Stacks Pay: A Payment Request Standard for Stacks Blockchain Payments #202
Conversation
dantrevino
changed the title
|
Love standardization! |
|
Thanks for proposing, @dantrevino! We'll review on the Leather team and provide thoughts. |
|
|
||
| contractName, functionName: Wallets MUST ignore these parameters if present. | ||
|
|
||
| ### `mint` |
There was a problem hiding this comment.
What's the rationale for having mint operations as part of this spec? Couldn't this be seen as outside the realm of making payments?
Worried about how malicious contacts with a mint method, that otherwise looks like a SIP-009 contract, tricking users into draining their wallets.
There was a problem hiding this comment.
I believe that enabling payments to smart contracts is within the realm of payments. And malicious 'mint' operations can happen anywhere today. At Boom we're putting default post conditions on every request.
There was a problem hiding this comment.
@dantrevino as SIP-009 doesn't specify a mint function in the spec this would mean that you can only mint Boom NFTs? As there is no spec for the params it wouldn't work with other platforms mint I guess
There was a problem hiding this comment.
Sorry no this is not intended to be a Boom thing. The intention here was to make a generic name ... maybe to be more clear, for the mint function we make the functionName parameter required so that a wallet/app does not have to do the function lookup itself.
|
|
||
| Stacks Pay defines several standard operations that specify the type of payment action to be performed. Each operation type has specific required and optional parameters. | ||
|
|
||
| ### `support` |
There was a problem hiding this comment.
Are there not other use cases for a user-defined amount beyond supporting an org/project? Wondering if this name is too scoped to an individual use case, and could better be broader?
There was a problem hiding this comment.
Open to other ideas here ... i tried to find a word that would encapsulate tips, donations, and gifts.
There was a problem hiding this comment.
Overall looks good, happy to see you're putting this forward! I left a few small comments.
@human058382928 @r0zar @biwasbhandari these encoded URLs describe a Stacks transaction, might be something cool we can do there with @aibtcdev tooling!
|
|
||
| **Optional Parameters:** | ||
|
|
||
| - recipient: MAY be included; if present, MUST be a valid Stacks address. The NFT will be minted for the specified address. |
There was a problem hiding this comment.
Where is it minted if this is not specified?
There was a problem hiding this comment.
By default, the mint recipient is the user paying for the mint. If you include a recipient, you mint for that recipient.
| ### Custom Operations | ||
|
|
||
| Applications **MAY** define custom operations for specific use cases. Custom operation types **MUST** be prefixed to prevent naming conflicts (e.g., `'custom-example'`). | ||
|
|
||
| - **Handling Unrecognized Operations**: If a wallet encounters an unrecognized operation type, it **SHOULD**: | ||
|
|
||
| - **Warn the User**: Inform the user that the operation type is unrecognized. | ||
|
|
||
| - **Provide Safe Defaults**: Default to a standard payment flow if possible. | ||
|
|
||
| - **Fail Gracefully**: Prevent unexpected behavior or security risks. |
There was a problem hiding this comment.
Felt like this made it more readable
| ### Custom Operations | |
| Applications **MAY** define custom operations for specific use cases. Custom operation types **MUST** be prefixed to prevent naming conflicts (e.g., `'custom-example'`). | |
| - **Handling Unrecognized Operations**: If a wallet encounters an unrecognized operation type, it **SHOULD**: | |
| - **Warn the User**: Inform the user that the operation type is unrecognized. | |
| - **Provide Safe Defaults**: Default to a standard payment flow if possible. | |
| - **Fail Gracefully**: Prevent unexpected behavior or security risks. | |
| ### Custom Operations | |
| Applications **MAY** define custom operations for specific use cases. | |
| Custom operation types **MUST** be prefixed to prevent naming conflicts (e.g., `'custom-example'`). | |
| **Handling Unrecognized Operations**: If a wallet encounters an unrecognized operation type, it **SHOULD**: | |
| - **Warn the User**: Inform the user that the operation type is unrecognized. | |
| - **Provide Safe Defaults**: Default to a standard payment flow if possible. | |
| - **Fail Gracefully**: Prevent unexpected behavior or security risks. |
|
|
||
| ``` | ||
| R - required | ||
| O - optionalas determined |
| Example encoded Stack Pay url: | ||
|
|
||
| `stx1wajky2mnw3u8qcte8ghj76twwehkjcm98ahhqetjv96xjmmw845kuan0d93k2fnjv43kjurfv4h8g02n2qe9y4z9xarryv2wxer4zdjzgfd9yd62gar4y46p2sc9gd23xddrjkjgggu5k5jnye6x76m9dc74x4zcyesk6mm4de6r6vfsxqczver9wd3hy6tsw35k7m3a2pshjmt9de6zken0wg4hxetjwe5kxetnyejhsurfwfjhxst585erqv3595cnytfnx92ryve9xdqn2wf9xdqn2w26juk65n` |
There was a problem hiding this comment.
This was confusing to read before we got to the encoding section. Maybe save the example for later and focus on defining the web+stx format leading into it?
There was a problem hiding this comment.
It might help to use triple backticks instead of single on the code for readability, e.g.
stx1wajky2mnw3u8qcte8ghj76twwehkjcm98ahhqetjv96xjmmw845kuan0d93k2fnjv43kjurfv4h8g02n2qe9y4z9xarryv2wxer4zdjzgfd9yd62gar4y46p2sc9gd23xddrjkjgggu5k5jnye6x76m9dc74x4zcyesk6mm4de6r6vfsxqczver9wd3hy6tsw35k7m3a2pshjmt9de6zken0wg4hxetjwe5kxetnyejhsurfwfjhxst585erqv3595cnytfnx92ryve9xdqn2wf9xdqn2w26juk65n
vs
stx1wajky2mnw3u8qcte8ghj76twwehkjcm98ahhqetjv96xjmmw845kuan0d93k2fnjv43kjurfv4h8g02n2qe9y4z9xarryv2wxer4zdjzgfd9yd62gar4y46p2sc9gd23xddrjkjgggu5k5jnye6x76m9dc74x4zcyesk6mm4de6r6vfsxqczver9wd3hy6tsw35k7m3a2pshjmt9de6zken0wg4hxetjwe5kxetnyejhsurfwfjhxst585erqv3595cnytfnx92ryve9xdqn2wf9xdqn2w26juk65n
|
|
||
| ### Encoding and Decoding | ||
|
|
||
| Stacks Pay URLs **MUST** be encoded using **Bech32m encoding** with the human-readable part (HRP) set to `'stx'` and a `limit` of 512. This ensures compatibility and data integrity, making it suitable for QR codes and platforms with URL limitations. |
There was a problem hiding this comment.
It would be great to have a code snippet or example walking us through getting from parameters -> unencoded URL -> encoded URL and back. Where do we set the HRP and limit? What do I run to encode it?
|
How difficult is it to integrate into existing payment flows? E.g. compared to eth integration. Maybe something for the introduction. |
|
Hey Dan 👋 Awesome work on this! I wanted to share some thoughts based on my experience building Stacks Invoice Generator, where I tackled invoice generation for STX and Stacks tokens without smart contracts. One of the biggest challenges I faced was QR code functionality. Initially, I wanted users to scan a QR code and have it automatically open their wallet (Xverse/Leather) with all payment details pre-filled—similar to Bitcoin or Ethereum payment URIs (e.g., bitcoin:address?amount=0.1). However, Stacks doesn’t currently support a universal payment link format, so I had to settle for QR codes that only contain the recipient’s address, requiring users to manually enter the amount and memo. I believe adding universal payment links for STX and tokens (e.g., stackspay:stx1abc...xyz?amount=100&token=STX&memo=Invoice123) would be a game-changer for the ecosystem. It would: Would love to hear your thoughts on this! Is this something that could fit into Stacks Pay? |
QR codes are a core part of the experience i the proposal. Check out https://stackspay.org/ and the Merchant Section in the spec for details. The encoding also has the benefit of providing checksum so that users (stackpay parsers) can ensure that the QR codes have not been tampered with. |
Stacks Pay is a proposed standard for wrapping transaction information in a standard way for easy sharing.