The syntax of a payment pointer is:
"$" host path-abempty
Note that the character set of a Payment Pointer, as with a valid URL, is limited to a subset of valid ASCII characters.
Further work may be done to define mappings from other character sets that support international characters (similar to the rules for Internationalized Domain Names) however, such mappings are not defined in this specification. Implementations that attempt to interpret a Payment Pointer that contains non-ASCII characters should be aware of the security risks.
Given a payment pointer of the form
"$" host path-abempty the endpoint URL that it resolves to is:
"https://" host path-abempty
If path-abempty is empty or equal to
/ then it is assigned the value
Note that this is a restricted profile of the data allowed in a full https URL as defined in RFC3986.
The URL syntax supports an authority, however the Payment Pointer syntax only supports a host which excludes the userinfo and port. The Payment Pointer syntax also excludes the query and fragment parts that are allowed in the URL syntax.
Payment Pointers that do not meet the limited syntax of this profile MUST be considered invalid and should not be used to resolve a URL.
The following payment pointers resolve to the specified endpoint URLs:
$example.com -> https://example.com/.well-known/pay $example.com/invoices/12345 -> https://example.com/invoices/12345 $bob.example.com -> https://bob.example.com/.well-known/pay $example.com/bob -> https://example.com/bob
Payment Pointers MUST resolve to an https URL as defined in RFC7230.
Clients MUST support HTTP redirects as a result of
3XX responses per RFC 7231 however these MUST always redirect to a secure (https) URL.
Servers SHOULD be cautious with the use of permanent (301/308) redirect response codes as clients may stop querying the original Payment Pointer and always query the new URL for future payments.