1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
..
This file is part of GNU TALER.
Copyright (C) 2021 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2.1, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
@author Thien-Thi Nguyen
Merchant/Customer Interaction Guide
###################################
The audience for the Mechant/Customer Interaction Guide is the merchant
who wishes to set up a "web shop" that works with the Taler payment system.
Introduction
============
.. include:: frags/taler-payment-cycle.rst
This guide focuses on step 4, the interaction between the customer and the
merchant. In particular, we first review two basic interaction flows
(with and without shopping cart), then describe Taler features involved in the
interaction, the decisions you (the merchant) must make, and
how to configure the Taler merchant backend to best support those decisions.
Lastly, we present protocol *traces* for various fictitious interaction flows.
Two Basic Flows
===============
.. index:: shopping cart experience
.. index:: individual product selection / purchase experience
.. index:: inventory management
.. index:: repurchase detection / prevention
There are two basic payment flows, the first involving a shopping cart,
and the second, without (individual product selection / purchase).
We distinguish these because for some purchases, a shopping cart is overkill.
In either case, Taler can integrate
with your *inventory management* system.
Additionally, Taler offers *repurchase detection / prevention*,
most suitable for digital goods.
In the shopping cart experience, you first offer a product on the website.
The customer adds the product to their shopping cart, at which point you may
optionally *lock* the product in the inventory system for a certain period of
time.
The accumulated set of products in the shopping cart is the *order*.
This process repeats until the customer is ready to move to the
*checkout* phase.
At checkout, you may optionally support different payment methods (and make
this choice available to the customer) for the order.
This guide assumes you and the customer agree to use the Taler payment system.
At this point, you generate a *contract* and present it to the customer for
authorization.
The contract includes:
- some kind of identification for the selected product(s);
- an itemized price list;
- applicable taxes and fees;
- (optional) information on how you deal with *forgettable customer details*;
- (optional) the duration of the lock on the product(s);
- (optional) a *claim token* that the customer can use later;
- (optional) information on the *refund deadline*;
- (optional) information on the the *auto-refund period* (how long does
the wallet check for refunds without user prompting for it);
- the total amount due;
- the *duration* of the offer
(how long the customer has to authorize before timeout).
If the customer does nothing (timeout / the contract expires),
you *unlock* the product(s) and end the transaction.
On the other hand, if the customer authorizes the contract,
the customer's wallet transfers payment coins to you,
and you display to the customer the *fulfillment URI*.
The individual product selection / purchase experience is like the shopping
cart experience with the following exceptions:
- there is no shopping cart -- the order is solely the selected product;
- Taler payment method is assumed;
- customer selection moves directly to checkout;
- there is *repurchase detection / prevention* (for digital products).
Taler Details
=============
This section describes aspects of Taler involved
in the basic payment flows in more detail.
Each aspect also includes a backend API call that you can use
in the next section.
**product locking**
Taler can integrate with your inventory system to set aside
a certain quantity of a product for some duration of time.
This is called *product locking*.
This is useful for physical goods, or for goods that have a limited supply,
such as airline tickets.
Even for digital goods, product locking may be useful to effect exclusivity.
To lock a product, use:
:http:post:`[/instances/$INSTANCE]/private/products/$PRODUCT_ID/lock`,
specifying a ``duration`` and a ``quantity``.
If the customer removes a product from the shopping cart, you can *unlock*
the product by using the same API call, specifying a ``quantity`` of 0 (zero).
(Products are also unlocked automatically on timeout / contract expiration.)
**taxes**
The default taxes for each product is part of the product ``price``
maintained by the backend.
This is set when the product is added to the inventory,
prior to any customer purchase experience
(see :http:post:`[/instances/$INSTANCE]/private/products`,
:http:get:`[/instnaces/$INSTANCE]/private/products`,
and :http:get:`[/instances/$INSTANCE]/private/products/$PRODUCT_ID`).
FIXME: Front-end override?
**fees**
The Taler protocol charges a *deposit fee* (see step 5, above),
which you may choose to pay or to pass on to the customer.
This can be configured to a maximum amount, per customer.
You can set ``default_max_deposit_fee`` in :http:post:`/private/instances`,
and ``max_fee`` in the contract.
There is also the *wire fee* (see step 6, above),
which you may choose to pay or to pass on to the customer.
You can set ``default_max_wire_fee`` in :http:post:`/private/instances`,
and ``max_wire_fee`` in the contract.
If unspecified, the default value is zero (meaning you bear the entire fee).
You can *amortize* the wire fee across a number of customers
by setting ``default_wire_fee_amortization`` in :http:post:`/private/instances`,
and ``wire_fee_amortization`` in the contract.
This is the number of customer transactions over which you expect to
amortize wire fees on average.
If unspecified, the default value is one.
.. Note:: :http:post:`/private/instances` must be done at
instance-setup time (prior to any purchase).
**forgettable customer details**
Although Taler allows the customer to remain anonymous, you may need to
collect customer details (e.g. for shipping).
Taler has support for forgetting these details, to comply with GDPR
(for example).
This can occur even in the face of refunds (see below).
To forget a set of details, first the details that are to be forgotten
must be marked (FIXME: How?, When?).
Then, you can use:
:http:patch:`[/instances/$INSTANCE]/private/orders/$ORDER_ID/forget`
to forget those details.
**claim token**
The claim token is a sort of handle on the order and its payment.
With it, the customer can access the fulfillment URI from a different
device than the one where the wallet is installed.
By default, Taler creates a claim token for each order.
To disable this, you can specify ``create_token`` to be ``False``
in :http:post:`[/instances/$INSTANCE]/private/orders`.
**refund deadline**
The refund deadline specifies the time after which you will prohibit
refunds.
Refunds may be full or partial.
Refunds do not require customer details.
You can configure the deadline to expire immediately to effect
an "all sales are final" policy.
To set the deadline, specify ``refund_delay``
in :http:post:`[/instances/$INSTANCE]/private/orders`.
To disable refunds altogether, omit this field.
**auto-refund period**
The Taler protocol can automatically offer refunds to the customer's
wallet without their explicit prompting during the auto-refund period.
FIXME: When is this useful?
FIXME: Is this the same as the refund deadline?
FIXME: API call?
**repurchase detection / prevention**
Taler can detect a repurchase attempt and prevent it from going through.
This feature allows customers to purchase a digital good only once,
but to later access the same digital good repeatedly (e.g. reload
in browser, after network trouble, etc.) without having to pay again.
This feature is automatic in the protocol;
you do not need to do anything to enable it.
**fulfillment URI**
This may be the actual product (digital goods),
or a tracking URL (physical goods).
If you issue a claim token with the contract, the customer can
access the fulfillment URI from a different device than the
one where the wallet is installed.
The fulfillment URI is normally included in the contract.
You specify it in :http:post:`[/instances/$INSTANCE]/private/orders`.
Sample Interaction Traces
=========================
In the following descriptions, ``C`` stands for *customer*, ``W`` stands for
*customer's wallet*, ``M`` stands for *merchant* (you), and ``E`` stands for
*exchange*.
Unless otherwise noted, all API calls are directed toward the Taler backend.
Also, all the traces share the initial pre-sales configuration step.
Pre-Sales Configuration
-----------------------
In the pre-sales configuration step, you set up the *default instance*,
and add products to the inventory.
M: :http:post:`/private/instances`
.. code-block:: json
// InstanceConfigurationMessage
{
"payto_uris": ["payto://iban/CH9300762011623852957"],
"id": "default",
"name": "Pretty Pianos",
"auth":
// InstanceAuthConfigurationMessage
{
"method": "external",
"token": "secret-token:eighty-eight-keys"
},
"default_max_wire_fee": "KUDOS:5.0",
"default_wire_fee_amortization": 1,
"default_max_deposit_fee": "KUDOS:10.0",
"default_wire_transfer_delay": "2 days",
"default_pay_delay": "5 hours"
}
// (backend returns 204 No content)
// FIXME: What about InstanceAuthConfigurationMessage?
The fictitious store, Pretty Pianos, has only two products:
- pianos (physical good);
- *Beethoven Sonatas* (sheet music PDF files, digital good).
M: :http:post:`/instances/default/private/products`
.. code-block:: json
// ProductAddDetail
{
"product_id": "p001",
"description": "piano",
"unit": "unit", // FIXME: What is a better unit?
"price": "KUDOS:20000.0",
"taxes": [], // FIXME: What is a Tax object?
"total_stock": 3,
"next_restock": "2021-04-22"
}
// (backend returns 204 No content)
M: :http:post:`/instances/default/private/products`
.. code-block:: json
// ProductAddDetail
{
"product_id": "f001",
"description": "Beethoven Sonatas",
"unit": "file", // FIXME: What is a better unit?
"price": "KUDOS:9.87",
"taxes": [], // FIXME: What is a Tax object?
"next_restock": "0000-00-00"
}
// (backend returns 204 No content)
Scenarios
---------
TODO/FIXME: Add various scenarios (including JSON).
|
