Confirmed users
483
edits
WebAPI/WebPayment: Difference between revisions
no edit summary
(Created page with "= WebPayment API Specification (DRAFT)= == Goal == The goal of this API is to allow Open Web Apps to initiative a payment (or a refund) form the user for a virtual good. == Stat...") |
No edit summary |
||
| Line 60: | Line 60: | ||
A privileged developer registration API is exposed by BlueVia. | A privileged developer registration API is exposed by BlueVia. | ||
=== Application registration === | |||
'''In order to provide in-app billing functionality an application should be registered in BlueVia''' | |||
This is a similar case as developer registration. Open Web Apps that requires BlueVia in-app billing capabilities should be registered via Mozilla Marketplace (or potentialy other supported marketplace) and also automatically be registered in BlueVia. | |||
An Application Key and Application Secret (generated by BlueVia) should be assigned and provided to the application developer. The application developer can provide BlueVia (via Mozilla Marketplace app registration) with <code>postback</code> and <code>chargeback</code> URLs (this URLs should be editable via Mozilla Marketplace / BlueVia portal). | |||
The application secret will be used by the developer to sign the JWT included with the navigator.pay() function. The developer must save the application key and application secret securely in his app server. He must generate the signed JWT using server-side code. | |||
A privileged app registration/edition API is exposed by BlueVia. | |||
[[File:WebPaymentAppRegistrationFlow.png|600px|thumb|center|Application registration]] | |||
=== | === In-app payment === | ||
* The user installs a previously registered application via Mozilla Marketplace. | |||
* As his daily use the user decides to purchase a digital good offered by the application. | |||
* The app generates a payment request that contains all the information about the item being purchased: price, currency, name, description, and so on. The app signs the payment request with its app secret and encodes the whole thing as a [http://openid.net/specs/draft-jones-json-web-token-07.html JSON Web Token (JWT)]. The developer must generate the signed JWT using server-side code. <span style="color:#800000">The Mozilla Marketplace '''might''' expose a JWT generation tool based on the payment information provided by the developer and the supported payment methods that the developer should have previously set up. (TBD)</span>. In any case, there are several libraries (like [https://github.com/progrium/pyjwt PyJWT], [https://github.com/progrium/ruby-jwt ruby-jwt], [https://github.com/hokaccha/node-jwt-simple node-jwt-simple], [https://github.com/luciferous/jwt PHP luciferous/jwt], [http://code.google.com/p/jsontoken/ Java jsontoken] and [http://json.codeplex.com/ JSON.NET]) to help encoding and decoding JWT. | |||
Example of server-side JWT generation: | |||
<code> | |||
cakeToken = jwt.encode({ | |||
"iss" : sellerIdentifier, | |||
"typ" : "tu.com/payments/inapp/v1", | |||
"exp" : int(time.time() + 3600), | |||
"iat" : int(time.time()), | |||
"request" :{ | |||
"name" : "Piece of Cake", | |||
"description" : "Virtual chocolate cake to fill your virtual tummy", | |||
"price" : "10.50", | |||
"currencyCode" : "USD", | |||
"productData" => "my_product_id=1234&my_session_id=XYZ", | |||
“postbackURL” => “http://developersserver.com/postback”, | |||
“chargebackURL” => “http://developerserver.com/chargeback” | |||
} | |||
}, APP_SECRET) | |||
</code> | |||
Here is a detailed explanation of the in-app payment JWT: | |||
;iss: | |||