summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-07-27 11:10:28 +0200
committerChristian Grothoff <christian@grothoff.org>2020-07-27 11:10:28 +0200
commitc29dd690cca1f837ae3e79a8094eb421a30e5fa4 (patch)
tree5ac782db1877117ed371de6e0be9a485063a4aab /core
parent00cfe7f8cf3be3d8f4c9133820649ad8563d9b85 (diff)
downloaddocs-c29dd690cca1f837ae3e79a8094eb421a30e5fa4.tar.gz
docs-c29dd690cca1f837ae3e79a8094eb421a30e5fa4.tar.bz2
docs-c29dd690cca1f837ae3e79a8094eb421a30e5fa4.zip
fix spec: when which auth form is needed
Diffstat (limited to 'core')
-rw-r--r--core/api-merchant.rst4
1 files changed, 2 insertions, 2 deletions
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
index 010eebb..6424b79 100644
--- a/core/api-merchant.rst
+++ b/core/api-merchant.rst
@@ -1375,8 +1375,8 @@ Payment processing
**Request:**
- :query h_contract=HASH: hash of the order's contract terms (this is used to authenticate the wallet/customer in case $ORDER_ID is guessable). Either this field or *token* is *mandatory*.
- :query token=TOKEN: *Optional*. Authorizes the request via the claim token that was returned in the `PostOrderResponse`. Either this field or *h_contract* is *mandatory*.
+ :query h_contract=HASH: hash of the order's contract terms (this is used to authenticate the wallet/customer in case $ORDER_ID is guessable). Required once an order was claimed.
+ :query token=TOKEN: *Optional*. Authorizes the request via the claim token that was returned in the `PostOrderResponse`. Used with unclaimed orders only. Whether token authorization is required is determined by the merchant when the frontend creates the order.
:query session_id=STRING: *Optional*. Session ID that the payment must be bound to. If not specified, the payment is not session-bound.
:query timeout_ms=NUMBER: *Optional.* If specified, the merchant backend will
wait up to ``timeout_ms`` milliseconds for completion of the payment before