index.html

<!DOCTYPE html>
<html>
  <head>
    <meta charset='utf-8'>
    <title>
      Payment Request API
    </title>
    <script src='https://www.w3.org/Tools/respec/respec-w3c' class=
    'remove'></script>
    <script class='remove'>
    var respecConfig = {
      github: "https://github.com/w3c/payment-request/",
      specStatus: "ED",
      formerEditors: [
        {
          name: "Domenic Denicola",
          company: "Google",
          w3cid: 52873,
        },
        {
          name: "Adrian Bateman",
          company: "Microsoft Corporation",
          w3cid: 42763,
        },
        {
          name: "Zach Koch",
          company: "Google",
          w3cid: 76588,
        },
        {
          name: "Roy McElmurry",
          company: "Facebook",
          w3cid: 88345,
        },
      ],
      editors: [
        {
          name: "Marcos Cáceres",
          url: "https://github.com/marcoscaceres",
          companyURL: "https://www.mozilla.com/",
          company: "Mozilla",
          w3cid: 39125,
        },
        {
          name: "Danyao Wang",
          url: "https://github.com/danyao",
          company: "Google",
          companyURL: "https://www.google.com/",
          w3cid: 110796,
        },
        {
          name: "Rouslan Solomakhin",
          url: "https://github.com/rsolomakhin",
          company: "Google",
          companyURL: "https://www.google.com/",
          w3cid: 83784,
        },
        {
          name: "Ian Jacobs",
          url: "http://www.w3.org/People/Jacobs/",
          company: "W3C",
          companyURL: "https://www.w3.org/",
          w3cid: 2175,
        },
      ],
      wg: "Web Payments Working Group",
      wgURI: "https://www.w3.org/Payments/WG/",
      wgPatentURI: "https://www.w3.org/2004/01/pp-impl/83744/status",
      testSuiteURI: "https://wpt.live/payment-request/",
      implementationReportURI:
        "https://w3c.github.io/test-results/payment-request/all.html",
      caniuse: "payment-request",
      lint: {
        "check-punctuation": true,
      },
      doJsonLd: true,
      xref: "web-platform",
      mdn: true,
    };
    </script>
    <style>
    dt { margin-top: 0.75em; }
    table { margin-top: 0.75em; border-collapse:collapse; border-style:hidden hidden none hidden }
    table thead { border-bottom:solid }
    table tbody th:first-child { border-left:solid }
    table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
    li { margin-top: 0.5em; margin-bottom: 0.5em;}
    </style>
  </head>
  <body data-cite="payment-method-id payment-method-basic-card">
    <h1 id="title">
      Payment Request API
    </h1>
    <section id='abstract'>
      <p>
        This specification standardizes an API to allow merchants (i.e. web
        sites selling physical or digital goods) to utilize one or more payment
        methods with minimal integration. User agents (e.g., browsers)
        facilitate the payment flow between merchant and user.
      </p>
    </section>
    <section id='sotd'>
      <p>
        The working group maintains <a href=
        "https://github.com/w3c/payment-request/issues?utf8=%E2%9C%93&amp;q=is%3Aopen%20is%3Aissue%20-label%3A%22Priority%3A%20Postponed%22%20">
        a list of all bug reports that the group has not yet addressed</a>.
        Pull requests with proposed specification text for outstanding issues
        are strongly encouraged.
      </p>
      <p>
        The working group will demonstrate implementation experience by
        producing an <a href=
        "https://w3c.github.io/test-results/payment-request/all.html">implementation
        report</a>. The report will show two or more independent
        implementations passing each mandatory test in the <a href=
        "https://wpt.live/payment-request/">test suite</a> (i.e., each test
        corresponds to a MUST requirement of the specification).
      </p>
      <p>
        There has been no change in dependencies on other workings groups
        during the development of this specification.
      </p>
      <section>
        <h3>
          Changes since last publication
        </h3>
        <p>
          Substantive changes to the Payment Request API since the 9 July 2018
          version are as follows. The complete list of changes, including all
          editorial changes, is viewable in the <a href=
          "https://github.com/w3c/payment-request/commits/gh-pages">commit
          history</a>.
        </p>
        <ul>
          <li>Added support for notification when the user selects a payment
          handler, but before confirming payment. This allows merchant to
          update totals, validate acceptance, etc.
          </li>
          <li>Added support to notify site of billing address selection. This
          allows a merchant to update a total (e.g., for VAT in Europe). To
          enhance privacy, only some billing address data is returned to the
          merchant as long as the user has not confirmed payment.
          </li>
          <li data-link-for="PaymentResponse">Added support for {{retry()}} and
          fine-grain error reporting to the user.
          </li>
          <li>Added support for merchant validation by the payment handler.
          </li>
          <li data-link-for="PaymentRequest">Clearer definition of
          <a>canMakePayment()</a> and worked to align implementations.
          <a>canMakePayment()</a> does not reveal whether payment handler is
          primed to pay.
          </li>
          <li>Removed `languageCode` and `regionCode` from {{PaymentAddress}}.
          </li>
          <li>Removed `currencySystem`.
          </li>
          <li>"<a>Payment request is showing</a>" boolean now attached to
          top-level browsing context. Previously, only a single payment UI was
          allowed to be shown at a time across the whole browser. This now
          allows multiple browser tabs to show a payment UI at the same time
          (for those payment handlers able to support it).
          </li>
          <li>Integrated with [[[feature-policy]]].
          </li>
          <li>Defined handling of multiple applicable modifiers.
          </li>
        </ul>
      </section>
    </section>
    <section class='informative'>
      <h2>
        Introduction
      </h2>
      <p>
        This specification describes an API that allows <a>user agents</a>
        (e.g., browsers) to act as an intermediary between three parties in a
        transaction:
      </p>
      <ul>
        <li>The payee: the merchant that runs an online store, or other party
        that requests to be paid.
        </li>
        <li>The payer: the party that makes a purchase at that online store,
        and who authenticates and authorizes payment as required.
        </li>
        <li>The <dfn>payment method</dfn>: the means that the payer uses to pay
        the payee (e.g., a basic card payment). The <dfn>payment method
        provider</dfn> establishes the ecosystem to support that payment
        method.
        </li>
      </ul>
      <p>
        The details of how to fulfill a payment request for a given <a>payment
        method</a> is an implementation detail of a <dfn>payment handler</dfn>.
        Concretely, each payment handler defines:
      </p>
      <dl>
        <dt>
          <dfn>Steps to check if a payment can be made</dfn>:
        </dt>
        <dd>
          How a payment handler determines whether it, or the user, can
          potentially "make a payment" is also an implementation detail of a
          payment handler. For an example, see the <a data-cite=
          "?payment-method-basic-card#steps-to-check-if-a-payment-can-be-made">can
          make payment</a> algorithm of [[[?payment-method-basic-card]]].
        </dd>
        <dt>
          <dfn>Steps to respond to a payment request</dfn>:
        </dt>
        <dd>
          Steps that return an object or <a>dictionary</a> that a merchant uses
          to process or validate the transaction. The structure of this object
          is specific to each <a>payment method</a>. For an example of such an
          object, see the {{BasicCardResponse}} dictionary of
          [[[?payment-method-basic-card]]].
        </dd>
        <dt>
          <dfn>Steps for when a user changes payment method</dfn> (optional)
        </dt>
        <dd>
          <p>
            Steps that describe how to handle the user changing payment method
            or monetary instrument (e.g., from a debit card to a credit card)
            that results in a <a>dictionary</a> or {{object}} or null.
          </p>
        </dd>
      </dl>
      <p>
        This API also enables web sites to take advantage of more secure
        payment schemes (e.g., tokenization and system-level authentication)
        that are not possible with standard JavaScript libraries. This has the
        potential to reduce liability for the merchant and helps protect
        sensitive user information.
      </p>
      <section id="goals">
        <h2>
          Goals and scope
        </h2>
        <ul>
          <li>Allow the user agent to act as intermediary between a merchant,
          user, and <a>payment method provider</a>.
          </li>
          <li>Enable user agents to streamline the user's payment experience by
          taking into account user preferences, merchant information, security
          considerations, and other factors.
          </li>
          <li>Standardize (to the extent that it makes sense) the communication
          flow between a merchant, user agent, and <a>payment method
          provider</a>.
          </li>
          <li>Enable a <a>payment method provider</a> to bring more secure
          payment transactions to the web.
          </li>
        </ul>
        <p>
          The following are out of scope for this specification:
        </p>
        <ul>
          <li>Create a new <a>payment method</a>.
          </li>
          <li>Integrate directly with payment processors.
          </li>
        </ul>
      </section>
    </section>
    <section class="informative">
      <h2>
        Examples of usage
      </h2>
      <p>
        In order to use the API, the developer needs to provide and keep track
        of a number of key pieces of information. These bits of information are
        passed to the {{PaymentRequest}} constructor as arguments, and
        subsequently used to update the payment request being displayed to the
        user. Namely, these bits of information are:
      </p>
      <ul>
        <li>The |methodData|: A sequence of <a>PaymentMethodData</a>s that
        represents the <a>payment methods</a> that the site supports (e.g., "we
        support card-based payments, but only Visa and MasterCard credit
        cards.").
        </li>
        <li>The |details|: The details of the transaction, as a
        <a>PaymentDetailsInit</a> dictionary. This includes total cost, and
        optionally a list of goods or services being purchased, for physical
        goods, and shipping options. Additionally, it can optionally include
        "modifiers" to how payments are made. For example, "if you pay with a
        card belonging to network X, it incurs a US$3.00 processing fee".
        </li>
        <li>The |options|: Optionally, a list of things as
        <a>PaymentOptions</a> that the site needs to deliver the good or
        service (e.g., for physical goods, the merchant will typically need a
        physical address to ship to. For digital goods, an email will usually
        suffice).
        </li>
      </ul>
      <p data-link-for="PaymentRequest">
        Once a {{PaymentRequest}} is constructed, it's presented to the end
        user via the <a>show()</a> method. The <a>show()</a> returns a promise
        that, once the user confirms request for payment, results in a
        <a>PaymentResponse</a>.
      </p>
      <section>
        <h3>
          Declaring multiple ways of paying
        </h3>
        <p>
          When constructing a new {{PaymentRequest}}, a merchant uses the first
          argument (|methodData|) to list the different ways a user can pay for
          things (e.g., credit cards, Apple Pay, Google Pay, etc.). More
          specifically, the |methodData| sequence contains
          <a>PaymentMethodData</a> dictionaries containing the <a>payment
          method identifiers</a> for the <a>payment methods</a> that the
          merchant accepts and any associated <a>payment method</a> specific
          data (e.g., which credit card networks are supported).
        </p>
        <pre class="example js" title="The `methodData` argument">
          const methodData = [
            {
              supportedMethods: "basic-card",
              data: {
                supportedNetworks: ["visa", "mastercard"],
              },
            },
            {
              supportedMethods: "https://example.com/bobpay",
              data: {
                merchantIdentifier: "XXXX",
                bobPaySpecificField: true,
              },
            },
          ];
        </pre>
      </section>
      <section>
        <h3>
          Describing what is being paid for
        </h3>
        <p>
          When constructing a new {{PaymentRequest}}, a merchant uses the
          second argument of the constructor (|details|) to provide the details
          of the transaction that the user is being asked to complete. This
          includes the total of the order and, optionally, some line items that
          can provide a detailed breakdown of what is being paid for.
        </p>
        <pre class="example js" title="The `details` argument">
          const details = {
            id: "super-store-order-123-12312",
            displayItems: [
              {
                label: "Sub-total",
                amount: { currency: "USD", value: "55.00" },
              },
              {
                label: "Sales Tax",
                amount: { currency: "USD", value: "5.00" },
                type: "tax"
              },
            ],
            total: {
              label: "Total due",
              // The total is USD$65.00 here because we need to
              // add shipping (below). The selected shipping
              // costs USD$5.00.
              amount: { currency: "USD", value: "65.00" },
            },
          };
        </pre>
      </section>
      <section>
        <h3>
          Adding shipping options
        </h3>
        <p>
          Here we see an example of how to add two shipping options to the
          |details|.
        </p>
        <pre class="example js" title="Adding shipping options">
          const shippingOptions = [
            {
              id: "standard",
              label: "🚛 Ground Shipping (2 days)",
              amount: { currency: "USD", value: "5.00" },
              selected: true,
            },
            {
              id: "drone",
              label: "🚀 Drone Express (2 hours)",
              amount: { currency: "USD", value: "25.00" }
            },
          ];
          Object.assign(details, { shippingOptions });
        </pre>
      </section>
      <section>
        <h3>
          Conditional modifications to payment request
        </h3>
        <p>
          Here we see how to add a processing fee for using a card on a
          particular network. Notice that it requires recalculating the total.
        </p>
        <pre class="example js" title=
        "Modifying payment request based on card type">
          // Certain cards incur a $3.00 processing fee.
          const cardFee = {
            label: "Card processing fee",
            amount: { currency: "USD", value: "3.00" },
          };

          // Modifiers apply when the user chooses to pay with
          // a card.
          const modifiers = [
            {
              additionalDisplayItems: [cardFee],
              supportedMethods: "basic-card",
              total: {
                label: "Total due",
                amount: { currency: "USD", value: "68.00" },
              },
              data: {
                supportedNetworks: networks,
              },
            },
          ];
          Object.assign(details, { modifiers });
        </pre>
      </section>
      <section>
        <h3>
          Requesting specific information from the end user
        </h3>
        <p>
          Some financial transactions require a user to provide specific
          information in order for a merchant to fulfill a purchase (e.g., the
          user's shipping address, in case a physical good needs to be
          shipped). To request this information, a merchant can pass a third
          optional argument (|options|) to the {{PaymentRequest}} constructor
          indicating what information they require. When the payment request is
          shown, the user agent will request this information from the end user
          and return it to the merchant when the user accepts the payment
          request.
        </p>
        <pre class="example js" title="The `options` argument">
          const options = {
            requestPayerEmail: false,
            requestPayerName: true,
            requestPayerPhone: false,
            requestShipping: true,
          }
        </pre>
      </section>
      <section>
        <h3>
          Constructing a <code>PaymentRequest</code>
        </h3>
        <p>
          Having gathered all the prerequisite bits of information, we can now
          construct a {{PaymentRequest}} and request that the browser present
          it to the user:
        </p>
        <pre class="example js" title="Constructing a `PaymentRequest`">
          async function doPaymentRequest() {
            try {
              const request = new PaymentRequest(methodData, details, options);
              // See below for a detailed example of handling these events
              request.onshippingaddresschange = ev =&gt; ev.updateWith(details);
              request.onshippingoptionchange = ev =&gt; ev.updateWith(details);
              const response = await request.show();
              await validateResponse(response);
            } catch (err) {
              // AbortError, SecurityError
              console.error(err);
            }
          }
          async function validateResponse(response) {
            try {
              const errors = await checkAllValuesAreGood(response);
              if (errors.length) {
                await response.retry(errors);
                return validateResponse(response);
              }
              await response.complete("success");
            } catch (err) {
              // Something went wrong...
              await response.complete("fail");
            }
          }
          // Must be called as a result of a click
          // or some explicit user action.
          doPaymentRequest();
        </pre>
      </section>
      <section>
        <h3>
          Handling events and updating the payment request
        </h3>
        <p>
          Prior to the user accepting to make payment, the site is given an
          opportunity to update the payment request in response to user input.
          This can include, for example, providing additional shipping options
          (or modifying their cost), removing items that cannot ship to a
          particular address, etc.
        </p>
        <pre class="example js" title="Registering event handlers">
          const request = new PaymentRequest(methodData, details, options);
          // Async update to details
          request.onshippingaddresschange = ev =&gt; {
            ev.updateWith(checkShipping(request));
          };
          // Sync update to the total
          request.onshippingoptionchange = ev =&gt; {
            // selected shipping option
            const { shippingOption } = request;
            const newTotal = {
              currency: "USD",
              label: "Total due",
              value: calculateNewTotal(shippingOption),
            };
            ev.updateWith({ total: newTotal });
          };
          async function checkShipping(request) {
            try {
              const json = request.shippingAddress.toJSON();

              await ensureCanShipTo(json);
              const { shippingOptions, total } = await calculateShipping(json);

              return { shippingOptions, total };
            } catch (err) {
              return { error: `Sorry! we can't ship to your address.` };
            }
          }
        </pre>
      </section>
      <section>
        <h3>
          Fine-grained error reporting
        </h3>
        <p>
          A developer can use the <a data-link-for=
          "PaymentDetailsUpdate">shippingAddressErrors</a> member of the
          <a>PaymentDetailsUpdate</a> dictionary to indicate that there are
          validation errors with specific attributes of a {{PaymentAddress}}.
          The <a data-link-for="PaymentDetailsUpdate">shippingAddressErrors</a>
          member is a <a>AddressErrors</a> dictionary, whose members
          specifically demarcate the fields of a <a>physical address</a> that
          are erroneous while also providing helpful error messages to be
          displayed to the end user.
        </p>
        <pre class="example js">
          request.onshippingaddresschange = ev =&gt; {
            ev.updateWith(validateAddress(request.shippingAddress));
          };
          function validateAddress(shippingAddress) {
            const error = "Can't ship to this address.";
            const shippingAddressErrors = {
              city: "FarmVille is not a real place.",
              postalCode: "Unknown postal code for your country.",
            };
            // Empty shippingOptions implies that we can't ship
            // to this address.
            const shippingOptions = [];
            return { error, shippingAddressErrors, shippingOptions };
          }
        </pre>
      </section>
      <section data-link-for="PaymentResponse">
        <h3>
          POSTing payment response back to a server
        </h3>
        <p>
          It's expected that data in a <a>PaymentResponse</a> will be POSTed
          back to a server for processing. To make this as easy as possible,
          <a>PaymentResponse</a> provides a <a>toJSON()</a> method that
          serializes the object directly into JSON. This makes it trivial to
          POST the resulting JSON back to a server using the [[[fetch]]]:
        </p>
        <pre class="example js" title="POSTing with `fetch()`">
          async function doPaymentRequest() {
            const payRequest = new PaymentRequest(methodData, details, options);
            const payResponse = await payRequest.show();
            let result = "";
            try {
              const httpResponse = await fetch("/process-payment", {
                method: "POST",
                headers: { "Content-Type": "application/json" },
                body: payResponse.toJSON(),
              });
              result = httpResponse.ok ? "success" : "fail";
            } catch (err) {
              console.error(err);
              result = "fail";
            }
            await payResponse.complete(result);
          }
          doPaymentRequest();
        </pre>
      </section>
    </section>
    <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
      <h2>
        <dfn>PaymentRequest</dfn> interface
      </h2>
      <pre class="idl">
        [SecureContext, Exposed=Window]
        interface PaymentRequest : EventTarget {
          constructor(
            sequence&lt;PaymentMethodData&gt; methodData,
            PaymentDetailsInit details,
            optional PaymentOptions options = {}
          );
          [NewObject]
          Promise&lt;PaymentResponse&gt; show(optional Promise&lt;PaymentDetailsUpdate&gt; detailsPromise);
          [NewObject]
          Promise&lt;void&gt; abort();
          [NewObject]
          Promise&lt;boolean&gt; canMakePayment();
          [NewObject]
          Promise&lt;boolean&gt; hasEnrolledInstrument();

          readonly attribute DOMString id;
          readonly attribute PaymentAddress? shippingAddress;
          readonly attribute DOMString? shippingOption;
          readonly attribute PaymentShippingType? shippingType;

          attribute EventHandler onmerchantvalidation;
          attribute EventHandler onshippingaddresschange;
          attribute EventHandler onshippingoptionchange;
          attribute EventHandler onpaymentmethodchange;
        };
      </pre>
      <div class="note">
        <p>
          A developer creates a {{PaymentRequest}} to make a payment request.
          This is typically associated with the user initiating a payment
          process (e.g., by activating a "Buy," "Purchase," or "Checkout"
          button on a web site, selecting a "Power Up" in an interactive game,
          or paying at a kiosk in a parking structure). The {{PaymentRequest}}
          allows developers to exchange information with the <a>user agent</a>
          while the user is providing input (up to the point of user approval
          or denial of the payment request).
        </p>
        <p data-link-for="PaymentRequest">
          The <a>shippingAddress</a>, <a>shippingOption</a>, and
          <a>shippingType</a> attributes are populated during processing if the
          {{PaymentOptions/requestShipping}} member is set.
        </p>
      </div>
      <p>
        A |request|'s <dfn>payment-relevant browsing context</dfn> is that
        {{PaymentRequest}}'s <a>relevant global object</a>'s browsing context's
        <a>top-level browsing context</a>. Every <a>payment-relevant browsing
        context</a> has a <dfn>payment request is showing</dfn> boolean, which
        prevents showing more than one payment UI at a time.
      </p>
      <p class="Note">
        The <a>payment request is showing</a> boolean simply prevents more than
        one payment UI being shown in a single browser tab. However, a
        <a>payment handler</a> can restrict the <a>user agent</a> to showing
        only one payment UI across all browser windows and tabs. Other payment
        handlers might allow showing a payment UI across disparate browser
        tabs.
      </p>
      <section>
        <h2>
          Constructor
        </h2>
        <p>
          The {{PaymentRequest}} is constructed using the supplied sequence of
          <a>PaymentMethodData</a> |methodData| including any <a>payment
          method</a> specific {{PaymentMethodData/data}}, the
          <a>PaymentDetailsInit</a> |details|, and the <a>PaymentOptions</a>
          |options|.
        </p>
        <p data-tests=
        "payment-request-constructor.https.html, payment-request-insecure.http.html">
          The <code><dfn data-lt=
          "PaymentRequest.PaymentRequest()">PaymentRequest(|methodData|,
          |details|, |options|)</dfn></code> constructor MUST act as follows:
        </p>
        <ol data-link-for="PaymentDetailsBase" class="algorithm">
          <li>If the <a>current settings object</a>'s [=environment settings
          object / responsible document=] is not <a>allowed to use</a> the
          "[=payment-feature|payment=]" feature, then [=exception/throw=] a
          {{"SecurityError"}} {{DOMException}}.
          </li>
          <li>Establish the request's id:
            <ol>
              <li data-tests="payment-request-id-attribute.https.html">If
              |details|.{{PaymentDetailsInit/id}} is missing, add an
              {{PaymentDetailsInit/id}} member to |details| and set its value
              to a <abbr title="Universally Unique Identifier">UUID</abbr>
              [[RFC4122]].
              </li>
            </ol>
          </li>
          <li>Let |serializedMethodData| be an empty list.
          </li>
          <li>Process payment methods:
            <ol data-link-for="PaymentMethodData">
              <li>If the length of the |methodData| sequence is zero, then
              [=exception/throw=] a {{TypeError}}, optionally informing the
              developer that at least one <a>payment method</a> is required.
              </li>
              <li>For each |paymentMethod| of |methodData|:
                <ol>
                  <li data-tests=
                  "payment-request-ctor-pmi-handling.https.html">Run the steps
                  to <a>validate a payment method identifier</a> with
                  |paymentMethod|.{{PaymentMethodData/supportedMethods}}. If it
                  returns false, then throw a {{RangeError}} exception.
                  Optionally, inform the developer that the payment method
                  identifier is invalid.
                  </li>
                  <li>If the {{PaymentMethodData/data}} member of
                  |paymentMethod| is missing, let |serializedData| be null.
                  Otherwise, let |serializedData| be the result of
                  <a>JSON-serializing</a>
                  |paymentMethod|.{{PaymentMethodData/data}} into a string.
                  Rethrow any exceptions.
                  </li>
                  <li>If |serializedData| is not null, and if required by the
                  specification that defines the
                  |paymentMethod|.<a>supportedMethods</a>:
                    <ol>
                      <li>Let |object| be the result of <a data-cite=
                      "ECMASCRIPT#sec-json.parse">JSON-parsing</a>
                      |serializedData|.
                      </li>
                      <li>
                        <p>
                          [=converted to an IDL value|Convert=] |object| to an
                          IDL value of the type specified by the specification
                          that defines the
                          |paymentMethod|.<a>supportedMethods</a> (e.g.,
                          {{BasicCardRequest}} in the case of
                          [[[?payment-method-basic-card]]]). Rethrow any
                          exceptions.
                        </p>
                        <p class="note">
                          This step assures that any IDL type conversion errors
                          are caught as early as possible.
                        </p>
                      </li>
                    </ol>
                  </li>
                  <li>Add the tuple
                  (|paymentMethod|.{{PaymentMethodData/supportedMethods}},
                  |serializedData|) to |serializedMethodData|.
                  </li>
                </ol>
              </li>
            </ol>
          </li>
          <li>Process the total:
            <ol>
              <li data-tests=
              "payment-request-ctor-currency-code-checks.https.html">
                <a>Check and canonicalize total amount</a>
                |details|.{{PaymentDetailsInit/total}}.{{PaymentItem/amount}}.
                Rethrow any exceptions.
              </li>
            </ol>
          </li>
          <li>If the <a>displayItems</a> member of |details| is present, then
          for each |item| in |details|.<a>displayItems</a>:
            <ol>
              <li data-tests=
              "payment-request-ctor-currency-code-checks.https.html">
                <a>Check and canonicalize amount</a>
                |item|.{{PaymentItem/amount}}. Rethrow any exceptions.
              </li>
            </ol>
          </li>
          <li>Let |selectedShippingOption| be null.
          </li>
          <li>If the {{PaymentOptions/requestShipping}} member of |options| is
          present and set to true, process shipping options:
            <ol>
              <li>Let |options:PaymentShippingOption| be an empty
              <code><a>sequence</a></code>&lt;<a>PaymentShippingOption</a>&gt;.
              </li>
              <li>If the <a>shippingOptions</a> member of |details| is present,
              then:
                <ol data-link-for="PaymentShippingOption">
                  <li>Let |seenIDs| be an empty set.
                  </li>
                  <li>For each |option| in |details|.<a data-link-for=
                  "PaymentDetailsBase">shippingOptions</a>:
                    <ol>
                      <li data-tests=
                      "payment-request-ctor-currency-code-checks.https.html">
                        <a>Check and canonicalize amount</a>
                        |item|.{{PaymentItem/amount}}. Rethrow any exceptions.
                      </li>
                      <li>If |seenIDs| contains |option|.<a>id</a>, then throw
                      a {{TypeError}}. Optionally, inform the developer that
                      shipping option IDs must be unique.
                      </li>
                      <li>Otherwise, append |option|.<a>id</a> to |seenIDs|.
                      </li>
                      <li>If |option|.<a>selected</a> is true, then set
                      |selectedShippingOption| to |option|.<a>id</a>.
                      </li>
                    </ol>
                  </li>
                </ol>
              </li>
              <li>Set |details|.{{PaymentDetailsBase/shippingOptions}} to
              |options|.
              </li>
            </ol>
          </li>
          <li>Let |serializedModifierData| be an empty list.
          </li>
          <li data-link-for="PaymentDetailsBase">Process payment details
          modifiers:
            <ol>
              <li>Let |modifiers| be an empty
              <code><a>sequence</a></code>&lt;<a>PaymentDetailsModifier</a>&gt;.
              </li>
              <li>If the <a>modifiers</a> member of |details| is present, then:
                <ol>
                  <li>Set |modifiers| to |details|.<a>modifiers</a>.
                  </li>
                  <li>For each |modifier| of |modifiers|:
                    <ol>
                      <li>If the {{PaymentDetailsModifier/total}} member of
                      |modifier| is present, then:
                        <ol>
                          <li data-tests=
                          "payment-request-ctor-currency-code-checks.https.html">
                            <a>Check and canonicalize total amount</a>
                            |modifier|.{{PaymentDetailsModifier/total}}.{{PaymentItem/amount}}.
                            Rethrow any exceptions.
                          </li>
                        </ol>
                      </li>
                      <li>If the
                      {{PaymentDetailsModifier/additionalDisplayItems}} member
                      of |modifier| is present, then for each |item| of
                      |modifier|.{{PaymentDetailsModifier/additionalDisplayItems}}:
                        <ol>
                          <li data-tests=
                          "payment-request-ctor-currency-code-checks.https.html">
                            <a>Check and canonicalize amount</a>
                            |item|.{{PaymentItem/amount}}. Rethrow any
                            exceptions.
                          </li>
                        </ol>
                      </li>
                      <li>If the {{PaymentDetailsModifier/data}} member of
                      |modifier| is missing, let |serializedData| be null.
                      Otherwise, let |serializedData| be the result of
                      <a>JSON-serializing</a>
                      |modifier|.{{PaymentDetailsModifier/data}} into a string.
                      Rethrow any exceptions.
                      </li>
                      <li>Add the tuple
                      (|modifier|.{{PaymentDetailsModifier/supportedMethods}},
                      |serializedData|) to |serializedModifierData|.
                      </li>
                      <li>Remove the {{PaymentDetailsModifier/data}} member of
                      |modifier|, if it is present.
                      </li>
                    </ol>
                  </li>
                </ol>
              </li>
              <li>Set |details|.{{PaymentDetailsBase/modifiers}} to
              |modifiers|.
              </li>
            </ol>
          </li>
          <li>Let |request:PaymentRequest| be a new {{PaymentRequest}}.
          </li>
          <li>Set |request|.[=PaymentRequest/[[options]]=] to |options|.
          </li>
          <li>Set |request|.<a>[[\state]]</a> to "<a>created</a>".
          </li>
          <li>Set |request|.<a>[[\updating]]</a> to false.
          </li>
          <li>Set |request|.[=PaymentRequest/[[details]]=] to |details|.
          </li>
          <li>Set |request|.[=PaymentRequest/[[serializedModifierData]]=] to
          |serializedModifierData|.
          </li>
          <li>Set |request|.[=PaymentRequest/[[serializedMethodData]]=] to
          |serializedMethodData|.
          </li>
          <li>Set |request|.<a>[[\response]]</a> to null.
          </li>
          <li>Set the value of |request|'s {{PaymentRequest/shippingOption}}
          attribute to |selectedShippingOption|.
          </li>
          <li>Set the value of the {{PaymentRequest/shippingAddress}} attribute
          on |request| to null.
          </li>
          <li>If |options|.{{PaymentOptions/requestShipping}} is set to true,
          then set the value of the {{PaymentRequest/shippingType}} attribute
          on |request| to |options|.{{PaymentOptions/shippingType}}. Otherwise,
          set it to null.
          </li>
          <li>Return |request|.
          </li>
        </ol>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>id</dfn> attribute
        </h2>
        <p data-tests="payment-request-id-attribute.https.html">
          When getting, the <a>id</a> attribute returns this
          {{PaymentRequest}}'s
          [=PaymentRequest/[[details]]=].{{PaymentDetailsInit/id}}.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>show()</dfn> method
        </h2>
        <div class="note">
          <p>
            The <a>show()</a> method is called when a developer wants to begin
            user interaction for the payment request. The <a>show()</a> method
            returns a {{Promise}} that will be resolved when the <a>user
            accepts the payment request</a>. Some kind of user interface will
            be presented to the user to facilitate the payment request after
            the <a>show()</a> method returns.
          </p>
          <p>
            Each payment handler controls what happens when multiple browsing
            context simultaneously call the <a>show()</a> method. For instance,
            some payment handlers will allow multiple payment UIs to be shown
            in different browser tabs/windows. Other payment handlers might
            only allow a single payment UI to be shown for the entire user
            agent.
          </p>
        </div>
        <p data-tests="payment-request-show-method.https.html">
          The <code>show(optional |detailsPromise|)</code> method MUST act as
          follows:
        </p>
        <ol class="algorithm">
          <li data-tests=
          "payment-request-show-method.https.html, show-method-postmessage-manual.https.html">
          If the [=relevant global object=] of [=this=] does not have
          [=transient activation=], return [=a promise rejected with=] with a
          {{"SecurityError"}} {{DOMException}}.
          </li>
          <li>Let |request:PaymentRequest| be the <a>context object</a>.
          </li>
          <li>Let |document| be |request|'s <a>relevant global object</a>'s <a>
            associated <code>Document</code></a>.
          </li>
          <li data-tests="rejects_if_not_active.https.html">If |document| is
          not [=Document/fully active=], then return <a>a promise rejected
          with</a> an {{"AbortError"}} {{DOMException}}.
          </li>
          <li>
            <p>
              Optionally, if the <a>user agent</a> wishes to disallow the call
              to <a>show()</a> to protect the user, then return a promise
              rejected with a {{"SecurityError"}} {{DOMException}}. For
              example, the <a>user agent</a> may limit the rate at which a page
              can call <a>show()</a>, as described in section <a href=
              "#privacy"></a>.
            </p>
          </li>
          <li>If |request|.<a>[[\state]]</a> is not "<a>created</a>" then
          return <a>a promise rejected with</a> an {{"InvalidStateError"}}
          {{DOMException}}.
          </li>
          <li>If the <a>user agent</a>'s <a>payment request is showing</a>
          boolean is true, then:
            <ol>
              <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
              </li>
              <li>Return <a>a promise rejected with</a> an {{"AbortError"}}
              {{DOMException}}.
              </li>
            </ol>
          </li>
          <li>Set |request|.<a>[[\state]]</a> to "<a>interactive</a>".
          </li>
          <li>Let |acceptPromise:Promise| be <a>a new promise</a>.
          </li>
          <li>Set |request|.<a>[[\acceptPromise]]</a> to |acceptPromise|.
          </li>
          <li>
            <p>
              Optionally:
            </p>
            <ol>
              <li>Reject |acceptPromise| with an {{"AbortError"}}
              {{DOMException}}.
              </li>
              <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
              </li>
              <li>Return |acceptPromise|.
              </li>
            </ol>
            <p class="note">
              This allows the <a>user agent</a> to act as if the user had
              immediately [=user aborts the payment request|aborted the payment
              request=], at its discretion. For example, in "private browsing"
              modes or similar, user agents might take advantage of this step.
            </p>
          </li>
          <li>Set |request|'s <a>payment-relevant browsing context</a>'s
          <a>payment request is showing</a> boolean to true.
          </li>
          <li>Return |acceptPromise| and perform the remaining steps <a>in
          parallel</a>.
          </li>
          <li>Let |handlers:list| be an empty <a>list</a>.
          </li>
          <li>For each |paymentMethod| tuple in
          |request|.[=PaymentRequest/[[serializedMethodData]]=]:
            <ol>
              <li>Let |identifier| be the first element in the |paymentMethod|
              tuple.
              </li>
              <li>Let |data| be the result of <a data-cite=
              "ECMASCRIPT#sec-json.parse">JSON-parsing</a> the second element
              in the |paymentMethod| tuple.
              </li>
              <li data-cite="WebIDL infra">If required by the specification
              that defines the |identifier|, then [=converted to an IDL
              value|convert=] |data| to an IDL value of the type specified
              there. Otherwise, [=converted to an IDL value|convert=] to
              {{object}}.
              </li>
              <li>If conversion results in an <a>exception</a> |error|:
                <ol>
                  <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
                  </li>
                  <li>Reject |acceptPromise| with |error|.
                  </li>
                  <li>Set |request|'s <a>payment-relevant browsing
                  context</a>'s <a>payment request is showing</a> boolean to
                  false.
                  </li>
                  <li>Terminate this algorithm.
                  </li>
                </ol>
              </li>
              <li>Let |registeredHandlers| be a <a>list</a> of registered
              payment handlers for the payment method |identifier|.
              </li>
              <li>For each |handler| in |registeredHandlers|:
                <ol>
                  <li>Let |canMakePayment| be the result of running |handler|'s
                  <a>steps to check if a payment can be made</a> with |data|.
                  </li>
                  <li>If |canMakePayment| is true, then append |handler| to
                  |handlers|.
                  </li>
                </ol>
              </li>
            </ol>
          </li>
          <li>If |handlers| is empty, then:
            <ol>
              <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
              </li>
              <li>Reject |acceptPromise| with {{"NotSupportedError"}}
              {{DOMException}}.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
              <li>Terminate this algorithm.
              </li>
            </ol>
          </li>
          <li>
            <p>
              Present a user interface that will allow the user to interact
              with the |handlers|. The user agent SHOULD prioritize the user's
              preference when presenting payment methods.
            </p>
            <aside class="note" title="Localization of the payment sheet">
              <p>
                The API does not provide a way for developers to specify the
                language in which the payment sheet is presented to end users.
                As such, user agents will generally present the payment sheet
                using the user agent's default language. The working group is
                contemplating adding the ability for developers to specify the
                language of the payment sheet, and of specific
                {{PaymentItems}}, in a future version of this API.
              </p>
            </aside>
          </li>
          <li data-tests=
          "show-method-optional-promise-rejects-manual.https.html, show-method-optional-promise-resolves-manual.https.html">
          If |detailsPromise| was passed, then:
            <ol>
              <li>Run the <a>update a <code>PaymentRequest</code>'s details
              algorithm</a> with |detailsPromise|, |request|, and null.
              </li>
              <li>Wait for the |detailsPromise| to settle.
                <p class="note">
                  Based on how the |detailsPromise| settles, the <a>update a
                  <code>PaymentRequest</code>'s details algorithm</a>
                  determines how the payment UI behaves. That is, <a>upon
                  rejection</a> of the |detailsPromise|, the payment request
                  aborts. Otherwise, <a>upon fulfillment</a> |detailsPromise|,
                  the user agent re-enables the payment request UI and the
                  payment flow can continue.
                </p>
              </li>
            </ol>
          </li>
          <li>Let |handler| be the <a>payment handler</a> selected by the
          end-user.
          </li>
          <li>Let |modifiers:list| be an empty list.
          </li>
          <li>For each |tuple| in
          [=PaymentRequest/[[serializedModifierData]]=]:
            <ol>
              <li>If the first element of |tuple| (a <a>PMI</a>) matches the
              <a>payment method identifier</a> of |handler|, then append the
              second element of |tuple| (the serialized method data) to
              |modifiers|.
              </li>
            </ol>
          </li>
          <li>
            <p>
              Pass the [=converted to an IDL value|converted=] second element
              in the |paymentMethod| tuple and |modifiers|. Optionally, the
              user agent SHOULD send the appropriate data from |request| to the
              user-selected <a>payment handler</a> in order to guide the user
              through the payment process. This includes the various attributes
              and other internal slots of |request| (some MAY be excluded for
              privacy reasons where appropriate).
            </p>
            <p>
              Handling of multiple applicable modifiers in the
              [=PaymentRequest/[[serializedModifierData]]=] internal slot is
              <a>payment handler</a> specific and beyond the scope of this
              specification. Nevertheless, it is RECOMMENDED that <a>payment
              handlers</a> use a "last one wins" approach with items in the
              [=PaymentRequest/[[serializedModifierData]]=] list: that is to
              say, an item at the end of the list always takes precedence over
              any item at the beginning of the list (see example below).
            </p>
            <aside class="example" title=
            "Handling of multiple applicable modifiers">
              <p>
                This example uses the "basic-card" payment method to from
                [[[?payment-method-basic-card]]] demonstrate precedence order
                of [=PaymentRequest/[[serializedModifierData]]=]. The first
                modifier applies equally to all cards, irrespective of network.
                The second modifier applies specifically to cards on the "visa"
                network.
              </p>
              <pre class="js">
                const details = {
                  total: {
                    label: "Total due",
                    amount: { currency: "USD", value: "65.00" },
                  },
                };
                // All cards incur a $3.00 processing fee.
                const cardFee = {
                  label: "Card processing fee",
                  amount: { currency: "USD", value: "3.00" },
                };

                // But visa card incurs a $1.00 processing fee.
                const visaFee = {
                  label: "Visa processing fee",
                  amount: { currency: "USD", value: "1.00" },
                };

                // Modifiers apply when the user chooses to pay with
                // a credit card.
                details.modifiers = [
                  // Applies to all cards...
                  {
                    additionalDisplayItems: [cardFee],
                    supportedMethods: "basic-card",
                    total: {
                      label: "Total due",
                      amount: { currency: "USD", value: "53.00" },
                    },
                    data: {
                      supportedNetworks: [], // All networks
                    },
                  },
                  // Applies only to visa cards...
                  {
                    additionalDisplayItems: [visaFee],
                    supportedMethods: "basic-card",
                    total: {
                      label: "Total due",
                      amount: { currency: "USD", value: "51.00" },
                    },
                    data: {
                      supportedNetworks: ["visa"], // Visa network only
                    },
                  },
                ];
              </pre>
              <p>
                If the modifiers array in the example above was to be reversed
                (i.e., <code class="js">supportedNetworks: []</code> was to
                come last in the modifiers list), then it would take precedence
                over the "visa" modifier even though the visa modifier matches
                visa cards more specifically. This is because "last one wins".
              </p>
            </aside>
            <p>
              The |acceptPromise| will later be resolved or rejected by either
              the <a>user accepts the payment request algorithm</a> or the
              <a>user aborts the payment request algorithm</a>, which are
              triggered through interaction with the user interface.
            </p>
            <p data-tests="rejects_if_not_active.https.html">
              If |document| stops being [=Document/fully active=] while the
              user interface is being shown, or no longer is by the time this
              step is reached, then:
            </p>
            <ol>
              <li>Close down the user interface.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>abort()</dfn> method
        </h2>
        <div class="note">
          <p>
            The <a>abort()</a> method is called if a developer wishes to tell
            the <a>user agent</a> to abort the payment |request| and to tear
            down any user interface that might be shown. The <a>abort()</a> can
            only be called after the <a>show()</a> method has been called (see
            <a>states</a>) and before this instance's <a>[[\acceptPromise]]</a>
            has been resolved. For example, developers might choose to do this
            if the goods they are selling are only available for a limited
            amount of time. If the user does not accept the payment request
            within the allowed time period, then the request will be aborted.
          </p>
          <p>
            A <a>user agent</a> might not always be able to abort a request.
            For example, if the <a>user agent</a> has delegated responsibility
            for the request to another app. In this situation, <a>abort()</a>
            will reject the returned {{Promise}}.
          </p>
          <p>
            See also the algorithm when the <a>user aborts the payment
            request</a>.
          </p>
        </div>
        <p data-tests="payment-request-abort-method.https.html">
          The <a>abort()</a> method MUST act as follows:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the <a>context object</a>.
          </li>
          <li>If |request|.<a>[[\response]]</a> is not null, and
          |request|.<a>[[\response]]</a>.<a>[[\retryPromise]]</a> is not null,
          return <a>a promise rejected with</a> an {{"InvalidStateError"}}
          {{DOMException}}.
          </li>
          <li>If the value of |request|.<a>[[\state]]</a> is not
          "<a>interactive</a>" then return <a>a promise rejected with</a> an
          {{"InvalidStateError"}} {{DOMException}}.
          </li>
          <li>Let |promise:Promise| be <a>a new promise</a>.
          </li>
          <li>Return |promise| and perform the remaining steps <a>in
          parallel</a>.
          </li>
          <li>Try to abort the current user interaction with the <a>payment
          handler</a> and close down any remaining user interface.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            perform the following steps:
            <ol>
              <li>If it is not possible to abort the current user interaction,
              then reject |promise| with {{"InvalidStateError"}}
              {{DOMException}} and abort these steps.
              </li>
              <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
              </li>
              <li>Reject the promise |request|.<a>[[\acceptPromise]]</a> with
              an {{"AbortError"}} {{DOMException}}.
              </li>
              <li>Resolve |promise| with undefined.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>canMakePayment()</dfn> method
        </h2>
        <div class="note" title="canMakePayment() vs hasEnrolledInstrument()">
          <p>
            The <a>canMakePayment()</a> method can be used by the developer to
            determine if the <a>user agent</a> has support for one of the
            desired <a>payment methods</a>. See
            [[[#canmakepayment-protections]]].
          </p>
          <p>
            A true result from <a>canMakePayment()</a> does not imply that the
            user has a provisioned instrument ready for payment. For that, use
            <a>hasEnrolledInstrument()</a> instead.
          </p>
        </div>
        <p data-tests="payment-request-canmakepayment-method.https.html">
          The <a>canMakePayment()</a> method MUST run the <a>can make payment
          algorithm</a> with |checkForInstruments| set to false.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>hasEnrolledInstrument()</dfn> method
        </h2>
        <p class="note">
          The <a>hasEnrolledInstrument()</a> method can be used by the
          developer to determine if the <a>user agent</a> has support for one
          of the desired <a>payment methods</a> and if a <a>payment handler</a>
          has an instrument ready for payment. See
          [[[#canmakepayment-protections]]].
        </p>
        <p data-tests=
        "payment-request-hasenrolledinstrument-method.https.html">
          The <a>hasEnrolledInstrument()</a> method MUST run the <a>can make
          payment algorithm</a> with |checkForInstruments| set to true.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>shippingAddress</dfn> attribute
        </h2>
        <p data-tests="shipping-address-changed-manual.https.html">
          A {{PaymentRequest}}'s <a>shippingAddress</a> attribute is populated
          when the user provides a shipping address. It is null by default.
          When a user provides a shipping address, the <a>shipping address
          changed algorithm</a> runs.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>shippingType</dfn> attribute
        </h2>
        <p data-tests="payment-request-shippingType-attribute.https.html">
          A {{PaymentRequest}}'s <a>shippingType</a> attribute is the type of
          shipping used to fulfill the transaction. Its value is either a
          <a>PaymentShippingType</a> enum value, or null if none is provided by
          the developer during [=PaymentRequest.PaymentRequest()|construction=]
          (see {{PaymentOptions}}'s {{PaymentOptions/shippingType}} member).
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>onmerchantvalidation</dfn> attribute
        </h2>
        <p data-tests="onmerchantvalidation-attribute.https.html">
          A {{PaymentRequest}}'s <a>onmerchantvalidation</a> attribute is an
          {{EventHandler}} for a {{MerchantValidationEvent}} named
          "<a>merchantvalidation</a>".
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>onshippingaddresschange</dfn> attribute
        </h2>
        <p data-tests=
        "shipping-address-changed-manual.https.html, payment-request-onshippingaddresschange-attribute.https.html, algorithms-manual.https.html#shipping-address-changed-algo">
          A {{PaymentRequest}}'s <a>onshippingaddresschange</a> attribute is an
          {{EventHandler}} for a {{PaymentRequestUpdateEvent}} named
          <a>shippingaddresschange</a>.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>shippingOption</dfn> attribute
        </h2>
        <p data-tests=
        "payment-request-shippingOption-attribute.https.html, change-shipping-option-manual.https.html">
          A {{PaymentRequest}}'s <a>shippingOption</a> attribute is populated
          when the user chooses a shipping option. It is null by default. When
          a user chooses a shipping option, the <a>shipping option changed
          algorithm</a> runs.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>onshippingoptionchange</dfn> attribute
        </h2>
        <p data-tests=
        "payment-request-onshippingoptionchange-attribute.https.html">
          A {{PaymentRequest}}'s <a>onshippingoptionchange</a> attribute is an
          {{EventHandler}} for a {{PaymentRequestUpdateEvent}} named
          <a>shippingoptionchange</a>.
        </p>
      </section>
      <section data-dfn-for="PaymentRequest" data-link-for="PaymentRequest">
        <h2>
          <dfn>onpaymentmethodchange</dfn> attribute
        </h2>
        <p data-tests="onpaymentmenthodchange-attribute.https.html">
          A {{PaymentRequest}}'s <a>onpaymentmethodchange</a> attribute is an
          {{EventHandler}} for a {{PaymentMethodChangeEvent}} named
          "<a>paymentmethodchange</a>".
        </p>
      </section>
      <section>
        <h2>
          Internal Slots
        </h2>
        <p>
          Instances of {{PaymentRequest}} are created with the internal slots
          in the following table:
        </p>
        <table>
          <tr>
            <th>
              Internal Slot
            </th>
            <th>
              Description (<em>non-normative</em>)
            </th>
          </tr>
          <tr>
            <td>
              <dfn data-export="" data-dfn-for=
              "PaymentRequest">[[\serializedMethodData]]</dfn>
            </td>
            <td>
              The <code>methodData</code> supplied to the constructor, but
              represented as tuples containing supported methods and a string
              or null for data (instead of the original object form).
            </td>
          </tr>
          <tr>
            <td>
              <dfn data-export="" data-dfn-for=
              "PaymentRequest">[[\serializedModifierData]]</dfn>
            </td>
            <td>
              A list containing the serialized string form of each
              {{PaymentDetailsModifier/data}} member for each corresponding
              item in the sequence
              [=PaymentRequest/[[details]]=].{{PaymentDetailsBase/modifier}},
              or null if no such member was present.
            </td>
          </tr>
          <tr>
            <td>
              <dfn data-export="" data-dfn-for=
              "PaymentRequest">[[\details]]</dfn>
            </td>
            <td>
              The current <a>PaymentDetailsBase</a> for the payment request
              initially supplied to the constructor and then updated with calls
              to {{PaymentRequestUpdateEvent/updateWith()}}. Note that all
              {{PaymentDetailsModifier/data}} members of
              {{PaymentDetailsModifier}} instances contained in the
              {{PaymentDetailsBase/modifiers}} member will be removed, as they
              are instead stored in serialized form in the
              [=PaymentRequest/[[serializedModifierData]]=] internal slot.
            </td>
          </tr>
          <tr>
            <td>
              <dfn data-export="" data-dfn-for=
              "PaymentRequest">[[\options]]</dfn>
            </td>
            <td>
              The <a>PaymentOptions</a> supplied to the constructor.
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\state]]</dfn>
            </td>
            <td>
              <p>
                The current <dfn>state</dfn> of the payment request, which
                transitions from:
              </p>
              <dl>
                <dt>
                  "<dfn>created</dfn>"
                </dt>
                <dd>
                  The payment request is constructed and has not been presented
                  to the user.
                </dd>
                <dt>
                  "<dfn>interactive</dfn>"
                </dt>
                <dd>
                  The payment request is being presented to the user.
                </dd>
                <dt>
                  "<dfn>closed</dfn>"
                </dt>
                <dd>
                  The payment request completed.
                </dd>
              </dl>
              <p>
                The <a>state</a> transitions are illustrated in the figure
                below:
              </p>
              <figure>
                <img alt="" src="images/state-transitions.svg" width="518"
                height="125">
                <figcaption data-link-for="PaymentRequest">
                  The constructor sets the initial <a>state</a> to
                  "<a>created</a>". The <a>show()</a> method changes the
                  <a>state</a> to "<a>interactive</a>". From there, the
                  <a>abort()</a> method or any other error can send the
                  <a>state</a> to "<a>closed</a>"; similarly, the <a>user
                  accepts the payment request algorithm</a> and <a>user aborts
                  the payment request algorithm</a> will change the
                  <a>state</a> to "<a>closed</a>".
                </figcaption>
              </figure>
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\updating]]</dfn>
            </td>
            <td>
              True if there is a pending
              {{PaymentRequestUpdateEvent/updateWith()}} call to update the
              payment request and false otherwise.
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\acceptPromise]]</dfn>
            </td>
            <td>
              The pending {{Promise}} created during {{PaymentRequest/show()}}
              that will be resolved if the user accepts the payment request.
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\response]]</dfn>
            </td>
            <td>
              Null, or the <a>PaymentResponse</a> instantiated by this
              {{PaymentRequest}}.
            </td>
          </tr>
        </table>
      </section>
    </section>
    <section data-dfn-for="PaymentMethodData" data-link-for=
    "PaymentMethodData">
      <h2>
        <dfn>PaymentMethodData</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentMethodData {
          required DOMString supportedMethods;
          object data;
        };
      </pre>
      <p>
        A <a>PaymentMethodData</a> dictionary is used to indicate a set of
        supported <a>payment methods</a> and any associated <a>payment
        method</a> specific data for those methods.
      </p>
      <dl>
        <dt>
          <dfn>supportedMethods</dfn> member
        </dt>
        <dd>
          A <a>payment method identifier</a> for a <a>payment method</a> that
          the merchant web site accepts.
        </dd>
        <dt>
          <dfn>data</dfn> member
        </dt>
        <dd>
          An object that provides optional information that might be needed by
          the supported payment methods. If supplied, it will be
          <a>JSON-serialized</a>.
        </dd>
      </dl>
      <p class="note">
        The value of <code>supportedMethods</code> was changed from array to
        string, but the name was left as a plural to maintain compatibility
        with existing content on the Web.
      </p>
    </section>
    <section data-dfn-for="PaymentCurrencyAmount" data-link-for=
    "PaymentCurrencyAmount">
      <h2>
        <dfn>PaymentCurrencyAmount</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentCurrencyAmount {
          required DOMString currency;
          required DOMString value;
        };
      </pre>
      <p>
        A <a>PaymentCurrencyAmount</a> dictionary is used to supply monetary
        amounts.
      </p>
      <dl>
        <dt>
          <dfn>currency</dfn> member
        </dt>
        <dd>
          <p>
            An [[ISO4217]] <a data-cite=
            "ecma-402#sec-iswellformedcurrencycode">well-formed</a> 3-letter
            alphabetic code (i.e., the numeric codes are not supported). Their
            canonical form is upper case. However, the set of combinations of
            currency code for which localized currency symbols are available is
            implementation dependent. Where a localized currency symbol is not
            available, a user agent SHOULD use U+00A4 (¤) for formatting. User
            agents MAY format the display of the <a>currency</a> member to
            adhere to OS conventions (e.g., for localization purposes).
          </p>
          <div class="note" title=
          "Digital currencies and ISO 4217 currency codes">
            <p>
              User agents implementing this specification enforce [[ISO4217]]'s
              3-letter codes format via ECMAScript’s <a data-cite=
              "ecma-402#sec-iswellformedcurrencycode">isWellFormedCurrencyCode</a>
              abstract operation, which is invoked as part of the <a>check and
              canonicalize amount</a> algorithm. When a code does not adhere to
              the [[ISO4217]] defined format, a {{RangeError}} is thrown.
            </p>
            <p>
              Current implementations will therefore allow the use of
              well-formed currency codes that are not part of the official
              [[ISO4217]] list (e.g., XBT, XRP, etc.). If the provided code is
              a currency that the browser knows how to display, then an
              implementation will generally display the appropriate currency
              symbol in the user interface (e.g., "USD" is shown as "$", "GBP"
              is "£", and the non-standard "XBT" could be shown as "Ƀ"). When a
              code cannot be matched, the specification recommends browsers
              show a scarab "¤".
            </p>
            <p>
              Efforts are underway at ISO to account for digital currencies,
              which may result in an update to the [[ISO4217]] registry or an
              entirely new registry. The community expects this will resolve
              ambiguities that have crept in through the use of non-standard
              3-letter codes; for example, does "BTC" refer to Bitcoin or to a
              future Bhutan currency? At the time of publication, it remains
              unclear what form this evolution will take, or even the time
              frame in which the work will be completed. The W3C Web Payments
              Working Group is liaising with ISO so that, in the future,
              revisions to this specification remain compatible with relevant
              ISO registries.
            </p>
          </div>
        </dd>
        <dt>
          <dfn>value</dfn> member
        </dt>
        <dd>
          A <a>valid decimal monetary value</a> containing a monetary amount.
        </dd>
      </dl>
      <pre class="example js" title="How to represent US$55.00">
        {
          "currency": "USD",
          "value": "55.00"
        }
      </pre>
      <section>
        <h3>
          Validity checkers
        </h3>
        <p>
          A [=JavaScript string=] is a <dfn>valid decimal monetary value</dfn>
          if it consists of the following [=code points=] in the given order:
        </p>
        <ol>
          <li>Optionally, a single U+002D (-), to indicate that the amount is
          negative.
          </li>
          <li>One or more [=code points=] in the range U+0030 (0) to U+0039
          (9).
          </li>
          <li>Optionally, a single U+002E (.) followed by one or more [=code
          points=] in the range U+0030 (0) to U+0039 (9).
          </li>
        </ol>
        <div class="note">
          The following regular expression is an implementation of the above
          definition.
          <pre class="hljs">^-?[0-9]+(\.[0-9]+)?$</pre>
        </div>
        <p>
          To <dfn>check and canonicalize amount</dfn> given a
          <a>PaymentCurrencyAmount</a> |amount|, run the following steps:
        </p>
        <ol data-link-for="PaymentCurrencyAmount">
          <li>If the result of <a data-cite=
          "ecma-402#sec-iswellformedcurrencycode">IsWellFormedCurrencyCode</a>(|amount|.<a>currency</a>)
          is false, then throw a {{RangeError}} exception, optionally informing
          the developer that the currency is invalid.
          </li>
          <li>If |amount|.<a>value</a> is not a <a>valid decimal monetary
          value</a>, throw a {{TypeError}}, optionally informing the developer
          that the currency is invalid.
          </li>
          <li>Set |amount|.<a>currency</a> to the result of <a>ASCII
          uppercase</a> |amount|.<a>currency</a>.
          </li>
        </ol>
        <p>
          To <dfn>check and canonicalize total amount</dfn> given a
          <a>PaymentCurrencyAmount</a> |amount|, run the following steps:
        </p>
        <ol data-link-for="PaymentCurrencyAmount">
          <li>
            <a>Check and canonicalize amount</a> |amount|. Rethrow any
            exceptions.
          </li>
          <li>If the first <a>code point</a> of |amount|.<a>value</a> is U+002D
          (-), then throw a {{TypeError}} optionally informing the developer
          that a total's value can't be a negative number.
          </li>
        </ol>
        <aside class="note" title="No alteration of values">
          <p>
            The algorithm does not alter or canonicalize the
            |amount|.<a>value</a>. For example, a user agent will not change
            "55" into "55.00". Payment handlers need to be prepared to deal
            with such values.
          </p>
        </aside>
      </section>
    </section>
    <section>
      <h2>
        Payment details dictionaries
      </h2>
      <section data-dfn-for="PaymentDetailsBase" data-link-for=
      "PaymentDetailsBase">
        <h2>
          <dfn>PaymentDetailsBase</dfn> dictionary
        </h2>
        <pre class="idl">
        dictionary PaymentDetailsBase {
          sequence&lt;PaymentItem&gt; displayItems;
          sequence&lt;PaymentShippingOption&gt; shippingOptions;
          sequence&lt;PaymentDetailsModifier&gt; modifiers;
        };
        </pre>
        <dl>
          <dt>
            <dfn>displayItems</dfn> member
          </dt>
          <dd>
            A sequence of <a>PaymentItem</a> dictionaries contains line items
            for the payment request that the <a>user agent</a> MAY display.
            <aside class="note">
              It is the developer's responsibility, when generating or updating
              a {{PaymentRequest}}, to verify that the
              {{PaymentDetailsInit/total}} amount is the sum of these items.
            </aside>
          </dd>
          <dt>
            <dfn>shippingOptions</dfn> member
          </dt>
          <dd>
            <p>
              A sequence containing the different shipping options for the user
              to choose from.
            </p>
            <p data-tests=
            "change-shipping-option-select-last-manual.https.html">
              If an item in the sequence has the
              {{PaymentShippingOption/selected}} member set to true, then this
              is the shipping option that will be used by default and
              {{PaymentRequest/shippingOption}} will be set to the
              {{PaymentShippingOption/id}} of this option without running the
              <a>shipping option changed algorithm</a>. If more than one item
              in the sequence has {{PaymentShippingOption/selected}} set to
              true, then the <a>user agent</a> selects the last one in the
              sequence.
            </p>
            <p>
              The {{PaymentDetailsBase/shippingOptions}} member is only used if
              the {{PaymentRequest}} was constructed with {{PaymentOptions}}
              and {{PaymentOptions/requestShipping}} set to true.
            </p>
            <aside class="note">
              If the sequence has an item with the
              {{PaymentShippingOption/selected}} member set to true, then
              authors are responsible for ensuring that the
              {{PaymentDetailsInit/total}} member includes the cost of the
              shipping option. This is because no <a>shippingoptionchange</a>
              event will be fired for this option unless the user selects an
              alternative option first.
            </aside>
          </dd>
          <dt>
            <dfn>modifiers</dfn> member
          </dt>
          <dd>
            A sequence of <a>PaymentDetailsModifier</a> dictionaries that
            contains modifiers for particular payment method identifiers. For
            example, it allows you to adjust the total amount based on payment
            method.
          </dd>
        </dl>
      </section>
      <section data-dfn-for="PaymentDetailsInit" data-link-for=
      "PaymentDetailsInit">
        <h2>
          <dfn>PaymentDetailsInit</dfn> dictionary
        </h2>
        <pre class="idl">
          dictionary PaymentDetailsInit : PaymentDetailsBase {
            DOMString id;
            required PaymentItem total;
          };
        </pre>
        <aside class="note">
          The <a>PaymentDetailsInit</a> dictionary is used in the construction
          of the payment request.
        </aside>
        <p>
          In addition to the members inherited from the
          <a>PaymentDetailsBase</a> dictionary, the following members are part
          of the <a>PaymentDetailsInit</a> dictionary:
        </p>
        <dl>
          <dt>
            <dfn>id</dfn> member
          </dt>
          <dd>
            A free-form identifier for this payment request.
            <aside class="note">
              If an <a>id</a> member is not present, then the <a>user agent</a>
              will generate a unique identifier for the payment request during
              [=PaymentRequest.PaymentRequest()|construction=]
            </aside>
          </dd>
          <dt>
            <dfn>total</dfn> member
          </dt>
          <dd>
            A <a>PaymentItem</a> containing a non-negative total amount for the
            payment request.
            <aside class="note">
              Algorithms in this specification that accept a
              {{PaymentDetailsInit}} dictionary will throw if the
              {{PaymentDetailsInit/total}}.{{PaymentItem/amount}}.{{PaymentCurrencyAmount/value}}
              is a negative number.
            </aside>
          </dd>
        </dl>
      </section>
      <section data-dfn-for="PaymentDetailsUpdate" data-link-for=
      "PaymentDetailsUpdate">
        <h2>
          <dfn>PaymentDetailsUpdate</dfn> dictionary
        </h2>
        <pre class="idl">
          dictionary PaymentDetailsUpdate : PaymentDetailsBase {
            DOMString error;
            PaymentItem total;
            AddressErrors shippingAddressErrors;
            PayerErrors payerErrors;
            object paymentMethodErrors;
          };
        </pre>
        <p>
          The <a>PaymentDetailsUpdate</a> dictionary is used to update the
          payment request using {{PaymentRequestUpdateEvent/updateWith()}}.
        </p>
        <p>
          In addition to the members inherited from the
          <a>PaymentDetailsBase</a> dictionary, the following members are part
          of the <a>PaymentDetailsUpdate</a> dictionary:
        </p>
        <dl>
          <dt>
            <dfn>error</dfn> member
          </dt>
          <dd>
            A human-readable string that explains why goods cannot be shipped
            to the chosen shipping address, or any other reason why no shipping
            options are available. When the payment request is updated using
            {{PaymentRequestUpdateEvent/updateWith()}}, the
            {{PaymentDetailsUpdate}} can contain a message in the
            {{PaymentDetailsUpdate/error}} member that will be displayed to the
            user if the <a>PaymentDetailsUpdate</a> indicates that there are no
            valid {{PaymentDetailsBase/shippingOptions}} (and the
            {{PaymentRequest}} was constructed with the
            {{PaymentOptions/requestShipping}} option set to true).
          </dd>
          <dt>
            <dfn>total</dfn> member
          </dt>
          <dd>
            A <a>PaymentItem</a> containing a non-negative
            {{PaymentItem/amount}}.
            <p class="note">
              Algorithms in this specification that accept a
              <a>PaymentDetailsUpdate</a> dictionary will throw if the
              <a>total</a>.{{PaymentItem/amount}}.{{PaymentCurrencyAmount/value}}
              is a negative number.
            </p>
          </dd>
          <dt>
            <dfn>shippingAddressErrors</dfn> member
          </dt>
          <dd>
            Represents validation errors with the shipping address that is
            associated with the <a>potential event target</a>.
          </dd>
          <dt>
            <dfn>payerErrors</dfn> member
          </dt>
          <dd>
            Validation errors related to the <a>payer details</a>.
          </dd>
          <dt>
            <dfn>paymentMethodErrors</dfn> member
          </dt>
          <dd>
            <p>
              <a>Payment method</a> specific errors. See, for example,
              [[[?payment-method-basic-card]]]'s {{BasicCardErrors}}.
            </p>
          </dd>
        </dl>
      </section>
    </section>
    <section data-dfn-for="PaymentDetailsModifier" data-link-for=
    "PaymentDetailsModifier">
      <h2>
        <dfn>PaymentDetailsModifier</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentDetailsModifier {
          required DOMString supportedMethods;
          PaymentItem total;
          sequence&lt;PaymentItem&gt; additionalDisplayItems;
          object data;
        };
      </pre>
      <p>
        The <a>PaymentDetailsModifier</a> dictionary provides details that
        modify the <a>PaymentDetailsBase</a> based on a <a>payment method
        identifier</a>. It contains the following members:
      </p>
      <dl>
        <dt>
          <dfn>supportedMethods</dfn> member
        </dt>
        <dd>
          A <a>payment method identifier</a>. The members of the
          <a>PaymentDetailsModifier</a> only apply if the user selects this
          <a>payment method</a>.
        </dd>
        <dt>
          <dfn>total</dfn> member
        </dt>
        <dd>
          A <a>PaymentItem</a> value that overrides the
          {{PaymentDetailsInit/total}} member in the <a>PaymentDetailsInit</a>
          dictionary for the <a>payment method identifiers</a> of the
          <a>supportedMethods</a> member.
        </dd>
        <dt>
          <dfn>additionalDisplayItems</dfn> member
        </dt>
        <dd>
          A sequence of <a>PaymentItem</a> dictionaries provides additional
          display items that are appended to the
          {{PaymentDetailsBase/displayItems}} member in the
          <a>PaymentDetailsBase</a> dictionary for the <a>payment method
          identifiers</a> in the <a>supportedMethods</a> member. This member is
          commonly used to add a discount or surcharge line item indicating the
          reason for the different <a>total</a> amount for the selected
          <a>payment method</a> that the user agent MAY display.
          <p class="note">
            It is the developer's responsibility to verify that the
            <a>total</a> amount is the sum of the
            {{PaymentDetailsBase/displayItems}} and the
            <a>additionalDisplayItems</a>.
          </p>
        </dd>
        <dt>
          <dfn>data</dfn> member
        </dt>
        <dd>
          An object that provides optional information that might be needed by
          the supported payment methods. If supplied, it will be
          <a>JSON-serialized</a>.
        </dd>
      </dl>
    </section>
    <section data-dfn-for="PaymentShippingType">
      <h2>
        <dfn>PaymentShippingType</dfn> enum
      </h2>
      <pre class="idl">
        enum PaymentShippingType {
          "shipping",
          "delivery",
          "pickup"
        };
      </pre>
      <dl>
        <dt>
          "<dfn>shipping</dfn>"
        </dt>
        <dd>
          This is the default and refers to the address being collected as the
          destination for shipping.
        </dd>
        <dt>
          "<dfn>delivery</dfn>"
        </dt>
        <dd>
          This refers to the address being collected as the destination for
          delivery. This is commonly faster than shipping. For example, it
          might be used for food delivery.
        </dd>
        <dt>
          "<dfn>pickup</dfn>"
        </dt>
        <dd>
          This refers to the address being collected as part of a service
          pickup. For example, this could be the address for laundry pickup.
        </dd>
      </dl>
    </section>
    <section data-dfn-for="PaymentOptions" data-link-for="PaymentOptions">
      <h2>
        <dfn>PaymentOptions</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentOptions {
          boolean requestPayerName = false;
          boolean requestBillingAddress = false;
          boolean requestPayerEmail = false;
          boolean requestPayerPhone = false;
          boolean requestShipping = false;
          PaymentShippingType shippingType = "shipping";
        };
      </pre>
      <p class="note">
        The <a>PaymentOptions</a> dictionary is passed to the
        {{PaymentRequest}} constructor and provides information about the
        options desired for the payment request.
      </p>
      <dl>
        <dt>
          <dfn>requestBillingAddress</dfn> member
        </dt>
        <dd data-link-for="PaymentMethodChangeEvent">
          A boolean that indicates whether the <a>user agent</a> SHOULD collect
          and return the billing address associated with a <a>payment
          method</a> (e.g., the billing address associated with a credit card).
          Typically, the user agent will return the billing address as part of
          the {{PaymentMethodChangeEvent}}'s <a>methodDetails</a>. A merchant
          can use this information to, for example, calculate tax in certain
          jurisdictions and update the displayed total. See below for privacy
          considerations regarding <a href="#user-info">exposing user
          information</a>.
        </dd>
        <dt>
          <dfn>requestPayerName</dfn> member
        </dt>
        <dd>
          A boolean that indicates whether the <a>user agent</a> SHOULD collect
          and return the payer's name as part of the payment request. For
          example, this would be set to true to allow a merchant to make a
          booking in the payer's name.
        </dd>
        <dt>
          <dfn>requestPayerEmail</dfn> member
        </dt>
        <dd>
          A boolean that indicates whether the <a>user agent</a> SHOULD collect
          and return the payer's email address as part of the payment request.
          For example, this would be set to true to allow a merchant to email a
          receipt.
        </dd>
        <dt>
          <dfn>requestPayerPhone</dfn> member
        </dt>
        <dd>
          A boolean that indicates whether the <a>user agent</a> SHOULD collect
          and return the payer's phone number as part of the payment request.
          For example, this would be set to true to allow a merchant to phone a
          customer with a billing enquiry.
        </dd>
        <dt>
          <dfn>requestShipping</dfn> member
        </dt>
        <dd>
          A boolean that indicates whether the <a>user agent</a> SHOULD collect
          and return a shipping address as part of the payment request. For
          example, this would be set to true when physical goods need to be
          shipped by the merchant to the user. This would be set to false for
          the purchase of digital goods.
        </dd>
        <dt>
          <dfn>shippingType</dfn> member
        </dt>
        <dd>
          A <a>PaymentShippingType</a> enum value. Some transactions require an
          address for delivery but the term "shipping" isn't appropriate. For
          example, "pizza delivery" not "pizza shipping" and "laundry pickup"
          not "laundry shipping". If <a>requestShipping</a> is set to true,
          then the <a>shippingType</a> member can influence the way the <a>user
          agent</a> presents the user interface for gathering the shipping
          address.
          <p>
            The <a>shippingType</a> member only affects the user interface for
            the payment request.
          </p>
        </dd>
      </dl>
    </section>
    <section data-dfn-for="PaymentItem" data-link-for="PaymentItem">
      <h2>
        <dfn>PaymentItem</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentItem {
          required DOMString label;
          required PaymentCurrencyAmount amount;
          boolean pending = false;
        };
      </pre>
      <p>
        A sequence of one or more <a>PaymentItem</a> dictionaries is included
        in the <a>PaymentDetailsBase</a> dictionary to indicate what the
        payment request is for and the value asked for.
      </p>
      <dl>
        <dt>
          <dfn>label</dfn> member
        </dt>
        <dd>
          A human-readable description of the item. The <a>user agent</a> may
          display this to the user.
        </dd>
        <dt>
          <dfn>amount</dfn> member
        </dt>
        <dd>
          A <a>PaymentCurrencyAmount</a> containing the monetary amount for the
          item.
        </dd>
        <dt>
          <dfn>pending</dfn> member
        </dt>
        <dd>
          A boolean. When set to true it means that the <a>amount</a> member is
          not final. This is commonly used to show items such as shipping or
          tax amounts that depend upon selection of shipping address or
          shipping option. <a>User agents</a> MAY indicate pending fields in
          the user interface for the payment request.
        </dd>
      </dl>
    </section>
    <section>
      <h2>
        Physical addresses
      </h2>
      <p>
        A <dfn>physical address</dfn> is composed of the following parts.
      </p>
      <dl data-sort="">
        <dt>
          <dfn>Country</dfn>
        </dt>
        <dd>
          The country corresponding to the address.
        </dd>
        <dt>
          <dfn>Address line</dfn>
        </dt>
        <dd>
          The most specific part of the address. It can include, for example, a
          street name, a house number, apartment number, a rural delivery
          route, descriptive instructions, or a post office box number.
        </dd>
        <dt>
          <dfn>Region</dfn>
        </dt>
        <dd>
          The top level administrative subdivision of the country. For example,
          this can be a state, a province, an oblast, or a prefecture.
        </dd>
        <dt>
          <dfn>City</dfn>
        </dt>
        <dd>
          The city/town portion of the address.
        </dd>
        <dt>
          <dfn>Dependent locality</dfn>
        </dt>
        <dd>
          The dependent locality or sublocality within a city. For example,
          neighborhoods, boroughs, districts, or UK dependent localities.
        </dd>
        <dt>
          <dfn>Postal code</dfn>
        </dt>
        <dd>
          The postal code or ZIP code, also known as PIN code in India.
        </dd>
        <dt>
          <dfn>Sorting code</dfn>
        </dt>
        <dd>
          The sorting code as used in, for example, France.
        </dd>
        <dt>
          <dfn>Organization</dfn>
        </dt>
        <dd>
          The organization, firm, company, or institution at the address.
        </dd>
        <dt>
          <dfn>Recipient</dfn>
        </dt>
        <dd>
          The name of the recipient or contact person at the address.
        </dd>
        <dt>
          <dfn>Phone number</dfn>
        </dt>
        <dd>
          The phone number of the recipient or contact person at the address.
        </dd>
      </dl>
      <section data-dfn-for="PaymentAddress" data-link-for="PaymentAddress">
        <h2>
          <dfn>PaymentAddress</dfn> interface
        </h2>
        <pre class="idl">
          [SecureContext, Exposed=(Window)]
          interface PaymentAddress {
            [Default] object toJSON();
            readonly attribute DOMString city;
            readonly attribute DOMString country;
            readonly attribute DOMString dependentLocality;
            readonly attribute DOMString organization;
            readonly attribute DOMString phone;
            readonly attribute DOMString postalCode;
            readonly attribute DOMString recipient;
            readonly attribute DOMString region;
            readonly attribute DOMString sortingCode;
            readonly attribute FrozenArray&lt;DOMString&gt; addressLine;
          };
        </pre>
        <p>
          The {{PaymentAddress}} interface represents a <a>physical
          address</a>.
        </p>
        <aside class="note" title="What happened to regionCode?">
          <p>
            This specification once included a <code>regionCode</code>
            attribute that provided developers with a [[?ISO3166-2]] country
            subdivision code element representation of an address' region
            (e.g., "CA" for California). Unfortunately, the attribute was
            removed due to lack of implementations. The Web Payments Working
            Group fully recognizes the importance of the
            <code>regionCode</code> attribute and is <a href=
            "https://github.com/w3c/payment-request/issues/663">committed to
            bringing the attribute back</a> in a future revision of this
            specification.
          </p>
        </aside>
        <section>
          <h2>
            Internal constructor
          </h2>
          <p>
            The steps to <dfn data-lt=
            "PaymentAddress.PaymentAddress()">internally construct a
            `PaymentAddress`</dfn> with an optional <a>AddressInit</a>
            |details| are given by the following algorithm:
          </p>
          <ol data-link-for="AddressInit">
            <li>Let |address:PaymentAddress| be a new instance of
            {{PaymentAddress}}.
            </li>
            <li>Set |address|.<a>[[\addressLine]]</a> to the empty frozen
            array, and all other [=PaymentAddress slots|internal slots=] to the
            empty string.
            </li>
            <li>If |details| was not passed, return |address|.
            </li>
            <li>If |details|["<a>country</a>"] is present and not the empty
            string:
              <ol>
                <li>Set |country| the result of <a>strip leading and trailing
                ASCII whitespace</a> from |details|["<a>country</a>"] and
                performing <a>ASCII uppercase</a>.
                </li>
                <li>If |country| is not a valid [[ISO3166-1]] alpha-2 code,
                throw a {{RangeError}} exception.
                </li>
                <li>Set |address|.<a>[[\country]]</a> to |country|.
                </li>
              </ol>
            </li>
            <li>Let |cleanAddressLines:list| be an empty list.
            </li>
            <li>If |details|["<a>addressLine</a>"] is present, then for each
            |item| in |details|["<a>addressLine</a>"]:
              <ol>
                <li>
                  <a>Strip leading and trailing ASCII whitespace</a> from
                  |item| and append the result into |cleanAddressLines|.
                </li>
              </ol>
            </li>
            <li>Set |address|.<a>[[\addressLine]]</a> to a new frozen array
            created from |cleanAddressLines|.
            </li>
            <li>If |details|["<a>region</a>"] is present, <a>strip leading and
            trailing ASCII whitespace</a> from |details|["<a>region</a>"] and
            set |address|.<a>[[\region]]</a> to the result.
            </li>
            <li>If |details|["<a>city</a>"] is present, <a>strip leading and
            trailing ASCII whitespace</a> from |details|["<a>city</a>"] and set
            |address|.<a>[[\city]]</a> to the result.
            </li>
            <li>If |details|["<a>dependentLocality</a>"] is present, <a>strip
            leading and trailing ASCII whitespace</a> from
            |details|["<a>dependentLocality</a>"] and set
            |address|.<a>[[\dependentLocality]]</a> to the result.
            </li>
            <li>If |details|["<a>postalCode</a>"] is present, <a>strip leading
            and trailing ASCII whitespace</a> from
            |details|["<a>postalCode</a>"] and set
            |address|.<a>[[\postalCode]]</a> to the result.
            </li>
            <li>If |details|["<a>sortingCode</a>"] is present, <a>strip leading
            and trailing ASCII whitespace</a> from
            |details|["<a>sortingCode</a>"] and set
            |address|.<a>[[\sortingCode]]</a> to the result.
            </li>
            <li>If |details|["<a>organization</a>"] is present, <a>strip
            leading and trailing ASCII whitespace</a> from
            |details|["<a>organization</a>"] and set
            |address|.<a>[[\organization]]</a> to the result.
            </li>
            <li>If |details|["<a>recipient</a>"] is present, <a>strip leading
            and trailing ASCII whitespace</a> from
            |details|["<a>recipient</a>"] and set
            |address|.<a>[[\recipient]]</a> to the result.
            </li>
            <li>If |details|["<a>phone</a>"] is present, <a>strip leading and
            trailing ASCII whitespace</a> from |details|["<a>phone</a>"] and
            set |address|.<a>[[\phone]]</a> to the result.
            </li>
            <li>Return |address|.
            </li>
          </ol>
        </section>
        <section>
          <h2>
            <dfn>toJSON()</dfn> method
          </h2>
          <p>
            When called, runs [[WEBIDL]]'s <a>default toJSON operation</a>.
          </p>
        </section>
        <section>
          <h2>
            <dfn>country</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>country</a> of the address. When getting, returns
            the value of the {{PaymentAddress}}'s <a>[[\country]]</a> internal
            slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>addressLine</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>address line</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s
            <a>[[\addressLine]]</a> internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>region</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>region</a> of the address. When getting, returns
            the value of the {{PaymentAddress}}'s <a>[[\region]]</a> internal
            slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>city</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>city</a> of the address. When getting, returns
            the value of the {{PaymentAddress}}'s <a>[[\city]]</a> internal
            slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>dependentLocality</dfn> attribute
          </h2>
          <p>
            Represents the <a>dependent locality</a> of the address. When
            getting, returns the value of the {{PaymentAddress}}'s
            <a>[[\dependentLocality]]</a> internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>postalCode</dfn> attribute
          </h2>
          <p>
            Represents the <a>postal code</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s
            <a>[[\postalCode]]</a> internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>sortingCode</dfn> attribute
          </h2>
          <p>
            Represents the <a>sorting code</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s
            <a>[[\sortingCode]]</a> internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>organization</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>organization</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s
            <a>[[\organization]]</a> internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>recipient</dfn> attribute
          </h2>
          <p data-link-for="">
            Represents the <a>recipient</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s <a>[[\recipient]]</a>
            internal slot.
          </p>
        </section>
        <section>
          <h2>
            <dfn>phone</dfn> attribute
          </h2>
          <p>
            Represents the <a>phone number</a> of the address. When getting,
            returns the value of the {{PaymentAddress}}'s <a>[[\phone]]</a>
            internal slot.
          </p>
        </section>
        <section data-link-for="">
          <h2>
            <dfn data-lt="PaymentAddress slots" data-lt-nodefault="">Internal
            slots</dfn>
          </h2>
          <table>
            <tr>
              <th>
                Internal slot
              </th>
              <th>
                Description (<em>non-normative</em>)
              </th>
            </tr>
            <tr>
              <td>
                <dfn>[[\country]]</dfn>
              </td>
              <td>
                A <a>country</a> as an [[ISO3166-1]] alpha-2 code stored in its
                canonical uppercase form or the empty string. For example,
                "JP".
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\addressLine]]</dfn>
              </td>
              <td>
                A frozen array, possibly of zero length, representing an
                <a>address line</a>.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\region]]</dfn>
              </td>
              <td>
                A <a>region</a> as a <a>country subdivision name</a> or the
                empty string, such as "Victoria", representing the state of
                Victoria in Australia.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\city]]</dfn>
              </td>
              <td>
                A <a>city</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\dependentLocality]]</dfn>
              </td>
              <td>
                A <a>dependent locality</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\postalCode]]</dfn>
              </td>
              <td>
                A <a>postal code</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\sortingCode]]</dfn>
              </td>
              <td>
                A <a>sorting code</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\organization]]</dfn>
              </td>
              <td>
                An <a>organization</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\recipient]]</dfn>
              </td>
              <td>
                A <a>recipient</a> or the empty string.
              </td>
            </tr>
            <tr>
              <td>
                <dfn>[[\phone]]</dfn>
              </td>
              <td>
                A <a>phone number</a> or the empty string.
              </td>
            </tr>
          </table>
        </section>
      </section>
      <section data-dfn-for="AddressInit" data-link-for="AddressInit">
        <h2>
          <dfn>AddressInit</dfn> dictionary
        </h2>
        <pre class="idl">
          dictionary AddressInit {
            DOMString country = "";
            sequence&lt;DOMString&gt; addressLine = [];
            DOMString region = "";
            DOMString city = "";
            DOMString dependentLocality = "";
            DOMString postalCode = "";
            DOMString sortingCode = "";
            DOMString organization = "";
            DOMString recipient = "";
            DOMString phone = "";
          };
        </pre>
        <p>
          An <a>AddressInit</a> is passed when
          [=PaymentAddress.PaymentAddress()|constructing=] a
          {{PaymentAddress}}. Its members are as follows.
        </p>
        <dl data-dfn-for="AddressInit" data-link-for="" data-sort="ascending">
          <dt>
            <dfn>country</dfn> member
          </dt>
          <dd>
            An <a>country</a>, represented as a [[ISO3166-1]] country code.
          </dd>
          <dt>
            <dfn>addressLine</dfn> member
          </dt>
          <dd>
            An <a>address line</a>, represented as a sequence.
          </dd>
          <dt>
            <dfn>region</dfn> member
          </dt>
          <dd>
            A <a>region</a>.
          </dd>
          <dt>
            <dfn>city</dfn> member
          </dt>
          <dd>
            A <a>city</a>.
          </dd>
          <dt>
            <dfn>dependentLocality</dfn> member
          </dt>
          <dd>
            A <a>dependent locality</a>.
          </dd>
          <dt>
            <dfn>postalCode</dfn> member
          </dt>
          <dd>
            A <a>postal code</a>.
          </dd>
          <dt>
            <dfn>sortingCode</dfn> member
          </dt>
          <dd>
            A <a>sorting code</a>.
          </dd>
          <dt>
            <dfn>organization</dfn> member
          </dt>
          <dd>
            An <a>organization</a>.
          </dd>
          <dt>
            <dfn>recipient</dfn> member
          </dt>
          <dd>
            A <a>recipient</a>. Under certain circumstances, this member may
            contain multiline information. For example, it might contain "care
            of" information.
          </dd>
          <dt>
            <dfn>phone</dfn> member
          </dt>
          <dd>
            A <a>phone number</a>, optionally structured to adhere to
            [[E.164]].
          </dd>
        </dl>
      </section>
      <section data-dfn-for="AddressErrors" data-link-for="AddressErrors">
        <h2>
          <dfn>AddressErrors</dfn> dictionary
        </h2>
        <pre class="idl">
          dictionary AddressErrors {
            DOMString addressLine;
            DOMString city;
            DOMString country;
            DOMString dependentLocality;
            DOMString organization;
            DOMString phone;
            DOMString postalCode;
            DOMString recipient;
            DOMString region;
            DOMString sortingCode;
          };
        </pre>
        <p>
          The members of the <a>AddressErrors</a> dictionary represent
          validation errors with specific parts of a <a>physical address</a>.
          Each dictionary member has a dual function: firstly, its presence
          denotes that a particular part of an address is suffering from a
          validation error. Secondly, the string value allows the developer to
          describe the validation error (and possibly how the end user can fix
          the error).
        </p>
        <p class="note">
          Developers need to be aware that users might not have the ability to
          fix certain parts of an address. As such, they need to be mindful not
          to ask the user to fix things they might not have control over.
        </p>
        <dl>
          <dt>
            <dfn>addressLine</dfn> member
          </dt>
          <dd>
            Denotes that the <a>address line</a> has a validation error. In the
            user agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">addressLine</a> attribute's value.
          </dd>
          <dt>
            <dfn>city</dfn> member
          </dt>
          <dd>
            Denotes that the <a>city</a> has a validation error. In the user
            agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">city</a> attribute's value.
          </dd>
          <dt>
            <dfn>country</dfn> member
          </dt>
          <dd>
            Denotes that the <a>country</a> has a validation error. In the user
            agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">country</a> attribute's value.
          </dd>
          <dt>
            <dfn>dependentLocality</dfn> member
          </dt>
          <dd>
            Denotes that the <a>dependent locality</a> has a validation error.
            In the user agent's UI, this member corresponds to the input field
            that provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">dependentLocality</a> attribute's value.
          </dd>
          <dt>
            <dfn>organization</dfn> member
          </dt>
          <dd>
            Denotes that the <a>organization</a> has a validation error. In the
            user agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">organization</a> attribute's value.
          </dd>
          <dt>
            <dfn>phone</dfn> member
          </dt>
          <dd>
            Denotes that the <a>phone number</a> has a validation error. In the
            user agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">phone</a> attribute's value.
          </dd>
          <dt>
            <dfn>postalCode</dfn> member
          </dt>
          <dd>
            Denotes that the <a>postal code</a> has a validation error. In the
            user agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">postalCode</a> attribute's value.
          </dd>
          <dt>
            <dfn>recipient</dfn> member
          </dt>
          <dd>
            Denotes that the <a>recipient</a> has a validation error. In the
            user agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">addressLine</a> attribute's value.
          </dd>
          <dt>
            <dfn>region</dfn> member
          </dt>
          <dd>
            Denotes that the <a>region</a> has a validation error. In the user
            agent's UI, this member corresponds to the input field that
            provided the {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">region</a> attribute's value.
          </dd>
          <dt>
            <dfn>sortingCode</dfn> member
          </dt>
          <dd>
            The <a>sorting code</a> has a validation error. In the user agent's
            UI, this member corresponds to the input field that provided the
            {{PaymentAddress}}'s <a data-link-for=
            "PaymentAddress">sortingCode</a> attribute's value.
          </dd>
        </dl>
      </section>
      <section>
        <h2>
          Creating a `PaymentAddress` from user-provided input
        </h2>
        <p>
          The steps to <dfn data-export="">create a `PaymentAddress` from
          user-provided input</dfn> are given by the following algorithm. The
          algorithm takes a <a>list</a> |redactList|.
        </p>
        <div class="note" title=
        "Privacy of recipient information (the redactList)">
          <p>
            The |redactList| optionally gives user agents the possibility to
            limit the amount of personal information about the recipient that
            the API shares with the merchant.
          </p>
          <p>
            For merchants, the resulting {{PaymentAddress}} object provides
            enough information to, for example, calculate shipping costs, but,
            in most cases, not enough information to physically locate and
            uniquely identify the recipient.
          </p>
          <p>
            Unfortunately, even with the |redactList|, recipient anonymity
            cannot be assured. This is because in some countries postal codes
            are so fine-grained that they can uniquely identify a recipient.
          </p>
        </div>
        <ol data-link-for="AddressInit">
          <li>Let |details| be a newly created <a>AddressInit</a> dictionary.
          </li>
          <li>If "addressLine" is not in |redactList|, set
          |details|["<a>addressLine</a>"] to the result of splitting the
          user-provided address line into a <a>list</a>.
            <aside class="note">
              How to split an address line is locale dependent and beyond the
              scope of this specification.
            </aside>
          </li>
          <li>If "country" is not in |redactList|, set
          |details|["<a>country</a>"] to the user-provided country as an upper
          case [[ISO3166-1]] alpha-2 code.
          </li>
          <li>If "phone" is not in |redactList|, set |details|["<a>phone</a>"]
          to the user-provided phone number.
            <aside class="note" title="Privacy of phone number">
              <p>
                To maintain users' privacy, implementers need to be mindful
                that a shipping address's associated phone number might be
                different or the same from that of the end user's. As such,
                implementers need to take care to not provide the end user's
                phone number to the merchant without the end user's consent.
              </p>
            </aside>
          </li>
          <li>If "city" is not in |redactList|, set |details|["<a>city</a>"] to
          the user-provided city, or to the empty string if none was provided.
          </li>
          <li>If "dependentLocality" is not in |redactList|, set |
          details|["<a>dependentLocality</a>"] to the user-provided dependent
          locality.
          </li>
          <li>If "organization" is not in |redactList|, set
          |details|["<a>organization</a>"] to the user-provided recipient
          organization.
          </li>
          <li>If "postalCode" is not in |redactList|, set
          |details|["<a>postalCode</a>"] to the user-provided postal code.
          Optionally, redact part of |details|["<a>postalCode</a>"].
            <div class="note" title="Privacy of Postal Codes">
              <p>
                <a>Postal codes</a> in certain countries can be so specific as
                to uniquely identify an individual. This being a privacy
                concern, some user agents only return the part of a postal code
                that they deem sufficient for a merchant to calculate shipping
                costs. This varies across countries and regions, and so the
                choice to redact part, or all, of the postal code is left to
                the discretion of implementers in the interest of protecting
                users' privacy.
              </p>
            </div>
          </li>
          <li>If "recipient" is not in |redactList|, set
          |details|["<a>recipient</a>"] to the user-provided recipient of the
          transaction.
          </li>
          <li>
            <p>
              If "region" is not in |redactList|:
            </p>
            <p data-link-for="" class="note" title=
            "Countries where regions are not commonly used">
              In some countries (e.g., Belgium) it is uncommon for users to
              include a <a>region</a> as part of a <a>physical address</a>
              (even if all the regions of a country are part of [[ISO3166-2]]).
              As such, when the user agent knows that the user is inputting the
              address for a particular country, it might not provide a field
              for the user to input a <a>region</a>. In such cases, the user
              agent returns an empty string for both {{PaymentAddress}}'s
              <a data-link-for="PaymentAddress">region</a> attribute - but the
              address can still serve its intended purpose (e.g., be valid for
              shipping or billing purposes).
            </p>
            <ol>
              <li>Set |details|["<a>region</a>"] to the user-provided region.
              </li>
            </ol>
          </li>
          <li>If "sortingCode" is not in |redactList|, set
          |details|["<a>sortingCode</a>"] to the user-provided sorting code.
          </li>
          <li>[=PaymentAddress.PaymentAddress()|Internally construct a new
          `PaymentAddress`=] with |details| and return the result.
          </li>
        </ol>
      </section>
    </section>
    <section data-dfn-for="PaymentShippingOption">
      <h2>
        <dfn>PaymentShippingOption</dfn> dictionary
      </h2>
      <pre class="idl">
        dictionary PaymentShippingOption {
          required DOMString id;
          required DOMString label;
          required PaymentCurrencyAmount amount;
          boolean selected = false;
        };
      </pre>
      <p>
        The <a>PaymentShippingOption</a> dictionary has members describing a
        shipping option. Developers can provide the user with one or more
        shipping options by calling the
        {{PaymentRequestUpdateEvent/updateWith()}} method in response to a
        change event.
      </p>
      <dl>
        <dt>
          <dfn>id</dfn> member
        </dt>
        <dd>
          A string identifier used to reference this
          <a>PaymentShippingOption</a>. It MUST be unique for a given
          {{PaymentRequest}}.
        </dd>
        <dt>
          <dfn>label</dfn> member
        </dt>
        <dd>
          A human-readable string description of the item. The <a>user
          agent</a> SHOULD use this string to display the shipping option to
          the user.
        </dd>
        <dt>
          <dfn>amount</dfn> member
        </dt>
        <dd>
          A <a>PaymentCurrencyAmount</a> containing the monetary amount for the
          item.
        </dd>
        <dt>
          <dfn>selected</dfn> member
        </dt>
        <dd>
          A boolean. When true, it indicates that this is the default selected
          <a>PaymentShippingOption</a> in a sequence. <a>User agents</a> SHOULD
          display this option by default in the user interface.
        </dd>
      </dl>
    </section>
    <section data-dfn-for="PaymentComplete" data-link-for="PaymentComplete">
      <h2>
        <dfn>PaymentComplete</dfn> enum
      </h2>
      <pre class="idl">
        enum PaymentComplete {
          "fail",
          "success",
          "unknown"
        };
      </pre>
      <dl>
        <dt>
          "<dfn>fail</dfn>"
        </dt>
        <dd>
          Indicates that processing of the payment failed. The <a>user
          agent</a> MAY display UI indicating failure.
        </dd>
        <dt>
          "<dfn>success</dfn>"
        </dt>
        <dd>
          Indicates the payment was successfully processed. The <a>user
          agent</a> MAY display UI indicating success.
        </dd>
        <dt>
          "<dfn>unknown</dfn>"
        </dt>
        <dd>
          The developer did not indicate success or failure and the <a>user
          agent</a> SHOULD NOT display UI indicating success or failure.
        </dd>
      </dl>
    </section>
    <section data-dfn-for="PaymentResponse" data-link-for="PaymentResponse">
      <h2>
        <dfn>PaymentResponse</dfn> interface
      </h2>
      <pre class="idl">
        [SecureContext, Exposed=Window]
        interface PaymentResponse : EventTarget  {
          [Default] object toJSON();

          readonly attribute DOMString requestId;
          readonly attribute DOMString methodName;
          readonly attribute object details;
          readonly attribute PaymentAddress? shippingAddress;
          readonly attribute DOMString? shippingOption;
          readonly attribute DOMString? payerName;
          readonly attribute DOMString? payerEmail;
          readonly attribute DOMString? payerPhone;

          [NewObject]
          Promise&lt;void&gt; complete(optional PaymentComplete result = "unknown");
          [NewObject]
          Promise&lt;void&gt; retry(optional PaymentValidationErrors errorFields = {});

          attribute EventHandler onpayerdetailchange;
        };
      </pre>
      <p class="note">
        A <a>PaymentResponse</a> is returned when a user has selected a payment
        method and approved a payment request.
      </p>
      <section>
        <h2>
          <dfn>retry()</dfn> method
        </h2>
        <p data-tests="payment-response/retry-method-manual.https.html">
          The <code>retry(|errorFields|)</code> method MUST act as follows:
        </p>
        <ol class="algorithm">
          <li>Let |response:PaymentResponse| be the <a>context object</a>.
          </li>
          <li>Let |request:PaymentRequest| be |response|.<a>[[\request]]</a>.
          </li>
          <li>Let |document:Document| be |request|'s <a>relevant global
          object</a>'s <a>associated Document</a>.
          </li>
          <li data-tests=
          "payment-response/rejects_if_not_active-manual.https.html">If
          |document| is not [=Document/fully active=], then return <a>a promise
          rejected with</a> an {{"AbortError"}} {{DOMException}}.
          </li>
          <li>If |response|.<a>[[\complete]]</a> is true, return <a>a promise
          rejected with</a> an {{"InvalidStateError"}} {{DOMException}}.
          </li>
          <li>If |response|.<a>[[\retryPromise]]</a> is not null, return <a>a
          promise rejected with</a> an {{"InvalidStateError"}}
          {{DOMException}}.
          </li>
          <li>Set |request|.<a>[[\state]]</a> to "<a>interactive</a>".
          </li>
          <li>Let |retryPromise:Promise| be <a>a new promise</a>.
          </li>
          <li>Set |response|.<a>[[\retryPromise]]</a> to |retryPromise|.
          </li>
          <li>If |errorFields| was passed:
            <ol>
              <li>Optionally, show a warning in the developer console if any of
              the following are true:
                <ol>
                  <li>
                  |request|.[=PaymentRequest/[[options]]=]["<a data-link-for=
                  "PaymentOptions">requestPayerName</a>"] is false, and
                  |errorFields|["<a data-link-for=
                  "PaymentValidationErrors">payer</a>"]["<a data-link-for=
                  "PayerErrors">name</a>"] is present.
                  </li>
                  <li>
                  |request|.[=PaymentRequest/[[options]]=]["<a data-link-for=
                  "PaymentOptions">requestPayerEmail</a>"] is false, and
                  |errorFields|["<a data-link-for=
                  "PaymentValidationErrors">payer</a>"]["<a data-link-for=
                  "PayerErrors">email</a>"] is present.
                  </li>
                  <li>
                  |request|.[=PaymentRequest/[[options]]=]["<a data-link-for=
                  "PaymentOptions">requestPayerPhone</a>"] is false, and
                  |errorFields|["<a data-link-for=
                  "PaymentValidationErrors">payer</a>"]["<a data-link-for=
                  "PayerErrors">phone</a>"] is present.
                  </li>
                  <li>
                  |request|.[=PaymentRequest/[[options]]=]["<a data-link-for=
                  "PaymentOptions">requestShipping</a>"] is false, and
                  |errorFields|["<a data-link-for=
                  "PaymentValidationErrors">shippingAddress</a>"] is present.
                  </li>
                </ol>
              </li>
              <li data-link-for="PaymentValidationErrors" data-tests=
              "PaymentValidationErrors/retry-shows-error-member-manual.https.html">
              If |errorFields|["<a>paymentMethod</a>] member was passed, and if
              required by the specification that defines |response|'s
              <a>payment method</a>, then [=converted to an IDL value|convert=]
              |errorFields|'s <a>paymentMethod</a> member to an IDL value of
              the type specified there. Otherwise, [=converted to an IDL
              value|convert=] to {{object}}.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
              <li>If conversion results in a <a>exception</a> |error|:
                <ol>
                  <li>Reject |retryPromise| with |error|.
                  </li>
                  <li>Set <a>user agent</a>'s <a>payment request is showing</a>
                  boolean to false.
                  </li>
                  <li>Return.
                  </li>
                </ol>
              </li>
              <li data-link-for="PaymentValidationErrors">By matching the
              members of |errorFields| to input fields in the user agent's UI,
              indicate to the end user that something is wrong with the data of
              the payment response. For example, a user agent might draw the
              user's attention to the erroneous |errorFields| in the browser's
              UI and display the value of each field in a manner that helps the
              user fix each error. Similarly, if the <a>error</a> member is
              passed, present the error in the user agent's UI. In the case
              where the value of a member is the empty string, the user agent
              MAY substitute a value with a suitable error message.
              </li>
            </ol>
          </li>
          <li>Otherwise, if |errorFields| was not passed, signal to the end
          user to attempt to retry the payment. Re-enable any UI element that
          affords the end user the ability to retry accepting the payment
          request.
          </li>
          <li>
            <span data-tests=
            "payment-response/rejects_if_not_active-manual.https.html">If
            |document| stops being [=Document/fully active=] while the user
            interface is being shown, or no longer is by the time this step is
            reached, then:</span>
            <ol>
              <li>Close down the user interface.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
            </ol>
          </li>
          <li>Finally, when |retryPromise| settles, set
          |response|.<a>[[\retryPromise]]</a> to null.
          </li>
          <li>Return |retryPromise|.
            <p class="note">
              The |retryPromise| will later be resolved by the <a>user accepts
              the payment request algorithm</a>, or rejected by either the
              <a>user aborts the payment request algorithm</a> or <a>abort the
              update</a>.
            </p>
          </li>
        </ol>
        <section data-dfn-for="PaymentValidationErrors" data-link-for=
        "PaymentValidationErrors">
          <h3>
            <dfn>PaymentValidationErrors</dfn> dictionary
          </h3>
          <pre class="idl">
            dictionary PaymentValidationErrors {
              PayerErrors payer;
              AddressErrors shippingAddress;
              DOMString error;
              object paymentMethod;
            };
          </pre>
          <dl>
            <dt>
              <dfn>payer</dfn> member
            </dt>
            <dd>
              Validation errors related to the <a>payer details</a>.
            </dd>
            <dt>
              <dfn>shippingAddress</dfn> member
            </dt>
            <dd data-link-for="PaymentResponse">
              Represents validation errors with the <a>PaymentResponse</a>'s
              <a>shippingAddress</a>.
            </dd>
            <dt>
              <dfn>error</dfn> member
            </dt>
            <dd>
              A general description of an error with the payment from which the
              user can attempt to recover. For example, the user may recover by
              retrying the payment. A developer can optionally pass the
              <a>error</a> member on its own to give a general overview of
              validation issues, or it can be passed in combination with other
              members of the <a>PaymentValidationErrors</a> dictionary.
            </dd>
            <dt>
              <dfn>paymentMethod</dfn> member
            </dt>
            <dd>
              A payment method specific errors. See, for example,
              [[[?payment-method-basic-card]]]'s {{BasicCardErrors}}.
            </dd>
          </dl>
        </section>
        <section data-dfn-for="PayerErrors" data-link-for="PayerErrors">
          <h3>
            <dfn>PayerErrors</dfn> dictionary
          </h3>
          <pre class="idl">
          dictionary PayerErrors {
            DOMString email;
            DOMString name;
            DOMString phone;
          };
          </pre>
          <p>
            The <a>PayerErrors</a> is used to represent validation errors with
            one or more <a>payer details</a>.
          </p>
          <p>
            <dfn>Payer details</dfn> are any of the payer's name, payer's phone
            number, and payer's email.
          </p>
          <dl data-link-for="PaymentResponse">
            <dt>
              <dfn>email</dfn> member
            </dt>
            <dd>
              Denotes that the payer's email suffers from a validation error.
              In the user agent's UI, this member corresponds to the input
              field that provided the <a>PaymentResponse</a>'s
              <a>payerEmail</a> attribute's value.
            </dd>
            <dt>
              <dfn>name</dfn> member
            </dt>
            <dd>
              Denotes that the payer's name suffers from a validation error. In
              the user agent's UI, this member corresponds to the input field
              that provided the <a>PaymentResponse</a>'s <a>payerName</a>
              attribute's value.
            </dd>
            <dt>
              <dfn>phone</dfn> member
            </dt>
            <dd>
              Denotes that the payer's phone number suffers from a validation
              error. In the user agent's UI, this member corresponds to the
              input field that provided the <a>PaymentResponse</a>'s
              <a>payerPhone</a> attribute's value.
            </dd>
          </dl>
          <pre class="example js" title="Payer-related validation errors">
            const payer = {
              email: "The domain is invalid.",
              phone: "Unknown country code.",
              name: "Not in database.",
            };
            await response.retry({ payer });
          </pre>
        </section>
      </section>
      <section>
        <h2>
          <dfn>toJSON()</dfn> method
        </h2>
        <p>
          When called, runs [[WEBIDL]]'s <a>default toJSON operation</a>.
        </p>
      </section>
      <section>
        <h2>
          <dfn>methodName</dfn> attribute
        </h2>
        <p data-tests=
        "payment-response/methodName-attribute-manual.https.html">
          The <a>payment method identifier</a> for the <a>payment method</a>
          that the user selected to fulfill the transaction.
        </p>
      </section>
      <section>
        <h2>
          <dfn>details</dfn> attribute
        </h2>
        <p data-cite="WebIDL">
          An {{object}} or <a>dictionary</a> generated by a <a>payment
          method</a> that a merchant can use to process or validate a
          transaction (depending on the <a>payment method</a>).
        </p>
        <aside class="note">
          <p>
            Each <a>standardized payment method identifier</a>, such as
            [[[?payment-method-basic-card]]], defines its own unique IDL
            <a>dictionary</a> for use with the <a>details</a> attribute. The
            shape of this data (i.e., its members and their corresponding types
            and formats) differs depending on which standardized payment method
            identifier is selected by the end user.
          </p>
          <p>
            Similarly, a <a>URL-based payment method identifier</a> defines the
            shape of <a>details</a>. However, as URL-based payment method
            identifiers are not standardized by the W3C, developers need to
            consult whoever controls the URL for the expected shape of the
            <a>details</a> object.
          </p>
        </aside>
      </section>
      <section>
        <h2>
          <dfn>shippingAddress</dfn> attribute
        </h2>
        <p data-tests=
        "payment-response/shippingAddress-attribute-manual.https.html">
          If the {{PaymentOptions/requestShipping}} member was set to true in
          the <a>PaymentOptions</a> passed to the {{PaymentRequest}}
          constructor, then {{PaymentRequest/shippingAddress}} will be the full
          and final shipping address chosen by the user.
        </p>
      </section>
      <section>
        <h2>
          <dfn>shippingOption</dfn> attribute
        </h2>
        <p data-tests=
        "payment-response/shippingOption-attribute-manual.https.html">
          If the {{PaymentOptions/requestShipping}} member was set to true in
          the <a>PaymentOptions</a> passed to the {{PaymentRequest}}
          constructor, then {{PaymentRequest/shippingOption}} will be the
          {{PaymentShippingOption/id}} attribute of the selected shipping
          option.
        </p>
      </section>
      <section>
        <h2>
          <dfn>payerName</dfn> attribute
        </h2>
        <p data-tests="payment-response/payerName-attribute-manual.https.html">
          If the {{PaymentOptions/requestPayerName}} member was set to true in
          the <a>PaymentOptions</a> passed to the {{PaymentRequest}}
          constructor, then {{PaymentResponse/payerName}} will be the name
          provided by the user.
        </p>
      </section>
      <section>
        <h2>
          <dfn>payerEmail</dfn> attribute
        </h2>
        <p data-tests=
        "payment-response/payerEmail-attribute-manual.https.html">
          If the {{PaymentOptions/requestPayerEmail}} member was set to true in
          the <a>PaymentOptions</a> passed to the {{PaymentRequest}}
          constructor, then {{PaymentResponse/payerEmail}} will be the email
          address chosen by the user.
        </p>
      </section>
      <section>
        <h2>
          <dfn>payerPhone</dfn> attribute
        </h2>
        <p data-tests=
        "payment-response/payerPhone-attribute-manual.https.html">
          If the {{PaymentOptions/requestPayerPhone}} member was set to true in
          the <a>PaymentOptions</a> passed to the {{PaymentRequest}}
          constructor, then {{PaymentResponse/payerPhone}} will be the phone
          number chosen by the user.
        </p>
      </section>
      <section>
        <h2>
          <dfn>requestId</dfn> attribute
        </h2>
        <p data-tests="payment-response/requestId-attribute-manual.https.html">
          The corresponding payment request {{PaymentRequest/id}} that spawned
          this payment response.
        </p>
      </section>
      <section data-dfn-for="PaymentResponse" data-link-for="PaymentResponse">
        <h2>
          <dfn data-lt="complete(result)">complete()</dfn> method
        </h2>
        <p class="note">
          The <a>complete()</a> method is called after the user has accepted
          the payment request and the <a>[[\acceptPromise]]</a> has been
          resolved. Calling the <a>complete()</a> method tells the <a>user
          agent</a> that the payment interaction is over (and SHOULD cause any
          remaining user interface to be closed).
        </p>
        <p>
          After the payment request has been accepted and the
          <a>PaymentResponse</a> returned to the caller, but before the caller
          calls <a>complete()</a>, the payment request user interface remains
          in a pending state. At this point the user interface SHOULD NOT offer
          a cancel command because acceptance of the payment request has been
          returned. However, if something goes wrong and the developer never
          calls <a>complete()</a> then the user interface is blocked.
        </p>
        <p>
          For this reason, implementations MAY impose a timeout for developers
          to call <a>complete()</a>. If the timeout expires then the
          implementation will behave as if <a>complete()</a> was called with no
          arguments.
        </p>
        <p data-tests="payment-response/complete-method-manual.https.html">
          The <a><code>complete(|result|)</code></a> method MUST act as
          follows:
        </p>
        <ol class="algorithm">
          <li>Let |response:PaymentResponse| be the <a>context object</a>.
          </li>
          <li>If |response|.<a>[[\complete]]</a> is true, return <a>a promise
          rejected with</a> an {{"InvalidStateError"}} {{DOMException}}.
          </li>
          <li data-tests="payment-response/retry-method-manual.https.html">If
          |response|.<a>[[\retryPromise]]</a> is not null, return <a>a promise
          rejected with</a> an {{"InvalidStateError"}} {{DOMException}}.
          </li>
          <li>Let |promise:Promise| be <a>a new promise</a>.
          </li>
          <li>Set |response|.<a>[[\complete]]</a> to true.
          </li>
          <li>Return |promise| and perform the remaining steps <a>in
          parallel</a>.
          </li>
          <li>If |document| stops being [=Document/fully active=] while the
          user interface is being shown, or no longer is by the time this step
          is reached, then:
            <ol>
              <li>Close down the user interface.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
            </ol>
          </li>
          <li>Otherwise:
            <ol>
              <li>Close down any remaining user interface. The <a>user
              agent</a> MAY use the value |result| to influence the user
              experience.
              </li>
              <li>Set |request|'s <a>payment-relevant browsing context</a>'s
              <a>payment request is showing</a> boolean to false.
              </li>
              <li>Resolve |promise| with undefined.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section data-dfn-for="PaymentResponse" data-link-for="PaymentResponse">
        <h2>
          <dfn>onpayerdetailchange</dfn> attribute
        </h2>
        <p>
          Allows a developer to handle "<a>payerdetailchange</a>" events.
        </p>
      </section>
      <section>
        <h2>
          Internal Slots
        </h2>
        <p>
          Instances of <a>PaymentResponse</a> are created with the internal
          slots in the following table:
        </p>
        <table>
          <tr>
            <th>
              Internal Slot
            </th>
            <th>
              Description (<em>non-normative</em>)
            </th>
          </tr>
          <tr>
            <td>
              <dfn>[[\complete]]</dfn>
            </td>
            <td data-link-for="PaymentResponse">
              Is true if the request for payment has completed (i.e.,
              <a>complete()</a> was called, or there was a fatal error that
              made the response not longer usable), or false otherwise.
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\request]]</dfn>
            </td>
            <td>
              The {{PaymentRequest}} instance that instantiated this
              <a>PaymentResponse</a>.
            </td>
          </tr>
          <tr>
            <td>
              <dfn>[[\retryPromise]]</dfn>
            </td>
            <td>
              Null, or a {{Promise}} that resolves when a <a>user accepts the
              payment request</a> or rejects if the <a>user aborts the payment
              request</a>.
            </td>
          </tr>
        </table>
      </section>
    </section>
    <section class="informative">
      <h2>
        <code>PaymentRequest</code> and <code>iframe</code> elements
      </h2>
      <p>
        To indicate that a cross-origin <a>iframe</a> is allowed to invoke the
        payment request API, the {{ HTMLIFrameElement.allowPaymentRequest }}
        attribute can be specified on the <a>iframe</a> element. See <a href=
        "#feature-policy"></a> for details of how {{
        HTMLIFrameElement.allowPaymentRequest }} and [[[feature-policy]]]
        interact.
      </p>
    </section>
    <section id="feature-policy" data-cite="feature-policy">
      <h2>
        Feature Policy integration
      </h2>
      <p>
        This specification defines a policy-controlled feature identified by
        the string "<code><dfn data-lt="payment-feature" data-nodefault=
        "">payment</dfn></code>". Its <a>default allowlist</a> is
        '<code>self</code>'.
      </p>
      <div class="note">
        <p>
          A <a>document</a>’s [=Document/feature policy=] determines whether
          any content in that document is allowed to construct
          {{PaymentRequest}} instances. If disabled in any document, no content
          in the document will be <a>allowed to use</a> the {{PaymentRequest}}
          constructor (trying to create an instance will throw).
        </p>
        <p>
          The {{ HTMLIFrameElement.allowPaymentRequest }} attribute of the HTML
          <a>iframe</a> element affects the <a>container policy</a> for any
          document nested in that iframe. Unless overridden by the
          [^iframe/allow^] attribute, setting [^iframe/allowpaymentrequest^] on
          an iframe is equivalent to `&lt;iframe allow="fullscreen *"&gt;`, as
          described in <a data-cite=
          "feature-policy#iframe-allowpaymentrequest-attribute">Feature Policy
          §allowpaymentrequest</a>.
        </p>
      </div>
    </section>
    <section>
      <h2>
        Events
      </h2>
      <section class="informative">
        <h2>
          Summary
        </h2>
        <table>
          <tr>
            <th>
              Event name
            </th>
            <th>
              Interface
            </th>
            <th>
              Dispatched when…
            </th>
            <th>
              Target
            </th>
          </tr>
          <tr>
            <td>
              <code><dfn>merchantvalidation</dfn></code>
            </td>
            <td>
              {{MerchantValidationEvent}}
            </td>
            <td>
              The user agent requires the merchant to perform merchant
              validation.
            </td>
            <td>
              {{PaymentRequest}}
            </td>
          </tr>
          <tr>
            <td>
              <code><dfn>shippingaddresschange</dfn></code>
            </td>
            <td>
              {{PaymentRequestUpdateEvent}}
            </td>
            <td>
              The user provides a new shipping address.
            </td>
            <td>
              {{PaymentRequest}}
            </td>
          </tr>
          <tr>
            <td>
              <code><dfn>shippingoptionchange</dfn></code>
            </td>
            <td>
              {{PaymentRequestUpdateEvent}}
            </td>
            <td>
              The user chooses a new shipping option.
            </td>
            <td>
              {{PaymentRequest}}
            </td>
          </tr>
          <tr>
            <td>
              <code><dfn>payerdetailchange</dfn></code>
            </td>
            <td>
              {{PaymentRequestUpdateEvent}}
            </td>
            <td>
              The user changes the payer name, the payer email, or the payer
              phone (see <a>payer detail changed algorithm</a>).
            </td>
            <td>
              <a>PaymentResponse</a>
            </td>
          </tr>
          <tr>
            <td>
              <code><dfn>paymentmethodchange</dfn></code>
            </td>
            <td>
              {{PaymentMethodChangeEvent}}
            </td>
            <td>
              The user chooses a different <a>payment method</a> within a
              <a>payment handler</a>.
            </td>
            <td>
              {{PaymentRequest}}
            </td>
          </tr>
        </table>
      </section>
      <section data-dfn-for="MerchantValidationEvent" data-link-for=
      "MerchantValidationEvent">
        <h2>
          <dfn>MerchantValidationEvent</dfn> interface
        </h2>
        <pre class="idl">
          [SecureContext, Exposed=Window]
          interface MerchantValidationEvent : Event {
            constructor(DOMString type, optional MerchantValidationEventInit eventInitDict = {});
            readonly attribute DOMString methodName;
            readonly attribute USVString validationURL;
            void complete(Promise&lt;any&gt; merchantSessionPromise);
          };
        </pre>
        <section>
          <h2>
            <dfn>methodName</dfn> attribute
          </h2>
          <p data-link-for="MerchantValidationEventInit">
            When getting, returns the value it was initialized with. See
            <a>methodName</a> member of <a>MerchantValidationEventInit</a> for
            more information.
          </p>
        </section>
        <section>
          <h3>
            <dfn data-lt=
            "MerchantValidationEvent.MerchantValidationEvent()"><code>MerchantValidationEvent</code>
            constructor</dfn>
          </h3>
          <p data-tests=
          "MerchantValidationEvent/constructor.https.html, MerchantValidationEvent/constructor.http.html">
            The <a>event constructing steps</a>, which take a
            {{MerchantValidationEvent}} |event|, are as follows:
          </p>
          <ol class="algorithm">
            <li>Let |base:URL| be the [=context object|event=]’s <a>relevant
            settings object</a>’s [=environment settings object/api base URL=].
            </li>
            <li data-link-for="MerchantValidationEventInit">Let
            |validationURL:URL| be the result of [=URL parser|URL parsing=]
            |eventInitDict|["<a>validationURL</a>"] and |base|.
            </li>
            <li>If |validationURL| is failure, throw a {{TypeError}}.
            </li>
            <li>Initialize |event|.<a>validationURL</a> attribute to
            |validationURL|.
            </li>
            <li>If |eventInitDict|["<a>methodName</a>"] is not the empty
            string, run the steps to <a>validate a payment method
            identifier</a> with |eventInitDict|["<a>methodName</a>"]. If it
            returns false, then throw a {{RangeError}} exception. Optionally,
            inform the developer that the payment method identifier is invalid.
            </li>
            <li>Initialize |event|.<a>methodName</a> attribute to
            |eventInitDict|["<a>methodName</a>"].
            </li>
            <li>Initialize |event|.{{[[waitForUpdate]]}} to false.
            </li>
          </ol>
        </section>
        <section>
          <h3>
            <dfn>validationURL</dfn> attribute
          </h3>
          <p>
            A <a>URL</a> from which a developer can fetch <a>payment
            handler</a>-specific verification data. By then passing that data
            (or a promise that resolves with that data) to <a>complete()</a>,
            the user agent can verify that the payment request is from an
            authorized merchant.
          </p>
          <p>
            When getting, returns the value it was initialized with.
          </p>
        </section>
        <section>
          <h3>
            <dfn>complete()</dfn> method
          </h3>
          <p data-tests="MerchantValidationEvent/complete-method.https.html">
            The {{MerchantValidationEvent}}'s
            <code>complete(|merchantSessionPromise|)</code> method MUST act as
            follows:
          </p>
          <ol class="algorithm">
            <li>Let |event:MerchantValidationEvent| be the <a>context
            object</a>.
            </li>
            <li>If |event|'s {{ Event.isTrusted }} attribute is false, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>If |event|.{{[[waitForUpdate]]}} is true, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>Let |request:PaymentRequest| be |event|'s [=Event/target=].
            </li>
            <li>If |request|.<a>[[\state]]</a> is not "<a>interactive</a>",
            then [=exception/throw=] an {{"InvalidStateError"}}
            {{DOMException}}.
            </li>
            <li>If |request|.<a>[[\updating]]</a> is true, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>Set |event|'s [=Event/stop propagation flag=] and [=Event/stop
            immediate propagation flag=].
            </li>
            <li>Set |event|.{{[[waitForUpdate]]}} to true.
            </li>
            <li>Run the <a>validate merchant's details algorithm</a> with
            |merchantSessionPromise| and |request|.
            </li>
          </ol>
        </section>
        <section>
          <h2>
            Internal Slots
          </h2>
          <p>
            Instances of {{MerchantValidationEvent}} are created with the
            internal slots in the following table:
          </p>
          <table>
            <tr>
              <th>
                Internal Slot
              </th>
              <th>
                Description (<em>non-normative</em>)
              </th>
            </tr>
            <tr>
              <td>
                <dfn data-lt-nodefault="" data-lt=
                "mechvalidation.waitForUpdate">[[\waitForUpdate]]</dfn>
              </td>
              <td>
                A boolean indicating whether a <a>complete()</a>-initiated
                update is currently in progress.
              </td>
            </tr>
          </table>
        </section>
        <section data-dfn-for="MerchantValidationEventInit" data-link-for=
        "MerchantValidationEventInit">
          <h3>
            <dfn>MerchantValidationEventInit</dfn> dictionary
          </h3>
          <pre class="idl">
            dictionary MerchantValidationEventInit : EventInit {
              DOMString methodName = "";
              USVString validationURL = "";
            };
          </pre>
          <dl>
            <dt>
              <dfn>methodName</dfn> member
            </dt>
            <dd>
              A <a>payment method identifier</a> representing the <a>payment
              handler</a> that is requiring <a>merchant validation</a>.
            </dd>
            <dt>
              <dfn>validationURL</dfn> member
            </dt>
            <dd>
              A URL from which a developer would fetch <a>payment
              handler</a>-specific verification data.
            </dd>
          </dl>
        </section>
      </section>
      <section data-dfn-for="PaymentMethodChangeEvent" data-link-for=
      "PaymentMethodChangeEvent">
        <h2>
          <dfn>PaymentMethodChangeEvent</dfn> interface
        </h2>
        <pre class="idl">
          [SecureContext, Exposed=Window]
          interface PaymentMethodChangeEvent : PaymentRequestUpdateEvent {
            constructor(DOMString type, optional PaymentMethodChangeEventInit eventInitDict = {});
            readonly attribute DOMString methodName;
            readonly attribute object? methodDetails;
          };
        </pre>
        <section>
          <h2>
            <dfn>methodDetails</dfn> attribute
          </h2>
          <p data-link-for="PaymentMethodChangeEventInit">
            When getting, returns the value it was initialized with. See
            <a>methodDetails</a> member of <a>PaymentMethodChangeEventInit</a>
            for more information.
          </p>
        </section>
        <section>
          <h2>
            <dfn>methodName</dfn> attribute
          </h2>
          <p data-link-for="PaymentMethodChangeEventInit">
            When getting, returns the value it was initialized with. See
            <a>methodName</a> member of <a>PaymentMethodChangeEventInit</a> for
            more information.
          </p>
        </section>
        <section data-dfn-for="PaymentMethodChangeEventInit" data-link-for=
        "PaymentMethodChangeEventInit">
          <h3>
            <dfn>PaymentMethodChangeEventInit</dfn> dictionary
          </h3>
          <pre class="idl">
            dictionary PaymentMethodChangeEventInit : PaymentRequestUpdateEventInit {
              DOMString methodName = "";
              object? methodDetails = null;
            };
          </pre>
          <dl>
            <dt>
              <dfn>methodName</dfn> member
            </dt>
            <dd>
              A string representing the <a>payment method identifier</a>.
            </dd>
            <dt>
              <dfn>methodDetails</dfn> member
            </dt>
            <dd>
              An object representing some data from the payment method, or
              null.
            </dd>
          </dl>
        </section>
      </section>
      <section data-dfn-for="PaymentRequestUpdateEvent" data-link-for=
      "PaymentRequestUpdateEvent">
        <h2>
          <dfn>PaymentRequestUpdateEvent</dfn> interface
        </h2>
        <pre class="idl">
          [SecureContext, Exposed=Window]
          interface PaymentRequestUpdateEvent : Event {
            constructor(DOMString type, optional PaymentRequestUpdateEventInit eventInitDict = {});
            void updateWith(Promise&lt;PaymentDetailsUpdate&gt; detailsPromise);
          };
        </pre>
        <p>
          The {{PaymentRequestUpdateEvent}} enables developers to update the
          details of the payment request in response to a user interaction.
        </p>
        <section>
          <h3>
            <dfn data-lt=
            "PaymentRequestUpdateEvent.PaymentRequestUpdateEvent()">Constructor</dfn>
          </h3>
          <p data-tests=
          "PaymentRequestUpdateEvent/constructor.https.html, PaymentRequestUpdateEvent/constructor.http.html">
            The {{PaymentRequestUpdateEvent}}'s
            {{PaymentRequestUpdateEvent/constructor(type, eventInitDict)}} MUST
            act as follows:
          </p>
          <ol class="algorithm">
            <li>Let |event:PaymentRequestUpdateEvent| be the result of calling
            the [=Event/constructor=] of {{PaymentRequestUpdateEvent}} with
            |type| and |eventInitDict|.
            </li>
            <li>Set |event|.{{[[waitForUpdate]]}} to false.
            </li>
            <li>Return |event|.
            </li>
          </ol>
        </section>
        <section>
          <h2>
            <dfn data-lt="updateWith(detailsPromise)">updateWith()</dfn> method
          </h2>
          <aside class="note">
            <p>
              If a developer wants to update the payment request, then they
              need to call <a>updateWith()</a> and provide a
              <a>PaymentDetailsUpdate</a> dictionary, or a promise for one,
              containing changed values that the <a>user agent</a> presents to
              the user.
            </p>
            <p>
              To prevent the user interface from blocking (and to reflect
              changes made by the end user through the UI), developers need to
              immediately call <a>updateWith()</a>.
            </p>
            <pre class="example js" title=
            "how to use `updateWith()` correctly.">
              // ❌ Bad - this won't work!
              request.onshippingaddresschange = async ev =&gt; {
                // await goes to next tick, and updateWith()
                // was not called.
                const details = await getNewDetails(oldDetails);
                // 💥 So it's now too late! updateWith()
                // throws "InvalidStateError".
                ev.updateWith(details);
              };

              // ✅ Good - UI will wait.
              request.onshippingaddresschange = ev =&gt; {
                // Calling updateWith() with a promise is ok 👍
                const promiseForNewDetails = getNewDetails(oldDetails);
                ev.updateWith(promiseForNewDetails);
              };
            </pre>
            <p>
              Additionally, <a>[[\waitForUpdate]]</a> prevents reuse of
              {{PaymentRequestUpdateEvent}}.
            </p>
            <pre class="example js" title="can only call `updateWith()` once">
              // ❌ Bad - calling updateWith() twice doesn't work!
              request.addEventListener("shippingaddresschange", ev =&gt; {
                ev.updateWith(details); // this is ok.
                // 💥 [[waitForUpdate]] is true, throws "InvalidStateError".
                ev.updateWith(otherDetails);
              });

              // ❌ Bad - this won't work either!
              request.addEventListener("shippingaddresschange", async ev =&gt; {
                const p = Promise.resolve({ ...details });
                ev.updateWith(p);
                await p;
                // 💥 Only one call to updateWith() is allowed,
                // so the following throws "InvalidStateError"
                ev.updateWith({ ...newDetails });
              });
            </pre>
          </aside>
          <p data-tests=
          "PaymentRequestUpdateEvent/updatewith-method.https.html, PaymentRequestUpdateEvent/updateWith-incremental-update-manual.https.html">
            The <a><code>updateWith(|detailsPromise|)</code></a> method MUST
            act as follows:
          </p>
          <ol class="algorithm">
            <li>Let |event:PaymentRequestUpdateEvent| be this
            {{PaymentRequestUpdateEvent}} instance.
            </li>
            <li>If |event|'s {{ Event.isTrusted }} attribute is false, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>If |event|.<a>[[\waitForUpdate]]</a> is true, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>If |event|'s [=Event/target=] is an instance of
            <a>PaymentResponse</a>, let |request:PaymentRequest| be |event|'s
            [=Event/target=].<a>[[\request]]</a>.
            </li>
            <li>Otherwise, let |request:PaymentRequest| be the value of
            |event|'s [=Event/target=].
            </li>
            <li>Assert: |request| is an instance of {{PaymentRequest}}.
            </li>
            <li>If |request|.<a>[[\state]]</a> is not "<a>interactive</a>",
            then [=exception/throw=] an {{"InvalidStateError"}}
            {{DOMException}}.
            </li>
            <li>If |request|.<a>[[\updating]]</a> is true, then
            [=exception/throw=] an {{"InvalidStateError"}} {{DOMException}}.
            </li>
            <li>Set |event|'s [=Event/stop propagation flag=] and [=Event/stop
            immediate propagation flag=].
            </li>
            <li>Set |event|.<a>[[\waitForUpdate]]</a> to true.
            </li>
            <li>Let |pmi:URL?| be null.
            </li>
            <li>If |event| has a <a data-link-for=
            "PaymentMethodChangeEvent">methodName</a> attribute, set |pmi| to
            the <a data-link-for="PaymentMethodChangeEvent">methodName</a>
            attribute's value.
            </li>
            <li>Run the <a>update a <code>PaymentRequest</code>'s details
            algorithm</a> with |detailsPromise|, |request|, and |pmi|.
            </li>
          </ol>
        </section>
        <section>
          <h2>
            Internal Slots
          </h2>
          <p>
            Instances of {{PaymentRequestUpdateEvent}} are created with the
            internal slots in the following table:
          </p>
          <table>
            <tr>
              <th>
                Internal Slot
              </th>
              <th>
                Description (<em>non-normative</em>)
              </th>
            </tr>
            <tr>
              <td>
                <dfn>[[\waitForUpdate]]</dfn>
              </td>
              <td>
                A boolean indicating whether an <a>updateWith()</a>-initiated
                update is currently in progress.
              </td>
            </tr>
          </table>
        </section>
        <section>
          <h3>
            <dfn>PaymentRequestUpdateEventInit</dfn> dictionary
          </h3>
          <pre class="idl">
            dictionary PaymentRequestUpdateEventInit : EventInit {};
          </pre>
        </section>
      </section>
    </section>
    <section>
      <h2>
        Algorithms
      </h2>
      <p>
        When the internal slot <a>[[\state]]</a> of a {{PaymentRequest}} object
        is set to "<a>interactive</a>", the <a>user agent</a> will trigger the
        following algorithms based on user interaction.
      </p>
      <section>
        <h2>
          Merchant validation
        </h2>
        <p>
          <dfn data-lt="Validate the merchant">Merchant validation</dfn> is the
          process by which a <a>payment handler</a> validates the identity of a
          merchant against some |value| (usually some cryptographic challenge
          response). Validated merchants are allowed to interface with a
          <a>payment handler</a>. Details of how actual validation is performed
          is outside the scope of this specification.
        </p>
        <p>
          It is OPTIONAL for a <a>payment handler</a> to support <a>merchant
          validation</a>.
        </p>
        <p>
          For <a>payment methods</a> that support <a>merchant validation</a>,
          the user agent runs the <dfn>request merchant validation
          algorithm</dfn>. The algorithm takes a {{USVString}}
          |merchantSpecificURL|, provided by the <a>payment handler</a>:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>Let |validationURL:URL| be a <a>absolute-URL string</a> from
          which a developer can fetch <a>payment handler</a>-specific
          verification data.
          </li>
          <li>Let |methodName:URL or String| be the <a>payment method
          identifier</a> for the <a>payment handler</a> that is requiring
          <a>merchant validation</a>.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            run the following steps:
            <ol data-link-for="MerchantValidationEventInit">
              <li>Assert: |request|.<a>[[\updating]]</a> is false.
              </li>
              <li>Assert: |request|.<a>[[\state]]</a> is "<a>interactive</a>".
              </li>
              <li>Let |eventInitDict:MerchantValidationEventInit| be an new <a>
                MerchantValidationEventInit</a> dictionary.
              </li>
              <li>Set |eventInitDict|["<a>validationURL</a>"] to
              |validationURL|.
              </li>
              <li>Set |eventInitDict|["<a>methodName</a>"] to |methodName|.
              </li>
              <li>Let |event:MerchantValidationEvent| be the result of calling
              the [=Event/constructor=] of {{MerchantValidationEvent}} with
              "<a>merchantvalidation</a>" and |eventInitDict|.
              </li>
              <li>Initialize |event|’s {{ Event.isTrusted }} attribute to true.
              </li>
              <li>
                <a>Dispatch</a> |event| to |request|.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Can make payment algorithm
        </h2>
        <p>
          The <dfn>can make payment algorithm</dfn> checks if the <a>user
          agent</a> supports making payment with the <a>payment methods</a>
          with which the {{PaymentRequest}} was constructed. It takes a boolean
          argument, |checkForInstruments|, that specifies whether the algorithm
          checks for existence of enrolled instruments in addition to
          supporting a <a>payment method</a>.
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object on
          which the method was called.
          </li>
          <li>If |request|.<a>[[\state]]</a> is not "<a>created</a>", then
          return <a>a promise rejected with</a> an {{"InvalidStateError"}}
          {{DOMException}}.
          </li>
          <li data-tests=
          "payment-request-hasenrolledinstrument-method-protection.https.html, payment-request-canmakepayment-method-protection.https.html">
          Optionally, at the <a>top-level browsing context</a>'s discretion,
          return <a>a promise rejected with</a> a {{"NotAllowedError"}}
          {{DOMException}}.
            <p class="note" data-link-for="PaymentRequest">
              This allows user agents to apply heuristics to detect and prevent
              abuse of the calling method for fingerprinting purposes, such as
              creating {{PaymentRequest}} objects with a variety of supported
              <a>payment methods</a> and triggering the <a>can make payment
              algorithm</a> on them one after the other. For example, a user
              agent may restrict the number of successful calls that can be
              made based on the <a>top-level browsing context</a> or the time
              period in which those calls were made.
            </p>
          </li>
          <li>Let |hasHandlerPromise:Promise| be <a>a new promise</a>.
          </li>
          <li>Return |hasHandlerPromise|, and perform the remaining steps <a>in
          parallel</a>.
          </li>
          <li>For each |paymentMethod| tuple in |request|.
          [=PaymentRequest/[[serializedMethodData]]=]:
            <ol>
              <li>Let |identifier| be the first element in the |paymentMethod|
              tuple.
              </li>
              <li>If |checkForInstruments| is false, and the user agent has a
              <a>payment handler</a> that supports handling payment requests
              for |identifier|, resolve |hasHandlerPromise| with true and
              terminate this algorithm.
              </li>
              <li>If |checkForInstruments| is true:
                <ol>
                  <li>Let |data| be the result of <a data-cite=
                  "ECMASCRIPT#sec-json.parse">JSON-parsing</a> the second
                  element in the |paymentMethod| tuple.
                  </li>
                  <li>If required by the specification that defines the
                  |identifier|, then [=converted to an IDL value|convert=]
                  |data| to an IDL value. Otherwise, [=converted to an IDL
                  value|convert=] to {{object}}.
                  </li>
                  <li>Let |handlers| be a <a>list</a> of registered <a>payment
                  handlers</a> that are authorized and can handle payment
                  request for |identifier|.
                  </li>
                  <li>For each |handler| in |handlers|:
                    <ol>
                      <li>Let |hasEnrolledInstrument| be the result of running
                      |handler|'s <a>steps to check if a payment can be
                      made</a> with |data|.
                      </li>
                      <li>If |hasEnrolledInstrument| is true, resolve
                      |hasHandlerPromise| with true and terminate this
                      algorithm.
                      </li>
                    </ol>
                  </li>
                </ol>
              </li>
            </ol>
          </li>
          <li>Resolve |hasHandlerPromise| with false.
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Shipping address changed algorithm
        </h2>
        <p data-tests=
        "algorithms-manual.https.html#shipping-address-changed-algo">
          The <dfn>shipping address changed algorithm</dfn> runs when the user
          provides a new shipping address. It MUST run the following steps:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            run the following steps:
            <ol>
              <li>
                <div class="note" title="Privacy of recipient information">
                  <p>
                    The |redactList| limits the amount of personal information
                    about the recipient that the API shares with the merchant.
                  </p>
                  <p>
                    For merchants, the resulting {{PaymentAddress}} object
                    provides enough information to, for example, calculate
                    shipping costs, but, in most cases, not enough information
                    to physically locate and uniquely identify the recipient.
                  </p>
                  <p>
                    Unfortunately, even with the |redactList|, recipient
                    anonymity cannot be assured. This is because in some
                    countries postal codes are so fine-grained that they can
                    uniquely identify a recipient.
                  </p>
                </div>
              </li>
              <li>Let |redactList:list| be the empty list. Set |redactList| to
              « "organization", "phone", "recipient", "addressLine" ».
              </li>
              <li>Let |address:PaymentAddress| be the result of running the
              steps to <a>create a `PaymentAddress` from user-provided
              input</a> with |redactList|.
              </li>
              <li>Set the {{PaymentRequest/shippingAddress}} attribute on
              |request| to |address|.
              </li>
              <li>Run the <a>PaymentRequest updated algorithm</a> with
              |request| and "<a>shippingaddresschange</a>".
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Shipping option changed algorithm
        </h2>
        <p data-tests=
        "algorithms-manual.https.html#shipping-option-changed-algo">
          The <dfn>shipping option changed algorithm</dfn> runs when the user
          chooses a new shipping option. It MUST run the following steps:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            run the following steps:
            <ol>
              <li>Set the {{PaymentRequest/shippingOption}} attribute on
              |request| to the <code>id</code> string of the
              <a>PaymentShippingOption</a> provided by the user.
              </li>
              <li>Run the <a>PaymentRequest updated algorithm</a> with
              |request| and "<a>shippingoptionchange</a>".
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Payment method changed algorithm
        </h2>
        <p data-cite="WEBIDL">
          A <a>payment handler</a> MAY run the <dfn data-export=""
          data-dfn-for="payment handler">payment method changed algorithm</dfn>
          when the user changes <a>payment method</a> with |methodDetails|,
          which is a <a>dictionary</a> or an {{object}} or null, and a
          |methodName|, which is a DOMString that represents the <a>payment
          method identifier</a> of the <a>payment handler</a> the user is
          interacting with.
        </p>
        <p class="note" title=
        "Privacy of information shared by paymentmethodchange event">
          When the user selects or changes a payment method (e.g., a credit
          card), the {{PaymentMethodChangeEvent}} includes redacted billing
          address information for the purpose of performing tax calculations.
          Redacted attributes include, but are not limited to, <a>address
          line</a>, <a>dependent locality</a>, <a>organization</a>, <a>phone
          number</a>, and <a>recipient</a>.
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            run the following steps:
            <ol>
              <li>Assert: |request|.<a>[[\updating]]</a> is false. Only one
              update can take place at a time.
              </li>
              <li>Assert: |request|.<a>[[\state]]</a> is "<a>interactive</a>".
              </li>
              <li data-link-for="PaymentMethodChangeEvent">
                <a>Fire an event</a> named "<a>paymentmethodchange</a>" at
                |request| using {{PaymentMethodChangeEvent}}, with its
                <a>methodName</a> attribute initialized to |methodName|, and
                its <a>methodDetails</a> attribute initialized to
                |methodDetails|.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section>
        <h2>
          PaymentRequest updated algorithm
        </h2>
        <p data-tests="algorithms-manual.https.html">
          The <dfn>PaymentRequest updated algorithm</dfn> is run by other
          algorithms above to <a>fire an event</a> to indicate that a user has
          made a change to a {{PaymentRequest}} called |request| with an event
          name of |name|:
        </p>
        <ol class="algorithm">
          <li>Assert: |request|.<a>[[\updating]]</a> is false. Only one update
          can take place at a time.
          </li>
          <li>Assert: |request|.<a>[[\state]]</a> is "<a>interactive</a>".
          </li>
          <li>Let |event:PaymentRequestUpdateEvent| be the result of
          <a>creating an event</a> using the {{PaymentRequestUpdateEvent}}
          interface.
          </li>
          <li>Initialize |event|'s {{Event/type}} attribute to |name|.
          </li>
          <li>
            <a>Dispatch</a> |event| at |request|.
          </li>
          <li data-link-for="PaymentRequestUpdateEvent">If
          |event|.<a>[[\waitForUpdate]]</a> is true, disable any part of the
          user interface that could cause another update event to be fired.
          </li>
          <li>Otherwise, set |event|.<a>[[\waitForUpdate]]</a> to true.
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Payer detail changed algorithm
        </h2>
        <p>
          The user agent MUST run the <dfn>payer detail changed algorithm</dfn>
          when the user changes the |payer name|, or the |payer email|, or the
          |payer phone| in the user interface:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>If |request|.<a>[[\response]]</a> is null, return.
          </li>
          <li>Let |response:PaymentResponse| be |request|.<a>[[\response]]</a>.
          </li>
          <li>
            <a>Queue a task</a> on the <a>user interaction task source</a> to
            run the following steps:
            <ol data-link-for="PaymentResponse">
              <li>Assert: |request|.<a>[[\updating]]</a> is false.
              </li>
              <li>Assert: |request|.<a>[[\state]]</a> is "<a>interactive</a>".
              </li>
              <li>Let |options:PaymentOptions| be
              |request|.[=PaymentRequest/[[options]]=].
              </li>
              <li>If |payer name| changed and |options|.<a data-link-for=
              "PaymentOptions">requestPayerName</a> is true:
                <ol>
                  <li>Set |response|'s <a>payerName</a> attribute to |payer
                  name|.
                  </li>
                </ol>
              </li>
              <li>If |payer email| changed and
              |options|.{{PaymentOptions/requestPayerEmail}} is true:
                <ol>
                  <li>Set |response|'s <a>payerEmail</a> attribute to |payer
                  email|.
                  </li>
                </ol>
              </li>
              <li>If |payer phone| changed and |options|.<a data-link-for=
              "PaymentOptions">requestPayerPhone</a> is true:
                <ol>
                  <li>Set |response|'s <a>payerPhone</a> attribute to |payer
                  phone|.
                  </li>
                </ol>
              </li>
              <li>Let |event:PaymentRequestUpdateEvent| be the result of
              <a>creating an event</a> using {{PaymentRequestUpdateEvent}}.
              </li>
              <li>Initialize |event|'s {{Event/type}} attribute to
              "<a>payerdetailchange</a>".
              </li>
              <li>
                <a>Dispatch</a> |event| at |response|.
              </li>
              <li data-link-for="PaymentRequestUpdateEvent">If
              |event|.<a>[[\waitForUpdate]]</a> is true, disable any part of
              the user interface that could cause another change to the payer
              details to be fired.
              </li>
              <li>Otherwise, set |event|.<a>[[\waitForUpdate]]</a> to true.
              </li>
            </ol>
          </li>
        </ol>
      </section>
      <section>
        <h2>
          User accepts the payment request algorithm
        </h2>
        <p data-tests="user-accepts-payment-request-algo-manual.https.html">
          The <dfn data-lt="user accepts the payment request">user accepts the
          payment request algorithm</dfn> runs when the user accepts the
          payment request and confirms that they want to pay. It MUST <a>queue
          a task</a> on the <a>user interaction task source</a> to perform the
          following steps:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>If the |request|.<a>[[\updating]]</a> is true, then terminate
          this algorithm and take no further action. The <a>user agent</a> user
          interface SHOULD ensure that this never occurs.
          </li>
          <li>If |request|.<a>[[\state]]</a> is not "<a>interactive</a>", then
          terminate this algorithm and take no further action. The <a>user
          agent</a> user interface SHOULD ensure that this never occurs.
          </li>
          <li>If the {{PaymentOptions/requestShipping}} value of
          |request|.[=PaymentRequest/[[options]]=] is true, then if the
          {{PaymentRequest/shippingAddress}} attribute of |request| is null or
          if the {{PaymentRequest/shippingOption}} attribute of |request| is
          null, then terminate this algorithm and take no further action. The
          <a>user agent</a> SHOULD ensure that this never occurs.
          </li>
          <li>Let |isRetry:boolean| be true if |request|.<a>[[\response]]</a>
          is not null, false otherwise.
          </li>
          <li>Let |response:PaymentResponse| be |request|.<a>[[\response]]</a>
          if |isRetry| is true, or a new <a>PaymentResponse</a> otherwise.
          </li>
          <li>If |isRetry| if false, initialize the newly created |response|:
            <ol>
              <li>Set |response|.<a>[[\request]]</a> to |request|.
              </li>
              <li>Set |response|.<a>[[\retryPromise]]</a> to null.
              </li>
              <li>Set |response|.<a>[[\complete]]</a> to false.
              </li>
              <li>Set the {{PaymentResponse/requestId}} attribute value of
              |response| to the value of
              |request|.[=PaymentRequest/[[details]]=].{{PaymentDetailsInit/id}}.
              </li>
              <li>Set |request|.<a>[[\response]]</a> to |response|.
              </li>
            </ol>
          </li>
          <li>Let |handler:payment handler| be the <a>payment handler</a>
          selected by the user.
          </li>
          <li>Set the {{PaymentResponse/methodName}} attribute value of
          |response| to the <a>payment method identifier</a> of |handler|.
          </li>
          <li>Set the {{PaymentResponse/details}} attribute value of |response|
          to an object resulting from running the |handler|'s <a>steps to
          respond to a payment request</a>.
          </li>
          <li>If the {{PaymentOptions/requestShipping}} value of
          |request|.[=PaymentRequest/[[options]]=] is false, then set the
          {{PaymentResponse/shippingAddress}} attribute value of |response| to
          null. Otherwise:
            <ol data-link-for="PaymentResponse">
              <li>Let |redactList:list| be the empty <a>list</a>.
              </li>
              <li>Let |shippingAddress:PaymentAddress| be the result of
              <a>create a `PaymentAddress` from user-provided input</a> with
              |redactList|.
              </li>
              <li>Set the {{shippingAddress}} attribute value of |response| to
              |shippingAddress|.
              </li>
              <li>Set the {{shippingAddress}} attribute value of |request| to
              |shippingAddress|.
              </li>
            </ol>
          </li>
          <li>If the {{PaymentOptions/requestShipping}} value of
          |request|.[=PaymentRequest/[[options]]=] is true, then set the
          {{PaymentResponse/shippingOption}} attribute of |response| to the
          value of the {{PaymentResponse/shippingOption}} attribute of
          |request|. Otherwise, set it to null.
          </li>
          <li>If the {{PaymentOptions/requestPayerName}} value of
          |request|.[=PaymentRequest/[[options]]=] is true, then set the
          {{PaymentResponse/payerName}} attribute of |response| to the payer's
          name provided by the user, or to null if none was provided.
          Otherwise, set it to null.
          </li>
          <li>If the {{PaymentOptions/requestPayerEmail}} value of
          |request|.[=PaymentRequest/[[options]]=] is true, then set the
          {{PaymentResponse/payerEmail}} attribute of |response| to the payer's
          email address provided by the user, or to null if none was provided.
          Otherwise, set it to null.
          </li>
          <li>If the {{PaymentOptions/requestPayerPhone}} value of
          |request|.[=PaymentRequest/[[options]]=] is true, then set the
          {{PaymentResponse/payerPhone}} attribute of |response| to the payer's
          phone number provided by the user, or to null if none was provided.
          When setting the {{PaymentResponse/payerPhone}} value, the user agent
          SHOULD format the phone number to adhere to [[E.164]].
          </li>
          <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
          </li>
          <li>If |isRetry| is true, resolve |response|.<a>[[\retryPromise]]</a>
          with undefined. Otherwise, resolve
          |request|.<a>[[\acceptPromise]]</a> with |response|.
          </li>
        </ol>
      </section>
      <section>
        <h2>
          User aborts the payment request algorithm
        </h2>
        <p data-tests="user-abort-algorithm-manual.https.html">
          The <dfn data-lt="user aborts the payment request">user aborts the
          payment request algorithm</dfn> runs when the user aborts the payment
          request through the currently interactive user interface. It MUST
          <a>queue a task</a> on the <a>user interaction task source</a> to
          perform the following steps:
        </p>
        <ol class="algorithm">
          <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object
          that the user is interacting with.
          </li>
          <li>If |request|.<a>[[\state]]</a> is not "<a>interactive</a>", then
          terminate this algorithm and take no further action. The <a>user
          agent</a> user interface SHOULD ensure that this never occurs.
          </li>
          <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
          </li>
          <li>Set |request|'s <a>payment-relevant browsing context</a>'s
          <a>payment request is showing</a> boolean to false.
          </li>
          <li>Let |error| be an {{"AbortError"}} {{DOMException}}.
          </li>
          <li>Let |response:PaymentResponse| be |request|.<a>[[\response]]</a>.
          </li>
          <li>If |response| is not null:
            <ol>
              <li>Set |response|.<a>[[\complete]]</a> to true.
              </li>
              <li>Assert: |response|.<a>[[\retryPromise]]</a> is not null.
              </li>
              <li>Reject |response|.<a>[[\retryPromise]]</a> with |error|.
              </li>
            </ol>
          </li>
          <li>Otherwise, reject |request|.<a>[[\acceptPromise]]</a> with
          |error|.
          </li>
          <li>Abort the current user interaction and close down any remaining
          user interface.
          </li>
        </ol>
      </section>
      <section>
        <h2>
          Update a <code>PaymentRequest</code>'s details algorithm
        </h2>
        <p>
          The <dfn>update a <code>PaymentRequest</code>'s details
          algorithm</dfn> takes a <a>PaymentDetailsUpdate</a> |detailsPromise|,
          a {{PaymentRequest}} |request|, and |pmi| that is either a DOMString
          or null (a <a>payment method identifier</a>). The steps are
          conditional on the |detailsPromise| settling. If |detailsPromise|
          never settles then the payment request is blocked. The user agent
          SHOULD provide the user with a means to abort a payment request.
          Implementations MAY choose to implement a timeout for pending updates
          if |detailsPromise| doesn't settle in a reasonable amount of time.
        </p>
        <p>
          In the case where a timeout occurs, or the user manually aborts, or
          the <a>payment handler</a> decides to abort this particular payment,
          the user agent MUST run the <a>user aborts the payment request
          algorithm</a>.
        </p>
        <ol class="algorithm">
          <li>Set |request|.<a>[[\updating]]</a> to true.
          </li>
          <li>
            <a>In parallel</a>, disable the user interface that allows the user
            to accept the payment request. This is to ensure that the payment
            is not accepted until the user interface is updated with any new
            details.
          </li>
          <li>
            <a>Upon rejection</a> of |detailsPromise|:
            <ol>
              <li>
                <a>Abort the update</a> with |request| and an {{"AbortError"}}
                {{DOMException}}.
              </li>
            </ol>
          </li>
          <li>
            <a>Upon fulfillment</a> of |detailsPromise| with value |value|:
            <ol data-link-for="PaymentDetailsBase">
              <li>Let |details| be the result of [=converted to an IDL
              value|converting=] |value| to a <a>PaymentDetailsUpdate</a>
              dictionary. If this [=exception/throw=] an exception, <a>abort
              the update</a> with |request| and with the thrown exception.
              </li>
              <li>Let |serializedModifierData| be an empty list.
              </li>
              <li>Let |selectedShippingOption| be null.
              </li>
              <li>Let |shippingOptions| be an empty
              <code><a>sequence</a></code>&lt;<a>PaymentShippingOption</a>&gt;.
              </li>
              <li>Validate and canonicalize the details:
                <ol>
                  <li data-link-for="PaymentDetailsUpdate">If the <a>total</a>
                  member of |details| is present, then:
                    <ol>
                      <li>
                        <a>Check and canonicalize total amount</a>
                        |details|.<a>total</a>.{{PaymentItem/amount}}. If an
                        exception is thrown, then <a>abort the update</a> with
                        |request| and that exception.
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>displayItems</a> member of |details| is
                  present, then for each |item| in
                  |details|.<a>displayItems</a>:
                    <ol>
                      <li>
                        <a>Check and canonicalize amount</a>
                        |item|.{{PaymentItem/amount}}. If an exception is
                        thrown, then <a>abort the update</a> with |request| and
                        that exception.
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>shippingOptions</a> member of |details| is
                  present, and
                  |request|.[=PaymentRequest/[[options]]=].{{PaymentOptions/requestShipping}}
                  is true, then:
                    <ol>
                      <li>Let |seenIDs| be an empty set.
                      </li>
                      <li>For each |option| in
                      |details|.<a>shippingOptions</a>:
                        <ol>
                          <li>
                            <a>Check and canonicalize amount</a>
                            |option|.{{PaymentShippingOption/amount}}. If an
                            exception is thrown, then <a>abort the update</a>
                            with |request| and that exception.
                          </li>
                          <li data-tests=
                          "PaymentRequestUpdateEvent/updateWith-duplicate-shipping-options-manual.https.html">
                          If |seenIDs|[|option|.{{PaymentShippingOption/id}]
                          exists, then <a>abort the update</a> with |request|
                          and a {{TypeError}}.
                          </li>
                          <li>Append |option|.{{PaymentShippingOption/id}} to
                          |seenIDs|.
                          </li>
                          <li>Append |option| to |shippingOptions|.
                          </li>
                          <li>If |option|.{{PaymentShippingOption/selected}} is
                          true, then set |selectedShippingOption| to
                          |option|.{{PaymentShippingOption/id}}.
                          </li>
                        </ol>
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>modifiers</a> member of |details| is present,
                  then:
                    <ol>
                      <li>Let |modifiers| be the sequence
                      |details|.<a>modifiers</a>.
                      </li>
                      <li>Let |serializedModifierData| be an empty list.
                      </li>
                      <li>For each <a>PaymentDetailsModifier</a> |modifier| in
                      |modifiers|:
                        <ol data-link-for="PaymentDetailsModifier">
                          <li data-tests=
                          "updateWith-method-pmi-handling-manual.https.html">
                          Run the steps to <a>validate a payment method
                          identifier</a> with
                          |modifier|.{{PaymentDetailsModifier/supportedMethods}}.
                          If it returns false, then <a>abort the update</a>
                          with |request| and a {{RangeError}} exception.
                          Optionally, inform the developer that the payment
                          method identifier is invalid.
                          </li>
                          <li>If the <a>total</a> member of |modifier| is
                          present, then:
                            <ol>
                              <li>
                                <a>Check and canonicalize total amount</a>
                                |modifier|.<a>total</a>.{{PaymentItem/amount}}.
                                If an exception is thrown, then <a>abort the
                                update</a> with |request| and that exception.
                              </li>
                            </ol>
                          </li>
                          <li>If the <a>additionalDisplayItems</a> member of
                          |modifier| is present, then for each
                          <a>PaymentItem</a> |item| in
                          |modifier|.<a>additionalDisplayItems</a>:
                            <ol>
                              <li>
                                <a>Check and canonicalize amount</a>
                                |item|.{{PaymentItem/amount}}. If an exception
                                is thrown, then <a>abort the update</a> with
                                |request| and that exception.
                              </li>
                            </ol>
                          </li>
                          <li>If the {{PaymentDetailsModifier/data}} member of
                          |modifier| is missing, let |serializedData| be null.
                          Otherwise, let |serializedData| be the result of <a>
                            JSON-serializing</a>
                            |modifier|.{{PaymentDetailsModifier/data}} into a
                            string. If <a>JSON-serializing</a> throws an
                            exception, then <a>abort the update</a> with
                            |request| and that exception.
                          </li>
                          <li>Add |serializedData| to |serializedModifierData|.
                          </li>
                          <li>Remove the {{PaymentDetailsModifier/data}} member
                          of |modifier|, if it is present.
                          </li>
                        </ol>
                      </li>
                    </ol>
                  </li>
                </ol>
              </li>
              <li data-link-for="PaymentDetailsUpdate">If the
              <a>paymentMethodErrors</a> member is present and |identifier| is
              not null:
                <ol>
                  <li>If required by the specification that defines the |pmi|,
                  then [=converted to an IDL value|convert=]
                  <a>paymentMethodErrors</a> to an IDL value.
                  </li>
                  <li>If conversion results in a <a>exception</a> |error|, <a>
                    abort the update</a> with |error|.
                  </li>
                  <li>The <a>payment handler</a> SHOULD display an error for
                  each relevant erroneous field of <a>paymentMethodErrors</a>.
                  </li>
                </ol>
              </li>
              <li>Update the {{PaymentRequest}} using the new details:
                <ol>
                  <li data-link-for="PaymentDetailsUpdate">If the <a>total</a>
                  member of |details| is present, then:
                    <ol>
                      <li>Set
                      |request|.[=PaymentRequest/[[details]]=].<a data-link-for="PaymentDetailsInit">total</a>
                        to |details|.<a>total</a>.
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>displayItems</a> member of |details| is
                  present, then:
                    <ol>
                      <li>Set
                      |request|.[=PaymentRequest/[[details]]=].<a>displayItems</a>
                      to |details|.<a>displayItems</a>.
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>shippingOptions</a> member of |details| is
                  present, and
                  |request|.[=PaymentRequest/[[options]]=].{{PaymentOptions/requestShipping}}
                  is true, then:
                    <ol>
                      <li>Set
                      |request|.[=PaymentRequest/[[details]]=].<a>shippingOptions</a>
                      to |shippingOptions|.
                      </li>
                      <li>Set the value of |request|'s
                      {{PaymentRequest/shippingOption}} attribute to
                      |selectedShippingOption|.
                      </li>
                    </ol>
                  </li>
                  <li>If the <a>modifiers</a> member of |details| is present,
                  then:
                    <ol>
                      <li>Set
                      |request|.[=PaymentRequest/[[details]]=].<a>modifiers</a>
                      to |details|.<a>modifiers</a>.
                      </li>
                      <li>Set
                      |request|.[=PaymentRequest/[[serializedModifierData]]=]
                      to |serializedModifierData|.
                      </li>
                    </ol>
                  </li>
                  <li>
                    <p>
                      If
                      |request|.[=PaymentRequest/[[options]]=].{{PaymentOptions/requestShipping}}
                      is true, and
                      |request|.[=PaymentRequest/[[details]]=].<a>shippingOptions</a>
                      is empty, then the developer has signified that there are
                      no valid shipping options for the currently-chosen
                      shipping address (given by |request|'s
                      {{PaymentRequest/shippingAddress}}).
                    </p>
                    <p>
                      In this case, the user agent SHOULD display an error
                      indicating this, and MAY indicate that the
                      currently-chosen shipping address is invalid in some way.
                      The user agent SHOULD use the
                      {{PaymentDetailsUpdate/error}} member of |details|, if it
                      is present, to give more information about why there are
                      no valid shipping options for that address.
                    </p>
                    <p>
                      Further, if
                      |details|["{{PaymentDetailsUpdate/shippingAddressErrors}}"]
                      member is present, the user agent SHOULD display an error
                      specifically for each erroneous field of the shipping
                      address. This is done by matching each present member of
                      the <a>AddressErrors</a> to a corresponding input field
                      in the shown user interface.
                    </p>
                    <p data-link-for="PaymentDetailsUpdate">
                      Similarly, if |details|["<a>payerErrors</a>"] member is
                      present and |request|.[=PaymentRequest/[[options]]=]'s
                      {{PaymentOptions/requestPayerName}},
                      {{PaymentOptions/requestPayerEmail}}, or
                      {{PaymentOptions/requestPayerPhone}} is true, then
                      display an error specifically for each erroneous field.
                    </p>
                    <p data-link-for="PaymentDetailsUpdate">
                      Likewise, if |details|["<a>paymentMethodErrors</a>"] is
                      present, then display errors specifically for each
                      erroneous input field for the particular payment method.
                    </p>
                  </li>
                </ol>
              </li>
            </ol>
          </li>
          <li>Set |request|.<a>[[\updating]]</a> to false.
          </li>
          <li>Update the user interface based on any changed values in
          |request|. Re-enable user interface elements disabled prior to
          running this algorithm.
          </li>
        </ol>
        <section>
          <h2>
            Abort the update
          </h2>
          <p>
            To <dfn>abort the update</dfn> with a {{PaymentRequest}} |request|
            and <a>exception</a> |exception|:
          </p>
          <ol class="algorithm">
            <li>Optionally, show an error message to the user when letting them
            know an error has occurred.
            </li>
            <li>Abort the current user interaction and close down any remaining
            user interface.
            </li>
            <li>
              <a>Queue a task</a> on the <a>user interaction task source</a> to
              perform the following steps:
              <ol>
                <li>Set |request|'s <a>payment-relevant browsing context</a>'s
                <a>payment request is showing</a> boolean to false.
                </li>
                <li>Set |request|.<a>[[\state]]</a> to "<a>closed</a>".
                </li>
                <li>Let |response:PaymentResponse| be
                |request|.<a>[[\response]]</a>.
                </li>
                <li>If |response| is not null, then:
                  <ol>
                    <li>Set |response|.<a>[[\complete]]</a> to true.
                    </li>
                    <li>Assert: |response|.<a>[[\retryPromise]]</a> is not
                    null.
                    </li>
                    <li>Reject |response|.<a>[[\retryPromise]]</a> with
                    |exception|.
                    </li>
                  </ol>
                </li>
                <li>Otherwise, reject |request|.<a>[[\acceptPromise]]</a> with
                |exception|.
                </li>
                <li>Set |request|.<a>[[\updating]]</a> to false.
                </li>
              </ol>
            </li>
            <li>Abort the algorithm.
            </li>
          </ol>
        </section>
        <div class="note">
          <p>
            <a>Abort the update</a> runs when there is a fatal error updating
            the payment request, such as the supplied |detailsPromise|
            rejecting, or its fulfillment value containing invalid data. This
            would potentially leave the payment request in an inconsistent
            state since the developer hasn't successfully handled the change
            event.
          </p>
          <p>
            Consequently, the {{PaymentRequest}} moves to a "<a>closed</a>"
            state. The error is signaled to the developer through the rejection
            of the <a>[[\acceptPromise]]</a>, i.e., the promise returned by
            {{PaymentRequest/show()}}.
          </p>
          <p data-link-for="PaymentResponse">
            Similarly, <a>abort the update</a> occurring during <a>retry()</a>
            causes the <a>[[\retryPromise]]</a> to reject, and the
            corresponding {{PaymentRequest}}'s <a>[[\complete]]</a> internal
            slot will be set to true (i.e., it can no longer be used).
          </p>
        </div>
      </section>
      <section>
        <h2>
          Validate merchant's details algorithm
        </h2>
        <p>
          The <dfn>validate merchant's details algorithm</dfn> takes a
          {{Promise}} |opaqueDataPromise| and a {{PaymentRequest}} |request|.
          The steps are conditional on the |opaqueDataPromise| settling. If
          |opaqueDataPromise| never settles then the payment request is
          blocked. The user agent SHOULD provide the user with a means to abort
          a payment request. Implementations MAY choose to implement a timeout
          for pending updates if |opaqueDataPromise| doesn't settle in a
          reasonable amount of time. If an implementation chooses to implement
          a timeout, they MUST execute the steps listed below in the "upon
          rejection" path. Such a timeout is a fatal error for the payment
          request.
        </p>
        <ol class="algorithm">
          <li>Set |request|.<a>[[\updating]]</a> to true.
          </li>
          <li>
            <a>In parallel</a>, disable the user interface that allows the user
            to accept the payment request. This is to ensure that the payment
            is not accepted until the user interface is updated with any new
            details.
          </li>
          <li>
            <a>Upon rejection</a> of |opaqueDataPromise|:
            <ol>
              <li>
                <a>Abort the update</a> with |request| and an {{"AbortError"}}
                {{DOMException}}.
              </li>
            </ol>
          </li>
          <li>
            <a>Upon fulfillment</a> of |opaqueDataPromise| with value
            |opaqueData|:
            <ol>
              <li>
                <a>Validate the merchant</a> using |opaqueData|.
              </li>
              <li>If |opaqueData| is invalid, as per the validation rules of
              the <a>payment handler</a>, <a>abort the update</a> with
              |request| and an appropriate <a>exception</a> and return.
              </li>
              <li>Otherwise, set |request|.<a>[[\updating]]</a> to false.
              </li>
              <li>Enable the user interface, allowing the request for payment
              to proceed.
              </li>
            </ol>
          </li>
        </ol>
      </section>
    </section>
    <section id="privacy">
      <h2>
        Privacy and Security Considerations
      </h2>
      <section class="informative" data-link-for="PaymentRequest">
        <h2>
          User protections with <code>show()</code> method
        </h2>
        <p>
          To help ensure that users do not inadvertently share sensitive
          credentials with an origin, this API requires that PaymentRequest's
          <a>show()</a> method be invoked while the relevant {{Window}} has
          [=transient activation=] (e.g., via a click or press).
        </p>
        <p>
          To avoid a confusing user experience, this specification limits the
          user agent to displaying one at a time via the <a>show()</a> method.
          In addition, the user agent can limit the rate at which a page can
          call <a>show()</a>.
        </p>
      </section>
      <section class="informative">
        <h2>
          Secure contexts
        </h2>
        <p>
          The API defined in this specification is only exposed in
          <a data-cite="secure-contexts">secure contexts</a>. In practice, this
          means that this API is only available over HTTPS. This is to limit
          the possibility of payment method data (e.g., credit card numbers)
          being sent in the clear.
        </p>
      </section>
      <section class="informative">
        <h2>
          Cross-origin payment requests
        </h2>
        <p>
          It is common for merchants and other payees to delegate checkout and
          other e-commerce activities to payment service providers through an
          <a>iframe</a>. This API supports payee-authorized cross-origin
          iframes through [[HTML]]'s {{ HTMLIFrameElement.allowPaymentRequest
          }} attribute.
        </p>
        <p class="Note">
          <a>Payment handlers</a> have access to both the origin that hosts the
          <a>iframe</a> and the origin of the <a>iframe</a> content (where the
          {{PaymentRequest}} initiates).
        </p>
      </section>
      <section class="informative">
        <h2>
          Encryption of data fields
        </h2>
        <p>
          The {{PaymentRequest}} API does not directly support encryption of
          data fields. Individual <a>payment methods</a> may choose to include
          support for encrypted data but it is not mandatory that all
          <a>payment methods</a> support this.
        </p>
      </section>
      <section class="informative">
        <h2>
          How user agents match payment handlers
        </h2>
        <p data-link-for="PaymentRequest">
          As part of <a>show()</a>, the user agent typically displays a list of
          matching <a>payment handlers</a> that satisfy the <a>payment
          methods</a> accepted by the merchant and other conditions. Matching
          can take into account <a>payment method</a> information provided as
          input to the API, information provided by the <a>payment method</a>
          owner, the <a>payment handlers</a> registered by the user, user
          preferences, and other considerations.
        </p>
        <p data-link-for="PaymentRequest">
          For security reasons, a user agent can limit matching (in
          <a>show()</a> and <a>canMakePayment()</a>) to <a>payment handlers</a>
          from the same <a data-cite="rfc6454#section-3.2">origin</a> as a URL
          <a>payment method identifier</a>.
        </p>
      </section>
      <section>
        <h2 id="data-usage">
          Data usage
        </h2>
        <p>
          <a>Payment method</a> owners establish the privacy policies for how
          user data collected for the payment method may be used. Payment
          Request API sets a clear expectation that data will be used for the
          purposes of completing a transaction, and user experiences associated
          with this API convey that intention. It is the responsibility of the
          payee to ensure that any data usage conforms to payment method
          policies. For any permitted usage beyond completion of the
          transaction, the payee should clearly communicate that usage to the
          user.
        </p>
      </section>
      <section>
        <h2 id="user-info">
          Exposing user information
        </h2>
        <p>
          The <a>user agent</a> MUST NOT share information about the user with
          a developer (e.g., the shipping address) without user consent.
        </p>
        <p>
          The <a>user agent</a> MUST NOT share the values of the
          {{PaymentDetailsBase/displayItems}} member or
          {{PaymentDetailsModifier/additionalDisplayItems}} member with a
          third-party <a>payment handler</a> without user consent.
        </p>
        <p>
          The {{PaymentMethodChangeEvent}} enables the payee to update the
          displayed total based on information specific to a selected
          <a>payment method</a>. For example, the billing address associated
          with a selected <a>payment method</a> might affect the tax
          computation (e.g., VAT), and it is desirable that the user interface
          accurately display the total before the payer completes the
          transaction. At the same time, it is desirable to share as little
          information as possible prior to completion of the payment.
          Therefore, when a <a>payment method</a> defines the <a>steps for when
          a user changes payment method</a>, it is important to minimize the
          data shared via the {{PaymentMethodChangeEvent}}'s <a data-link-for=
          "PaymentMethodChangeEvent">methodDetails</a> attribute. Requirements
          and approaches for minimizing shared data are likely to vary by
          <a>payment method</a> and might include:
        </p>
        <ul>
          <li>Use of a "|redactList|" for <a>physical addresses</a>. The
          current specification makes use of a "|redactList|" to redact the <a>
            address line</a>, <a>organization</a>, <a>phone number</a>, and
            <a>recipient</a> from a <a data-link-for=
            "PaymentRequest">shippingAddress</a>.
          </li>
          <li>Support for instructions from the payee identifying specific
          elements to exclude or include from the <a>payment method</a>
          response data (returned through <a>PaymentResponse</a>.|details|).
          The payee might provide these instructions via
          <a>PaymentMethodData</a>.|data|, enabling a <a>payment method</a>
          definition to evolve without requiring changes to the current API.
          </li>
        </ul>
        <p>
          Where sharing of privacy-sensitive information might not be obvious
          to users (e.g., when [=payment handler/payment method changed
          algorithm | changing payment methods =]), it is RECOMMENDED that user
          agents inform the user of exactly what information is being shared
          with a merchant.
        </p>
      </section>
      <section class="informative">
        <h2>
          Merchant Validation
        </h2>
        <p data-link-for="MerchantValidationEvent">
          It is important that the <a>validationURL</a> in a
          {{MerchantValidationEvent}} does not expose personally identifying
          information to unauthorized parties.
        </p>
      </section>
      <section>
        <h2 id="canmakepayment-protections">
          <code>canMakePayment()</code> protections
        </h2>
        <p data-link-for="PaymentRequest">
          The <a>canMakePayment()</a> and <a>hasEnrolledInstrument()</a>
          methods have the potential to expose user information that could be
          abused for fingerprinting purposes. User agents are expected to
          protect the user from abuse of the method. For example, user agents
          can reduce user fingerprinting by:
        </p>
        <ul data-link-for="PaymentRequest">
          <li>Allowing the user to configure the user agent to turn off
          <a>canMakePayment()</a> and <a>hasEnrolledInstrument()</a>, which
          would return <a>a promise rejected with</a> a {{"NotAllowedError"}}
          {{DOMException}}.
          </li>
          <li>Rate-limiting the frequency of calls with different parameters.
          </li>
        </ul>
        <p>
          For rate-limiting the user agent might look at repeated calls from:
        </p>
        <ul>
          <li>the same effective top-level domain plus one (eTLD+1).
          </li>
          <li>the top-level browsing context. Alternatively, the user agent may
          block access to the API entirely for origins know to be bad actors.
          </li>
          <li>the origin of an <a>iframe</a> or popup window.
          </li>
        </ul>
        <p>
          These rate-limiting techniques intend to increase the cost associated
          with repeated calls, whether it is the cost of managing multiple
          eTLDs or the user experience friction of opening multiple windows
          (tabs or pop-ups).
        </p>
      </section>
    </section>
    <section class="informative">
      <h2>
        Accessibility Considerations
      </h2>
      <p>
        For the user-facing aspects of Payment Request API, implementations
        integrate with platform accessibility APIs via form controls and other
        input modalities. Furthermore, to increase the intelligibility of
        total, shipping addresses, and contact information, implementations
        format data according to system conventions.
      </p>
    </section>
    <section id="dependencies">
      <h2>
        Dependencies
      </h2>
      <p>
        This specification relies on several other underlying specifications.
      </p>
      <dl data-sort="">
        <dt>
          ISO 3366-2
        </dt>
        <dd>
          <dfn data-lt="country subdivision names">Country subdivision
          name</dfn> and <dfn>country subdivision code element</dfn> are
          defined in [[ISO3166-2]].
        </dd>
        <dt>
          ECMAScript
        </dt>
        <dd>
          The terms <dfn data-cite=
          "ECMASCRIPT#sec-object-internal-methods-and-internal-slots">internal
          slot</dfn>, and <code><dfn data-cite=
          "ECMASCRIPT#sec-json.stringify">JSON.stringify</dfn></code> are
          defined by [[ECMASCRIPT]].
          <p>
            The term <dfn data-lt=
            "JSON-serialized|JSON-serializing">JSON-serialize</dfn> applied to
            a given object means to run the algorithm specified by the original
            value of the <a>JSON.stringify</a> function on the supplied object,
            passing the supplied object as the sole argument, and return the
            resulting string. This can throw an exception.
          </p>
        </dd>
      </dl>
    </section>
    <section id="conformance">
      <p>
        There is only one class of product that can claim conformance to this
        specification: a <dfn>user agent</dfn>.
      </p>
      <p class="note">
        Although this specification is primarily targeted at web browsers, it
        is feasible that other software could also implement this specification
        in a conforming manner.
      </p>
      <p>
        User agents MAY implement algorithms given in this specification in any
        way desired, so long as the end result is indistinguishable from the
        result that would be obtained by the specification's algorithms.
      </p>
      <p data-tests="payment-request-constructor-crash.https.html">
        User agents MAY impose implementation-specific limits on otherwise
        unconstrained inputs, e.g., to prevent denial of service attacks, to
        guard against running out of memory, or to work around
        platform-specific limitations. When an input exceeds
        implementation-specific limit, the user agent MUST throw, or, in the
        context of a promise, reject with, a {{TypeError}} optionally informing
        the developer of how a particular input exceeded an
        implementation-specific limit.
      </p>
    </section>
    <section id="idl-index" class="appendix"></section>
    <section class="appendix">
      <h2>
        Acknowledgements
      </h2>
      <p>
        This specification was derived from a report published previously by
        the <a href="https://www.w3.org/community/wicg/">Web Platform Incubator
        Community Group</a>.
      </p>
    </section>
    <section>
      <h2>
        Changelog
      </h2>
      <script class="remove">
        function removeCommits({ message }) {
          return !/^editorial|^Editiorial|^edtiorial|^chore|^fix|^refactor|^tests?|^docs|^typo|^nit/i.test(message);
        }
      </script>
      <p>
        Changes from between CR2 until now:
      </p><rs-changelog from="CR2" filter="removeCommits"></rs-changelog>
      <p>
        Changes from between CR1 and CR2:
      </p><rs-changelog from="CR" to="CR2" filter=
      "removeCommits"></rs-changelog>
    </section>
  </body>
</html>