properly, the
following transformation MUST be applied:
    </p>
    <ol>
      <li>
If a <code>@context</code> property does not exist, add one and assign the
value <code>"https://w3id.org/payments/v1"</code> to it. If a
<code>@context</code> does exist, ensure its value is
<code>"https://w3id.org/payments/v1"</code>. If its value does not match,
perform JSON-LD compaction on the object using that context. This MUST be done
as there is no requirement for API implementations to perform any JSON-LD
processing.
      </li>
      <li>
Pass the resulting object to the API.
      </li>
    </ol>

    <p>
Any application receiving an interface from the API can similarly interpret
it as a JSON-LD object. In this case, the application MUST ensure that if the
<code>@context</code> property exists and that the value associated is
<code>"https://w3id.org/payments/v1"</code>. If the <code>@context</code>
does not exist, it MUST be assumed that the object has a <code>@context</code>
property with the value of <code>"https://w3id.org/payments/v1"</code>.
    </p>

  <p class="issue">
Can we simplify the above `@context` check (when receiving an interface from
the API) so it's unnecessary by adding an optional `@context` property with
a required value of "https://w3id.org/payments/v1" to the appropriate
interfaces?
  </p>
  <section-->

<section>
  <h2>Security Considerations</h2>

  <section>
    <h3>Message Integrity</h3>
    <p class="issue">
This section has not been discussed by the WG and is kept here as
a placeholder for a larger discussion around ensuring
message integrity.
    </p>

    <p>
It is possible to sign any JSON-LD based message by using
Linked Data Signatures, like so:
    </p>

    <pre class="example highlight" title="Example of a signed payment acknowledgement">
// generate acknowledgement
var acknowledgement = {
  type: 'PaymentAcknowledgement',
  description: 'Payment to ExampleMerch for widgets',
  payment: {
    paymentMethod: 'https://w3id.org/payment-methods#Visa',
    status: 'authorized',
    approvalCode: '10025AB',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  },
  signature: {
    type: 'LinkedDataSignature2015',
    creator: 'https://payment-service-provider.example.com/keys/12',
    created: '2015-09-23T20:23:15Z',
    nonce: '239807882930744352',
    signatureValue: 'm4NTIyZTOGQzNGVkMzVkZ...OWM32NjIgoYzI43Q3ODIy='
  }
};
      </pre>
  </section>
</section>

<section class="appendix informative">
  <h2>Messages Addendum</h2>

  <p>
Multiple types of <a>payment app</a>s, each supporting multiple types of
<a>payment method</a>s and <a>payment instrument</a>s may be supported using
this approach:
  </p>
  <pre class="example highlight" title="Example of Bitcoin App registration">
var app = {
  id: 'https://bitcoin-wallet.example.com/app/',
  type: 'PaymentApp',
  name: 'Example Bitcoin App',
  image: 'https://bitcoin-wallet.example.com/icons/app.png',
  url: 'https://bitcoin-wallet.example.com/app/',
  supportedPaymentMethod: [
    'https://w3id.org/payment-methods#Bitcoin'
  ]
};

// register the <a>payment app</a> - at this point, the <a>payee interface</a>
// asks the person for approval to register the new <a>payment app</a>
var registration = navigator.payment.registerApp(app);

// called when the registration completes
registration.then(function(result) {
  // app has been registered, do something
}).catch(function(err) {
  // app has not been registered, do something
});
  </pre>

  <p>
Multiple acceptable payments may be collected into a single payment request.
  </p>

  <pre class="example highlight" title="Example of a complex payment request">
var request = {
  type: 'PaymentRequest'
  description: 'Payment to ExampleMerch for Widget 1'
  acceptablePayment: [{
    paymentMethod: [
      'https://w3id.org/payment-methods#Visa',
      'https://w3id.org/payment-methods#Mastercard',
      'https://w3id.org/payment-methods#Discover'
    ],
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }, {
    paymentMethod: 'https://w3id.org/payment-methods#Bitcoin',
    paymentAmount: {
      amount: '0.0177',
      currency: 'BTC'
    },
    destination: '3QJmV3qfvL9SuYo34YihAf3sRCW3qSinyC'
  }]
};

// request payment and get a promise that will resolve to
// a payment acknowledgement
var payment = navigator.payment.request(request);

// called when the payment request has been processed
payment.then(function(acknowledgement) {
  // payment request was at least partially processed, do something with the
  // acknowledgement, such as check its approval code or forward an approval
  // token to actually execute the payment
}).catch(function(err) {
  // payment request failed
});
  </pre>

  <p class="issue">
An example should be added demonstrating how merchants can recommend a URL in
an `acceptablePayment` block that the payer can use to install a Payment App
for a particular payment method, if the payer does not have an app for it and
wants to use that method.
  </p>

</section>

<section class="appendix informative">
  <h2>Flows Addendum</h2>

  <section>
    <h3>Traditional Unencrypted Credit Card Flow</h3>
  <p>
The diagram below outlines a traditional unencrypted credit card flow
where the user agent stores credit card details and forwards them on
to a merchant for processing.
  </p>

  <img width="100%" src="http://www.plantuml.com/plantuml/proxy?fmt=svg&src=https://raw.githubusercontent.com/w3c/webpayments/gh-pages/PaymentFlows/Card/MerchantHosted-CardPayment-Current.pml" />

  <pre id="flows-traditional-card" class="example highlight" title="Implementation of legacy merchant hosted card payment using Web Payments Browser API">
// Step #1 has already happened at this point
// Step #2: Press Pay
//   - generate the payment request
var req = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'VisaLegacy',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }
};
var payment = navigator.payment.request(req);

// once this is called, Steps #3-#12 are executed by the payment app
payment.then(function(acknowledgement) {
  // Step #12: Authorization Result
  //   - check the payment acknowledgement
  if(acknowledgement.approvalCode) {
    // notify the payer that payment was successful
  } else {
    // the result wasn't as expected, notify the payer
  }
}).catch(function(err) {
  // Step #12: an error occured
});
  </pre>

  </section>

  <section>
    <h3>Tokenized Credit Card Flow</h3>
  <p>
The diagram below outlines a tokenized credit card flow where the token is
generated via a local mobile wallet application available to the payer.
  </p>

  <img width="100%" src="http://www.plantuml.com/plantuml/proxy?fmt=svg&src=https://raw.githubusercontent.com/w3c/webpayments/gh-pages/PaymentFlows/Card/MerchantHosted-CardPaymentwithTokenisation-Current.pml" />

  <pre id="flows-tokenized-card" class="example highlight" title="Implementation of tokenized card flow using Browser Payments API">
// Step #1 has already happened at this point
// Step #2: Press Pay
//   - generate the payment request
var req = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'VisaTokenized',
    paymentAmount: {
      amount: '4.35',
      currency: 'USD'
    }
  }
};
var payment = navigator.payment.request(req);

// once this is called, Steps #3-#12 are executed by the payment app
payment.then(function(acknowledgement) {
  // Step #13: Authorization Result
  //   - if a token was requested, store it for future payments
  if(acknowledgement.token) {
    // store tokenized version of card
  }

  // process the acknowledgement
  if(isValid(acknowledgement.approvalCode)) {
    // the payment operation was successful
  } else {
    // deal with partial successes
  }
}).catch(function(err) {
  // Step #13: an error occured
});
  </pre>

  </section>

  <section>
    <h3>ISO20022/SEPA Credit Transfer</h3>
  <p>
The diagram below show a SEPA Credit Transfer being executed.
  </p>

  <img width="100%" src="http://www.plantuml.com/plantuml/proxy?fmt=svg&src=https://raw.githubusercontent.com/w3c/webpayments/gh-pages/PaymentFlows/CreditTransfer/WebInitiatedSEPACreditTransfer-Current.pml" />

  <pre id="flows-sepa-credit-transfer" class="example highlight" title="Implementation of SEPA Credit Transfer using Browser Payments API">
// Step #1 has already happened at this point
// Step #2: Press Pay (on the PSP website)
//   - generate the payment request
var req = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'SepaCreditTransfer',
    paymentAmount: {
      amount: '4.35',
      currency: 'EUR'
    }
  }
};
var payment = navigator.payment.request(req);

// once this is called, Steps #3-#12 are executed by the payment app
payment.then(function(acknowledgement) {
  // Step #13: Payment Notification (initiated)
  if(acknowledgement.status === 'initiated') {
    // the SEPA payment initiation operation was successful
  } else {
    // deal with partial successes
  }
}).catch(function(err) {
  // Step #13: an error occured
});
  </pre>

  </section>

  <section>
    <h3>Crypto-currency Payment</h3>
  <p>
The diagram below outlines a cryptographic currency payment where the
cryptocurrency application is available on the same system as the user
agent.
  </p>

  <img width="100%" src="http://www.plantuml.com/plantuml/proxy?fmt=svg&src=https://raw.githubusercontent.com/w3c/webpayments/gh-pages/PaymentFlows/Bitcoin/Basic-Bitcoin-Transfer.pml" />

  <pre id="flows-basic-bitcoin" class="example highlight" title="Implementation of basic Bitcoin payment using Browser Payments API">
// Step #1 has already happened at this point
// Step #2: Bitcoin address and requested amount
//   - generate the payment request
var req = {
  type: 'PaymentRequest',
  description: 'Payment to ExampleMerch for widgets',
  acceptablePayment: {
    paymentMethod: 'Bitcoin',
    paymentAddress: 'bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W',
    paymentAmount: {
      amount: '0.00435',
      currency: 'https://bitcoinfoundation.org/currencies#btc'
    }
  }
};
var payment = navigator.payment.request(req);

// once this is called, Steps #3-#4 are executed by the payment app
payment.then(function(acknowledgement) {
  // Step #5: Notify Payee that transaction has been submitted
  if(acknowledgement.txid) {
    // wait for number of transactions to be verified
  } else {
    // deal with partial success
  }
}).catch(function(err) {
  // Step #13: an error occured
});
  </pre>

  </section>

</section>

<section class="appendix informative">
  <h2>Acknowledgements</h2>

  <p>
The editor would like to thank the Web Payments Community Group, the
Web Payments Interest Group, Andreas Gal, Fernando Jiménez, Mike Hanson,
and Kumar McMillan for their work on the MozPay API.
  </p>

  <p>
Thanks to the following individuals, in order of their first name, for
their input on the specification: ...
  </p>

</section>

<script src='jquery-2.1.3.min.js' class='remove'></script>
<script src='coffee-script.js' class='remove'></script>
<script src='jumly.min.js' class='remove'></script>

</body>
</html>