TheSecurePaymentConfirmationRequest dictionary describes input to thePayment Request API when used to authenticate a user during an e-commerce transactionusing SPC with Payment Request API.

An instance of this dictionary must be passed into thePaymentRequest() constructor as the value of thedata field corresponding to asupportedMethods value of"secure-payment-confirmation".

Instance properties

challenge

AnArrayBuffer,TypedArray, orDataView provided by the relying party's server and used as acryptographic challenge. This value will be signed by the authenticator and the signature will be sent back as part ofAuthenticatorAttestationResponse.attestationObject. This helps prevent replay attacks.

credentialIds

A list ofArrayBuffer,TypedArray, orDataView. TheseCredential IDs represent Web Authentication credentials that have been registered with the relying party for authenticating during a payment with the associatedinstrument.

extensionsOptional

AnyWebAuthn extensions that should be used for the passed credential(s). The caller does not need to specify thepayment extension; this is added automatically.

instrument

The description of the instrument name and icon to display during registration and to be signed along with the transaction details. This is an object with the following properties:

displayName

A string containing the payment instrument's name, which will be displayed to the user.

icon

A string containing the URL of the payment instrument's icon.

iconMustBeShownOptional

A boolean value indicating whether the icon must be successfully fetched and shown for the request to succeed. Defaults totrue.

localeOptional

An optional list of well-formedBCP 47 language tags, in descending order of priority, that identify the local preferences of the website. That is, this represents a language priority listRFC 4647: Matching of Language Tags, which the user agent can use to performlanguage negotiation and locale-affected formatting with the caller.

Note:The locale is distinct from language or direction metadata associated with specific input members, in that it represents the caller's requested localized experience rather than assertion about a specific string value. SeeSPC internationalization Considerations for more discussion.

payeeNameOptional

A string that serves as the display name of the payee that this SPC call is for (e.g., the merchant). Optional, may be provided alongside or instead ofpayeeOrigin.

payeeOriginOptional

A string that is the origin of the payee that this SPC call is for (e.g., the merchant). Optional, may be provided alongside or instead ofpayeeName.

rpId

A string that specifies the relying party's identifier (for example "login.example.org").

showOptOutOptional

A boolean indicating whether the user should be given a chance to opt-out during thetransaction dialog UX. Defaults tofalse.

timeoutOptional

The number of milliseconds before the request to sign the transaction details times out. At most 1 hour.

Specifications