taler-docs

096-partial-payments.rst (14164B)

---

 DD 96: Partial Payments
 #######################
 
 Summary
 =======
 
 This document proposes support for orders where only part of the total amount
 is paid with Taler and the remaining amount is paid with other payment
 methods, such as cash, card, vouchers or others.
 
 The protocol change must be additive. The existing :ts:type:`Amount` field of
 an order or choice continues to represent the amount paid with Taler. A new
 optional ``amount_external`` field carries externally handled payment amounts
 and the reconciliation metadata needed by POS applications and merchant
 back-office users.
 
 Motivation
 ==========
 
 In person purchases might involve mixed payments. A customer may pay part of
 an order in cash and the rest with Taler, or a cashier may need to combine
 Taler with a card terminal, voucher system or other local payment method.
 Today, the merchant backend and wallet assume that the amount in the contract
 is the amount the wallet pays with Taler. This model cannot represent a
 single receipt and order that is settled by multiple methods.
 
 The goal is not to make the merchant backend process card or cash payments.
 The goal is to let the merchant backend, wallet core and POS applications agree
 on the order total, the Taler portion and the non-Taler portions that must have
 already been completed outside of Taler.
 
 Requirements
 ============
 
 * Orders and choices must be able to express mixed payment amounts.
 * The existing plain :ts:type:`Amount` form must remain valid for backwards
   compatibility.
 * The type and meaning of existing ``amount`` fields must not change.
 * The existing ``amount`` field remains the amount paid with Taler.
 * The optional external payment field must not include Taler entries.
 * The total order amount is the sum of the existing ``amount`` field and all
   entries in ``amount_external``.
 * The wallet must only pay the existing ``amount`` field.
 * The POS or other accommodating application must execute all non-Taler
   payments before the Taler payment.
 * The Taler payment is always the last payment step.
 * If the Taler payment fails after other payments succeeded, the POS must
   either modify the order and retry the Taler step or refund the already
   completed non-Taler payments.
 * The merchant backend must preserve enough information for receipts,
   reporting and order inspection to show how the total was split.
 * Per-method payment information must be stored in a flat structure that the
   merchant portal can render as a generic table.
 * The design must not require the wallet to validate that cash, card or other
   non-Taler payments actually happened.
 
 Proposed Solution
 =================
 
 Additive Payment Field
 ----------------------
 
 Keep all existing :ts:type:`Amount` fields unchanged. In particular,
 :ts:type:`OrderV0`.``amount``, :ts:type:`OrderChoice`.``amount`,
 :ts:type:`ContractTermsV0`.``amount`` and
 :ts:type:`ContractChoice`.``amount`` remain plain :ts:type:`Amount` values and
 represent the amount the wallet pays with Taler.
 
 Add a new optional ``amount_external`` field next to these existing ``amount``
 fields:
 
 .. ts:def:: ExternalPaymentInfo
 
   interface ExternalPaymentInfo {
     // External payment method, for example "cash" or "card".
     // Must never be "taler".
     method: string;
 
     // Identifier of the payment action within the order.
     // Examples: "cash1", "sumup1", "sumup2".
     id: string;
 
     // Amount covered by this payment action.
     // Must always be present
     amount: Amount;
 
     // Additional method-specific fields. These fields must be
     // stored only at this level.
     [field: string]: string | Amount | Integer | boolean | null;
   }
 
 .. ts:def:: PartialPaymentFields
 
   interface PartialPaymentFields {
     // Payments handled outside of Taler.
     amount_external?: ExternalPaymentInfo[];
   }
 
 The proposed extension applies to the amount-bearing order and contract
 objects:
 
 ::
 
   type OrderV0 = ExistingOrderV0 & PartialPaymentFields;
   type OrderChoice = ExistingOrderChoice & PartialPaymentFields;
   type ContractTermsV0 = ExistingContractTermsV0 & PartialPaymentFields;
   type ContractChoice = ExistingContractChoice & PartialPaymentFields;
 
 If ``amount_external`` is absent, the order is a regular pure Taler order and
 the existing ``amount`` field is the total amount. If ``amount_external`` is
 present, the existing ``amount`` field remains the Taler amount. The full
 order or choice total is the sum of the existing ``amount`` field and all
 entries in ``amount_external``.
 
 For example, an order where the customer pays CHF 30 in cash and CHF 20 in
 Taler keeps ``amount`` as ``CHF:20`` and adds ``amount_external``:
 
 ::
 
   {
     "amount": "CHF:20",
     "amount_external": [
       {
         "method": "cash",
         "id": "cash1",
         "amount": "CHF:30",
         "cashier_number": "7"
       }
     ]
   }
 
 This is backwards compatible for old wallets because they continue to see a
 plain :ts:type:`Amount` in ``amount``. Such wallets may not render the full
 mixed-payment total, but they can still pay the Taler portion. Updated wallets
 should render both the full total and the selected Taler amount clearly.
 
 Payment Method Names
 --------------------
 
 The initial reserved method name is:
 
 * ``cash`` for cash accepted by the merchant or cashier
 
 Other names are allowed for integrations, but they should be stable ASCII
 identifiers.
 
 The name ``taler`` is reserved and must not be used in ``amount_external``.
 Taler is represented by the existing ``amount`` field.
 
 Payment Details
 ---------------
 
 For cash payments, additional fields may include the cashier name, cashier
 number, register identifier or similar local information. For card payments,
 additional fields may include the terminal identifier, acquirer reference,
 transaction ID or authorization code. Other systems may add the fields they
 need for reconciliation or audit.
 
 The additional fields must be stored only one level below the payment entry.
 Nested method-specific objects should not be used. This allows the merchant
 portal to render ``amount_external`` as a simple table without knowing a custom
 rendering format for each payment method.
 
 Payment Flow
 ------------
 
 The POS or integrating application is responsible for orchestrating mixed
 payments:
 
 1. Create or update the order with ``amount_external`` that reflects the
    intended externally handled payment amount.
 2. Run all non-Taler payment steps, such as cash handling or card terminal
    authorization.
 3. Start the Taler payment as the final step.
 4. Complete the sale only after the merchant backend confirms the Taler
    payment, unless the ``taler`` amount is zero.
 
 The wallet receives the contract terms and computes the payable Taler amount
 from the existing ``amount`` field. It may use ``amount_external`` to render
 the full total so that the customer understands why the Taler amount is lower
 than the order total.
 
 Failure Handling
 ----------------
 
 Mixed payments introduce a failure mode where a non-Taler payment has already
 succeeded but the final Taler payment fails. The merchant backend cannot
 automatically repair this state because it does not control the external
 payment method.
 
 The POS or integrating application must therefore choose one of these recovery
 paths:
 
 * modify the order payment split and retry the Taler payment;
 * cancel the order and refund or void the completed non-Taler payments;
 * proceed with different payment method, and make Taler part lower or zero.
 
 Receipt Handling
 ----------------
 
 For normal wallet flows, the customer can access the Taler receipt after the
 wallet payment. In POS deployments this may not be enough. Some jurisdictions
 require a printed or otherwise directly provided receipt, and in a mixed
 payment flow the customer may not receive a Taler receipt if the POS
 application performs self-pickup or the Taler amount is zero.
 
 POS applications and other accommodating applications must therefore support a
 mode where they retrieve the receipt themselves from the merchant backend and
 provide it to the customer through the locally required channel, such as a
 printer, terminal display, e-mail or another regulated receipt mechanism.
 
 Reporting
 ---------
 
 The merchant backend should store ``amount_external`` as part of the contract
 terms and expose it through order status and history APIs. Existing reporting
 that expects a single amount should continue to show the Taler amount from the
 existing ``amount`` field. Detailed views should show the externally handled
 amounts and the full order total.
 
 The merchant portal should render ``amount_external`` as a table. Common
 columns are ``method``, ``id`` and ``amount``. Additional columns can be
 derived from the union of the flat method-specific fields present in the
 payment entries. The merchant portal should not need method-specific
 rendering logic to show this information.
 
 Refunds
 -------
 
 Taler refunds can only refund the amount actually paid with Taler. Refunds for
 cash, card or other methods remain the responsibility of the POS or external
 payment integration. When an order has a split amount, APIs and UIs should
 avoid wording that implies the merchant backend can refund the whole order
 through Taler.
 
 Test Plan
 =========
 
 * Merchant backend tests for accepting existing plain :ts:type:`Amount` fields
   unchanged.
 * Merchant backend tests accepting optional ``amount_external`` in v0 orders
   and v1 choices.
 * Merchant backend tests rejecting ``amount_external`` with ``taler`` entries,
   mixed currencies or invalid method names.
 * Merchant backend tests preserving ``amount_external`` entries with flat
   method-specific fields.
 * Wallet core tests for paying the existing ``amount`` field and rendering the
   full total from ``amount_external`` when present.
 * POS integration tests for a successful cash/card-first and Taler-last flow.
 * POS integration tests for Taler failure after a non-Taler payment succeeded.
 
 Definition of Done
 ==================
 
 * Merchant backend supports the new additive ``amount_external`` field for
   order creation, contract terms, order status and history.
 * Merchant backend keeps all existing ``amount`` fields as plain
   :ts:type:`Amount` values.
 * Merchant backend validates that ``amount_external`` has no ``taler`` entries
   and that all entries use the same currency as ``amount``.
 * Merchant backend preserves per-method payment details in ``amount_external``.
 * Wallet core pays the existing ``amount`` field and does not require
   ``amount_external`` to complete the Taler payment.
 * Wallet UIs can display the total and the selected Taler amount clearly.
 * POS and other accommodating applications support the required orchestration:
   non-Taler payments first, Taler payment last.
 * Merchant portal renders ``amount_external`` as a generic table without
   method-specific renderers.
 * Documentation explains that non-Taler refunds and failure recovery are owned
   by the integrating application.
 
 Alternatives
 ============
 
 Change the Amount Field Type
 ----------------------------
 
 The initial proposal changed the existing ``amount`` fields from
 :ts:type:`Amount` to ``Amount | AmountObject``. This was rejected because it
 would be a destructive protocol change: every component that currently parses
 ``amount`` as a string would have to handle a new object shape. Keeping
 ``amount`` unchanged and adding ``amount_external`` preserves backwards
 compatibility.
 
 Store Payment Details in Extra
 ------------------------------
 
 Another initial proposal stored the payment split under ``extra.payments``.
 This was rejected because ``extra`` is intended for proprietary
 merchant-specific information. Official protocol fields should be explicit
 top-level fields, not hidden under the merchant extension area.
 
 Create Separate Orders
 ----------------------
 
 The POS could create one Taler order only for the Taler amount and track cash
 or card payments in its own system. This avoids changing the contract amount
 type, but it loses the single-order receipt and reporting model. It also makes
 customer-facing order totals harder to verify. As well it looses the backup
 and synchronisation between device possibilities.
 
 Let Taler Run Before Other Methods
 ----------------------------------
 
 Running Taler before cash or card would make the Taler part successful while
 the external payment can still fail. That leaves the merchant with a paid
 Taler contract for an order that may not be otherwise settled. Requiring Taler
 to be last gives the POS a clearer recovery path because external payments can
 still be voided, refunded or used to recompute the remaining Taler amount. As
 well it can create problems when refund deadline for Taler option was set as 0
 and other method of payment failed.
 
 Drawbacks
 =========
 
 * POS implementations must handle partial failure and external refunds
   carefully.
 * Old wallets may only render the Taler amount and not the full mixed-payment
   total until they learn the new ``amount_external`` field.
 * Reporting and refund UIs must distinguish total order amount from Taler-paid
   amount.
 
 Open Questions
 ==============
 
 * Should money pots store full totals, per-method totals, or both? Should
   merchant backend auto create new pots per each new payment method found in
   order?
 * Should payment method names be centrally registered, or is validation of
   stable ASCII identifiers sufficient?
 * Should there be a dedicated status for orders where non-Taler payments
   succeeded but the final Taler payment failed? or we can just delete them?
 * Should the merchant backend expose explicit receipt self-pickup endpoints for
   POS devices, or are existing private order status APIs sufficient?
 
 Discussion / Q&A
 ================
 
 * Feedback from Florian Dold: ``extra`` must remain reserved for proprietary
   merchant fields and must not carry official protocol data. Protocol changes
   should be additive, so the existing ``amount`` field should not change type.
   The design was updated accordingly: the existing ``amount`` remains the
   Taler amount, while a new additive ``amount_external`` field carries the
   externally handled amounts and reconciliation metadata.