Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
215 lines (142 sloc) 5.52 KB


A Python module to make web payments with Mozilla's navigator.mozPay().

You can read all about how web payments work in the developer docs.

Mozilla's web payments allow you to operate an app (or website) that accepts payments for digital goods. As payments are completed, the Firefox Marketplace needs to communicate the transaction ID to your app. You can use this library to validate the signature of that communication. All communication is done via signed JWT (JSON Web Token).

This also includes some generic ways to validate JWT objects. Hmm, maybe that should be extracted for more general use.


With pip or easy_install, run:

pip install mozpay

Or install it from source:

pip install git+git://

Verify a postback

import logging
from mozpay import InvalidJWT, process_postback
    data = process_postback(signed_request,
    print data['response']['transactionID']
except InvalidJWT:
    loggging.exception('in postback')

Verify a chargeback

import logging
from mozpay import InvalidJWT, process_chargeback
    data = process_chargeback(signed_request,
    print data['response']['transactionID']
    print data['response']['reason']
except InvalidJWT:
    logging.exception('in chargeback')

Use It With Django

If you use the Django framework, there's an app you can plug right into your

Add the app in your file:

    # ...

Add your key and secret that was granted by the Firefox Marketplace to your local file:

MOZ_APP_KEY = '<from>'
MOZ_APP_SECRET = '<from>'


Do not commit your secret to a public repo. Always keep it secure on your server. Never expose it to the client in JavaScript or anywhere else.

Add the postback / chargeback URLs to your file:

from django.conf.urls.defaults import patterns, include

urlpatterns = patterns('',
    ('^moz/', include('mozpay.djangoapp.urls')),

This will add /moz/postback and /moz/chargeback to your URLs. You'll enter these callback URLs into the in-app payment config screen on the Firefox Marketplace.

If you want to do further processing on the postbacks, you can connect to a few signals. Here is an example of code to go in your app (probably in

import logging
from django.dispatch import receiver

from mozpay.djangoapp.signals import (moz_inapp_postback,

def mozmarket_postback(request, jwt_data, **kwargs):'transaction ID %s processed ok'
                 % jwt_data['response']['transactionID'])

def mozmarket_chargeback(request, jwt_data, **kwargs):'transaction ID %s charged back; reason: %r'
                 % (jwt_data['response']['transactionID'],

Exceptions are logged to the channel mozpay.djangoapp.views so be sure to add the appropriate handlers to that.

When an InvalidJWT exception occurs, a 400 Bad Request is returned.

JWT Verification API

.. automodule:: mozpay.verify
    :members: verify_jwt, verify_sig, verify_claims, verify_keys


.. automodule:: mozpay.exc

Source Code and Bug Tracker

The source code is hosted on and you can submit pull requests and bugs over there.


Hello! To work on this module, check out the source from git and be sure you have the tox tool. To run the test suite, cd into the root and type:


This will run all tests in a virtualenv using the supported versions of Python.

To build the documentation, create a virtualenv then run:

pip install -r docs/requirements.txt

Build the docs from the root like this:

make -C docs/ html

Et voila:

open docs/_build/html/index.html


  • 2.1.0
    • Added algorithms list to verification functions to adjust what JWT algorithms are accepted. By default only HS256 is accepted now.
    • Upgraded PyJWT to the latest version.
    • Removed M2Crypto as a dependency because that is no longer needed and it wasn't actually used for our signing purposes anyway.
  • 2.0.0
  • 1.0.4
    • First working release.

Indices and tables