Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Imagine you could purchase items from your store, with pure JavaScript in the browser. How would it look like? Here's what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
// purchase a product with a credit card
purchase('productId')
.using( {
cc: "4556934156210213",
valid: "2016-10",
csc: "123"
} )
// purchase a product with paypal
purchase('productId')
.using( 'paypal' )
// upgrade a user to a pro plan, payment via paypal.
purchase(
account.upgradoTo( 'pro' )
).using('paypal')
Jonic commented Apr 26, 2013

Maybe via would do the trick?

manast commented Apr 26, 2013

purchase('productId').using('paypal')

I agree with @manast, "using" probably is the best word to describe the action.
The only thing I'm a little worried by is to pass directly the csc number with all the other info, probably we will need a different approach to keep that value a little secured or at least not directly related to all the informations about the cc.

Owner
gr2m commented May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

Owner
gr2m commented May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

Owner
gr2m commented May 26, 2013

wow, simpleCart looks very nice indeed!

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment