Web Monetization

Web Monetization allows websites to automatically receive payments from users, facilitated by the user agent and a user's preferred monetization provider.

This specification is a work in progress within the community on the best shape it should take. Please see the explainer for more info.

The specification reflects the desired end-state of the Web Monetization APIs as currently anticipated and agreed to between the contributors. The specification is being prepared here, in this format, to collect the input of the Web community and prepare the work to ultimately follow the W3C standards track should it have the necessary support to do so.

For the most accurate reflection of the APIs that have been implemented by providers see the API documentation.

Usage examples

Checking if Web Monetization is supported

There are multiple ways to check if Web Monetization is supported. One way is to call {{DOMTokenList/supports()}} on a [^link^] element's {{HTMLLinkElement/relList}} passing the `"monetization"` keyword. Alternatively, you can check if either the {{MonetizationEvent}} interface or the "`onmonetization`" [=event handler IDL attribute=] exist on the {{Window}} object.

            <link rel="monetization" href="https://example.com/monetization.js">
            <script>
              // Checking via DOMTokenList
              const link = document.querySelector('link[rel="monetization"]') ||
                document.createElement("link");
              if (link.relList.supports("monetization")) {
                console.log("Web Monetization is supported.");
              }

              // Checking global scope for MonetizationEvent
              if (window.MonetizationEvent) {
                console.log("Web Monetization is supported.");
              }

              // Checking if it's a global event handler
              if (window.hasOwnProperty("onmonetization")) {
                console.log("Web Monetization is supported.");
              }
            </script>

Monetizing a web page

            <!DOCTYPE html>
            <html lang="en">
            <meta charset="utf-8">
            <title>My Blog</title>
            <link
              rel="monetization"
              href="https://example.com/pay"
              onmonetization="sayThanks(this)">

            <script>
              function sayThanks(monetizedLink) {
                // Do something here
              }
            </script>

Monetization events

The {{MonetizationEvent}} DOM events provide information such as the amount sent, the currency of the payment, and a link to the incoming payment at the [=monetization receiver=] which can be used to verify the receipt of payment. As in the previous example above, these events are dispatched to [^link^] elements and bubble up the DOM tree.

To listen for {{MonetizationEvent}} events, an [=event listener=] needs to be added to the relevant [^link^] element (or to one of its ancestors) via JavaScript:

            <link rel="monetization" href="https://example.com/pay">
            <script>
              const link = document.querySelector('link[rel="monetization"]');
              link.addEventListener("monetization", event => {
                // See how much was sent and in what currency
                const { amountSent : { value, currency }} = event;
                console.log(`Browser sent ${currency} ${value}.`);

                // Use the incoming payment URL to verify the payment at the receiver.
                verifyPayment(event);
              });
            </script>

Verifying a payment

The {{MonetizationEvent}}'s {{MonetizationEvent/incomingPayment}} attribute is a URL that can be used to verify the payment at the [=monetization receiver=].

In most cases requests to the {{MonetizationEvent/incomingPayment}} URL will need to be authenticated as they fetch sensitive details such as the `receivedAmount`. The specifics of this authentication are agreed by the website and the [=monetization receiver=] when setting up the receiving account.

Below is a hypothetical naive verification method that will make a request to the {{MonetizationEvent/incomingPayment}} URL and simply return the results. For simplicity it has no logic for authenticating the request.

A more sophisticated implementation should track the `receivedAmount` property and ensure it is increasing after each {{MonetizationEvent}} to verify that a new payment has been received.

            /** @type {MonetizationEvent} event */
            async function verifyPayment(event) {
              // Legacy receivers don't support returning incoming payment URLs
              if(!event.incomingPayment){
                throw new Error('No incoming payment URL')
              }

              // Poll the incoming payment to check the amount received
              const response = await fetch(event.incomingPayment, {
                credentials: 'same-origin',
                mode: 'same-origin',
                cache: 'no-cache',
                headers: {
                  'Content-Type': 'application/json'
                }
              });

              if (response.ok) {
                // The incoming payment was fetched successfully
                const { receivedAmount } = JSON.parse(await response.json())
                const { amount, assetCode, assetScale } = receivedAmount;
                console.log(`Received ${assetCode}${amount / (10 ** assetScale)}.`);
                return receivedAmount;
              }
            }

Monetizing media

The following example shows how to monetize various types of media using different [=payment pointers=].

            <video src="myvideo" onmonetization="sayThanks(this)">
              <link rel="monetization" href="https://example.com/video/pay">
            </video>

            <audio src="music.mp3" onmonetization="sayThanks(this)">
              <link rel="monetization" href="https://example.com/audio/pay">
            </audio>

            <picture srcset="cat.jpeg" onmonetization="sayThanks(this)">
              <link rel="monetization" href="https://example.com/images/pay">
            </picture>

Model

Monetization:: Payments made by a user to a website, facilitated through a [=monetization provider=].
Monetization provider:: The party making payments on behalf of the user. A monetization provider leverages the [[[Interledger]]] suite of protocols and technologies (e.g., [[Open Payments]] based on [[STREAM]]) to provide a high-level way to pay a [=monetization receiver=].
Monetization receiver:: The party receiving payments on behalf of the website, whose details are provided by a [=payment pointer=].
Payment Pointer:: A [=URL=] to an Open Payments API entry-point (i.e., a JSON resource containing details that facilitate payment to an account).
Payment session: An session between a [=monetization provider=] and [=monetization receiver=] initiated by the [=user agent=] at the [=monetization receiver=]. One or more payments can be initiated by the [=monetization provider=] in a single session.

Goals

Suitable for static HTML documents, without requiring backend infrastructure.
Doesn't require user interaction, but user retains control over which sites they monetize and how much they spend.
Developers have a way to associate payments with their users, in order to provide a range of experiences.
Users retain control of if, when, and how payments are made to the site. For example, micropayments of a predetermined monetary value could be "streamed" to the site over time. Alternatively, the user could make one or many discreet "one-off" payment(s) of any arbitrary monetary amount, even while micropayments are simultaneously being streamed.

Link type "monetization"

The monetization keyword indicates a [=payment pointer=] used to monetize the document.

The monetization keyword may be used with link elements. This keyword creates an external resource link.

The monetization keyword indicates that some aspect of the document is monetized.

The default type for resources given by the monetization keyword is application/json.

The appropriate times to fetch and process this type of link is:

When the external resource link is created on a link element that is already browsing-context connected.
When the external resource link's link element becomes browsing-context connected.
When the href attribute of the link element of an external resource link that is already browsing-context connected is changed.
When the disabled attribute of the link element of an external resource link that is already browsing-context connected is set, changed, or removed.
When the crossorigin attribute of the link element of an external resource link that is already browsing-context connected is set, changed, or removed.
When the type attribute of the link element of an external resource link that is already browsing-context connected is set or changed to a value that does not or no longer matches the Content-Type metadata of the previous obtained external resource, if any.
When the type attribute of the link element of an external resource link that is already browsing-context connected, but was previously not obtained due to the type attribute specifying an unsupported type, is set, removed, or changed.

A user agent MUST NOT delay the load event for this link type.

The linked resource fetch setup steps for this type of linked resource, given a link element element and request request, are:

If element cannot navigate, then return false.
If element's node document is not [=allowed to use=] the "monetization" feature, return false.
Let context be element's node document's browsing context.
Set request's initiator to "`document`".
Set request's destination to "monetization".
Set request's mode to "cors".
Set request's credentials mode to the CORS settings attribute credentials mode for element's crossorigin content attribute.
Return true.

To process this type of linked resource given a link element element, boolean success, and response response:

If |response|'s status is not an OK status, the set |success| to false.
Otherwise, if response's Content-Type metadata is not a application/json, then set success to false.
Let |json| be the result of [=parse JSON bytes to an Infra value=] passing |response|'s [=Response/body=].
If |json| is an exception, then set success to false.
If the user agent has exhausted the number of allowed [=payment sessions=], set |success| to false.
Otherwise, establish a new [=payment session=].
[=Queue an element task=] on the [=networking task source=] given |element| and the following steps:
1. If |success| is true, [=fire an event=] named `"load"` at |element|.
2. Otherwise, [=fire an event=] named `"error"` at |element|.

If a "monetization" link becomes browsing-context disconnected, a user agent MUST stop the [=payment session=].

`onmonetization` event handler

The `onmonetization` event handler is an [=event handler content attribute=] that can be applied to any [=element=]. The user agent uses it to notify that some [^link^] has been [=monetized=].

monetization event

When the [=payment session=] has sent a |payment| with a non-zero amount, perform the following steps:

Let |target:HTMLLinkElement| be the {{HTMLLinkElement}} associated with the [=payment session=].
If |target| is `null`, then return.
Let |eventInitDict:MonetizationEventInit| be a {{MonetizationEventInit}} dictionary, whose members are initialized to match |payment|'s details.
Let |event:MonetizationEvent| be a newly constructed {{MonetizationEvent}} initialized with |eventInitDict|.
[=Queue a task=] on the [=monetization task source=] to perform the following steps:
1. If |target| is not connected, return.
2. [=Fire an event=] named `"monetization"` at |target|, with {{Event/bubbles}} initialized to true.

Task sources

The following [=task source=] is defined by this specifications.

The monetization task source: Used by this specification to queue up non-blocking {{MonetizationEvent}}s.

`MonetizationCurrencyAmount` interface

The `MonetizationCurrencyAmount` interface maps directly to the {{PaymentCurrencyAmount}} dictionary as defined in [[payment-request]].

          [SecureContext, Exposed=Window]
          interface MonetizationCurrencyAmount {
            readonly attribute DOMString currency;
            readonly attribute DOMString value;
          };

currency member

The currency of the MonetizationCurrencyAmount. See the definition of the `currency` member of {{PaymentCurrencyAmount}} in [[payment-request]] for details.

value member

The amount of the MonetizationAmount. See the definition of the `value` member in of {{PaymentCurrencyAmount}} in [[payment-request]] for details.

`MonetizationEvent` interface

        [SecureContext, Exposed=Window]
        interface MonetizationEvent : Event {
          constructor(DOMString type, MonetizationEventInit eventInitDict);
          readonly attribute DOMString? amount;
          readonly attribute DOMString? assetCode;
          readonly attribute octet? assetScale;
          readonly attribute DOMString? receipt;
          readonly attribute MonetizationCurrencyAmount amountSent;
          readonly attribute USVString paymentPointer;
          readonly attribute USVString? incomingPayment;
        };

        dictionary MonetizationEventInit : EventInit {
          required DOMString? amount;
          required DOMString? assetCode;
          required octet? assetScale;
          required DOMString? receipt;
          required PaymentCurrencyAmount amountSent;
          required USVString paymentPointer;
          required USVString? incomingPayment;
        };

The `amount`, `assetCode`, `assetScale` and `receipt` attributes are deprecated.

All [=monetization receivers=] should be migrating from generating a [[[Receipt]]] to supporting incoming payments via [[Open Payments]] and will no longer be returning receipts to the browser.

As such the {{MonetizationEvent}} no longer represents an amount received, it represents an amount sent and returns a URL as the {{MonetizationEvent/incomingPayment}} attribute that can be used to determine the amount received.

amount attribute (deprecated)

The amount received as reflected in the receipt from the [=monetization receiver=]. When getting, returns the value it was initialized with.

assetCode attribute (deprecated)

The three letter asset code identifying the amount's units (e.g., "USD" for US dollars). When getting, returns the value it was initialized with.

assetScale attribute (deprecated)

The scale of the amount. For example, USD would have an assetScale of 2 when denominated in cents. When getting, returns the value it was initialized with.

The members of the `MonetizationCurrencyAmount` interface map directly to the `value` and `currency` attributes of a {{PaymentCurrencyAmount}} dictionary. See the documentation of {{PaymentCurrencyAmount}} for guidance on processing and display of these attributes.

amountSent attribute

The amount sent. This should be processed in the same way as a {{PaymentCurrencyAmount}} dictionary as defined in [[payment-request]]. When getting, returns the value it was initialized with.

receipt attribute (deprecated)

`null` or a base64-encoded [[[Receipt]]] issued by the [=monetization receiver=] to the [=monetization provider=] as proof of the total amount received in the [=payment session=]. When getting, returns the value it was initialized with.

paymentPointer attribute

A [=URL=] representing the [=payment pointer=] that has been monetized. When getting, returns the value it was initialized with.

incomingPayment attribute

A [=URL=] representing an incoming payment at the [=monetization receiver=]. When getting, returns the value it was initialized with.

Permissions Policy integration

This specification defines a [=policy-controlled feature=] identified by the string "monetization". Its default allowlist is `'self'`.

Content Security Policy

This section will eventually be moved into the [[CSP]] and [[FETCH]] specifications.

monetization-src directive

The monetization-src directive restricts the URLs from which a [=payment pointer=] is loaded. The syntax for the directive's name and value is described by the following ABNF:

          directive-name  = "monetization-src"
          directive-value = serialized-source-list

Given a page with the following Content Security Policy:

            Content-Security-Policy: monetization-src https://example.com/

Fetches for the following code will return a network errors, as the URL provided do not match monetization-src's source list:

            <link rel="monetization" href="https://example.org/payment-pointer">

`monetization-src` Pre-request check

This directive's pre-request check is as follows:

Given a [=request=] (|request|) and a [=violation/policy=] (|policy|):

Let |name| be the result of executing "Get the effective directive for request" on |request|.
If the result of executing "Should fetch directive execute" on |name|, `monetization-src` and |policy| is "No", return "Allowed".
If the result of executing "Does request match source list?" on |request|, this directive's value, and |policy|, is "Does Not Match", return "Blocked".
Return "Allowed".

`monetization-src` Post-request check

This directive's post-request check is as follows:

Given a [=request=] (|request|) and a [=violation/policy=] (|policy|):

Let |name| be the result of executing "Get the effective directive for request" on |request|.
If the result of executing "Should fetch directive execute" on |name|, `monetization-src` and |policy| is "No", return "Allowed".
If the result of executing "Does response to request match source list?" on |response|, |request|, this directive's value, and |policy|, is "Does Not Match", return "Blocked".
Return "Allowed".

Security considerations

It is RECOMMENDED that a user agent provide some UI or indicator that allows the user to know when [=monetization=] is possible and/or when [=monetization=] is occurring. Providing such a UI allows the users to retain control of the monetization process by taking action (e.g., stop or start monetization of a particular site if they wish to do so).

As [=payment pointers=] are generally provided as a service (e.g., Uphold), a XSS attack could inject malicious [=payment pointers=] into a page that uses the same service. To mitigate such an attack, it is RECOMMENDED that developers:

host a [=payment pointer=] on their own servers and proxy [[Open Payments]] requests on the server as needed.
Set the `monetization-src` CSP directive to restrict requests to origins they control and trust to host [=payment pointers=].

Privacy considerations

Web Monetization is designed to be privacy-preserving: The user agent does not send any data to the [=monetization provider=]. Instead, it requests data from the [=monetization provider=] without ever revealing the URL of the web page the user is currently browsing.

Further, the user agent gets the payment information from the [=payment pointer=] to establish the [=payment session=]. This also ensures the [=monetization provider=] doesn't have access to a user's browsing history or to the [=payment pointer=].

Relation to Web Payments

Unlike [[[Payment-Request]]] and the [[[Payment-Handler]]], which only supports "one-off" payments, Web Monetization provides a [=payment session=] that supports both continuous payments and "one-off" payments.