Payment Request API: A new W3C standard that will begin rolling out with upcoming program releases browsing. It is a standard that will simplify the way in which all payments are made in Internet.
The new template is called the Payment Request API or Payment Request API, and will store the payment card information in browsers, just as with passwords.
Sites will be able to use the API to create one-click buttons that will allow the user to buy a product without having to type their payment information.
A pop-up window will appear with the payment details. The user will then be able to choose the payment method along with a delivery address previously stored in the browser.
You can try a test API from here.
Browsers that support the Payment Request API include Google Chrome, who for the first time began to support the API from Chrome 53 for Android in August of 2016 and added support for desktop desktops last month with the release of Chrome 61.
Microsoft Edge has also been supporting the Payment Request API since September of 2016, but the feature requires users to have a Microsoft Wallet account.
Firefox and Safari are still working to support the API.
Let's just look at how the new API works. The Payment Request API provides vendors with a system for managing financial transactions.
When a user places an order, the website makes an API call to the user's browser, passing the details the order needs. The browser then prompts the user with a pop-up window for the card details (if not available) and a delivery/shipping address which is also stored in the automaticbrowser pop-up.
With these details, the browser - not the website - comes into contact with the payment method of the user, who can be Visa, Mastercard or any other major credit card provider.
Once the payment is complete, the browser sends a response to the site that records the transaction and proceeds with the product being sent, knowing that the money is already in its bank account.
Payment providers, such as PayPal or Amazon, may not use the new API, but too many other companies will use it. The Payment Application API is one of the few Web Design Consortium standards that most of the major technology companies have applied for.
Το API θεωρείται επίσης πολύ καλό στην ασφάλεια του ηλεκτρονικού εμπορίου, δεδομένου ότι εμποδίζει τους ιδιοκτήτες καταστημάτων να αποθηκεύουν δεδομένα καρτών πληρωμής στους διακομιστές τους. Αυτό σημαίνει ότι δεν θα υπάρχει πλέον ο φόβος leakageof information from a large or small online store.
By moving the payment card items into the browser, the responsibility for keeping the data safely moves to the browser and the user itself.
Payment Request API. Nevertheless:
Although the Payment Request API is a very secure online transaction handling method, it is not perfect.
For those who do not understand the risks, the browsers manufacturers will have a complete picture of your finances and transactions. So there will be many who will not want to store such information in their browser.
Thus, the Payment Request API will not be able to fully replace the standard payment methods and will be just another payment option in the W3C templates.
In addition, since the API is still under development, there are too many security loopholes that have not been discovered.
Two of these were recently discovered by DR. Lukasz Olejnik, an independent cyber security researcher at Princeton's Center for Political Science, a subsidiary.
The researcher found that sites that do not sell products or advertisers may misuse the API to create profiles for users by identifying the payment options that each user has saved in the browser, or tracking when a user pays from a regular and when from condition operation anonymous browsing.
"I believe both issues may have their origins in the specifications," said Olejnik, who referred the two issues to the appropriate W3C team.
Work on the Payment Request API is expected to be completed by the end of the year, giving developers enough time to deal with these problems.
