W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2016

Re: Updates to Payment Apps wiki page

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Tue, 10 May 2016 13:58:28 +0200
Message-ID: <CA+eFz_KXdvsVjcJNmE+PxQME5yCRjwPgbptTQwbirxpyK3okmA@mail.gmail.com>
To: Tommy Thorsen <tommyt@opera.com>
Cc: Ian Jacobs <ij@w3.org>, Payments WG <public-payments-wg@w3.org>

> What kind if gateways are these? Examples? (I'm asking because I'm
> genuinely curious and do not have a lot of knowledge in this area).
In my experience the majority of payment gateways use a redirect or some
web API that the merchant POSTs a request to.

Many are now offering JavaScript APIs too as a response to the likes of
Stripe but note they all still offer HTTP APIs (often called REST APIs but
let's not get into a debate about what is or isn't REST :) ).

If I search for "<gateway> api" the first page I get is usually developer
docs for an HTTP API.

   - https://developer.paypal.com/docs/api/
   - https://stripe.com/docs/api
   - https://developer.visa.com/products/visa_checkout/reference

> I'm not super fond of the argument that we should limit ourselves so that
> some implementors will not have to learn anything new. I think we should
> strive to create the best payment specification we can, and in that
> process, use the technology that fits best.

That is not the crux of my argument. In fact my argument is the contrary,
If we limit our scope we are forced to make design decisions that only
cater to the PSPs that do have JavaScript APIs and force the rest to
implement something they may have no experience with.

That is a difficult thing to do. Consider how long it took many of the
biggest gateways to bring out a JavaScript SDK to compliment their existing
HTTP APIs after Stripe's phenomenal success with their JavaScript API. I
doubt that's was because they were simply disinterested, developing a new
JavaScript SDK is hard!

Most importantly, I believe that from a design perspective HTTP is the best
choice because it is a protocol not a language. If we standardize on a
language specific API then we limit ourselves to implementations in that
language. This is bad for interoperability.

If we design an API that standardizes around a protocol we allow
interoperability across process and network boundaries without forcing
implementers to maintain any code in a specific language.

While I respect that JavaScript is the de-facto standard language for
client side web programming it is not the standard for the Web. Most
server-side software is written in other languages.

If we standardize on sending the request via HTTP we can offer options for
the response (including JavaScript) that cater for all of the different
possible payment app implementations.

> On the flip side to your argument, a lot of payment providers already have
> javascript SDKs (like PayPal, Mastercard or Visa). Have a look here
> <https://people.opera.com/tommyt/pay.php> for a proof-of-concept
> web-based payment app I hacked together in an afternoon, which consists of
> just a few lines of javascript, wrapping the Visa Checkout payment system.
> For cases like this, the javascript approach makes it very easy to retrofit
> an existing payment solution.

This is true but only for the bigger PSPs. In the South African market for
example, I am only aware of 2 gateways, of the 10 or more in existence,
that have a JavaScript API.

For all of them, they have an HTTP API too.

> -Tommy
> </snip>
Received on Tuesday, 10 May 2016 11:58:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 10 May 2016 11:58:57 UTC