Confirmed users
1,340
edits
WebAPI/Direct Billing: Difference between revisions
no edit summary
No edit summary |
|||
| (7 intermediate revisions by one other user not shown) | |||
| Line 10: | Line 10: | ||
This is a '''draft''' of a proposal. Nothing has been implemented yet. | This is a '''draft''' of a proposal. Nothing has been implemented yet. | ||
'''NOTE''': also see the [https://wiki.mozilla.org/WebAPI/MobileIdentity Mobile Identity API] and [https://bugzilla.mozilla.org/show_bug.cgi?id=988469 MSISDN Verification API]. | |||
== High Level Use Case == | == High Level Use Case == | ||
| Line 21: | Line 23: | ||
== Access Control == | == Access Control == | ||
Because there are too many sensitive APIs in here, only trusted web content can access this API. Access will be whitelisted by domain. No other web content will have access to this API. | Because there are too many sensitive APIs in here, only trusted web content can access this API. Access will be whitelisted by domain. No other web content will have access to this API. '''TBD''': do we need to require a new window for that to work? | ||
When thinking of a way to allow open access to these APIs, these are some problems we ran into: | When thinking of a way to allow open access to these APIs, these are some problems we ran into: | ||
| Line 29: | Line 31: | ||
* iccIDs can be used for fingerprinting | * iccIDs can be used for fingerprinting | ||
* It may not be possible to prompt the user to grant access in a meaningful way | * It may not be possible to prompt the user to grant access in a meaningful way | ||
* Standard app permissions do not apply because payments is a service offered to the users | * Standard app permissions do not apply because payments is a service offered to the users of apps. The app itself is not the one that needs permission. | ||
== API == | == API == | ||
| Line 38: | Line 40: | ||
* Send an [http://en.wikipedia.org/wiki/Short_Message_Service MO (mobile originated) SMS] without storing it on the device's SMS database or requesting delivery status. | * Send an [http://en.wikipedia.org/wiki/Short_Message_Service MO (mobile originated) SMS] without storing it on the device's SMS database or requesting delivery status. | ||
* The SMS will not show any notifications and will not appear in any SMS application consuming the [https://wiki.mozilla.org/WebAPI/WebSMS WebSMS API]. | * The SMS will not show any notifications and will not appear in any SMS application consuming the [https://wiki.mozilla.org/WebAPI/WebSMS WebSMS API]. | ||
* The number must be a short code that does not charge the user. | |||
*/ | */ | ||
DOMRequest sendSilentSms(in DOMString number, in DOMString message); | DOMRequest sendSilentSms(in DOMString number, in DOMString message); | ||
| Line 43: | Line 46: | ||
/** | /** | ||
* Intercept any incoming MT (mobile terminated) SMS sent from the given number. | * Intercept any incoming MT (mobile terminated) SMS sent from the given number. | ||
* The number must be a short code that does not charge the user. | |||
*/ | */ | ||
void observeSilentSms(in DOMString number, in jsval callback); | void observeSilentSms(in DOMString number, in jsval callback); | ||
| Line 90: | Line 94: | ||
In order to show the user a correct price for their region, the payment provider can use the '''mcc''' and '''mnc''' codes. These codes can also be used to enable/disable specific regions when payments are not supported or still in development. | In order to show the user a correct price for their region, the payment provider can use the '''mcc''' and '''mnc''' codes. These codes can also be used to enable/disable specific regions when payments are not supported or still in development. | ||
[[Category:Web APIs]] | |||