Apps/ID and Payments: Difference between revisions
< Apps
Jump to navigation
Jump to search
| Line 75: | Line 75: | ||
=== Payments Data Flow Diagram === | === Payments Data Flow Diagram === | ||
[[Image: | [[Image:PaymentsDFDLevel0_1.jpg]] | ||
=== Payments Data Types === | === Payments Data Types === | ||
Revision as of 20:44, 29 January 2013
Project Management
UX
- UX High Level Flows - Work in progress
- UX Detail Specs - Work in progress
- Trusted UI Specs - Work in progress
Payment WebAPI
- navigator.mozPay() API
- WebPaymentProvider spec - hosted buy flow for navigator.mozPay()
- Mozilla's WebPay implementation
Bugs
mozPay Web API
Tracking bug: bug 794530
Bugzilla query error
Invalid type (count) and display (table) combination1
Identity DOM
Tracking Bug: bug 794552
Bugzilla query error
Invalid type (count) and display (table) combination1
Trustworthy UI
Tracking bug: bug 801561
Bugzilla query error
Invalid type (count) and display (table) combination1
Marketplace Payments
Tracking bug: bug 775802
Testing
Sequence Flow
Identity Flow
MobileID device detection flow
The SMS MO-based MobileID flow illustrates how Bango will identify devices for carrier billing on the Telefonica network.
(MO means mobile-originated and MT means mobile-terminated)
Payment Flow
Data Flow Diagrams
Payments Data Flow Diagram
Payments Data Types
| Sender | Recipient | Data | Definition |
|---|---|---|---|
| Solitude | 3rd Party App / Marketplace | Payment Status JWT | JSON Web Token including product / price and a transaction ID for the payment. This is a base64 encoded JSON object that is signed with a shared secret key. |
| Solitude | 3rd Party App / Marketplace | Refund Status JWT | JSON Web Token including product / price, a transaction ID for the payment and reason for refund. This is a base64 encoded JSON object that is signed with a shared secret key. |
| Client | 3rd Party App / Marketplace | Payment JWT | JSON Web Token with product / price info for the payment. This is a base64 encoded JSON object that is signed with a shared secret key. |
| Client | Solitude | Assertion, PIN, JWT | The client passes the Identity assertion and JWT through to Solitude. The client posts the PIN to Solitude for verification / encrypted storage, etc. |
| Solitude | Mozilla IdP | Identity assertion | Solitude receives an identity assertion from the client and posts it to Persona for verification. |
| Mozilla IdP | Solitude | Identity email | If the assertion is valid, Persona posts the user's email to Solitude. |
| Mozilla IdP | Client | Identity assertion | Persona returns an identity assertion to the client via JavaScript. This is posted to the Solitude server for verification. |
| Solitude | Client | Start Payment URL | Solitude redirects the client to a URL that can be used to start a payment on the processor. This URL may contain a token or signature that the processor can verify. |
| Client | Payment Processor | Start payment request with network headers / cookie | When a client is redirected to the payment processor it makes a request to the processor's pay flow page. This may include network headers that the processor can use to identify the carrier network and the device. This is used to facilitate putting charges directly on a customer's carrier bill. An ID may be sent subsequently as a cookie. |
| Payment Processor | Carrier | Request for device ID | The payment processor will send some part of the network headers it received from the client to the carrier to retrieve enough information about the device to put charges on the customer's carrier bill. |
| Carrier | Payment Processor | Device ID | The carrier sends some kind of device and / or customer ID to the payment processor to facilitate putting charges on the customer's carrier bill. |
| Payment Processor | Solitude | Payment status / refund status | The payment processor posts payment status (indication of a successful / unsuccessful payment) or refund status to the Solitude server. This includes customer IDs, carrier info, region info, security tokens, and marketplace specific IDs to reconcile the transaction. |
| Solitude | Payment Processor | Refund request | Solitude will post a transaction ID to the payment processor API to initiate a refund on behalf of the user. |
Developer Registration Data Flow Diagram
Developer Registration Data Types
| Sender | Recipient | Conduit | Data | Definition |
|---|---|---|---|---|
| Developer | Marketplace Developer Hub | website form | Contact details | Name, email (administrative, support, financial), phone |
| Developer | Marketplace Developer Hub | website form | Company details | Company name and vendor name (if different) |
| Developer | Marketplace Developer Hub | website form | Billing details | VAT number (if applicable), billing address / city / zip / country |
| Developer | Marketplace Developer Hub | website form | Bank account details | Bank account payee name, bank account number, bank account code (swift / sort / fedwire / CHAPS code), bank IBAN (optional), bank name, bank address |
| Marketplace Developer Hub | Solitude API | create_package() | All developer registration info | The data listed above is collected in a web form and submitted to the Solitude API from the web server. |
| Marketplace Developer Hub | Solitude API | create_product() | Developer app info | This is what the developer is selling. Data passed includes app name, description, price tier ID. |
| Solitude API | Bango's Mozilla Exporter API | CreatePackage() | Developer registration info | A package relates to a developer. The data passed includes all personal info and company name info that was collected in the web form. See CreatePackage() in the Mozilla Exporter API docs for details. |
| Solitude API | Bango's Mozilla Exporter API | CreateBankdetails() | Developer bank details | After creating a package, this API call adds the bank account details that were collected in the web form. See CreateBankDetails() in the Mozilla Exporter API docs for details. |
| Solitude API | Bango's Mozilla Exporter API | CreateBangoNumber() | Developer's app name, price, etc | After creating a package, this API call creates a Bango Number that can be sold by Mozilla. A Number corresponds to an open web app that the developer is selling via the Marketplace and ultimately through Bango. See CreateBangoNumber() in the Mozilla Exporter API docs for details. |
| Solitude API | Bango's Mozilla Exporter API | MakePremiumPerAccess() | Bango Number | After creating a Bango Number, this API call simply makes the product for sale. Otherwise it would be free. See MakePremiumPerAccess() in the Mozilla Exporter API docs for details. |
| Bango's Mozilla Exporter API | Solitude API | returned from CreatePackage() | Package ID | Unique identifier for a Bango package. |
| Bango's Mozilla Exporter API | Solitude API | returned from CreatePackage() | Person ID | Unique identifier for the developer person who was registered Bango package. |
| Marketplace Developer Hub | Marketplace Database | submitted through web form | Obfuscated Bank ID | In order for the developer to return to the Marketplace devhub and know which bank account he/she signed up with, the Marketplace needs to store an obfuscated identifier. This will most likely be an encrypted partial bank account number such as the last four digits. |
Bango API
Currently Mozilla uses Bango to enable mobile payments. They have several public APIs but they have also customized some APIs for what Mozilla needs to do. Here is some info on those custom APIs. See bug 797125 for some proofs that were done to use the custom APIs.
Custom Mozilla APIs
Mozilla Exporter API
This API is for registering developers to begin selling apps or accepting in-app payments. The API can be used to create packages (which are linked to a single developer) and products for sale which are called Numbers.
Billing Configuration API
After creating a Number (e.g. an app to sell) Mozilla uses the Billing Configuration API to create a one time token that can initiate a payment.