Payment Request API: A new W3C template that will begin to slowly come up with upcoming versions of browsers. It is a model that will simplify the way in which every online payment is made.
The new template is called the Payment Request API or Payment Request API, and will store the payment card information in browsers, just as with passwords.
Sites will be able to use the API to create one-click buttons that will allow the user to buy a product without having to type their payment information.
A pop-up window will appear with the payment details. The user will then be able to choose the payment method along with a delivery address previously stored in the browser.
You can try a test API from here.
Browsers that support the Payment Request API include Google Chrome, who for the first time began to support the API from Chrome 53 for Android in August of 2016 and added support for desktop desktops last month with the release of Chrome 61.
Microsoft Edge has also been supporting the Payment Request API since September of 2016, but the feature requires users to have a Microsoft Wallet account.
Firefox and Safari are still working to support the API.
Let's just look at how the new API works. The Payment Request API provides vendors with a system for managing financial transactions.
When a user makes an order, the site makes an API call to the user's browser by transmitting the details that the order needs. The browser then asks the user with a popup window, card details (if they do not exist), and a delivery / shipping address that is also stored in the browser's autocomplete section.
With these details, the browser - not the website - comes into contact with the payment method of the user, who can be Visa, Mastercard or any other major credit card provider.
Once the payment is complete, the browser sends a response to the site that records the transaction and proceeds with the product being sent, knowing that the money is already in its bank account.
Payment providers, such as PayPal or Amazon, may not use the new API, but too many other companies will use it. The Payment Application API is one of the few Web Design Consortium standards that most of the major technology companies have applied for.
The API is also considered to be very good in e-commerce security as it prevents store owners from storing payment card data on their servers. This means that there is no longer any fear of leaking information from a large or small online store.
By moving the payment card items into the browser, the responsibility for keeping the data safely moves to the browser and the user itself.
Payment Request API. Nevertheless:
Although the Payment Request API is a very secure online transaction handling method, it is not perfect.
For those who do not understand the risks, the browsers manufacturers will have a complete picture of your finances and transactions. So there will be many who will not want to store such information in their browser.
Thus, the Payment Request API will not be able to fully replace the standard payment methods and will be just another payment option in the W3C templates.
In addition, since the API is still under development, there are too many security loopholes that have not been discovered.
Two of these were recently discovered by DR. Lukasz Olejnik, an independent cyber security researcher at Princeton's Center for Political Science, a subsidiary.
The researcher has discovered that sites that do not sell products or advertisers may abuse the API to create profiles for users by identifying the payment options that each user has stored in the browser or to find out when the user pays from normal and when from incognito mode.
"I believe both issues may have their origins in the specifications," said Olejnik, who referred the two issues to the appropriate W3C team.
Work on the Payment Request API is expected to be completed by the end of the year, giving developers enough time to deal with these problems.