This specification defines payment method identifiers and how they are validated, and, where applicable, minted and formally registered with the W3C. Other specifications (e.g., Payment Request) make use of these identifiers to facilitate monetary transactions on the web platform.

Please file any issues with this specification in the payment method identifiers repository on GitHub.

Payment method identifiers

A payment method identifier is either a:

Validity

The steps to validate a payment method identifier with a pmi string are given by the following algorithm. It returns either true or false.

  1. Let url be the result of running the basic URL parser with pmi.
  2. If url is failure, validate a standardized payment method identifier with pmi and return the result.
  3. Otherwise, validate a URL-based payment method identifier passing url and return the result.

URL-based payment method identifiers

A URL-based payment method identifier is a URL that is valid as per the steps to validate a URL-based payment method identifier.

Developers wanting to use a URL-based payment method identifier for a third party payment handler are encouraged to read the Payment Method Best Practice document.

Validation

The steps to validate a URL-based payment method identifier are given by the following algorithm. The algorithm takes a url URL as input and returns true if the URL is valid:

  1. If url's scheme is not "https", return false.
  2. If url's username or password is not the empty string, return false.
  3. Otherwise, return true. 
          const good = [
            {
              supportedMethods: "https://example.com/pay",
            },
            {
              supportedMethods: "https://example.com/pay?version=1",
            },
            {
              supportedMethods: "https://example.com/pay/version/1",
            },
          ];

          const bad = [
            {
              // ❌ Uses http://, a username, and a password.
              supportedMethods: "http://username:password@example.com/pay",
            },
            {
              // ❌ Uses unknown URI scheme.
              supportedMethods: "unknown://example.com/pay",
            },
          ];

Comparison

User agents MUST perform comparisons of URL-based payment method identifiers using equals. [[!URL]]

Standardized payment method identifiers

A standardized payment method identifier is a string that represents a standardized payment method.

User agents MAY support zero or more standardized payment method identifiers listed in section .

Validity

The steps to validate a standardized payment method identifier are given by the following algorithm. The algorithm takes a string as input and returns true if the identifier is valid:

  1. Return true if string contains only [[!UNICODE]] code points:
    1. In the range U+0061-U+007A ("Latin Small Letter A" to "Latin Small Letter Z")
    2. In the range U+0030-U+0039 ("Digit Zero" to "Digit Nine").
    3. Zero or more U+002D HYPHEN-MINUS (-).
  2. Otherwise, return false.

When minting a new standardized payment method identifier for the purpose of standardization, be sure that it conforms to the following regular expression: [a-z0-9-]+.

When used in an API, the following method identifiers are all ignored by the user agent. Some user agents might inform developers that identifiers are invalid to help them fix issues. 

            const good = [
              {
                supportedMethods: "basic-card",
              },
            ];

            const bad = [
              {
                // ❌ Contains Unicode character outside the valid ranges.
                supportedMethods: "💳-card",
              },
              {
                // ❌ Contains uppercase characters.
                supportedMethods: "Basic-Card",
              },
              {
                // ❌ Contains Unicode characters outside the valid ranges.
                supportedMethods: "¡basic-*-card!",
              },
            ];

Comparison

For standardized payment method identifiers, user agents MUST compare strings in a case-sensitive manner (code point for code point).

Registry of standardized payment methods

A standardized payment method is a payment method that has undergone standardization at the W3C, and is listed in this registry.

The Working Group has minted the following standardized payment method identifiers:

"basic-card"
The Basic Card Payment specification.

Privacy and security consideration

There are no known privacy or security concerns to be taken into considerations at this time.