diff options
| author | Marcello Stanisci <marcello.stanisci@inria.fr> | 2016-02-15 19:15:11 +0100 |
|---|---|---|
| committer | Marcello Stanisci <marcello.stanisci@inria.fr> | 2016-02-15 19:15:11 +0100 |
| commit | 4479b49bda602a73f6e1c24fdfb68dfbbf15b069 (patch) | |
| tree | 44f800d4e4672f08925003ff2b182f9cc41b6ec8 | |
| parent | 05c91fd72aac7edfff45b286ade2be3c747583bc (diff) | |
| download | docs-4479b49bda602a73f6e1c24fdfb68dfbbf15b069.tar.gz docs-4479b49bda602a73f6e1c24fdfb68dfbbf15b069.tar.bz2 docs-4479b49bda602a73f6e1c24fdfb68dfbbf15b069.zip | |
/hash-contract in backend
| -rw-r--r-- | impl-merchant.rst | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/impl-merchant.rst b/impl-merchant.rst index 0b5d1975..505376d0 100644 --- a/impl-merchant.rst +++ b/impl-merchant.rst @@ -50,6 +50,22 @@ The Merchant Backend HTTP API The following API are made available by the merchant's `backend` to the merchant's `frontend`. +.. http:post:: /hash-contract + + Ask the backend to compute the hash of the `contract` given in the POST's body. This feature + allows frontends to verify that names of resources which are going to be sold are actually `in` + the paid cotnract. Without this feature, a malicious wallet can request resource A and pay for + resource B without the frontend being aware of that. + + **Response** + + :status 200 OK: + hash succesfully computed. The returned value is a JSON having one field called `hash` containing + the hashed contract + :status 400 Bad Request: + Request not understood. The JSON was invalid. Possibly due to some error in + formatting the JSON by the `frontend`. + .. http:post:: /contract Ask the backend to add some missing (mostly related to cryptography) information to the contract. |