diff options
Diffstat (limited to 'core/api-bank-wire.rst')
-rw-r--r-- | core/api-bank-wire.rst | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst index a76f5195..84184ec9 100644 --- a/core/api-bank-wire.rst +++ b/core/api-bank-wire.rst @@ -133,7 +133,8 @@ Making Transactions // time period a transaction belongs to). timestamp: Timestamp; - // Opaque ID of the transaction that the bank has made. + // Opaque ID of the wire transfer initiation performed by the bank. + // It is different from the /history endpoints row_id. row_id: SafeUint64; } @@ -429,6 +430,25 @@ exposed by bank gateways in production. // time period a transaction belongs to). timestamp: Timestamp; - // Opaque ID of the transaction that the bank has made. + // Opaque ID of the wire transfer initiation performed by the bank. + // It is different from the /history endpoints row_id. row_id: SafeUint64; } + + +Security Considerations +======================= + +For implementors: + +* The withdrawal operation ID must contain enough entropy to be unguessable. + +Design: + +* The user must complete the 2FA step of the withdrawal in the context of their banking + app or online banking Website. + We explicitly reject any design where the user would have to enter a confirmation code + they get from their bank in the context of the wallet, as this would teach and normalize + bad security habits. + + |