PaymentRequest: merchantvalidation event

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Deprecated: This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

merchantvalidation events are delivered by the Payment Request API to a PaymentRequest object when a payment handler requires that the merchant requesting the purchase validate itself as permitted to use the payment handler.

Learn how the merchant validation process works.

This event is not cancelable and does not bubble.

Syntax

Use the event name in methods like addEventListener(), or set an event handler property.

js
addEventListener("merchantvalidation", (event) => {});

onmerchantvalidation = (event) => {};

Event type

A MerchantValidationEvent. Inherits from Event.

Event properties

MerchantValidationEvent.methodName

A string providing a unique payment method identifier for the payment handler that's requiring validation. This may be either one of the standard payment method identifier strings or a URL that both identifies and handles requests for the payment handler, such as https://apple.com/apple-pay.

MerchantValidationEvent.validationURL

A string specifying a URL from which the site or app can fetch payment handler specific validation information. Once this data is retrieved, the data (or a promise resolving to the validation data) should be passed into complete() to validate that the payment request is coming from an authorized merchant.

Examples

In this example, an event handler is established for the merchantvalidation event. It uses the fetch() to send a request to its own server with an argument of the payment method's validation URL, obtained from the event's validationURL property. The merchant server should access the validation URL in accordance with the payment method documentation. Typically, a client should not access the validation URL.

js
request.addEventListener("merchantvalidation", (event) => {
  event.complete(async () => {
    const merchantServerUrl = `${
      window.location.origin
    }/validate?url=${encodeURIComponent(event.validationURL)}`;
    // get validation data, and complete validation;
    return await fetch(merchantServerUrl).then((response) => response.text());
  }, false);
});

const response = await request.show();

How merchant server handles the validation depends on the server implementation and payment method documentation. The content delivered by the validation server is forwarded to the merchant server and is then returned from the fetch() call's fulfillment handler to the complete() method on the event. This response lets the payment handler know if the merchant is validated.

You can also use the onmerchantvalidation event handler property to set up the handler for this event:

js
request.onmerchantvalidation = (event) => {
  event.complete(async () => {
    const merchantServerUrl = `${
      window.location.origin
    }/validate?url=${encodeURIComponent(event.validationURL)}`;
    // get validation data, and complete validation;
    return await fetch(merchantServerUrl).then((response) => response.text());
  });
};

const response = await request.show();

For more information, see Merchant validation.

Browser compatibility

BCD tables only load in the browser

See also