spec TAN confirmation

1 files changed, 37 insertions, 1 deletions

diff --git a/libeufin/api-sandbox.rst b/libeufin/api-sandbox.rst
index 0633165a..29affda9 100644
--- a/libeufin/api-sandbox.rst
+++ b/libeufin/api-sandbox.rst
@@ -165,7 +165,7 @@ The following endpoints are served under ``/demobanks/default/customer-api``.
      }
 
 
-.. http:post:: /cashout
+.. http:post:: /cashouts
 
    Lets the user specify an amount to be converted back
    to fiat currency.  The target account is the one specified
@@ -187,6 +187,14 @@ The following endpoints are served under ``/demobanks/default/customer-api``.
 
    **Response:**
 
+   .. ts:def:: CashoutPending
+     
+     interface CashoutPending {
+       // UUID identifying the operation being created
+       // and now waiting the TAN confirmation.
+       uuid: string; 
+     }
+
    :http:statuscode:`202 Accepted`:
      The cashout request was correctly created and
      the TAN authentication now is pending.
@@ -195,6 +203,34 @@ The following endpoints are served under ``/demobanks/default/customer-api``.
    :http:statuscode:`409 Conflict`:
      A istitutional user (``admin`` or ``bank``) tried the operation.
 
+
+.. http:post:: /cashouts/$cashoutId
+
+   Confirms the cashout with UUID $cashoutId by
+   accepting its TAN.  Please note that the request
+   should still be authenticated with the users credentials.
+
+   **Request:**
+
+   .. ts:def:: CashoutConfirm
+     
+     interface CashoutConfirm {
+
+       // the TAN that was shared by the bank that
+       // confirms $cashoutId.
+       tan: string;
+     }
+
+
+   **Response:**
+   
+   :http:statuscode:`200 OK`:
+     cashout confirmed.
+   :http:statuscode:`401 Unauthorized`:
+     wrong TAN.
+   :http:statuscode:`409 Conflict`:
+     A istitutional user (``admin`` or ``bank``) tried the operation.
+
 Access API.
 ^^^^^^^^^^^