Closed Bug 1027908 Opened 8 years ago Closed 6 years ago

Security Review: Serverless in-app payments


( :: Security Assurance: Review Request, task)

Not set


(Not tracked)



(Reporter: andy+bugzilla, Assigned: amuntner)



Project/Feature Name: Serverless in-app payments
Tracking ID: 944480

This project is to remove the need for a developer to run a server to process in-app payments. It's not really "serverless" because it requires processing by the marketplace servers. But it does remove it from the developers.

Additional Information:
Key Initiative: Marketplace / Apps
Release date: July 2014
Project status: development
Mozilla Data: Yes
Mozilla Related: Payments for Marketplace
Separate Party: No

Security Review Questions:

Affects products: yes
Review due date:
Review invitees:,
Extra information:
I think adamm is taking over marketplace stuff from rforbes
Flags: needinfo?(amuntner)
OS: Mac OS X → All
Hardware: x86 → All
since the wiki for this is public I am unhiding this bug as I don't see a reason to hide it
Group: mozilla-employee-confidential
Flags: needinfo?(amuntner)
Assignee: nobody → amuntner
I am working on the review for this, question:

Is the documentation at still accurate? If not, could someone please update?
That Wiki looks accurate. We are hoping to roll this out for QA and then into production in the next couple of weeks.
Just so I'm clear, can you specifically point me to the code and instance/urls that are in scope for this review? I don't want to leave anything out.
Flags: needinfo?(amckay)
The changes are in zamboni and webpay, but cover quite a lot of end points, pull requests and the like. Jared and Kumar worked on this, so better to ping them. Here's some API docs:

Would a quick diagram, chat, etherpad make sense here to review the flow?
Flags: needinfo?(amckay)
Closing, not doing reviews through this process any longer
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.