We want to enable pull payments on top of ILP for subscriptions and (potentially) for our merchant checkout experience on the Web or in person. We need to come to some agreement about the high-level design of this experience and protocol components before debating the details of the exact format.
This is a continuation of the discussions started in interledger/rfcs/issues/499 and interledger/rfcs/pull/501.
As I see it, the main parts of the pull payment experience are:
-
Merchant requests a token with some parameters
a. What parameters can they request?
b. What format is the merchantâs request expressed in (JSON, etc)?
c. Should there be a defined communication transport for this request (HTTP, part of an OAuth-like flow, etc)? -
User is prompted to approve the request
a. Where / how are they prompted? Is that dialogue part of the userâs web browser, a separate app, or something else? -
Userâs agent returns a token to the merchant
a. Should the merchant be able to understand the parameters the user agent encoded in the token or should it be opaque to them? -
The merchant uses the token to create a STREAM connection
a. I was convinced in interledger/rfcs/issues/499 that the value returned in step 3 should be a Payment Pointer with an opaque token included in it (for example in the path:$user.provider.example/secret-token-12345
) -
The userâs STREAM server sends money to the merchant
a. Should the merchant request how much money they want or should the server just push as much money as it can given the limits of the token?
b. If the merchant will request a specific amount, how do they communicate that to the server?
c. Does it matter what stream ID in the STREAM protocol the server uses to send the money, or should all of them be treated interchangeably? -
The merchant may want to be able to query details about the token they were given
a. This is largely what the discussion in interledger/rfcs/pull/501 is about
b. Would a merchant care to query the parameters of the token, or would they just try to use it to pull the amount of money they want? Note that the result of the query would not be binding so the only way to know for sure if a token will yield the money you want is to try it