home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Ian & Stuart's Australian Mac: Not for Sale
/
Another.not.for.sale (Australia).iso
/
wide open road
/
openmarket.com
/
Payment System
/
urls
< prev
Wrap
Text File
|
1994-11-19
|
3KB
|
69 lines
PAYMENT SYSTEM URL TYPES
_________________________________________________________________
This page describes the two types of URL's used in Open Market's
payment system: payment and access URLs. The URLs encode name/value
pairs with the details of the payment and access. This information is
protected with a digital signature, to prevent tampering.
The Payment URL
The merchant's server contains payment URLs. They are a effectively
"digital offers" of goods for sale, where a merchant agrees to sell a
particular item at a particular price. Buyers select payment URLs to
purchase an item.
Payment URLs point to Open Market's Web payment server
(payment.openmarket.com), and contain several fields encoding the
details of what's for sale, including:
* Price
* Target URL (for hard goods, usually an order status page. For
information goods, this URL points to the page you are purchasing)
* Duration (for information goods, specifies how long you get access
to the target URL)
Other fields are used to restrict payment URLs to a particular user to
prevent sharing, to give them limited lifetimes, and to require
certain levels of authentication.
Purchase Processing
When a user selects a payment URL, their browser directed to Open
Market's payment server. The payment server verifies the validity of
the payment URL and authenticates the user. If the user is valid and
funds are available, the payment server processes the transaction and
redirects the user's browser (using an HTTP redirect operation) to an
access URL.
The Access URL
The access URL is effectively a digital invoice that has been stamped
"paid". It is evidence to the merchant that the user has paid for
something, and is a ticket that grants the user access.
The access URL is the target URL of the payment URL, with additional
fields that contain details of the access:
* Expiration time (optional)
* User/address (to prevent sharing)
The merchant runs an HTTP server that's been modified to process
access URLs. The server checks the validity of the URL and grants
access if the expiration time has not passed. If access has expired,
the server returns a page that may give the user an opportunity to
repurchase the item. The payment system can also generate access URLs
in a format that can be parsed by CGI scripts running on an unmodified
HTTP server.
Do you have any suggestions, comments, or questions? Please send us
your feedback.
_________________________________________________________________
OMI Home Copyright © 1994 Open Market, Inc. All Rights Reserved.