summaryrefslogtreecommitdiff
path: root/integration-merchant.rst
blob: ecc3ab8187a39884988d0b4aa8edbb14ea096c65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
==================================
Interaction with merchant websites
==================================

-------------
Purchase Flow
-------------

The purchase flow consists of the following steps:

1. UA visits merchant's checkout page
2. The merchant's checkout page notifies the wallet
   of the contract (``taler-deliver-contract``).
3. The user reviews the contract inside the wallet
4. The wallet directs the UA to the payment execution page
5. The execution page must send the event ``taler-execute-payment`` with
   the contract hash of the payment to be executed.
6. The wallet executes the payment in the domain context of the
   execution page and emits the ``taler-payment-result`` event
   on the execution page.
7. The execution page reacts to the payment result (which
   is either successful or unsuccessful) by showing
   an appropriate response to the user.

----------------
Event Reference
----------------

.. topic:: ``taler-deliver-contract``

  The event takes an :ref:`offer <offer>` as event detail.

.. topic:: ``taler-execute-payment``

  The event takes `H_contract` of a :ref:`Contract <tsref-type-Contract>` as event detail.

.. topic:: ``taler-payment-result``

  The event takes the following object as event detail:

  .. code-block:: tsref

    {
      // was the payment successful?
      success: boolean;

      // human-readable indication of what went wrong
      hint: string;
    }
   


----------------
Payment protocol
----------------

The events descripted below get triggered when the user confirms its
purchase on a checkout page, or when by visiting some merchant's resource
that needs a payment to be visualized.  We call this situation `IIG` (Interest
In some Good).  There are two kinds of URL that let a merchant know when
IIG occurs, they are

* offering URLs
* fulfillment URLs

Generally, offering URLs' purpose is to send Taler-type contracts to the user, whereas
fulfillment URLs can be used both by wallets to send coins for a payment or by users to
access a payed resource multiple times.  In other words, fulfillment URLs are bookmarkable
and shareable.  There is no hard separation between physical and virtual resources since
the receipt for a physical resource plays the same role of a 100% virtual resource like a
blog article.  In other words, when seeing a pay-per-view blog article on his screen, then
the user has payed for the article; on the other end, when seeing an electronic receipt of
a physical good on his screen, the user will receive it by mail.

IIG triggers different flows according to the user visiting an offering or a fulfillment
URL. For clarity, below are listed the steps taken when the user visits an offering URL.

1. The merchant sends the following object embedded in a `taler-confirm-contract` event

  .. code-block:: tsref

    {
      // Contract and cryptographic information
      contract_wrapper: {
        contract: :ref:`Contract <tsref-type-Contract>`;
        // base32 of the merchant's signature over this contract
        merchant_sig: string;
        // base32 of this contract's hashcode
        H_contract: string;      
      };

      // If true, the 'back-button' seen by the user when this contract is to be
      // payed will not point to this HTML, but to the previous one.
      replace_navigation: boolean
    }

2. The wallet's reaction is dual: it can either let the user pay for this contract, or
detect whether the user has already payed for this resource by looking at the `repurchase_corelation_id`
field in the contract.  In the first case, the wallet stores `H_contract` in its local database.
If there is a match, the wallet starts a IIG by visiting the fulfillment URL associated with the
already-made payment (see next section)

3. The payment is asked to the merchant by visiting the fulfillment URL (which inficated in the
Contract). Since the merchant keeps no state for any purchase, it needs relevant information
in the fulfillment URL in order to reconstruct the contract and send the payment to the backend.
This information is implicit in the mention of 'fulfillment URL'.

4. When a fulfillment URL is visited, the merchant reconstructs the contract and sends back to
the user the a `taler-execute-payment` event which embeds the following object

    .. code-block:: tsref

    {
      // base32 of the Contract's hashcode
      H_contract: string;

      // URL where to send deposit permission
      pay_url: string;

      // Used in the other IIG initiation (see next section)
      offering_url: string;
    }

5. The wallet sends the deposit permission to `pay_url`

6. If the payment is successful, then the merchant sets the state for the bought
item to `payed` and communicate the outcome to the wallet (see merchant API for
involved HTTP codes and JSONs)

7. Finally, the wallet can visit again the fulfillment URL and get the payed resource
thanks to the `payed` state