Apps/ID and Payments
Please note, that as of Q1 2016, payments were removed from the Marketplace. This page exists for historical information.
Contents
- 1 Payments by payment provider
- 2 Code and API
- 3 Old stuff
- 3.1 Legacy Project Management
- 3.2 Legacy UX
- 3.3 Legacy Testing
- 3.4 Legacy Sequence Flow
- 3.5 Identity Flow
- 3.6 MobileID device detection flow
- 3.7 Payment Flow
- 3.8 Payment Flow Videos
- 3.9 Data Flow Diagrams
- 3.10 Payments Data Flow Diagram
- 3.11 Payments Data Types
- 3.12 Developer Registration Data Flow Diagram
- 3.13 Developer Registration Data Types
Payments by payment provider
There are seperate wiki pages for each Payment Provider. This page was done when Bango was being implemented so there might be many parts of this page that also mention Bango.
Zippy is our reference implementation to allow people to easily test and prototype (amongst other things):
The reference implementation is an example implementation of:
Code and API
- navigator.mozPay() API
- WebPaymentProvider spec - hosted buy flow for navigator.mozPay()
Old stuff
Everything below should be considered legacy, may be relevant, may not.
Legacy Project Management
Legacy UX
These are mostly old, but relatively accurate.
- UX "Happy" Flow (returning user, first time user, credit card payments)
- Persona Flows
- Pin Code Flows
- Payments Style Guide
- Pin Lock Out Flows
Legacy Testing
Legacy Sequence Flow
Identity Flow
MobileID device detection flow
The SMS MO-based MobileID flow illustrates how Bango will identify devices for carrier billing on the Telefonica network.
(MO means mobile-originated and MT means mobile-terminated)
Payment Flow
Payment Flow Videos
In App Payments Video
Paid App (w/ Zippy)
Data Flow Diagrams
Payments Data Flow Diagram
Payments Data Types
Sender | Recipient | Data | Definition |
---|---|---|---|
Solitude | 3rd Party App / Marketplace | Payment Status JWT | JSON Web Token including product / price and a transaction ID for the payment. This is a base64 encoded JSON object that is signed with a shared secret key. |
Solitude | 3rd Party App / Marketplace | Refund Status JWT | JSON Web Token including product / price, a transaction ID for the payment and reason for refund. This is a base64 encoded JSON object that is signed with a shared secret key. |
Client | 3rd Party App / Marketplace | Payment JWT | JSON Web Token with product / price info for the payment. This is a base64 encoded JSON object that is signed with a shared secret key. |
Client | Solitude | Assertion, PIN, JWT | The client passes the Identity assertion and JWT through to Solitude. The client posts the PIN to Solitude for verification / encrypted storage, etc. |
Solitude | Mozilla IdP | Identity assertion | Solitude receives an identity assertion from the client and posts it to Persona for verification. |
Mozilla IdP | Solitude | Identity email | If the assertion is valid, Persona posts the user's email to Solitude. |
Mozilla IdP | Client | Identity assertion | Persona returns an identity assertion to the client via JavaScript. This is posted to the Solitude server for verification. |
Solitude | Client | Start Payment URL | Solitude redirects the client to a URL that can be used to start a payment on the processor. This URL contains a Billing Config ID, the result of a subsequent Bango API call. |
Client | Payment Processor | Start payment request with network headers / cookie | When a client is redirected to the payment processor it makes a request to the processor's pay flow page. This may include network headers that the processor can use to identify the carrier network and the device. This is used to facilitate putting charges directly on a customer's carrier bill. An ID will be stored in a cookie on device for repeat purchases. |
Payment Processor | Carrier | Request for device ID | The payment processor will send some part of the network headers it received from the client to the carrier to retrieve enough information about the device to put charges on the customer's carrier bill. |
Carrier | Payment Processor | Device ID | The carrier sends some kind of device and / or customer ID to the payment processor to facilitate putting charges on the customer's carrier bill. |
Payment Processor | Solitude | Payment status / refund status | The payment processor posts payment status (indication of a successful / unsuccessful payment) or refund status to the Solitude server. This includes customer IDs, carrier info, region info, security tokens, and marketplace specific IDs to reconcile the transaction. |
Solitude | Payment Processor | Refund request | Solitude will post a transaction ID to the payment processor API to initiate a refund on behalf of the user. |
Solitude | Payment Processor | Payment Info | Solitude prepares a payment by calling Bango's Billing Config ID. Solitude passes in all possible prices at each currency/region, product name, product icon URL, a Mozilla transaction ID, a Mozilla signature, success redirect URL, failure redirect URL, and a Mozilla user ID that was derived from a Persona email. |
Solitude | Payment Processor | HMAC/SHA2 email address | This is part of Payment Info but called out here for clarity. This is a Mozilla User ID that Bango uses to link users across devices when it cannot use network header auth. It is an HMAC/SHA2 hash derived from a Persona email address that the user logged in with. |
Developer Registration Data Flow Diagram
Developer Registration Data Types
Sender | Recipient | Conduit | Data | Definition |
---|---|---|---|---|
Developer | Marketplace Developer Hub | website form | Contact details | Name, email (administrative, support, financial), phone |
Developer | Marketplace Developer Hub | website form | Company details | Company name and vendor name (if different) |
Developer | Marketplace Developer Hub | website form | Billing details | VAT number (if applicable), billing address / city / zip / country |
Developer | Marketplace Developer Hub | website form | Bank account details | Bank account payee name, bank account number, bank account code (swift / sort / fedwire / CHAPS code), bank IBAN (optional), bank name, bank address |
Marketplace Developer Hub | Solitude API | create_package() | All developer registration info | The data listed above is collected in a web form and submitted to the Solitude API from the web server. |
Marketplace Developer Hub | Solitude API | create_product() | Developer app info | This is what the developer is selling. Data passed includes app name, description, price tier ID. |
Solitude API | Bango's Mozilla Exporter API | CreatePackage() | Developer registration info | A package relates to a developer. The data passed includes all personal info and company name info that was collected in the web form. See CreatePackage() in the Mozilla Exporter API docs for details. |
Solitude API | Bango's Mozilla Exporter API | CreateBankdetails() | Developer bank details | After creating a package, this API call adds the bank account details that were collected in the web form. See CreateBankDetails() in the Mozilla Exporter API docs for details. |
Solitude API | Bango's Mozilla Exporter API | CreateBangoNumber() | Developer's app name, price, etc | After creating a package, this API call creates a Bango Number that can be sold by Mozilla. A Number corresponds to an open web app that the developer is selling via the Marketplace and ultimately through Bango. See CreateBangoNumber() in the Mozilla Exporter API docs for details. |
Solitude API | Bango's Mozilla Exporter API | MakePremiumPerAccess() | Bango Number | After creating a Bango Number, this API call simply makes the product for sale. Otherwise it would be free. See MakePremiumPerAccess() in the Mozilla Exporter API docs for details. |
Bango's Mozilla Exporter API | Solitude API | returned from CreatePackage() | Package ID | Unique identifier for a Bango package. |
Bango's Mozilla Exporter API | Solitude API | returned from CreatePackage() | Person ID | Unique identifier for the developer person who was registered Bango package. |
Marketplace Developer Hub | Marketplace Database | submitted through web form | Obfuscated Bank ID | In order for the developer to return to the Marketplace devhub and know which bank account he/she signed up with, the Marketplace needs to store an obfuscated identifier. This will most likely be an encrypted partial bank account number such as the last four digits. |