Intent to Ship: Get Secure Payment Confirmation Capabilities

13 views
Skip to first unread message

Chromestatus

unread,
10:23 AM (7 hours ago) 10:23 AM
to blin...@chromium.org, chrome-pay...@google.com, darwi...@chromium.org
Contact emails
darwi...@chromium.org

Explainer
https://github.com/w3c/secure-payment-confirmation/issues/290#issuecomment-3806454419

Specification
https://w3c.github.io/secure-payment-confirmation/#sctn-secure-payment-confirmation-capabilities

Design docs

https://www.w3.org/wbs/83744/spc-mvp-2025/results
https://github.com/w3c/secure-payment-confirmation/issues/290#issuecomment-3806454419
https://www.w3.org/2026/01/29-wpwg-minutes.html#3919
https://www.w3.org/2026/02/26-wpwg-minutes.html#bbkdetect

Summary
Adds a new static method to the Payment Request that allows web developers to get the capabilities of the browser's implementation of Secure Payment Confirmation. This helps web developers to easily know what capabilities are available for Secure Payment Confirmation so they can decide whether or not they want to use Secure Payment Confirmation with those capabilities.

Blink component
Blink>Payments

Web Feature ID
secure-payment-confirmation

Motivation
This feature allows web developers to check for which capabilities are supported in the browser's implementation of Secure Payment Confirmation. Web developers want an easy way to check whether hardware browser bound keys are available with the Secure Payment Confirmation API and only use the API if if they are available. Without this method, web developers would need to initiate the Secure Payment Confirmation flow and force users to go through the dialog and authenticate just to ignore the data returned if it did not contain the browser bound key (in cases where browser bound keys are not available).

Initial public proposal
https://github.com/w3c/secure-payment-confirmation/issues/290#issuecomment-3806454419

Search tags
spc, bbk

TAG review
No information provided

TAG review status
Not applicable

Risks


Interoperability and Compatibility
The GetSecurePaymentConfirmationCapabilities method is new and the only risk is if other browser do not implement it.

Gecko: No signal (https://github.com/mozilla/standards-positions/issues/570) Firefox haven't implemented SPC yet so this new method is not relevant.

WebKit: No signal (https://github.com/WebKit/standards-positions/issues/30) Safari haven't implemented SPC yet so this new method is not relevant.

Web developers: Positive (https://www.w3.org/2026/01/29-wpwg-minutes.html#3919) Discussed the GetSecurePaymentConfirmationCapabilities method during the WPWG when proposing a solution to Browser Bound Key Feature Detection and did not receive any comments opposed to this feature.

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No information provided


Debuggability
Web developers should be able to inspect the output of the new method which is defined in WebIDL, thus no changes are needed in devtools.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
No
The GetSecurePaymentConfirmationCapabilities method will only be added to platforms that support Secure Payment Confirmation which are currently only Android, macOS, and Windows.

Is this feature fully tested by web-platform-tests?
No
Web platform tests are in development. We can only test if the method is available and can be called as user agents have the ability to omit capabilities (for privacy reasons).

Flag name on about://flags
No information provided

Finch feature name
SecurePaymentConfirmationCapabilities

Rollout plan
Will ship enabled for all users

Requires code in //chrome?
False

Tracking bug
https://crbug.com/484043990

Launch bug
https://launch.corp.google.com/launch/4448199

Measurement
A new GetSecurePaymentConfirmationCapabilities UseCounter will be created and used.

Availability expectation
The GetSecurePaymentConfirmationCapabilities method will only be available in Chromium browsers for the foreseeable future.

Estimated milestones
Shipping on desktop147
Shipping on Android147


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

No information provided

Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4727235745546240?gate=4769560794365952

Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69a0a6a7.050a0220.3c921b.02ae.GAE%40google.com


This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages