Transport-neutral payment credential verification.
Implements the full MPP verification pipeline — HMAC challenge binding, realm match, expiration check, request match, and method-specific verification — without any HTTP or transport dependency.
MPP.Plug delegates to this module for HTTP transport. MPP.Mcp and
the client SDK (Phase 12) can use it directly for JSON-RPC and other
transports.
Usage
opts = [
secret_key: "hmac-secret",
realm: "api.example.com",
method: MyApp.Payments.Stripe,
charge: charge,
method_config: %{"stripe_secret_key" => "sk_..."}
]
case MPP.Verifier.verify(credential, opts) do
{:ok, receipt} -> # payment verified
{:error, %MPP.Errors{} = error} -> # verification failed
endOptions
:secret_key— (required) HMAC-SHA256 key for challenge verification:realm— (required) expected server protection space:method— (required) module implementingMPP.Method:charge— (required)MPP.Intents.Charge.t()for this endpoint:method_config— (optional) server-only config map, default%{}
API Functions
| Function | Arity | Description | Param Kinds |
|---|---|---|---|
verify | 2 | Verify a payment credential against endpoint configuration. Transport-neutral. | credential: value, opts: value |
Summary
Functions
Verify a payment credential against endpoint configuration. Transport-neutral.
Functions
@spec verify( MPP.Credential.t(), keyword() ) :: {:ok, MPP.Receipt.t()} | {:error, MPP.Errors.t()}
Verify a payment credential against endpoint configuration. Transport-neutral.
Parameters
credential- Parsed MPP credential with echoed challenge and payment payload (value)opts- Keyword list: :secret_key (HMAC key), :realm, :method (module), :charge (Charge.t()), :method_config (optional map) (value)
Returns
{:ok, receipt} on success, {:error, %Errors{}} on failure (tagged_tuple)
Errors
:invalid_challenge:intent_mismatch:method_mismatch:payment_expired:request_mismatch:verification_failed
# descripex:contract
%{
params: %{
opts: %{
description: "Keyword list: :secret_key (HMAC key), :realm, :method (module), :charge (Charge.t()), :method_config (optional map)",
kind: :value
},
credential: %{
description: "Parsed MPP credential with echoed challenge and payment payload",
kind: :value
}
},
errors: [:invalid_challenge, :intent_mismatch, :method_mismatch,
:payment_expired, :request_mismatch, :verification_failed],
returns: %{
type: :tagged_tuple,
description: "`{:ok, receipt}` on success, `{:error, %Errors{}}` on failure"
}
}