2 files changed, 25 insertions, 37 deletions

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index 02addfcb..86b12ad0 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -1331,14 +1331,6 @@ exchange.
       // Balance left in the reserve.
       balance: Amount;
 
-      // True if the owner of the account currently satisfies
-      // the required KYC checks.
-      kyc_passed: boolean;
-
-      // True if the reserve history includes a merge of a purse
-      // and thus the owner must pass KYC checks before withdrawing.
-      kyc_required: boolean;
-
       // Transaction history for this reserve.
       // May be partial (!).
       history: TransactionHistoryItem[];
@@ -3327,10 +3319,15 @@ typically also view the balance.)
       // Legitimization target that the merchant should
       // use to check for its KYC status using
       // the ``/kyc-check/$LEGITIMIZATION_UUID`` endpoint.
-      legitimization_uuid: Integer;
+      // Optional, not present if the deposit has not
+      // yet been aggregated to the point that a KYC
+      // need has been evaluated.
+      legitimization_uuid?: Integer;
 
       // True if the KYC check for the merchant has been
-      // satisfied.
+      // satisfied.  False does not mean that KYC
+      // is strictly needed, unless also a
+      // legitimization_uuid is provided.
       kyc_ok: boolean;
 
       // Time by which the exchange currently thinks the deposit will be executed.
@@ -3782,7 +3779,7 @@ Wallet-to-wallet transfers
   :http:statuscode:`451 Unavailable For Legal Reasons`:
     This account has not yet passed the KYC checks.
     The client must pass KYC checks before proceeding with the merge.
-    FIXME: not yet implemented, response format to be specified!
+    The response will be an `KycNeededRedirect` object.
 
   **Details:**
 
@@ -3893,7 +3890,7 @@ Wallet-to-wallet transfers
   :http:statuscode:`451 Unavailable For Legal Reasons`:
     This account has not yet passed the KYC checks.
     The client must pass KYC checks before proceeding with the merge.
-    FIXME: not yet implemented, response format to be specified!
+    The response will be an `KycNeededRedirect` object.
 
   **Details:**
 
@@ -4179,11 +4176,6 @@ wallet-to-wallet payments.  Only another exchange should access this endpoint.
 KYC status updates
 ------------------
 
-  .. note::
-
-     This is a draft API that is not yet implemented.
-
-
 .. http:POST:: /kyc-wallet
 
   Setup KYC identification for a wallet.  Returns the KYC UUID.
@@ -4230,7 +4222,7 @@ KYC status updates
 
        // UUID that the wallet should use when initiating
        // the KYC check.
-       payment_target_uuid: number;
+       legitimization_uuid: number;
 
      }
 
diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index cd70b317..f34e2a59 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -148,31 +148,27 @@ PRIVACY_DIR
 PRIVACY_ETAG
   Works the same as ``TERMS_ETAG``, just for the privacy policy.
 
-KYC_MODE
-  Set to "NONE" to disable KYC for this exchange (but check with your lawyer first).
-  Set to "OAUTH2" to use OAuth2 for KYC.
 
-KYC_WITHDRAW_LIMIT
-  Maximum amount that can be withdrawn in
-  KYC_WITHDRAW_PERIOD without needing KYC.
-  Only used if KYC_MODE is not "NONE".
+EXCHANGE KYC PROVIDER OPTIONS
+-----------------------------
 
-KYC_WITHDRAW_PERIOD
-  The time period over which transactions
-  are considered for the KYC_WITHDRAW_LIMIT.
-  Only used if KYC_MODE is not "NONE".
+The following options must be in the section "[kyc-provider-XXX]" sections.
 
-KYC_WALLET_BALANCE_LIMIT
-  Maximum amount that a wallet is allowed to hold without
-  having to undergo the KYC process of the issuing
-  exchange.  Optional option, if not given there
-  is no limit.
+COST
+  Relative cost of the KYC provider, non-negative number.
+LOGIC
+  API type of the KYC provider.
+USER_TYPE
+  Type of user this provider is for, either INDIVIDUAL or BUSINESS.
+PROVIDED_CHECKS
+  List of checks performed by this provider. Space-separated names of checks, must match check names in legitimization rules.
 
 
 EXCHANGE KYC OAUTH2 OPTIONS
----------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The following options must be in the section "[kyc-provider-XXX]" sections with "LOGIC = oauth2".
 
-The following options must be in the section "[exchange-kyc-oauth2]".
 
 
 KYC_OAUTH2_AUTH_URL
@@ -181,7 +177,7 @@ KYC_OAUTH2_AUTH_URL
 KYC_OAUTH2_LOGIN_URL
   URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". Example: "http://localhost:8888/oauth/v2/login"
 
-KYC_INFO_URL
+KYC_OAUTH2_INFO_URL
   URL of the endpoint where the OAuth 2.0 token can be used to download the user's details. Requires KYC_ENABLED to be "OAUTH2". Example: "http://localhost:8888/api/user/me"
 
 KYC_OAUTH2_CLIENT_ID