Edit: to your point, a visitor could still fake a monetization object and dispatch fake events supplied with a fake
Correct, we wouldn’t consider the client-side events to be trusted, because a clever user could spoof the events with a simple extension.
Coil is sending payment to my Stronghold account (I think) via XRP. How do I confirm server-side that the value was actually sent? Stronghold does not give general access to its API unless you’re willing to license it for $10k/month. That’s not a reasonable option for most content creators using Coil.
If XRP is a blockchain-like thing, I assume it must be publicly auditable. I don’t know how to do that part. I also assume and don’t know if the
requestId is part of the XRP transaction.
Web monetization purely works over Interledger. While XRP can be used as a settlement asset for Interledger, that’s just an occasional operation that occurs between providers/wallets. If two parties are peered over XRP then they would send an XRP payment between each other for the total of their Interledger traffic on whatever schedule they agree on (could be every day, every month, every 10k XRP, etc.). If two parties are peered over USD then they would send a USD payment between each other to settle traffic and not touch XRP at all. Every pair of network participants on Interledger chooses whatever currency they want to settle their Interledger traffic. (Questions about this part would be better placed on the Interledger Forum, where I would be happy to answer them)
The Interleger micropayment completes separately to the settlement. So you could have your money available instantly after getting it sent over interledger even though many intermediary connectors haven’t settled their traffic yet.
Basically Interledger transactions have no corresponding XRP or blockchain transaction
I also don’t know how Interledger works or what role it plays. I assume in the future, some non-XRP-based payments will be supported. Maybe Interledge and not XRP’s psuedo-blockchain is the place to verify a payment transaction?
That’s right! You can use Interledger APIs to verify Web Monetization securely. Here is an example project that tracks incoming Interledger funds and exposes an API to check securely whether a given requestId has paid or not. https://github.com/sharafian/web-monetization-access
The main challenge in using something like this today is it requires direct Interledger access. Right now wallets on Interledger have not exposed an open API to directly access Interledger, but it’s being worked on. So in the meantime you would have to find a peer on the network, which isn’t really feasible for an individual.
Another approach for verifying payments which is a little more specialized to the use case is Open Payments. https://openpayments.dev/
Open payments defines a set of APIs that wallets can expose for a high level API on top of Interledger. This API covers common use cases like retail push/pull payments, and also Web Monetization. One of the resources in Open payments represents a given Web Monetization Provider, and can be checked to ensure that a given visitor’s provider has paid.
Basically the APIs that you would use for server-side verification are not generally available yet, although they are being used by us at Coil and by Cinnamon Video as proof of concept. Expect updates here soon because it’s a really important to us that this is possible. We just want to make sure it’s easy to use and safe, which can take some time.