Apps/ID and Payments

From MozillaWiki
Jump to: navigation, search

Please note, that as of Q1 2016, payments were removed from the Marketplace. This page exists for historical information.

Payments by payment provider

There are seperate wiki pages for each Payment Provider. This page was done when Bango was being implemented so there might be many parts of this page that also mention Bango.

Zippy is our reference implementation to allow people to easily test and prototype (amongst other things):

The reference implementation is an example implementation of:

Code and API

Old stuff

Everything below should be considered legacy, may be relevant, may not.

Legacy Project Management

Legacy UX

These are mostly old, but relatively accurate.

Legacy Testing

Legacy Sequence Flow

Identity Flow

See Identity Flow

MobileID device detection flow

The SMS MO-based MobileID flow illustrates how Bango will identify devices for carrier billing on the Telefonica network.

(MO means mobile-originated and MT means mobile-terminated)

Payment Flow

Pay Flow Sequence.png

Payment Flow Videos

In App Payments Video
Paid App (w/ Zippy)

Data Flow Diagrams

Payments Data Flow Diagram

PaymentsDFD.jpg

Payments Data Types

Sender Recipient Data Definition
Solitude 3rd Party App / Marketplace Payment Status JWT JSON Web Token including product / price and a transaction ID for the payment. This is a base64 encoded JSON object that is signed with a shared secret key.
Solitude 3rd Party App / Marketplace Refund Status JWT JSON Web Token including product / price, a transaction ID for the payment and reason for refund. This is a base64 encoded JSON object that is signed with a shared secret key.
Client 3rd Party App / Marketplace Payment JWT JSON Web Token with product / price info for the payment. This is a base64 encoded JSON object that is signed with a shared secret key.
Client Solitude Assertion, PIN, JWT The client passes the Identity assertion and JWT through to Solitude. The client posts the PIN to Solitude for verification / encrypted storage, etc.
Solitude Mozilla IdP Identity assertion Solitude receives an identity assertion from the client and posts it to Persona for verification.
Mozilla IdP Solitude Identity email If the assertion is valid, Persona posts the user's email to Solitude.
Mozilla IdP Client Identity assertion Persona returns an identity assertion to the client via JavaScript. This is posted to the Solitude server for verification.
Solitude Client Start Payment URL Solitude redirects the client to a URL that can be used to start a payment on the processor. This URL contains a Billing Config ID, the result of a subsequent Bango API call.
Client Payment Processor Start payment request with network headers / cookie When a client is redirected to the payment processor it makes a request to the processor's pay flow page. This may include network headers that the processor can use to identify the carrier network and the device. This is used to facilitate putting charges directly on a customer's carrier bill. An ID will be stored in a cookie on device for repeat purchases.
Payment Processor Carrier Request for device ID The payment processor will send some part of the network headers it received from the client to the carrier to retrieve enough information about the device to put charges on the customer's carrier bill.
Carrier Payment Processor Device ID The carrier sends some kind of device and / or customer ID to the payment processor to facilitate putting charges on the customer's carrier bill.
Payment Processor Solitude Payment status / refund status The payment processor posts payment status (indication of a successful / unsuccessful payment) or refund status to the Solitude server. This includes customer IDs, carrier info, region info, security tokens, and marketplace specific IDs to reconcile the transaction.
Solitude Payment Processor Refund request Solitude will post a transaction ID to the payment processor API to initiate a refund on behalf of the user.
Solitude Payment Processor Payment Info Solitude prepares a payment by calling Bango's Billing Config ID. Solitude passes in all possible prices at each currency/region, product name, product icon URL, a Mozilla transaction ID, a Mozilla signature, success redirect URL, failure redirect URL, and a Mozilla user ID that was derived from a Persona email.
Solitude Payment Processor HMAC/SHA2 email address This is part of Payment Info but called out here for clarity. This is a Mozilla User ID that Bango uses to link users across devices when it cannot use network header auth. It is an HMAC/SHA2 hash derived from a Persona email address that the user logged in with.

Developer Registration Data Flow Diagram

DevPaymentRegistrationDFD.png

Developer Registration Data Types

Sender Recipient Conduit Data Definition
Developer Marketplace Developer Hub website form Contact details Name, email (administrative, support, financial), phone
Developer Marketplace Developer Hub website form Company details Company name and vendor name (if different)
Developer Marketplace Developer Hub website form Billing details VAT number (if applicable), billing address / city / zip / country
Developer Marketplace Developer Hub website form Bank account details Bank account payee name, bank account number, bank account code (swift / sort / fedwire / CHAPS code), bank IBAN (optional), bank name, bank address
Marketplace Developer Hub Solitude API create_package() All developer registration info The data listed above is collected in a web form and submitted to the Solitude API from the web server.
Marketplace Developer Hub Solitude API create_product() Developer app info This is what the developer is selling. Data passed includes app name, description, price tier ID.
Solitude API Bango's Mozilla Exporter API CreatePackage() Developer registration info A package relates to a developer. The data passed includes all personal info and company name info that was collected in the web form. See CreatePackage() in the Mozilla Exporter API docs for details.
Solitude API Bango's Mozilla Exporter API CreateBankdetails() Developer bank details After creating a package, this API call adds the bank account details that were collected in the web form. See CreateBankDetails() in the Mozilla Exporter API docs for details.
Solitude API Bango's Mozilla Exporter API CreateBangoNumber() Developer's app name, price, etc After creating a package, this API call creates a Bango Number that can be sold by Mozilla. A Number corresponds to an open web app that the developer is selling via the Marketplace and ultimately through Bango. See CreateBangoNumber() in the Mozilla Exporter API docs for details.
Solitude API Bango's Mozilla Exporter API MakePremiumPerAccess() Bango Number After creating a Bango Number, this API call simply makes the product for sale. Otherwise it would be free. See MakePremiumPerAccess() in the Mozilla Exporter API docs for details.
Bango's Mozilla Exporter API Solitude API returned from CreatePackage() Package ID Unique identifier for a Bango package.
Bango's Mozilla Exporter API Solitude API returned from CreatePackage() Person ID Unique identifier for the developer person who was registered Bango package.
Marketplace Developer Hub Marketplace Database submitted through web form Obfuscated Bank ID In order for the developer to return to the Marketplace devhub and know which bank account he/she signed up with, the Marketplace needs to store an obfuscated identifier. This will most likely be an encrypted partial bank account number such as the last four digits.