HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 301 server: nginx date: Thu, 24 Jul 2025 00:32:47 GMT content-type: text/html content-length: 162 location: https://developer.mozilla.org/en-US/docs/Web/API/SecurePaymentConfirmationRequest strict-transport-security: max-age=60; includeSubDomains via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 HTTP/2 200 x-guploader-uploadid: ABgVH88aChr8QY-n0YWwyU-hK7H5WO26_0NTuF_37_K5a6tXXqH9u3u28t5sKSFi47K95H1FcL3MGYM x-goog-generation: 1753231571201297 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 58608 x-goog-meta-goog-reserved-file-mtime: 1753230314 x-goog-hash: crc32c=SIYO9A==, md5=EbXcLtwmlAQc8prsh9ZcNQ== x-goog-storage-class: STANDARD accept-ranges: none expires: Thu, 24 Jul 2025 01:32:48 GMT cache-control: public, max-age=3600 last-modified: Wed, 23 Jul 2025 00:46:11 GMT etag: W/"11b5dc2edc2694041cf29aec87d65c35" content-type: text/html age: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 alt-svc: clear x-content-type-options: nosniff strict-transport-security: max-age=63072000 content-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self'; x-frame-options: DENY origin-trial: AxVILwizhbMjxFeHOn1P3R8niO1RJY/smaK4B4d1rLzc1gTaxtXMSaTi+FoigYgCw40uFRDwFcEAeqDR+vVLOW4AAABfeyJvcmlnaW4iOiJodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZyIsImZlYXR1cmUiOiJQcml2YXRlQXR0cmlidXRpb25WMiIsImV4cGlyeSI6MTc0MjA3OTYwMH0= x-cloud-trace-context: 2b4bfae050b1a45e688efda7db4a8384 date: Thu, 24 Jul 2025 00:32:48 GMT server: Google Frontend via: 1.1 google vary: Accept-Encoding content-encoding: gzip x-cache: miss SecurePaymentConfirmationRequest - Web APIs | MDN

Skip to main content
Skip to search
Skip to select language

References
Learn
Plus
Curriculum ^New
Blog

Search MDN

Web
Web APIs
SecurePaymentConfirmationRequest

- Remember language
- Deutsch

Filter sidebar

Payment Request API
SecurePaymentConfirmationRequest
Related pages for Payment Request API
1. HTMLIFrameElement.allowPaymentRequest Non-standard Deprecated
2. MerchantValidationEvent Deprecated
3. PaymentAddress Non-standard Deprecated
4. PaymentMethodChangeEvent
5. PaymentRequest
6. PaymentRequestUpdateEvent
7. PaymentResponse
Guides

SecurePaymentConfirmationRequest

The SecurePaymentConfirmationRequest dictionary describes input to the Payment Request API when used to authenticate a user during an e-commerce transaction using SPC with Payment Request API.

An instance of this dictionary must be passed into the PaymentRequest() constructor as the value of the data field corresponding to a supportedMethods value of "secure-payment-confirmation".

Instance properties

challenge

An ArrayBuffer, TypedArray, or DataView provided by the relying party's server and used as a cryptographic challenge. This value will be signed by the authenticator and the signature will be sent back as part of AuthenticatorAttestationResponse.attestationObject. This helps prevent replay attacks.

credentialIds

A list of ArrayBuffer, TypedArray, or DataView. These Credential IDs represent Web Authentication credentials that have been registered with the relying party for authenticating during a payment with the associated instrument.

extensions Optional

Any WebAuthn extensions that should be used for the passed credential(s). The caller does not need to specify the payment extension; this is added automatically.

instrument

The description of the instrument name and icon to display during registration and to be signed along with the transaction details. This is an object with the following properties:

displayName: A string containing the payment instrument's name, which will be displayed to the user.
icon: A string containing the URL of the payment instrument's icon.
iconMustBeShown Optional: A boolean value indicating whether the icon must be successfully fetched and shown for the request to succeed. Defaults to true.

locale Optional

An optional list of well-formed RFC 5646: Tags for Identifying Languages (also known as BCP 47) language tags, in descending order of priority, that identify the local preferences of the website. That is, this represents a language priority list RFC 4647: Matching of Language Tags, which the user agent can use to perform language negotiation and locale-affected formatting with the caller.

Note: The locale is distinct from language or direction metadata associated with specific input members, in that it represents the caller's requested localized experience rather than assertion about a specific string value. See SPC internationalization Considerations for more discussion.

payeeName Optional

A string that serves as the display name of the payee that this SPC call is for (e.g., the merchant). Optional, may be provided alongside or instead of payeeOrigin.

payeeOrigin Optional

A string that is the origin of the payee that this SPC call is for (e.g., the merchant). Optional, may be provided alongside or instead of payeeName.

rpId

A string that specifies the relying party's identifier (for example "login.example.org").

showOptOut Optional

A boolean indicating whether the user should be given a chance to opt-out during the transaction dialog UX. Defaults to false.

timeout Optional

The number of milliseconds before the request to sign the transaction details times out. At most 1 hour.

Specifications

Specification
Secure Payment Confirmation # sctn-securepaymentconfirmationrequest-dictionary

Help improve MDN

Was this page helpful to you?

Learn how to contribute.

This page was last modified on May 28, 2025 by MDN contributors.

View this page on GitHub • Report a problem with this content

Your blueprint for a better internet.

MDN on Bluesky
MDN on Mastodon
MDN on X (formerly Twitter)
MDN on GitHub
MDN Blog RSS Feed

MDN

About
Blog
Careers
Advertise with us

Support

Product help
Report an issue

Our communities

MDN Community
MDN Forum
MDN Chat

Developers

Web Technologies
Learn Web Development
MDN Plus
Hacks Blog

Website Privacy Notice
Cookies
Legal
Community Participation Guidelines

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2025 by individual mozilla.org contributors. Content available under a Creative Commons license.

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source