1 files changed, 356 insertions, 0 deletions
diff --git a/core/api-terminal.rst b/core/api-terminal.rst
new file mode 100644
index 00000000..91d9b7e6
--- /dev/null
+++ b/core/api-terminal.rst
@@ -0,0 +1,356 @@
+..
+  This file is part of GNU TALER.
+
+  Copyright (C) 2024 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 2.1, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+
+.. target audience: developer, core developer
+
+.. _terminal-api:
+
+============
+Terminal API
+============
+
+.. contents:: Table of Contents
+  :local:
+
+Introduction
+------------
+
+Terminals are devices where users can withdraw digital cash.
+
+This API is offered by a payment service backend and is used by such
+terminals.  It enables imposing limits on withdrawals per unique user ID (and
+communicating such limits to the terminals) as well as setting up and
+triggering withdrawal operations.
+
+Implementations of this API typically interact with a terminal-specific
+payment service (or a bank) to realize the service.
+
+
+Authentication
+--------------
+
+Terminals must authenticate against all terminal API using basic auth according to `HTTP basic auth <https://tools.ietf.org/html/rfc7617>`_.
+
+
+Config
+------
+
+.. http:get:: /config
+
+  Return the protocol version and configuration information about the bank.
+  This specification corresponds to ``current`` protocol being version **0**.
+
+  **Response:**
+
+  :http:statuscode:`200 OK`:
+    Response is a `TerminalConfig`.
+
+  **Details:**
+
+  .. ts:def:: TerminalConfig
+
+    interface TerminalConfig {
+      // Name of the API.
+      name: "taler-terminal";
+
+      // libtool-style representation of the Bank protocol version, see
+      // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning
+      // The format is "current:revision:age".
+      version: string;
+
+      // Terminal provider display name to be used in user interfaces.
+      provider_name: string;
+
+      // The currency supported by this Terminal-API
+      // must be the same as the currency specified 
+      // in the currency field of the wire gateway config
+      currency: string;
+
+      // Wire transfer type supported by the terminal.
+      // FIXME: needed?
+      wire_type: string;
+    }
+
+
+.. http:get:: /quotas/$UUID
+
+  Obtain the current transaction limit for the given $UUID.
+  The UUID should be an encoding of a unique identifier of
+  the user.
+
+  **Response:**
+
+  :http:statuscode:`200 OK`:
+    Response is a `WithdrawLimit`.
+
+  **Details:**
+
+  .. ts:def:: WithdrawLimit
+
+    interface WithdrawLimit {
+      // Maximum amount that can be withdrawn now.
+      limit: Amount;
+
+      // Time when the limit may increase.
+      expiration: Timestamp;
+    }
+
+
+.. http:post:: /quotas/$UUID/lock
+
+  This endpoint allows a terminal to reserve a given amount
+  from the user's quota, ensuring that a subsequent operation
+  will not fail due to a quota violation.
+
+  **Request:**
+
+  The request should be a `WithdrawLimitLock`.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The change was accepted.
+  :http:statuscode:`409 Conflict`:
+    The proposed lock would push the user above the limit.
+
+  **Details:**
+
+  .. ts:def:: WithdrawLimitLock
+
+    interface WithdrawLimitLock {
+
+      // Amount that should be reserved from the quota.
+      limit: Amount;
+
+      // ID for the lock.  FIXME: could also be 32-byte nonce?
+      lock: string;
+
+      // How long should the lock be held?
+      expiration: Timestamp;
+    }
+
+.. http:delete:: /quotas/$UUID/lock/$LOCK
+
+  This endpoint allows the terminal to clear a lock it may have
+  previously created.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The lock was cleared.
+  :http:statuscode:`404 Not found`:
+    The lock is unknown.
+  :http:statuscode:`409 Conflict`:
+    The lock was already used in a withdrawal operation.
+
+
+.. http:post:: /withdrawals
+
+  This endpoint allows the terminal to set up a new withdrawal
+  operation.
+
+  **Request:**
+
+  The request should be a `TerminalWithdrawalSetup`.
+
+  **Response:**
+
+  :http:statuscode:`200 Ok`:
+    The operation was created.  The response will be
+    a `TerminalWithdrawalSetupResponse`.
+  :http:statuscode:`404 Not found`:
+    A lock was specified but the lock is not known for
+    the given user.
+  :http:statuscode:`409 Conflict`:
+    A conflicting withdrawal operation already exists or
+    the amount would violate the quota for the specified user.
+
+  **Details:**
+
+  .. ts:def:: TerminalWithdrawalSetup
+
+    interface TerminalWithdrawalSetup {
+
+      // Amount to withdraw.  If given, the wallet
+      // cannot change the amount!
+      amount?: Amount;
+
+      // Suggested amount to withdraw. If given, the wallet can
+      // still change the suggestion.
+      suggested_amount?: Amount;
+
+      // A provider-specific transaction identifier.
+      // This identifier may be used to attest the
+      // payment at the provider's backend. Optional,
+      // as we may not know it at this time.
+      provider_transaction_id?: string;
+
+      // The non-Taler fees the customer will have
+      // to pay to the service provider
+      // they are using to make this withdrawal.
+      // If the fees cannot be precalculated,
+      // they can be specified in the /withdrawals/$WITHDRAWAL_ID/check
+      // request after the transaction was executed.
+      terminal_fees?: Amount;
+
+      // Unique request ID to make retried requests idempotent.
+      request_uid: string;
+
+      // Unique user ID of the user.  Optional
+      // in case a user Id is not (yet) known.
+      user_uuid?: string;
+
+      // ID identifying a lock on the quota that the client
+      // may wish to use in this operation.  May only be
+      // present if ``user_uuid`` is also given.
+      lock?: string;
+    }
+
+  .. ts:def:: TerminalWithdrawalSetupResponse
+
+    interface TerminalWithdrawalSetupResponse {
+
+      // ID identifying the withdrawal operation being created.
+      withdrawal_id: string;
+    }
+
+
+.. http:post:: /withdrawals/$WITHDRAWAL_ID/check
+
+  Endpoint for providers to notify the terminal backend about a payment having
+  happened.  This will cause the bank to validate the transaction and allow
+  the withdrawal to proceed. The API is idempotent, meaning sending a payment
+  notification for the same ``WITHDRAWAL_ID`` return successfuly but not
+  change anything.  This endpoint is always *optional*: the bank, exchange and
+  wallet should all eventually notice the wire transfer with or without this
+  endpoint being called.  However, by calling this endpoint checks that might
+  otherwise only happen periodically can be triggered immediately.
+
+  The endpoint may also be used to associate a user ID at a very late stage
+  with the withdrawal --- and still get an immediate failure if we are above
+  the quota.
+
+  .. note::
+
+    The backend shall **never** just accept this claim that the payment was
+    confirmed, but instead needs to internally attest that the payment was
+    successful using provider-specific transaction validation logic!  The point
+    of this endpoint is merely to trigger this validation **now**.
+
+  **Request:**
+
+  The body of the request must be a `TerminalWithdrawalConfirmationRequest`.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The payment notification was processed successfully.
+  :http:statuscode:`404 Not found`:
+    The withdrawal operation was not found.
+  :http:statuscode:`409 Conflict`:
+    The withdrawal operation has been previously aborted
+    and cannot be confirmed anymore.
+  :http:statuscode:`451 Unavailable for Legal Reasons`:
+    The withdrawal operation cannot be confirmed because
+    it would put the user above the legal limit.  The
+    payment service will eventually bounce the transfer
+    (if it were to become effective), but the user should
+    already be shown an error.
+
+  **Details:**
+
+  .. ts:def:: TerminalWithdrawalConfirmationRequest
+
+    interface TerminalWithdrawalConfirmationRequest {
+
+      // A provider-specific transaction identifier.
+      // This identifier may be used to facilitate the
+      // backend to check that the credit was confirmed.
+      provider_transaction_id?: string;
+
+      // The fees which the customer had to pay to the 
+      // provider
+      terminal_fees?: Amount;
+
+      // A user-specific identifier for quota checks.
+      user_uuid?: string;
+
+      // ID identifying a lock on the quota that the client
+      // may wish to use in this operation.  May only be
+      // present if ``user_uuid`` is also given.
+      lock?: string;
+    }
+
+.. http:get:: /withdrawals/$WITHDRAWAL_ID
+
+  Query information about a withdrawal, identified by the ``WITHDRAWAL_ID``.
+
+  **Request:**
+
+  :query long_poll_ms:
+    *Optional.*  If specified, the bank will wait up to ``long_poll_ms``
+    milliseconds for operationt state to be different from ``old_state`` before sending the HTTP
+    response.  A client must never rely on this behavior, as the bank may
+    return a response immediately.
+  :query old_state:
+    *Optional.* Default to "pending".
+
+  **Response:**
+
+  :http:statuscode:`200 OK`:
+    The withdrawal operation is known to the bank, and details are given
+    in the `BankWithdrawalOperationStatus` response body.
+  :http:statuscode:`404 Not found`:
+    The operation was not found.
+
+.. http:delete:: /withdrawals/$WITHDRAWAL_ID/abort
+
+  Aborts ``WITHDRAWAL_ID`` operation.  Has no effect on an already aborted
+  operation.  This endpoint can be used by the terminal if the terminal aborts
+  the transaction, ensuring that the operation is also aborted at the
+  bank.
+
+  **Request:**
+
+  The request body is empty.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The withdrawal operation has been aborted.
+  :http:statuscode:`404 Not found`:
+    The withdrawal operation was not found.
+  :http:statuscode:`409 Conflict`:
+    The withdrawal operation has been confirmed previously and
+    can't be aborted.
+
+
+Endpoints for Integrated Sub-APIs
+---------------------------------
+
+.. http:any:: /taler-integration/*
+
+  All endpoints under this prefix are specified by the.
+  :doc:`GNU Taler bank integration API </core/api-bank-integration>`.
+  This API handles the communication with Taler wallets.
+
+
+.. http:any:: /taler-wire-gateway/*
+
+   All endpoints under this prefix are specified
+   by the :doc:`GNU Taler wire gateway API </core/api-bank-wire>`.
+
+   The endpoints are only available for accounts configured with ``is_taler_exchange=true``.