Saturday, 1 September 2007

Gift certificate (future story)

One of the early ideas that our chief web fiend has coveted is that of unique URIs that are good for one (or more) calls. This gift certificate would probably be a time limited credit, and maybe only for a particular gadget.

It might sound as if its just a strange way to give credits to another user, but that's not quite true. For a start, a non Mojo user could, in theory, use a gift certificate, though this may not be required. A gift could be given to an anonymous recipient, something not possible for a credit transfer. And a time limited gadget promotional offer would make good marketing.

The mechanism isn't too important; the certificate must match a record in Mojo and so is quite secure. Sending the uri itself to the server should be enough to redeem it.


nathan said...

One shot Links
If you allow GET parameters and force the message "name" to be unique users could generate links that are single shot. Once it had been clicked once, that message name cannot be used again. The user would need to dynamically generate the link using their secret and they could then distribute this link as they see fit. It would help with mashups.

DE said...

Definitely a plan.

Robbie has already made message names unique. This does put the onus on a user to select a naming schema if they wish to overide teh default.

Paul has already suggested giving these one shots time limits. Very much like money off coupons. One can also fix the target of the message or call.

psd said...

nathan, that in a nutshell is the idea and the name is already "unique".

To be RESTful that GET should be a POST form you then have to click on to make the call, but given already have to have unsafe URIs for script tag injection to get around SOP, then you'll have a one-click-call URI for free!

A missing part is as Robbie says, an expires parameter. If present the digest will cover that, so I can send you a "call me tonight" link in email/im etc.