{"ok":true,"tenant":"xconect","workspace":"xconect","stack":"node-fastify","mode":"reference-marketplace-tenant","time":"2026-05-14T07:59:05.302Z","gateway_url":"https://gateway.0x730.com","display_name":"Xconect","stack_label":"node-fastify","tenant_policy_slugs":["xconect-tenant-subject-profile-policy"],"proof_sources":["/api/reference","/api/host-config","/api/installations?subjectId=..."],"sdk_paths":{"node":"@xapps-platform/server-sdk","php":"xapps-platform/xapps-php","browser":"xapps-embed-sdk"},"host_surfaces":[{"key":"single-panel","label":"Single panel","recommended_for_first_lane":true},{"key":"split-panel","label":"Split panel","recommended_for_first_lane":false},{"key":"single-xapp","label":"Single xapp","recommended_for_first_lane":false}],"payment_modes":[{"key":"gateway_managed","label":"Gateway managed","default_for_first_lane":true,"page_owner":"gateway"},{"key":"tenant_delegated","label":"Gateway delegated by tenant","default_for_first_lane":false,"page_owner":"gateway"},{"key":"publisher_delegated","label":"Gateway delegated by publisher","default_for_first_lane":false,"page_owner":"gateway"},{"key":"owner_managed","reference_key":"owner_managed","label":"Owner managed","default_for_first_lane":false,"page_owner":"owner"}],"payment_mode_reference_details":[{"key":"gateway_managed","label":"Gateway managed","description":"Gateway owns hosted checkout and provider execution. Tenant mainly consumes the lane.","payment_session_model":{"uses_gateway_payment_session":true,"tenant_owns_payment_page":false,"tenant_owns_payment_session_endpoints":false,"tenant_calls_gateway_payment_session_api_directly":false,"tenant_session_reference":"gateway-hosted session only"},"required_settings":["XCONECT_GUARD_INGEST_API_KEY","XCONECT_TENANT_PAYMENT_RETURN_SECRET or XCONECT_TENANT_PAYMENT_RETURN_SECRET_REF"],"payment_responsibilities":["keep gateway-managed payment lane configured","do not implement a tenant payment page for this mode","reuse gateway-hosted checkout returned by the platform"],"payment_endpoints":[],"policy_responsibilities":["verify signed payment evidence for the gateway-managed lane","block and return the gateway-hosted payment action when evidence is missing"],"policy_endpoints":[{"method":"POST","path":"/xapps/requests","purpose":"Runs the tenant payment policy for gateway-managed xapps."}],"guide_path":"packages/backend-kit/src/backend/modes/gateway-managed/payment.ts"},{"key":"tenant_delegated","label":"Gateway delegated by tenant","description":"Gateway executes checkout with tenant-scoped delegated credentials and delegated signing.","payment_session_model":{"uses_gateway_payment_session":true,"tenant_owns_payment_page":false,"tenant_owns_payment_session_endpoints":false,"tenant_calls_gateway_payment_session_api_directly":false,"tenant_session_reference":"gateway-hosted delegated session only"},"required_settings":["XCONECT_GUARD_INGEST_API_KEY","delegated payment credential refs in the manifest/guard config","XCONECT_TENANT_PAYMENT_RETURN_SECRET or XCONECT_TENANT_PAYMENT_RETURN_SECRET_REF"],"payment_responsibilities":["keep tenant-delegated payment lane configured","provide delegated credential/signing configuration","reuse gateway-hosted checkout returned by the platform"],"payment_endpoints":[],"policy_responsibilities":["verify signed payment evidence for the tenant-delegated lane","block and return the delegated gateway-hosted payment action when evidence is missing"],"policy_endpoints":[{"method":"POST","path":"/xapps/requests","purpose":"Runs the tenant payment policy for tenant-delegated xapps."}],"guide_path":"packages/backend-kit/src/backend/modes/tenant-delegated/payment.ts"},{"key":"publisher_delegated","label":"Gateway delegated by publisher","description":"Gateway executes checkout with publisher-scoped delegated credentials and delegated signing.","payment_session_model":{"uses_gateway_payment_session":true,"tenant_owns_payment_page":false,"tenant_owns_payment_session_endpoints":false,"tenant_calls_gateway_payment_session_api_directly":false,"tenant_session_reference":"gateway-hosted delegated session only"},"required_settings":["backend guard ingest API key","delegated publisher payment credential refs in the manifest/guard config","publisher delegated payment return secret or secret ref"],"payment_responsibilities":["keep publisher-delegated payment lane configured","provide delegated publisher credential/signing configuration","reuse gateway-hosted checkout returned by the platform"],"payment_endpoints":[],"policy_responsibilities":["verify signed payment evidence for the publisher-delegated lane","block and return the delegated gateway-hosted payment action when evidence is missing"],"policy_endpoints":[{"method":"POST","path":"/xapps/requests","purpose":"Runs the payment policy for publisher-delegated xapps."}],"guide_path":"packages/backend-kit/src/backend/modes/publisher-delegated/payment.ts"},{"key":"owner_managed","reference_key":"owner_managed","label":"Owner managed","description":"The owner controls the payment page flow. The packaged sample payment page is the default reference seam for this path.","payment_session_model":{"uses_gateway_payment_session":true,"tenant_owns_payment_page":true,"tenant_owns_payment_session_endpoints":true,"tenant_calls_gateway_payment_session_api_directly":true,"tenant_session_reference":"tenant page proxies gateway session through /api/tenant-payment/*"},"required_settings":["XCONECT_GUARD_INGEST_API_KEY","XCONECT_TENANT_PAYMENT_URL","XCONECT_TENANT_PAYMENT_RETURN_SECRET or XCONECT_TENANT_PAYMENT_RETURN_SECRET_REF"],"payment_responsibilities":["serve the tenant payment page","implement tenant payment session endpoints","complete/client-settle the hosted gateway session from the tenant page"],"payment_endpoints":[{"method":"GET","path":"/tenant-payment.html","purpose":"Serves the tenant-owned payment page."},{"method":"GET","path":"/api/tenant-payment/session","purpose":"Loads the current hosted gateway session for the tenant page."},{"method":"POST","path":"/api/tenant-payment/complete","purpose":"Advances the hosted gateway session from the tenant page."},{"method":"POST","path":"/api/tenant-payment/client-settle","purpose":"Fallback client settlement for the tenant page flow."}],"policy_responsibilities":["verify signed payment evidence for the owner-managed lane","block and return the tenant payment page action when evidence is missing"],"policy_endpoints":[{"method":"POST","path":"/xapps/requests","purpose":"Runs the tenant payment policy for owner-managed xapps."}],"guide_path":"packages/backend-kit/src/backend/modes/owner-managed/payment.ts"}],"endpoint_groups":[{"key":"core_health","label":"Core health","when_to_use":"Always present in the reference backend.","endpoints":[{"method":"GET","path":"/health","purpose":"Basic backend health."}]},{"key":"guard_execution","label":"Tenant guard execution reference","when_to_use":"Needed when the tenant owns payment-policy or subject-profile policy execution.","endpoints":[{"method":"POST","path":"/xapps/requests","purpose":"Receives tenant-owned guard/policy tool execution."}]},{"key":"gateway_managed_payment_reference","label":"Gateway-managed payment reference","when_to_use":"Use this when the tenant keeps the first-lane managed payment flow and the gateway owns checkout orchestration.","endpoints":[],"notes":["Existing xapps use the gateway-hosted payment page for this mode.","The tenant backend participates through guard execution and tenant configuration, not through a tenant payment page."]},{"key":"tenant_delegated_payment_reference","label":"Tenant-delegated payment reference","when_to_use":"Use this when checkout is still gateway-hosted but tenant delegated credentials/signing are required.","endpoints":[],"notes":["Existing xapps keep the gateway-hosted payment page for this mode too.","The tenant backend participates through guard execution and delegated tenant configuration."]},{"key":"publisher_delegated_payment_reference","label":"Publisher-delegated payment reference","when_to_use":"Use this when checkout is still gateway-hosted but publisher delegated credentials/signing are required.","endpoints":[],"notes":["Existing xapps keep the gateway-hosted payment page for this mode too.","The backend participates through guard execution and delegated publisher configuration."]},{"key":"owner_managed_payment_reference","label":"Owner-managed payment page reference","when_to_use":"Use this when the owner keeps the owner-managed lane and the packaged sample payment page is used.","endpoints":[{"method":"GET","path":"/tenant-payment.html","purpose":"Serves the tenant-owned payment page."},{"method":"GET","path":"/api/tenant-payment/session","purpose":"Loads the current hosted gateway session for the tenant page."},{"method":"POST","path":"/api/tenant-payment/complete","purpose":"Advances the hosted gateway session from the tenant page."},{"method":"POST","path":"/api/tenant-payment/client-settle","purpose":"Fallback client settlement for the tenant page flow."}]},{"key":"tenant_subject_profile_reference","label":"Tenant subject-profile reference seam","when_to_use":"Optional seam when the tenant wants to provide tenant-owned billing profile candidates.","endpoints":[{"method":"POST","path":"/guard/subject-profiles/tenant-candidates","purpose":"Returns tenant-owned billing/profile candidates for the guard."}]},{"key":"reference_assets","label":"Reference assets","when_to_use":"Only for the current local/reference browser flow.","endpoints":[{"method":"GET","path":"/","purpose":"Entry page for the xconect marketplace host reference."},{"method":"GET","path":"/marketplace.html","purpose":"Marketplace host shell with single-panel and split-panel embed modes."},{"method":"GET","path":"/single-xapp.html","purpose":"Focused single-xapp host surface using the same shared host/runtime contract."},{"method":"GET","path":"/embed/sdk/xapps-embed-sdk.esm.js","purpose":"Serves the embed SDK bundle used by the local reference host surfaces."},{"method":"GET","path":"/host/xconect-marketplace-host.js","purpose":"Browser bootstrap for the marketplace host reference."},{"method":"GET","path":"/host/xconect-single-xapp-host.js","purpose":"Browser bootstrap for the single-xapp host reference."},{"method":"GET","path":"/host/xconect-host-shell.js","purpose":"Reference host-shell rendering helpers for marketplace and single-xapp surfaces."},{"method":"GET","path":"/host/xconect-host-runtime.js","purpose":"xconect runtime/theme configuration over the shared browser SDK contract."},{"method":"GET","path":"/host/host-status.js","purpose":"Shared host proof/status renderer used by xconect and xconectb host surfaces."},{"method":"GET","path":"/assets/xconect-seed-logo.svg","purpose":"Local reference branding asset."}]},{"key":"reference_marketplace_host_core","label":"Reference marketplace host proxy: core contract","when_to_use":"Use this first. It is the core tenant browser->backend contract for the marketplace host.","endpoints":[{"method":"GET","path":"/api/host-config","purpose":"Returns current host config such as gateway base URL and supported embed modes."},{"method":"POST","path":"/api/resolve-subject","purpose":"Resolves a stable subject id from email for the stateless host bootstrap."},{"method":"POST","path":"/api/create-catalog-session","purpose":"Proxies catalog session creation for the host page."},{"method":"POST","path":"/api/catalog-customer-profile","purpose":"Resolves the default tenant billing profile used to prefill subject-bound catalog sessions."},{"method":"POST","path":"/api/create-widget-session","purpose":"Proxies widget session creation for the host page."}]},{"key":"reference_marketplace_host_lifecycle","label":"Reference marketplace host proxy: lifecycle","when_to_use":"Required for a real tenant marketplace host, while still kept as a separate layer for clarity.","endpoints":[{"method":"GET","path":"/api/installations","purpose":"Lists installations for the current subject in the host page."},{"method":"POST","path":"/api/install","purpose":"Install mutation proxy used by the host page."},{"method":"POST","path":"/api/update","purpose":"Update mutation proxy used by the host page."},{"method":"POST","path":"/api/uninstall","purpose":"Uninstall mutation proxy used by the host page."},{"method":"GET","path":"/api/my-xapps/:xappId/monetization","purpose":"Loads current-subject monetization state and published paywalls for an installed xapp."},{"method":"GET","path":"/api/my-xapps/:xappId/monetization/history","purpose":"Loads recent current-subject XMS history for auditability across purchases, access, wallets, and invoices."},{"method":"POST","path":"/api/my-xapps/:xappId/monetization/purchase-intents/prepare","purpose":"Prepares a current-subject XMS purchase intent for the host plans surface."},{"method":"POST","path":"/api/my-xapps/:xappId/monetization/purchase-intents/:intentId/payment-session","purpose":"Starts hosted checkout for the selected published paywall package."},{"method":"POST","path":"/api/my-xapps/:xappId/monetization/purchase-intents/:intentId/payment-session/finalize","purpose":"Finalizes hosted return and refreshes access for the current-subject XMS flow."}]},{"key":"reference_marketplace_host_bridge","label":"Reference marketplace host proxy: advanced bridge","when_to_use":"Add these only when the tenant host needs bridge renewal or advanced signing seams.","endpoints":[{"method":"POST","path":"/api/bridge/token-refresh","purpose":"Bridge v2 token-refresh helper for widget session renewal."},{"method":"POST","path":"/api/bridge/sign","purpose":"Optional bridge signing seam for advanced host integrations."},{"method":"POST","path":"/api/bridge/vendor-assertion","purpose":"Optional vendor assertion seam for advanced linked integrations."}]}],"integration_options":[{"key":"lean_managed_first_lane","label":"Lean first version","recommended":true,"platform_managed":["payments: stripe gateway-managed","invoicing","notifications"],"tenant_must_own":["tenant identity/bootstrap","core marketplace host proxy contract","marketplace lifecycle routes","payment return signing configuration","guard execution endpoint","tenant configuration for the chosen gateway lane"],"reference_endpoint_groups":["core_health","guard_execution","gateway_managed_payment_reference","reference_marketplace_host_core","reference_marketplace_host_lifecycle","tenant_subject_profile_reference"]},{"key":"tenant_payment_control","label":"Tenant payment method / delegated evolution","recommended":false,"platform_managed":["invoicing","notifications"],"tenant_must_own":["payment lane selection/configuration","core marketplace host proxy contract","marketplace lifecycle routes","payment return signing policy","tenant payment page or equivalent UX if owner-managed mode is selected"],"reference_endpoint_groups":["core_health","guard_execution","tenant_delegated_payment_reference","owner_managed_payment_reference","reference_marketplace_host_core","reference_marketplace_host_lifecycle","reference_marketplace_host_bridge","tenant_subject_profile_reference"],"notes":["Current tenant backend is the reference seam for tenant-controlled payment evolution.","The tenant may keep the same contract in Node or reimplement it in PHP/Laravel via xapps-platform/xapps-php."]},{"key":"tenant_own_invoicing","label":"Tenant-owned invoicing later","recommended":false,"platform_managed":[],"tenant_must_own":["tenant invoice provider configuration","invoice execution policy/refs on the gateway lane"],"reference_endpoint_groups":[],"notes":["No dedicated tenant backend endpoint is required in the current lean lane for managed invoicing.","If tenant-owned invoicing is selected later, follow docs/specifications/expansions/09-invoicing-hook-provider-model.md."]},{"key":"tenant_own_notifications","label":"Tenant-owned notifications later","recommended":false,"platform_managed":[],"tenant_must_own":["tenant notification provider configuration","notification execution policy/refs on the gateway lane"],"reference_endpoint_groups":[],"notes":["No dedicated tenant backend endpoint is required in the current lean lane for managed notifications.","If tenant-owned notifications are selected later, follow docs/specifications/expansions/08-notification-hook-provider-model.md."]}]}