Thoughts about html5 payment API

[Boris van Schooten]

I am working on WebGL for Android/Ouya, and I wonder if it would be nice to have a universal html5 payment API. Since there's no such thing as a W3C or a de facto standard for it (unless I'm mistaken!), I figure I'm just going to create something myself. I want to keep it as simple as possible.

 

I want to start by creating a wrapper around the Ouya API. I also looked at Clay.io and Google Play.  I think I can distill a simple API from these three systems that covers the basic functionality.  Here's my first try (note, return values are Java style).

 

PaymentSystemID detectPaymentSystem()

 

initPaymentSystem(Secrets)

 

requestPayment(ProductID)

 

boolean checkReceipt(ProductID)

 

ProductID [ ] getAllReceipts()

 

consumeReceipt(ProductID)

 

ProductInfo getProductInfo(ProductID)

 

The main idea is that you get receipt statuses through checkReceipt and getAllReceipts, which will cache the result locally so you can call it 60 times a second in your game loop, and it will return something even if the user is not connected.  requestPayment just sends out a request to start the payment dialogue, which will eventually lead to checkReceipt becoming true.  My hope is that any user login processes and payment dialogues can be handled entirely behind-the-scenes.  The Secrets, ProductIDs, and ProductInfo are payment system dependent.  You can use detectPaymentSystem to get the system currently in use.

 

Clay.io also has a shopping cart feature, which is not exposed through this API. Not sure that's essential.

 

Does anyone here have any thoughts on this?  Any particular payment system that you use or is often used? Or maybe this has already been done by someone else?

 

[nixeldev]

I can see something like this being really useful.

 

With detectPaymentSystem, would that work by detecting the device you're on and if you're acting as a native app?

[Boris van Schooten]

I now got a partial implementation for Ouya, enough to purchase entitlements. I put the API under window.navigator.paymentSystem.

 

Yes, my WebGL implementation checks for Ouya hardware to determine system type (currently either ouya or none).  If it's not available, a piece of JS code can detect other payment systems (such as clay.io). The code in my game now looks something like this:

 

// init

if (window.navigator.paymentSystem && window.navigator.paymentSystem.getType()=="ouya") {

    window.navigator.paymentSystem.init(ouya_developer_id);

}

 

// call this at your paywall or for showing your "play full game" button in the main menu

if (window.navigator.paymentSystem && window.navigator.paymentSystem.getType()=="ouya") {

    if (window.navigator.paymentSystem.checkReceipt("full_game_purchased")) {

        //give access to full game

    }

}

 

// call this when users clicks buy

if (window.navigator.paymentSystem && window.navigator.paymentSystem.getType()=="ouya") {

    window.navigator.paymentSystem.requestPayment("full_game_purchased");

}

[RaphaelStary]

there's a Web API by mozilla enabled in firefox OS. navigator.mozPay ... this could also be interesting for your api/lib https://wiki.mozilla.org/WebAPI/WebPayment

cheers raphael

[Jethin]

mozPay is a good suggestion, i think.  . But not sure if its compatible with all platforms.

[Gio]

Sorry to sound negative, but wouldn't this be extremely easy to hack?

 

Like, search for window.navigator.paymentSystem.checkReceipt("full_game_purchased") and replace it with true ?

 

I suppose the drawback of having a standardized system is that you only have to figure out how to crack it once, and then you can instantly crack all the games that use it.

 

I think it would be way more sensible to do the whole thing server side - i.e. the player connects to my server sending a player id and password, my server then checks it's a valid user+password combination and queries your server (via some kind of REST API) to check if that player has purchased the full game and, if so, my server sends the player the files they need for the full game (extra levels or whatever it is).