summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
Diffstat (limited to 'core')
-rw-r--r--core/api-auditor.rst232
-rw-r--r--core/api-bank.rst392
-rw-r--r--core/api-common.rst812
-rw-r--r--core/api-error.rst1204
-rw-r--r--core/api-exchange.rst1546
-rw-r--r--core/api-merchant.rst1194
-rw-r--r--core/api-sync.rst407
-rw-r--r--core/index.rst40
-rw-r--r--core/taler-uri.rst84
-rw-r--r--core/wireformats.rst70
10 files changed, 5981 insertions, 0 deletions
diff --git a/core/api-auditor.rst b/core/api-auditor.rst
new file mode 100644
index 00000000..957b1c01
--- /dev/null
+++ b/core/api-auditor.rst
@@ -0,0 +1,232 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2018 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Christian Grothoff
+
+============================
+The Auditor RESTful JSON API
+============================
+
+The API specified here follows the :ref:`general conventions <http-common>`
+for all details not specified in the individual requests.
+The `glossary <https://docs.taler.net/glossary.html#glossary>`
+defines all specific terms used in this section.
+
+.. _auditor-version:
+
+-------------------------
+Obtaining Auditor Version
+-------------------------
+
+This API is used by merchants to obtain a list of all exchanges audited by
+this auditor. This may be required for the merchant to perform the required
+know-your-customer (KYC) registration before issuing contracts.
+
+.. http:get:: /version
+
+ Get the protocol version and some meta data about the auditor.
+
+ **Response:**
+
+ :status 200 OK:
+ The auditor responds with a `AuditorVersion`_ object. This request should
+ virtually always be successful.
+
+ **Details:**
+
+ .. _AuditorVersion:
+ .. code-block:: tsref
+
+ interface AuditorVersion {
+ // libtool-style representation of the Taler protocol version, see
+ // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning
+ // The format is "current:revision:age". Note that the auditor
+ // protocol is versioned independently of the exchange's protocol.
+ version: String;
+
+ // Return which currency this auditor is auditing for.
+ currency: String;
+
+ // EdDSA master public key of the auditor
+ auditor_public_key: EddsaPublicKey;
+ }
+
+ .. note::
+
+ This API is still experimental (and is not yet implemented at the
+ time of this writing).
+
+
+.. _exchange-list:
+
+-----------------------
+Obtaining Exchange List
+-----------------------
+
+This API is used by merchants to obtain a list of all exchanges audited by
+this auditor. This may be required for the merchant to perform the required
+know-your-customer (KYC) registration before issuing contracts.
+
+.. http:get:: /exchanges
+
+ Get a list of all exchanges audited by the auditor.
+
+ **Response:**
+
+ :status 200 OK:
+ The auditor responds with a `ExchangeList`_ object. This request should
+ virtually always be successful.
+
+ **Details:**
+
+ .. _ExchangeList:
+ .. code-block:: tsref
+
+ interface ExchangeList {
+ // Exchanges audited by this auditor
+ exchanges: ExchangeEntry[];
+ }
+
+ .. _tsref-type-Denom:
+ .. code-block:: tsref
+
+ interface ExchangeEntry {
+
+ // Master public key of the exchange
+ master_pub: EddsaPublicKey;
+
+ // Base URL of the exchange
+ exchange_url: string;
+ }
+
+ .. note::
+
+ This API is still experimental (and is not yet implemented at the
+ time of this writing). A key open question is whether the auditor
+ should sign the information. We might also want to support more
+ delta downloads in the future.
+
+.. _deposit-confirmation:
+
+--------------------------------
+Submitting deposit confirmations
+--------------------------------
+
+Merchants should probabilistically submit some of the deposit
+confirmations they receive from the exchange to auditors to ensure
+that the exchange does not lie about recording deposit confirmations
+with the exchange. Participating in this scheme ensures that in case
+an exchange runs into financial trouble to pay its obligations, the
+merchants that did participate in detecting the bad behavior can be
+paid out first.
+
+.. http:put:: /deposit-confirmation
+
+ Submits a `DepositConfirmation`_ to the exchange. Should succeed
+ unless the signature provided is invalid or the exchange is not
+ audited by this auditor.
+
+ **Response:**
+
+ :status 200: The auditor responds with a `DepositAudited`_ object.
+ This request should virtually always be successful.
+
+ **Details:**
+
+ .. _DepositAudited:
+ .. _tsref-type-DepositAudited:
+ .. code-block:: tsref
+
+ interface DepositAudited {
+ // TODO: do we care for the auditor to sign this?
+ }
+
+ .. _DepositConfirmation:
+ .. _tsref-type-DepositConfirmation:
+ .. code-block:: tsref
+
+ interface DepositConfirmation {
+
+ // Hash over the contract for which this deposit is made.
+ h_contract_terms: HashCode;
+
+ // Hash over the wiring information of the merchant.
+ h_wire: HashCode;
+
+ // Time when the deposit confirmation confirmation was generated.
+ timestamp: Timestamp;
+
+ // How much time does the merchant have to issue a refund
+ // request? Zero if refunds are not allowed.
+ refund_deadline : Timestamp;
+
+ // Amount to be deposited, excluding fee. Calculated from the
+ // amount with fee and the fee from the deposit request.
+ amount_without_fee: Amount;
+
+ // The coin's public key. This is the value that must have been
+ // signed (blindly) by the Exchange. The deposit request is to be
+ // signed by the corresponding private key (using EdDSA).
+ coin_pub: CoinPublicKey;
+
+ // The Merchant's public key. Allows the merchant to later refund
+ // the transaction or to inquire about the wire transfer identifier.
+ merchant_pub: EddsaPublicKey;
+
+ // Signature from the exchange of type
+ // TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT.
+ exchange_sig: EddsaSignature;
+
+ // Public signing key from the exchange matching @e exchange_sig.
+ exchange_pub: EddsaPublicKey;
+
+ // Master public key of the exchange corresponding to @e master_sig.
+ // Identifies the exchange this is about.
+ master_pub: EddsaPublicKey;
+
+ // When does the validity of the exchange_pub end?
+ ep_start: Timestamp;
+
+ // When will the exchange stop using the signing key?
+ ep_expire: Timestamp;
+
+ // When does the validity of the exchange_pub end?
+ ep_end: Timestamp;
+
+ // Exchange master signature over @e exchange_sig.
+ master_sig: EddsaSignature;
+ }
+
+ .. note::
+
+ This API is still experimental (and is not yet implemented at the
+ time of this writing). A key open question is whether the auditor
+ should sign the response information.
+
+
+----------
+Complaints
+----------
+
+This API is used by the wallet or merchants to submit proof of
+misbehavior of an exchange to the auditor.
+
+ .. note::
+
+ To be designed and implemented.
+
+ .. http:put:: /complain
+
+ Complain about missbehavior to the auditor.
diff --git a/core/api-bank.rst b/core/api-bank.rst
new file mode 100644
index 00000000..a3c8953e
--- /dev/null
+++ b/core/api-bank.rst
@@ -0,0 +1,392 @@
+..
+ This file is part of GNU TALER.
+
+ Copyright (C) 2014, 2015, 2016, 2017 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Marcello Stanisci
+ @author Christian Grothoff
+
+=========
+Bank API
+=========
+
+This API provides programmatic user registration at the bank.
+
+.. _bank-register:
+.. http:post:: /register
+
+**Request** The body of this request must have the format of a `BankRegistrationRequest`_.
+
+**Response**
+
+:status 200 OK: The new user has been correctly registered.
+:status 409 Conflict: the username requested by the client is not available anymore
+:status 406 Not Acceptable: unacceptable characters were given for the username. See https://docs.djangoproject.com/en/2.2/ref/contrib/auth/#django.contrib.auth.models.User.username for the accepted character set.
+
+**Details**
+
+.. _BankRegistrationRequest:
+.. code-block:: tsref
+
+ interface BankRegistrationRequest {
+
+ // Username to use for registration; max length is 150 chars.
+ username: string;
+
+ // Password to associate with the username. Any characters and
+ // any length are valid; next releases will enforce a minimum length
+ // and a safer characters choice.
+ password: string;
+ }
+
+
+This API provides programmatic withdrawal of cash via Taler to all the
+users registered at the bank. It triggers a wire transfer from the client
+bank account to the exchange's.
+
+.. _bank-withdraw:
+.. http:post:: /taler/withdraw
+
+**Request** The body of this request must have the format of a `BankTalerWithdrawRequest`_.
+
+**Response**
+
+:status 200 OK: The withdrawal was correctly initiated, therefore the exchange received the payment. A `BankTalerWithdrawResponse`_ object is returned.
+:status 406 Not Acceptable: the user does not have sufficient credit to fulfill their request.
+:status 404 Not Found: The exchange wire details did not point to any valid bank account.
+
+**Details**
+
+.. _BankTalerWithdrawRequest:
+.. code-block:: tsref
+
+ interface BankTalerWithdrawRequest {
+
+ // Authentication method used
+ auth: BankAuth;
+
+ // Amount to withdraw.
+ amount: Amount;
+
+ // Reserve public key.
+ reserve_pub: string;
+
+ // Exchange bank details specified in the 'payto'
+ // format. NOTE: this field is optional, therefore
+ // the bank will initiate the withdrawal with the
+ // default exchange, if not given.
+ exchange_wire_details: string;
+ }
+
+.. _BankTalerWithdrawResponse:
+.. code-block:: tsref
+
+ interface BankTalerWithdrawResponse {
+
+ // Sender account details in 'payto' format.
+ sender_wire_details: string;
+
+ // Exchange base URL. Optional: only returned
+ // if the user used the default exchange.
+ exchange_url: string;
+ }
+
+This API allows one user to send money to another user, within the same "test"
+bank. The user calling it has to authenticate by including his credentials in the
+request.
+
+.. _bank-deposit:
+.. http:post:: /admin/add/incoming
+
+**Request:** The body of this request must have the format of a `BankDepositRequest`_.
+
+**Response:**
+
+:status 200 OK: The request has been correctly handled, so the funds have been transferred to the recipient's account. The body is a `BankDepositDetails`_.
+:status 400 Bad Request: The bank replies a `BankError`_ object.
+:status 406 Not Acceptable: The request had wrong currency; the bank replies a `BankError`_ object.
+
+**Details:**
+
+.. _BankDepositDetails:
+.. code-block:: tsref
+
+ interface BankDepositDetails {
+
+ // Timestamp related to the transaction being made.
+ timestamp: Timestamp;
+
+ // Row id number identifying the transaction in the bank's
+ // database.
+ row_id: number;
+ }
+
+.. _BankDepositRequest:
+.. code-block:: tsref
+
+ interface BankDepositRequest {
+
+ // Authentication method used
+ auth: BankAuth;
+
+ // JSON 'amount' object. The amount the caller wants to transfer
+ // to the recipient's count
+ amount: Amount;
+
+ // Exchange base URL, used to perform tracking requests against the
+ // wire transfer ID. Note that in the actual bank wire transfer,
+ // the schema may have to be encoded differently, i.e.
+ // "https://exchange.com/" may become "https exchange.com" due to
+ // character set restrictions. It is the responsibility of the
+ // wire transfer adapter to properly encode/decode the URL.
+ // Payment service providers must ensure that their URL is short
+ // enough to fit together with the wire transfer identifier into
+ // the wire transfer subject of their respective banking system.
+ exchange_url: string;
+
+ // The subject of this wire transfer.
+ subject: string;
+
+ // The sender's account identificator. NOTE, in the current stage
+ // of development this field is _ignored_, as it's always the bank account
+ // of the logged user that plays as the "debit account".
+ // In future releases, a logged user may specify multiple bank accounts
+ // of her/his as the debit account.
+ debit_account: number;
+
+ // The recipient's account identificator
+ credit_account: number;
+
+ }
+
+.. _BankAuth:
+.. _tsref-type-BankAuth:
+.. code-block:: tsref
+
+ interface BankAuth {
+
+ // authentication type. At this stage of development,
+ // only value "basic" is accepted in this field.
+ // The credentials must be indicated in the following HTTP
+ // headers: "X-Taler-Bank-Username" and "X-Taler-Bank-Password".
+ type: string;
+ }
+
+
+.. _BankError:
+.. code-block:: tsref
+
+ interface BankError {
+
+ // Human readable explanation of the failure.
+ error: string;
+
+ // Numeric Taler error code (`enum TALER_ErrorCode`)
+ ec: number;
+
+ }
+
+
+.. http:put:: /reject
+
+ Rejects an inbound transaction. This can be used by the receiver of a wire transfer to
+ cancel that transaction, nullifying its effect. This basically creates a correcting
+ entry that voids the original transaction. Henceforth, the /history must show
+ the original transaction as "cancelled+" or "cancelled-" for creditor and debitor respectively.
+ This API is used when the exchange receives a wire transfer with an invalid wire
+ transfer subject that fails to decode to a public key.
+
+ **Request** The body of this request must have the format of a `BankCancelRequest`_.
+
+ :query auth: authentication method used. At this stage of development, only value `basic` is accepted. Note that username and password need to be given as request's headers. The dedicated headers are: `X-Taler-Bank-Username` and `X-Taler-Bank-Password`.
+ :query row_id: row identifier of the transaction that should be cancelled.
+ :query account_number: bank account for which the incoming transfer was made and for which `auth` provides the authentication data. *Currently ignored*, as multiple bank accounts per user are not implemented yet.
+
+ .. _BankCancelRequest:
+ .. code-block:: tsref
+
+ interface BankCancelRequest {
+
+ // Authentication method used
+ auth: BankAuth;
+
+ // The row id of the wire transfer to cancel
+ row_id: number;
+
+ // The recipient's account identificator
+ credit_account: number;
+
+ }
+
+ **Response** In case of an error, the body is a `BankError`_ object.
+
+ :status 204 No Content: The request has been correctly handled, so the original transaction was voided. The body is empty.
+ :status 400 Bad Request: The bank replies a `BankError`_ object.
+ :status 404 Not Found: The bank does not know this rowid for this account.
+
+
+.. http:get:: /history-range
+
+ Filters and returns the list of transactions in the time range specified by `start` and `end`
+
+ **Request**
+
+ :query auth: authentication method used. At this stage of development, only value `basic` is accepted. Note that username and password need to be given as request's headers. The dedicated headers are: `X-Taler-Bank-Username` and `X-Taler-Bank-Password`.
+ :query start: unix timestamp indicating the oldest transaction accepted in the result.
+ :query end: unix timestamp indicating the youngest transaction accepted in the result.
+ :query direction: argument taking values `debit` or `credit`, according to the caller willing to receive both incoming and outgoing, only outgoing, or only incoming records. Use `both` to return both directions.
+ :query cancelled: argument taking values `omit` or `show` to filter out rejected transactions
+ :query account_number: bank account whose history is to be returned. *Currently ignored*, as multiple bank accounts per user are not implemented yet.
+ :query ordering: can be `descending` or `ascending` and regulates whether the row are returned youger-to-older or vice versa. Defaults to `descending`.
+
+
+ **Response**
+
+ :status 200 OK: JSON object whose field `data` is an array of type `BankTransaction`_.
+ :status 204 No content: in case no records exist for the targeted user.
+
+
+.. http:get:: /history
+
+ Filters and returns the list of transactions of the customer specified in the request.
+
+ **Request**
+
+ :query auth: authentication method used. At this stage of development, only value `basic` is accepted. Note that username and password need to be given as request's headers. The dedicated headers are: `X-Taler-Bank-Username` and `X-Taler-Bank-Password`.
+ :query delta: returns the first `N` records younger (older) than `start` if `+N` (`-N`) is specified.
+ :query start: according to `delta`, only those records with row id strictly greater (lesser) than `start` will be returned. This argument is optional; if not given, it defaults to "MAX_UINT64".
+ :query direction: argument taking values `debit` or `credit`, according to the caller willing to receive both incoming and outgoing, only outgoing, or only incoming records. Use `both` to return both directions.
+ :query cancelled: argument taking values `omit` or `show` to filter out rejected transactions
+ :query account_number: bank account whose history is to be returned. *Currently ignored*, as multiple bank accounts per user are not implemented yet.
+ :query ordering: can be `descending` or `ascending` and regulates whether the row are returned youger-to-older or vice versa. Defaults to `descending`.
+
+
+ **Response**
+
+ :status 200 OK: JSON object whose field `data` is an array of type `BankTransaction`_.
+ :status 204 No content: in case no records exist for the targeted user.
+
+.. _BankTransaction:
+.. code-block:: tsref
+
+ interface BankTransaction {
+
+ // identification number of the record
+ row_id: number;
+
+ // Date of the transaction
+ date: Timestamp;
+
+ // Amount transferred
+ amount: Amount;
+
+ // "-" if the transfer was outgoing, "+" if it was
+ // incoming; "cancel+" or "cancel-" if the transfer
+ // was /reject-ed by the receiver.
+ sign: string;
+
+ // Bank account number of the other party involved in the
+ // transaction.
+ counterpart: number;
+
+ // Wire transfer subject line.
+ wt_subject: string;
+
+ }
+
+..
+ The counterpart currently only points to the same bank as
+ the client using the bank. A reasonable improvement is to
+ specify a bank URL too, so that Taler can run across multiple
+ banks.
+
+------------------------
+Interactions with wallet
+------------------------
+
+A bank and a wallet need to communicate for (1) make some elements visible
+only if the wallet is installed, (2) exchange information when the user withdraws
+coins.
+
+Make elements visible.
+^^^^^^^^^^^^^^^^^^^^^^
+
+This feature works via CSS injection from the wallet. To enable it, the
+page must contain the ``<html data-taler-nojs="true">`` element, so that
+the wallet will do the injection.
+
+Whenever a element ``<x>`` needs to be visualized (hidden) if the wallet is
+installed, the special class ``taler-installed-show`` (``taler-installed-hide``)
+must be added to ``x``, as follows:
+
+* ``<x class="taler-installed-show">y</x>`` will make ``y`` visible.
+* ``<x class="taler-installed-hide">y</x>`` will make ``y`` visible.
+
+Clearly, a fallback page must be provided, which will be useful if the
+wallet is *not* installed. This special page will hide any element of
+the class ``taler-install-show``; it can be downloaded at the following
+URL: ``git://taler.net/web-common/taler-fallback.css``.
+
+Withdrawing coins.
+^^^^^^^^^^^^^^^^^^
+
+After the user confirms the withdrawal, the bank must return a `202 Accepted` response,
+along with the following HTTP headers:
+
+* ``X-Taler-Operation: create-reserve``
+* ``X-Taler-Callback-Url: <callback_url>``; this URL will be automatically visited by the wallet after the user confirms the exchange.
+* ``X-Taler-Wt-Types: '["test"]'``; stringified JSON list of supported wire transfer types (only 'test' supported so far).
+* ``X-Taler-Amount: <amount_string>``; stringified Taler-style JSON :ref:`amount <amount>`.
+* ``X-Taler-Sender-Wire: <wire_details>``; stringified WireDetails_.
+* ``X-Taler-Suggested-Exchange: <URL>``; this header is optional, and ``<URL>`` is the suggested exchange URL as given in the `SUGGESTED_EXCHANGE` configuration option.
+
+.. _WireDetails:
+.. code-block:: tsref
+
+ interface WireDetails {
+ type: string; // Only 'test' value admitted so far.
+ bank_uri: URL of the bank.
+ account_number: bank account number of the user attempting to withdraw.
+ }
+
+After the user confirms the exchange to withdraw coins from, the wallet will
+visit the callback URL, in order to let the user answer some security questions
+and provide all relevant data to create a reserve.
+
+.. note::
+ Currently, the bank is in charge of creating the reserve at the chosen
+ exchange. In future, the exchange will "poll" its bank account and automatically
+ creating a reserve whenever it receives any funds, without any bank's
+ intervention.
+
+The callback URL implements the following API.
+
+.. http:get:: <callback_url>
+
+ **Request**
+
+ :query amount_value: integer part of the amount to be withdrawn.
+ :query amount_fraction: fractional part of the amount to be withdrawn.
+ :query amount_currency: currency of the amount to be withdrawn.
+ :query exchange: base URL of the exchange where the reserve is to be created.
+ :query reserve_pub: public key of the reserve to create.
+ :query exchange_wire_details: stringification of the chosen exchange's WireDetails_.
+
+ **Response**
+
+ Because the wallet is not supposed to take action according to this response,
+ the bank implementers are not required to return any particular status code here.
+
+ For example, our demonstrator bank always redirects the browser to the user's
+ profile page and let them know the outcome via a informational bar.
diff --git a/core/api-common.rst b/core/api-common.rst
new file mode 100644
index 00000000..8f3ae378
--- /dev/null
+++ b/core/api-common.rst
@@ -0,0 +1,812 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014, 2015, 2016 GNUnet e.V. and INRIA
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Christian Grothoff
+ @author Marcello Stanisci
+
+.. _http-common:
+
+=================================
+Common Taler HTTP API Conventions
+=================================
+
+
+-------------------------
+HTTP Request and Response
+-------------------------
+
+Certain response formats are common for all requests. They are documented here
+instead of with each individual request. Furthermore, we note that clients may
+theoretically fail to receive any response. In this case, the client should
+verify that the Internet connection is working properly, and then proceed to
+handle the error as if an internal error (500) had been returned.
+
+.. http:any:: /*
+
+
+ **Request:**
+
+ Unless specified otherwise, HTTP requests that carry a message body must
+ have the content type `application/json`.
+
+ :reqheader Content-Type: application/json
+
+ **Response:**
+
+ :resheader Content-Type: application/json
+ :status 200: The request was successful.
+ :status 500 Internal server error:
+ This always indicates some serious internal operational error of the exchange,
+ such as a program bug, database problems, etc., and must not be used for
+ client-side problems. When facing an internal server error, clients should
+ retry their request after some delay. We recommended initially trying after
+ 1s, twice more at randomized times within 1 minute, then the user should be
+ informed and another three retries should be scheduled within the next 24h.
+ If the error persists, a report should ultimately be made to the auditor,
+ although the auditor API for this is not yet specified. However, as internal
+ server errors are always reported to the exchange operator, a good operator
+ should naturally be able to address them in a timely fashion, especially
+ within 24h. When generating an internal server error, the exchange responds with
+ a JSON object containing the following fields:
+ :status 400 Bad Request: One of the arguments to the request is missing or malformed.
+
+ Unless specified otherwise, all error status codes (4xx and 5xx) have a message
+ body with an `ErrorDetail`_ JSON object.
+
+ **Details:**
+
+ .. _ErrorDetail:
+ .. _tsref-type-ErrorDetail:
+ .. code-block:: tsref
+
+ interface ErrorDetail {
+
+ // Numeric `error code <error-codes>`_ unique to the condition.
+ code: number;
+
+ // Human-readable description of the error, i.e. "missing parameter", "commitment violation", ...
+ // The other arguments are specific to the error value reported here.
+ error: string;
+
+ // Hint about error nature
+ hint?: string;
+
+ // Name of the parameter that was bogus (if applicable)
+ parameter?: string;
+
+ // Path to the argument that was bogus (if applicable)
+ path?: string;
+
+ // Offset of the argument that was bogus (if applicable)
+ offset?: string;
+
+ // Index of the argument that was bogus (if applicable)
+ index?: string;
+
+ // Name of the object that was bogus (if applicable)
+ object?: string;
+
+ // Name of the currency thant was problematic (if applicable)
+ currency?: string;
+
+ // Expected type (if applicable).
+ type_expected?: string;
+
+ // Type that was provided instead (if applicable).
+ type_actual?: string;
+ }
+
+
+.. _encodings-ref:
+
+----------------
+Common encodings
+----------------
+
+This section describes how certain types of values are represented throughout the API.
+
+.. _base32:
+.. _tsref-type-Base32:
+
+Binary Data
+^^^^^^^^^^^
+
+Binary data is generally encoded using Crockford's variant of Base32
+(http://www.crockford.com/wrmg/base32.html), except that "U" is not excluded
+but also decodes to "V" to make OCR easy. We will still simply use the JSON
+type "base32" and the term "Crockford Base32" in the text to refer to the
+resulting encoding.
+
+.. _tsref-type-HashCode:
+
+Hash codes
+^^^^^^^^^^
+Hashcodes are strings representing base32 encoding of the respective hashed
+data. See `base32`_.
+
+Large numbers
+^^^^^^^^^^^^^
+
+Large numbers such as RSA blinding factors and 256 bit keys, are transmitted
+as other binary data in Crockford Base32 encoding.
+
+
+.. _tsref-type-Timestamp:
+
+Timestamps
+^^^^^^^^^^
+
+Timestamps are represented in JSON as a string literal `"\\/Date(x)\\/"`,
+where `x` is the decimal representation of the number of seconds past the
+Unix Epoch (January 1, 1970). The escaped slash (`\\/`) is interpreted in
+JSON simply as a normal slash, but distinguishes the timestamp from a normal
+string literal. We use the type "date" in the documentation below.
+Additionally, the special strings "\\/never\\/" and "\\/forever\\/" are
+recognized to represent the end of time.
+
+
+.. _public\ key:
+
+Keys
+^^^^
+
+.. _`tsref-type-EddsaPublicKey`:
+.. _`tsref-type-EcdhePublicKey`:
+.. _`tsref-type-EcdhePrivateKey`:
+.. _`tsref-type-EddsaPrivateKey`:
+.. _`tsref-type-CoinPublicKey`:
+
+.. code-block:: tsref
+
+ // EdDSA and ECDHE public keys always point on Curve25519
+ // and represented using the standard 256 bits Ed25519 compact format,
+ // converted to Crockford `Base32`_.
+ type EddsaPublicKey = string;
+ type EddsaPrivateKey = string;
+
+.. _`tsref-type-RsaPublicKey`:
+
+.. code-block:: tsref
+
+ // RSA public key converted to Crockford `Base32`_.
+ type RsaPublicKey = string;
+
+.. _blinded-coin:
+
+Blinded coin
+^^^^^^^^^^^^
+
+.. _`tsref-type-CoinEnvelope`:
+
+.. code-block:: tsref
+
+ // Blinded coin's `public EdDSA key <eddsa-coin-pub>`_, `base32`_ encoded
+ type CoinEnvelope = string;
+
+.. _signature:
+
+Signatures
+^^^^^^^^^^
+
+.. _`tsref-type-EddsaSignature`:
+
+.. code-block:: tsref
+
+ // EdDSA signatures are transmitted as 64-bytes `base32`_
+ // binary-encoded objects with just the R and S values (base32_ binary-only)
+ type EddsaSignature = string;
+
+
+.. _`tsref-type-RsaSignature`:
+
+.. code-block:: tsref
+
+ // `base32`_ encoded RSA signature
+ type RsaSignature = string;
+
+.. _`tsref-type-BlindedRsaSignature`:
+
+.. code-block:: tsref
+
+ // `base32`_ encoded RSA blinded signature
+ type BlindedRsaSignature = string;
+
+.. _amount:
+
+Amounts
+^^^^^^^
+
+.. _`tsref-type-Amount`:
+
+Amounts of currency are serialized as a string of the format `<Currency>:<DecimalAmount>`.
+Taler treats monetary amounts as fixed-precision numbers. Unlike floating point numbers,
+this allows accurate representation of monetary amounts.
+
+The following constrains apply for a valid amount:
+
+1. The `<Currency>` part must be at most 12 characters long and may not contain a colon (`:`).
+2. The integer part of `<DecimalAmount>` may be at most 2^52
+3. the fractional part of `<DecimalAmount>` may contain at most 8 decimal digits.
+
+Internally, amounts are parsed into the following object:
+
+.. note::
+
+ "EUR:1.50" and "EUR:10" are is a valid amounts. These are all invalid amounts: "A:B:1.5", "EUR:4503599627370501.0", "EUR:1.", "EUR:.1"
+
+.. code-block:: tsref
+
+ interface ParsedAmount {
+ // name of the currency using either a three-character ISO 4217 currency
+ // code, or a regional currency identifier starting with a "*" followed by
+ // at most 10 characters. ISO 4217 exponents in the name are not supported,
+ // although the "fraction" is corresponds to an ISO 4217 exponent of 6.
+ currency: string;
+
+ // unsigned 32 bit value in the currency, note that "1" here would
+ // correspond to 1 EUR or 1 USD, depending on `currency`, not 1 cent.
+ value: number;
+
+ // unsigned 32 bit fractional value to be added to `value` representing
+ // an additional currency fraction, in units of one millionth (1e-6)
+ // of the base currency value. For example, a fraction
+ // of 500,000 would correspond to 50 cents.
+ fraction: number;
+ }
+
+
+--------------
+Binary Formats
+--------------
+
+ .. note::
+
+ Due to the way of handling `big` numbers by some platforms (such as
+ `JavaScript`, for example), wherever the following specification mentions
+ a 64-bit value, the actual implementations are strongly advised to rely on
+ arithmetic up to 53 bits.
+
+ .. note::
+
+ Taler uses `libgnunetutil` for interfacing itself with the operating system,
+ doing crypto work, and other "low level" actions, therefore it is strongly
+ connected with the `GNUnet project <https://gnunet.org>`_.
+
+This section specifies the binary representation of messages used in Taler's
+protocols. The message formats are given in a C-style pseudocode notation.
+Padding is always specified explicitly, and numeric values are in network byte
+order (big endian).
+
+Amounts
+^^^^^^^
+
+Amounts of currency are always expressed in terms of a base value, a fractional
+value and the denomination of the currency:
+
+.. sourcecode:: c
+
+ struct TALER_Amount {
+ uint64_t value;
+ uint32_t fraction;
+ uint8_t currency_code[12]; // i.e. "EUR" or "USD"
+ };
+ struct TALER_AmountNBO {
+ uint64_t value; // in network byte order
+ uint32_t fraction; // in network byte order
+ uint8_t currency_code[12];
+ };
+
+
+Time
+^^^^
+
+In signed messages, time is represented using 64-bit big-endian values,
+denoting microseconds since the UNIX Epoch. `UINT64_MAX` represents "never".
+
+.. sourcecode:: c
+
+ struct GNUNET_TIME_Absolute {
+ uint64_t timestamp_us;
+ };
+ struct GNUNET_TIME_AbsoluteNBO {
+ uint64_t abs_value_us__; // in network byte order
+ };
+
+Cryptographic primitives
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+All elliptic curve operations are on Curve25519. Public and private keys are
+thus 32 bytes, and signatures 64 bytes. For hashing, including HKDFs, Taler
+uses 512-bit hash codes (64 bytes).
+
+.. sourcecode:: c
+
+ struct GNUNET_HashCode {
+ uint8_t hash[64]; // usually SHA-512
+ };
+
+.. _reserve-pub:
+.. sourcecode:: c
+
+ struct TALER_ReservePublicKeyP {
+ uint8_t eddsa_pub[32];
+ };
+
+.. _reserve-priv:
+.. sourcecode:: c
+
+ struct TALER_ReservePrivateKeyP {
+ uint8_t eddsa_priv[32];
+ };
+
+ struct TALER_ReserveSignatureP {
+ uint8_t eddsa_signature[64];
+ };
+
+.. _merchant-pub:
+.. sourcecode:: c
+
+ struct TALER_MerchantPublicKeyP {
+ uint8_t eddsa_pub[32];
+ };
+
+ struct TALER_MerchantPrivateKeyP {
+ uint8_t eddsa_priv[32];
+ };
+
+ struct TALER_TransferPublicKeyP {
+ uint8_t ecdhe_pub[32];
+ };
+
+ struct TALER_TransferPrivateKeyP {
+ uint8_t ecdhe_priv[32];
+ };
+
+.. _sign-key-pub:
+.. sourcecode:: c
+
+ struct TALER_ExchangePublicKeyP {
+ uint8_t eddsa_pub[32];
+ };
+
+.. _sign-key-priv:
+.. sourcecode:: c
+
+ struct TALER_ExchangePrivateKeyP {
+ uint8_t eddsa_priv[32];
+ };
+
+.. _eddsa-sig:
+.. sourcecode:: c
+
+ struct TALER_ExchangeSignatureP {
+ uint8_t eddsa_signature[64];
+ };
+
+ struct TALER_MasterPublicKeyP {
+ uint8_t eddsa_pub[32];
+ };
+
+ struct TALER_MasterPrivateKeyP {
+ uint8_t eddsa_priv[32];
+ };
+
+ struct TALER_MasterSignatureP {
+ uint8_t eddsa_signature[64];
+ };
+
+.. _eddsa-coin-pub:
+.. sourcecode:: c
+
+ union TALER_CoinSpendPublicKeyP {
+ uint8_t eddsa_pub[32];
+ uint8_t ecdhe_pub[32];
+ };
+
+.. _coin-priv:
+.. sourcecode:: c
+
+ union TALER_CoinSpendPrivateKeyP {
+ uint8_t eddsa_priv[32];
+ uint8_t ecdhe_priv[32];
+ };
+
+ struct TALER_CoinSpendSignatureP {
+ uint8_t eddsa_signature[64];
+ };
+
+ struct TALER_TransferSecretP {
+ uint8_t key[sizeof (struct GNUNET_HashCode)];
+ };
+ uint8_t key[sizeof (struct GNUNET_HashCode)];
+ };
+
+ struct TALER_EncryptedLinkSecretP {
+ uint8_t enc[sizeof (struct TALER_LinkSecretP)];
+ };
+
+.. _Signatures:
+
+Signatures
+^^^^^^^^^^
+Any piece of signed data, complies to the abstract data structure given below.
+
+.. sourcecode:: c
+
+ struct Data {
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ type1_t payload1;
+ type2_t payload2;
+ ...
+ };
+
+ /*From gnunet_crypto_lib.h*/
+ struct GNUNET_CRYPTO_EccSignaturePurpose {
+ /**
+
+ The following constrains apply for a valid amount:
+
+ * asd
+ * This field is used to express the context in
+ * which the signature is made, ensuring that a
+ * signature cannot be lifted from one part of the protocol
+ * to another. See `src/include/taler_signatures.h` within the
+ * exchange's codebase (git://taler.net/exchange)
+ */
+ uint32_t purpose;
+ /**
+ * This field equals the number of bytes being signed,
+ * namely 'sizeof (struct Data)'
+ */
+ uint32_t size;
+ };
+
+
+The following list contains all the data structure that can be signed in
+Taler. Their definition is typically found in `src/include/taler_signatures.h`,
+within the
+`exchange's codebase <https://docs.taler.net/global-licensing.html#exchange-repo>`_.
+
+.. _TALER_WithdrawRequestPS:
+.. sourcecode:: c
+
+ struct TALER_WithdrawRequestPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_ReservePublicKeyP reserve_pub;
+ struct TALER_AmountNBO amount_with_fee;
+ struct TALER_AmountNBO withdraw_fee;
+ struct GNUNET_HashCode h_denomination_pub;
+ struct GNUNET_HashCode h_coin_envelope;
+ };
+
+.. _TALER_DepositRequestPS:
+.. sourcecode:: c
+
+ struct TALER_DepositRequestPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_COIN_DEPOSIT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_contract_terms;
+ struct GNUNET_HashCode h_wire;
+ struct GNUNET_TIME_AbsoluteNBO timestamp;
+ struct GNUNET_TIME_AbsoluteNBO refund_deadline;
+ struct TALER_AmountNBO amount_with_fee;
+ struct TALER_AmountNBO deposit_fee;
+ struct TALER_MerchantPublicKeyP merchant;
+ union TALER_CoinSpendPublicKeyP coin_pub;
+ };
+
+.. _TALER_DepositConfirmationPS:
+.. sourcecode:: c
+
+ struct TALER_DepositConfirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_CONFIRM_DEPOSIT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_contract_terms;
+ struct GNUNET_HashCode h_wire;
+ struct GNUNET_TIME_AbsoluteNBO timestamp;
+ struct GNUNET_TIME_AbsoluteNBO refund_deadline;
+ struct TALER_AmountNBO amount_without_fee;
+ union TALER_CoinSpendPublicKeyP coin_pub;
+ struct TALER_MerchantPublicKeyP merchant;
+ };
+
+.. _TALER_RefreshMeltCoinAffirmationPS:
+.. sourcecode:: c
+
+ struct TALER_RefreshMeltCoinAffirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_COIN_MELT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode session_hash;
+ struct TALER_AmountNBO amount_with_fee;
+ struct TALER_AmountNBO melt_fee;
+ union TALER_CoinSpendPublicKeyP coin_pub;
+ };
+
+.. _TALER_RefreshMeltConfirmationPS:
+.. sourcecode:: c
+
+ struct TALER_RefreshMeltConfirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_MELT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode session_hash;
+ uint16_t noreveal_index;
+ };
+
+.. _TALER_ExchangeSigningKeyValidityPS:
+.. sourcecode:: c
+
+ struct TALER_ExchangeSigningKeyValidityPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_MasterPublicKeyP master_public_key;
+ struct GNUNET_TIME_AbsoluteNBO start;
+ struct GNUNET_TIME_AbsoluteNBO expire;
+ struct GNUNET_TIME_AbsoluteNBO end;
+ struct TALER_ExchangePublicKeyP signkey_pub;
+ };
+
+ struct TALER_ExchangeKeySetPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_KEY_SET
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_TIME_AbsoluteNBO list_issue_date;
+ struct GNUNET_HashCode hc;
+ };
+
+.. _TALER_DenominationKeyValidityPS:
+.. sourcecode:: c
+
+ struct TALER_DenominationKeyValidityPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_MasterPublicKeyP master;
+ struct GNUNET_TIME_AbsoluteNBO start;
+ struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
+ struct GNUNET_TIME_AbsoluteNBO expire_spend;
+ struct GNUNET_TIME_AbsoluteNBO expire_legal;
+ struct TALER_AmountNBO value;
+ struct TALER_AmountNBO fee_withdraw;
+ struct TALER_AmountNBO fee_deposit;
+ struct TALER_AmountNBO fee_refresh;
+ struct GNUNET_HashCode denom_hash;
+ };
+
+.. _TALER_MasterWireDetailsPS:
+.. sourcecode:: c
+
+ struct TALER_MasterWireDetailsPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MASTER_WIRE_DETAILS
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_wire_details;
+ };
+
+
+.. _TALER_MasterWireFeePS:
+.. sourcecode:: c
+
+ struct TALER_MasterWireFeePS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MASTER_WIRE_FEES
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_wire_method;
+ struct GNUNET_TIME_AbsoluteNBO start_date;
+ struct GNUNET_TIME_AbsoluteNBO end_date;
+ struct TALER_AmountNBO wire_fee;
+ struct TALER_AmountNBO closing_fee;
+ };
+
+.. _TALER_DepositTrackPS:
+.. sourcecode:: c
+
+ struct TALER_DepositTrackPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MASTER_SEPA_DETAILS || TALER_SIGNATURE_MASTER_TEST_DETAILS
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_contract_terms;
+ struct GNUNET_HashCode h_wire;
+ struct TALER_MerchantPublicKeyP merchant;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ };
+
+.. _TALER_WireDepositDetailP:
+.. sourcecode:: c
+
+ struct TALER_WireDepositDetailP {
+ struct GNUNET_HashCode h_contract_terms;
+ struct GNUNET_TIME_AbsoluteNBO execution_time;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ struct TALER_AmountNBO deposit_value;
+ struct TALER_AmountNBO deposit_fee;
+ };
+
+
+.. _TALER_WireDepositDataPS:
+.. sourcecode:: c
+
+ struct TALER_WireDepositDataPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_AmountNBO total;
+ struct TALER_AmountNBO wire_fee;
+ struct TALER_MerchantPublicKeyP merchant_pub;
+ struct GNUNET_HashCode h_wire;
+ struct GNUNET_HashCode h_details;
+ };
+
+.. _TALER_ExchangeKeyValidityPS:
+.. sourcecode:: c
+
+ struct TALER_ExchangeKeyValidityPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode auditor_url_hash;
+ struct TALER_MasterPublicKeyP master;
+ struct GNUNET_TIME_AbsoluteNBO start;
+ struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
+ struct GNUNET_TIME_AbsoluteNBO expire_spend;
+ struct GNUNET_TIME_AbsoluteNBO expire_legal;
+ struct TALER_AmountNBO value;
+ struct TALER_AmountNBO fee_withdraw;
+ struct TALER_AmountNBO fee_deposit;
+ struct TALER_AmountNBO fee_refresh;
+ struct GNUNET_HashCode denom_hash;
+ };
+
+.. _TALER_PaymentResponsePS:
+.. sourcecode:: c
+
+ struct PaymentResponsePS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MERCHANT_PAYMENT_OK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_contract_terms;
+ };
+
+.. _TALER_ContractPS:
+.. sourcecode:: c
+
+ struct TALER_ContractPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MERCHANT_CONTRACT
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_AmountNBO total_amount;
+ struct TALER_AmountNBO max_fee;
+ struct GNUNET_HashCode h_contract_terms;
+ struct TALER_MerchantPublicKeyP merchant_pub;
+ };
+
+.. _TALER_ConfirmWirePS:
+.. sourcecode:: c
+
+ struct TALER_ConfirmWirePS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_wire;
+ struct GNUNET_HashCode h_contract_terms;
+ struct TALER_WireTransferIdentifierRawP wtid;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ struct GNUNET_TIME_AbsoluteNBO execution_time;
+ struct TALER_AmountNBO coin_contribution;
+ };
+
+.. _TALER_RefundRequestPS:
+.. sourcecode:: c
+
+ struct TALER_RefundRequestPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MERCHANT_REFUND
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_contract_terms;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ struct TALER_MerchantPublicKeyP merchant;
+ uint64_t rtransaction_id;
+ struct TALER_AmountNBO refund_amount;
+ struct TALER_AmountNBO refund_fee;
+ };
+
+ struct TALER_MerchantRefundConfirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_MERCHANT_REFUND_OK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ /**
+ * Hash of the order ID (a string), hashed without the 0-termination.
+ */
+ struct GNUNET_HashCode h_order_id;
+ };
+
+
+.. _TALER_PaybackRequestPS:
+.. sourcecode:: c
+
+ struct TALER_PaybackRequestPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_COIN_PAYBACK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ struct GNUNET_HashCode h_denom_pub;
+ struct TALER_DenominationBlindingKeyP coin_blind;
+ };
+
+
+.. _TALER_PaybackConfirmationPS:
+.. sourcecode:: c
+
+ struct TALER_PaybackConfirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_TIME_AbsoluteNBO timestamp;
+ struct TALER_AmountNBO payback_amount;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+ struct TALER_ReservePublicKeyP reserve_pub;
+ };
+
+
+.. _TALER_ReserveCloseConfirmationPS:
+.. sourcecode:: c
+
+ struct TALER_ReserveCloseConfirmationPS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_EXCHANGE_RESERVE_CLOSED
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_TIME_AbsoluteNBO timestamp;
+ struct TALER_AmountNBO closing_amount;
+ struct TALER_ReservePublicKeyP reserve_pub;
+ struct GNUNET_HashCode h_wire;
+ };
+
+.. _TALER_CoinLinkSignaturePS:
+.. sourcecode:: c
+
+ struct TALER_CoinLinkSignaturePS {
+ /**
+ * purpose.purpose = TALER_SIGNATURE_WALLET_COIN_LINK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+ struct GNUNET_HashCode h_denom_pub;
+ struct TALER_CoinSpendPublicKeyP old_coin_pub;
+ struct TALER_TransferPublicKeyP transfer_pub;
+ struct GNUNET_HashCode coin_envelope_hash;
+ };
diff --git a/core/api-error.rst b/core/api-error.rst
new file mode 100644
index 00000000..61716b72
--- /dev/null
+++ b/core/api-error.rst
@@ -0,0 +1,1204 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014, 2015, 2016 GNUnet e.V. and INRIA
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Marcello Stanisci
+
+..
+ The reason to have a dedicate page for error codes was due to a buggy
+ behaviour in pages cross-linking: was not possible from other pages to
+ reference the '_error-codes' label (see just below) if we kept in api-common.rst
+ (which is the best place to place this error codes list).
+
+-----------
+Error Codes
+-----------
+
+The following list shows error codes defined in
+`<EXCHANGE-REPO>/src/include/taler_error_codes.h <https://git.taler.net/exchange.git/tree/src/include/taler_error_codes.h>`_
+
+.. _error-codes:
+.. code-block:: c
+
+ /**
+ * Enumeration with all possible Taler error codes.
+ */
+ enum TALER_ErrorCode {
+
+ /**
+ * Special code to indicate no error (or no "code" present).
+ */
+ TALER_EC_NONE = 0,
+
+ /**
+ * Special code to indicate that a non-integer error code was
+ * returned in the JSON response.
+ */
+ TALER_EC_INVALID = 1,
+
+ /**
+ * The response we got from the server was not even in JSON format.
+ */
+ TALER_EC_INVALID_RESPONSE = 2,
+
+ /**
+ * Generic implementation error: this function was not yet implemented.
+ */
+ TALER_EC_NOT_IMPLEMENTED = 3,
+
+ /* ********** generic error codes ************* */
+
+ /**
+ * The exchange failed to even just initialize its connection to the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DB_SETUP_FAILED = 1001,
+
+ /**
+ * The exchange encountered an error event to just start
+ * the database transaction.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DB_START_FAILED = 1002,
+
+ /**
+ * The exchange encountered an error event to commit
+ * the database transaction (hard, unrecoverable error).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DB_COMMIT_FAILED_HARD = 1003,
+
+ /**
+ * The exchange encountered an error event to commit
+ * the database transaction, even after repeatedly
+ * retrying it there was always a conflicting transaction.
+ * (This indicates a repeated serialization error; should
+ * only happen if some client maliciously tries to create
+ * conflicting concurrent transactions.)
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DB_COMMIT_FAILED_ON_RETRY = 1004,
+
+ /**
+ * The exchange had insufficient memory to parse the request. This
+ * response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_PARSER_OUT_OF_MEMORY = 1005,
+
+ /**
+ * The JSON in the client's request to the exchange was malformed.
+ * (Generic parse error).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_JSON_INVALID = 1006,
+
+ /**
+ * The JSON in the client's request to the exchange was malformed.
+ * Details about the location of the parse error are provided.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_JSON_INVALID_WITH_DETAILS = 1007,
+
+ /**
+ * A required parameter in the request to the exchange was missing.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PARAMETER_MISSING = 1008,
+
+ /**
+ * A parameter in the request to the exchange was malformed.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PARAMETER_MALFORMED = 1009,
+
+ /* ********** request-specific error codes ************* */
+
+ /**
+ * The given reserve does not have sufficient funds to admit the
+ * requested withdraw operation at this time. The response includes
+ * the current "balance" of the reserve as well as the transaction
+ * "history" that lead to this balance. This response is provided
+ * with HTTP status code MHD_HTTP_FORBIDDEN.
+ */
+ TALER_EC_WITHDRAW_INSUFFICIENT_FUNDS = 1100,
+
+ /**
+ * The exchange has no information about the "reserve_pub" that
+ * was given.
+ * This response is provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_WITHDRAW_RESERVE_UNKNOWN = 1101,
+
+ /**
+ * The amount to withdraw together with the fee exceeds the
+ * numeric range for Taler amounts. This is not a client
+ * failure, as the coin value and fees come from the exchange's
+ * configuration.
+ * This response is provided with HTTP status code MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_AMOUNT_FEE_OVERFLOW = 1102,
+
+ /**
+ * All of the deposited amounts into this reserve total up to a
+ * value that is too big for the numeric range for Taler amounts.
+ * This is not a client failure, as the transaction history comes
+ * from the exchange's configuration. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_AMOUNT_DEPOSITS_OVERFLOW = 1103,
+
+ /**
+ * For one of the historic withdrawals from this reserve, the
+ * exchange could not find the denomination key.
+ * This is not a client failure, as the transaction history comes
+ * from the exchange's configuration. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_HISTORIC_DENOMINATION_KEY_NOT_FOUND = 1104,
+
+ /**
+ * All of the withdrawals from reserve total up to a
+ * value that is too big for the numeric range for Taler amounts.
+ * This is not a client failure, as the transaction history comes
+ * from the exchange's configuration. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_AMOUNT_WITHDRAWALS_OVERFLOW = 1105,
+
+ /**
+ * The exchange somehow knows about this reserve, but there seem to
+ * have been no wire transfers made. This is not a client failure,
+ * as this is a database consistency issue of the exchange. This
+ * response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_RESERVE_WITHOUT_WIRE_TRANSFER = 1106,
+
+ /**
+ * The exchange failed to create the signature using the
+ * denomination key. This response is provided with HTTP status
+ * code MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_SIGNATURE_FAILED = 1107,
+
+ /**
+ * The exchange failed to store the withdraw operation in its
+ * database. This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_DB_STORE_ERROR = 1108,
+
+ /**
+ * The exchange failed to check against historic withdraw data from
+ * database (as part of ensuring the idempotency of the operation).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_WITHDRAW_DB_FETCH_ERROR = 1109,
+
+ /**
+ * The exchange is not aware of the denomination key
+ * the wallet requested for the withdrawal.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_WITHDRAW_DENOMINATION_KEY_NOT_FOUND = 1110,
+
+ /**
+ * The signature of the reserve is not valid. This response is
+ * provided with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_WITHDRAW_RESERVE_SIGNATURE_INVALID = 1111,
+
+ /**
+ * The exchange failed to obtain the transaction history of the
+ * given reserve from the database while generating an insufficient
+ * funds errors.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_WITHDRAW_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS = 1112,
+
+ /**
+ * When computing the reserve history, we ended up with a negative
+ * overall balance, which should be impossible.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_WITHDRAW_RESERVE_HISTORY_IMPOSSIBLE = 1113,
+
+ /**
+ * The exchange failed to obtain the transaction history of the
+ * given reserve from the database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_RESERVE_STATUS_DB_ERROR = 1150,
+
+
+ /**
+ * The respective coin did not have sufficient residual value
+ * for the /deposit operation (i.e. due to double spending).
+ * The "history" in the respose provides the transaction history
+ * of the coin proving this fact. This response is provided
+ * with HTTP status code MHD_HTTP_FORBIDDEN.
+ */
+ TALER_EC_DEPOSIT_INSUFFICIENT_FUNDS = 1200,
+
+ /**
+ * The exchange failed to obtain the transaction history of the
+ * given coin from the database (this does not happen merely because
+ * the coin is seen by the exchange for the first time).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DEPOSIT_HISTORY_DB_ERROR = 1201,
+
+ /**
+ * The exchange failed to store the /depost information in the
+ * database. This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DEPOSIT_STORE_DB_ERROR = 1202,
+
+ /**
+ * The exchange database is unaware of the denomination key that
+ * signed the coin (however, the exchange process is; this is not
+ * supposed to happen; it can happen if someone decides to purge the
+ * DB behind the back of the exchange process). Hence the deposit
+ * is being refused. This response is provided with HTTP status
+ * code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DEPOSIT_DB_DENOMINATION_KEY_UNKNOWN = 1203,
+
+ /**
+ * The exchange database is unaware of the denomination key that
+ * signed the coin (however, the exchange process is; this is not
+ * supposed to happen; it can happen if someone decides to purge the
+ * DB behind the back of the exchange process). Hence the deposit
+ * is being refused. This response is provided with HTTP status
+ * code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_DEPOSIT_DENOMINATION_KEY_UNKNOWN = 1204,
+
+ /**
+ * The signature of the coin is not valid. This response is
+ * provided with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_COIN_SIGNATURE_INVALID = 1205,
+
+ /**
+ * The signature of the denomination key over the coin is not valid.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_DENOMINATION_SIGNATURE_INVALID = 1206,
+
+ /**
+ * The stated value of the coin after the deposit fee is subtracted
+ * would be negative.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_NEGATIVE_VALUE_AFTER_FEE = 1207,
+
+ /**
+ * The stated refund deadline is after the wire deadline.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_REFUND_DEADLINE_AFTER_WIRE_DEADLINE = 1208,
+
+ /**
+ * The exchange does not recognize the validity of or support the
+ * given wire format type.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_TYPE = 1209,
+
+ /**
+ * The exchange failed to canonicalize and hash the given wire format.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_JSON = 1210,
+
+ /**
+ * The hash of the given wire address does not match the hash
+ * specified in the contract.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_CONTRACT_HASH_CONFLICT = 1211,
+
+ /**
+ * The exchange failed to obtain the transaction history of the
+ * given coin from the database while generating an insufficient
+ * funds errors.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_DEPOSIT_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS = 1212,
+
+ /**
+ * The exchange detected that the given account number
+ * is invalid for the selected wire format type.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_ACCOUNT_NUMBER = 1213,
+
+ /**
+ * The signature over the given wire details is invalid.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_SIGNATURE = 1214,
+
+ /**
+ * The bank specified in the wire transfer format is not supported
+ * by this exchange.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_BANK = 1215,
+
+ /**
+ * No wire format type was specified in the JSON wire format
+ * details.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_TYPE_MISSING = 1216,
+
+ /**
+ * The given wire format type is not supported by this
+ * exchange.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_DEPOSIT_INVALID_WIRE_FORMAT_TYPE_UNSUPPORTED = 1217,
+
+
+ /**
+ * The respective coin did not have sufficient residual value
+ * for the /refresh/melt operation. The "history" in this
+ * response provdes the "residual_value" of the coin, which may
+ * be less than its "original_value". This response is provided
+ * with HTTP status code MHD_HTTP_FORBIDDEN.
+ */
+ TALER_EC_REFRESH_MELT_INSUFFICIENT_FUNDS = 1300,
+
+ /**
+ * The exchange is unaware of the denomination key that was
+ * used to sign the melted coin. This response is provided
+ * with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_REFRESH_MELT_DENOMINATION_KEY_NOT_FOUND = 1301,
+
+ /**
+ * The exchange had an internal error reconstructing the
+ * transaction history of the coin that was being melted.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_COIN_HISTORY_COMPUTATION_FAILED = 1302,
+
+ /**
+ * The exchange failed to check against historic melt data from
+ * database (as part of ensuring the idempotency of the operation).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_FETCH_ERROR = 1303,
+
+ /**
+ * The exchange failed to store session data in the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_STORE_SESSION_ERROR = 1304,
+
+ /**
+ * The exchange failed to store refresh order data in the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_STORE_ORDER_ERROR = 1305,
+
+ /**
+ * The exchange failed to store commit data in the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_STORE_COMMIT_ERROR = 1306,
+
+ /**
+ * The exchange failed to store transfer keys in the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_STORE_TRANSFER_ERROR = 1307,
+
+ /**
+ * The exchange is unaware of the denomination key that was
+ * requested for one of the fresh coins. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_FRESH_DENOMINATION_KEY_NOT_FOUND = 1308,
+
+ /**
+ * The exchange encountered a numeric overflow totaling up
+ * the cost for the refresh operation. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_COST_CALCULATION_OVERFLOW = 1309,
+
+ /**
+ * During the transaction phase, the exchange could suddenly
+ * no longer find the denomination key that was
+ * used to sign the melted coin. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_DB_DENOMINATION_KEY_NOT_FOUND = 1310,
+
+ /**
+ * The exchange encountered melt fees exceeding the melted
+ * coin's contribution. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_FEES_EXCEED_CONTRIBUTION = 1311,
+
+ /**
+ * The exchange's cost calculation does not add up to the
+ * melt fees specified in the request. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_FEES_MISSMATCH = 1312,
+
+ /**
+ * The denomination key signature on the melted coin is invalid.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_DENOMINATION_SIGNATURE_INVALID = 1313,
+
+ /**
+ * The exchange's cost calculation shows that the melt amount
+ * is below the costs of the transaction. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_AMOUNT_INSUFFICIENT = 1314,
+
+ /**
+ * The signature made with the coin to be melted is invalid.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_COIN_SIGNATURE_INVALID = 1315,
+
+ /**
+ * The size of the cut-and-choose dimension of the
+ * blinded coins request does not match #TALER_CNC_KAPPA.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_CNC_COIN_ARRAY_SIZE_INVALID = 1316,
+
+ /**
+ * The size of the cut-and-choose dimension of the
+ * transfer keys request does not match #TALER_CNC_KAPPA.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_MELT_CNC_TRANSFER_ARRAY_SIZE_INVALID = 1317,
+
+ /**
+ * The exchange failed to obtain the transaction history of the
+ * given coin from the database while generating an insufficient
+ * funds errors.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFRESH_MELT_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS = 1318,
+
+ /**
+ * The provided transfer keys do not match up with the
+ * original commitment. Information about the original
+ * commitment is included in the response. This response is
+ * provided with HTTP status code MHD_HTTP_CONFLICT.
+ */
+ TALER_EC_REFRESH_REVEAL_COMMITMENT_VIOLATION = 1350,
+
+ /**
+ * Failed to blind the envelope to reconstruct the blinded
+ * coins for revealation checks.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_BLINDING_ERROR = 1351,
+
+ /**
+ * Failed to produce the blinded signatures over the coins
+ * to be returned.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_SIGNING_ERROR = 1352,
+
+ /**
+ * The exchange is unaware of the refresh sessino specified in
+ * the request.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_REVEAL_SESSION_UNKNOWN = 1353,
+
+ /**
+ * The exchange failed to retrieve valid session data from the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_DB_FETCH_SESSION_ERROR = 1354,
+
+ /**
+ * The exchange failed to retrieve order data from the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_DB_FETCH_ORDER_ERROR = 1355,
+
+ /**
+ * The exchange failed to retrieve transfer keys from the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_DB_FETCH_TRANSFER_ERROR = 1356,
+
+ /**
+ * The exchange failed to retrieve commitment data from the
+ * database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_ERROR.
+ */
+ TALER_EC_REFRESH_REVEAL_DB_FETCH_COMMIT_ERROR = 1357,
+
+ /**
+ * The size of the cut-and-choose dimension of the
+ * private transfer keys request does not match #TALER_CNC_KAPPA - 1.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFRESH_REVEAL_CNC_TRANSFER_ARRAY_SIZE_INVALID = 1358,
+
+
+ /**
+ * The coin specified in the link request is unknown to the exchange.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_REFRESH_LINK_COIN_UNKNOWN = 1400,
+
+
+ /**
+ * The exchange knows literally nothing about the coin we were asked
+ * to refund. But without a transaction history, we cannot issue a
+ * refund. This is kind-of OK, the owner should just refresh it
+ * directly without executing the refund. This response is provided
+ * with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_REFUND_COIN_NOT_FOUND = 1500,
+
+ /**
+ * We could not process the refund request as the coin's transaction
+ * history does not permit the requested refund at this time. The
+ * "history" in the response proves this. This response is provided
+ * with HTTP status code MHD_HTTP_CONFLICT.
+ */
+ TALER_EC_REFUND_CONFLICT = 1501,
+
+ /**
+ * The exchange knows about the coin we were asked to refund, but
+ * not about the specific /deposit operation. Hence, we cannot
+ * issue a refund (as we do not know if this merchant public key is
+ * authorized to do a refund). This response is provided with HTTP
+ * status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_REFUND_DEPOSIT_NOT_FOUND = 1503,
+
+ /**
+ * The currency specified for the refund is different from
+ * the currency of the coin. This response is provided with HTTP
+ * status code MHD_HTTP_PRECONDITION_FAILED.
+ */
+ TALER_EC_REFUND_CURRENCY_MISSMATCH = 1504,
+
+ /**
+ * When we tried to check if we already paid out the coin, the
+ * exchange's database suddenly disagreed with data it previously
+ * provided (internal inconsistency).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFUND_DB_INCONSISTENT = 1505,
+
+ /**
+ * The exchange can no longer refund the customer/coin as the
+ * money was already transferred (paid out) to the merchant.
+ * (It should be past the refund deadline.)
+ * This response is provided with HTTP status code
+ * MHD_HTTP_GONE.
+ */
+ TALER_EC_REFUND_MERCHANT_ALREADY_PAID = 1506,
+
+ /**
+ * The amount the exchange was asked to refund exceeds
+ * (with fees) the total amount of the deposit (including fees).
+ * This response is provided with HTTP status code
+ * MHD_HTTP_PRECONDITION_FAILED.
+ */
+ TALER_EC_REFUND_INSUFFICIENT_FUNDS = 1507,
+
+ /**
+ * The exchange failed to recover information about the
+ * denomination key of the refunded coin (even though it
+ * recognizes the key). Hence it could not check the fee
+ * strucutre.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFUND_DENOMINATION_KEY_NOT_FOUND = 1508,
+
+ /**
+ * The refund fee specified for the request is lower than
+ * the refund fee charged by the exchange for the given
+ * denomination key of the refunded coin.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFUND_FEE_TOO_LOW = 1509,
+
+ /**
+ * The exchange failed to store the refund information to
+ * its database.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_REFUND_STORE_DB_ERROR = 1510,
+
+ /**
+ * The refund fee is specified in a different currency
+ * than the refund amount.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFUND_FEE_CURRENCY_MISSMATCH = 1511,
+
+ /**
+ * The refunded amount is smaller than the refund fee,
+ * which would result in a negative refund.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFUND_FEE_ABOVE_AMOUNT = 1512,
+
+ /**
+ * The signature of the merchant is invalid.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_REFUND_MERCHANT_SIGNATURE_INVALID = 1513,
+
+
+ /**
+ * The wire format specified in the "sender_account_details"
+ * is not understood or not supported by this exchange.
+ * Returned with an HTTP status code of MHD_HTTP_NOT_FOUND.
+ * (As we did not find an interpretation of the wire format.)
+ */
+ TALER_EC_ADMIN_ADD_INCOMING_WIREFORMAT_UNSUPPORTED = 1600,
+
+ /**
+ * The currency specified in the "amount" parameter is not
+ * supported by this exhange. Returned with an HTTP status
+ * code of MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_ADMIN_ADD_INCOMING_CURRENCY_UNSUPPORTED = 1601,
+
+ /**
+ * The exchange failed to store information about the incoming
+ * transfer in its database. This response is provided with HTTP
+ * status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_ADMIN_ADD_INCOMING_DB_STORE = 1602,
+
+ /**
+ * The exchange encountered an error (that is not about not finding
+ * the wire transfer) trying to lookup a wire transfer identifier
+ * in the database. This response is provided with HTTP
+ * status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_FETCH_FAILED = 1700,
+
+ /**
+ * The exchange found internally inconsistent data when resolving a
+ * wire transfer identifier in the database. This response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_INCONSISTENT = 1701,
+
+ /**
+ * The exchange did not find information about the specified
+ * wire transfer identifier in the database. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSFER_WTID_NOT_FOUND = 1702,
+
+
+ /**
+ * The exchange found internally inconsistent fee data when
+ * resolving a transaction in the database. This
+ * response is provided with HTTP status code
+ * MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSACTION_DB_FEE_INCONSISTENT = 1800,
+
+ /**
+ * The exchange encountered an error (that is not about not finding
+ * the transaction) trying to lookup a transaction
+ * in the database. This response is provided with HTTP
+ * status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSACTION_DB_FETCH_FAILED = 1801,
+
+ /**
+ * The exchange did not find information about the specified
+ * transaction in the database. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSACTION_NOT_FOUND = 1802,
+
+ /**
+ * The exchange failed to identify the wire transfer of the
+ * transaction (or information about the plan that it was supposed
+ * to still happen in the future). This response is provided with
+ * HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSACTION_WTID_RESOLUTION_ERROR = 1803,
+
+ /**
+ * The signature of the merchant is invalid.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_TRACK_TRANSACTION_MERCHANT_SIGNATURE_INVALID = 1804,
+
+
+ /* *********** Merchant backend error codes ********* */
+
+ /**
+ * The backend could not find the merchant instance specified
+ * in the request. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_CONTRACT_INSTANCE_UNKNOWN = 2000,
+
+ /**
+ * The exchange failed to provide a meaningful response
+ * to a /deposit request. This response is provided
+ * with HTTP status code MHD_HTTP_SERVICE_UNAVAILABLE.
+ */
+ TALER_EC_PAY_EXCHANGE_FAILED = 2101,
+
+ /**
+ * The merchant failed to commit the exchanges' response to
+ * a /deposit request to its database. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_PAY_DB_STORE_PAY_ERROR = 2102,
+
+ /**
+ * The specified exchange is not supported/trusted by
+ * this merchant. This response is provided
+ * with HTTP status code MHD_HTTP_PRECONDITION_FAILED.
+ */
+ TALER_EC_PAY_EXCHANGE_REJECTED = 2103,
+
+ /**
+ * The denomination key used for payment is not listed among the
+ * denomination keys of the exchange. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_DENOMINATION_KEY_NOT_FOUND = 2104,
+
+ /**
+ * The denomination key used for payment is not audited by an
+ * auditor approved by the merchant. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_DENOMINATION_KEY_AUDITOR_FAILURE = 2105,
+
+ /**
+ * There was an integer overflow totaling up the amounts or
+ * deposit fees in the payment. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_AMOUNT_OVERFLOW = 2106,
+
+ /**
+ * The deposit fees exceed the total value of the payment.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_FEES_EXCEED_PAYMENT = 2107,
+
+ /**
+ * After considering deposit fees, the payment is insufficient
+ * to satisfy the required amount for the contract.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_PAYMENT_INSUFFICIENT_DUE_TO_FEES = 2108,
+
+ /**
+ * While the merchant is happy to cover all applicable deposit fees,
+ * the payment is insufficient to satisfy the required amount for
+ * the contract. This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_PAYMENT_INSUFFICIENT = 2109,
+
+ /**
+ * The signature over the contract of one of the coins
+ * was invalid. This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_COIN_SIGNATURE_INVALID = 2110,
+
+ /**
+ * We failed to contact the exchange for the /pay request.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_SERVICE_UNAVAILABLE.
+ */
+ TALER_EC_PAY_EXCHANGE_TIMEOUT = 2111,
+
+ /**
+ * The backend could not find the merchant instance specified
+ * in the request. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_PAY_INSTANCE_UNKNOWN = 2112,
+
+ /**
+ * The signature over the contract of the merchant
+ * was invalid. This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_MERCHANT_SIGNATURE_INVALID = 2113,
+
+ /**
+ * The refund deadline was after the transfer deadline.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_REFUND_DEADLINE_PAST_WIRE_TRANSFER_DEADLINE = 2114,
+
+ /**
+ * The request fails to provide coins for the payment.
+ * This response is provided with HTTP status code
+ * MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_COINS_ARRAY_EMPTY = 2115,
+
+ /**
+ * The merchant failed to fetch the merchant's previous state with
+ * respect to a /pay request from its database. This response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_PAY_DB_FETCH_PAY_ERROR = 2116,
+
+ /**
+ * The merchant failed to fetch the merchant's previous state with
+ * respect to transactions from its database. This response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_PAY_DB_FETCH_TRANSACTION_ERROR = 2117,
+
+ /**
+ * The transaction ID was used for a conflicing transaction before.
+ * This response is
+ * provided with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_DB_TRANSACTION_ID_CONFLICT = 2118,
+
+ /**
+ * The merchant failed to store the merchant's state with
+ * respect to the transaction in its database. This response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_PAY_DB_STORE_TRANSACTION_ERROR = 2119,
+
+ /**
+ * The exchange failed to provide a valid response to
+ * the merchant's /keys request.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_SERVICE_UNAVAILABLE.
+ */
+ TALER_EC_PAY_EXCHANGE_KEYS_FAILURE = 2120,
+
+ /**
+ * The payment is too late, the offer has expired.
+ * This response is
+ * provided with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_PAY_OFFER_EXPIRED = 2121,
+
+
+ /**
+ * Integer overflow with sepcified timestamp argument detected.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_HISTORY_TIMESTAMP_OVERFLOW = 2200,
+
+ /**
+ * Failed to retrieve history from merchant database.
+ * This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_HISTORY_DB_FETCH_ERROR = 2201,
+
+ /**
+ * We failed to contact the exchange for the /track/transaction
+ * request. This response is provided with HTTP status code
+ * MHD_HTTP_SERVICE_UNAVAILABLE.
+ */
+ TALER_EC_TRACK_TRANSACTION_EXCHANGE_TIMEOUT = 2300,
+
+ /**
+ * The backend could not find the merchant instance specified
+ * in the request. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSACTION_INSTANCE_UNKNOWN = 2301,
+
+ /**
+ * The backend could not find the transaction specified
+ * in the request. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSACTION_TRANSACTION_UNKNOWN = 2302,
+
+ /**
+ * The backend had a database access error trying to
+ * retrieve transaction data from its database.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSACTION_DB_FETCH_TRANSACTION_ERROR = 2303,
+
+ /**
+ * The backend had a database access error trying to
+ * retrieve payment data from its database.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSACTION_DB_FETCH_PAYMENT_ERROR = 2304,
+
+ /**
+ * The backend found no applicable deposits in the database.
+ * This is odd, as we know about the transaction, but not
+ * about deposits we made for the transaction. The response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSACTION_DB_NO_DEPOSITS_ERROR = 2305,
+
+ /**
+ * We failed to obtain a wire transfer identifier for one
+ * of the coins in the transaction. The response is
+ * provided with HTTP status code MHD_HTTP_FAILED_DEPENDENCY if
+ * the exchange had a hard error, or MHD_HTTP_ACCEPTED if the
+ * exchange signaled that the transfer was in progress.
+ */
+ TALER_EC_TRACK_TRANSACTION_COIN_TRACE_ERROR = 2306,
+
+ /**
+ * We failed to obtain the full wire transfer identifier for the
+ * transfer one of the coins was aggregated into.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_FAILED_DEPENDENCY.
+ */
+ TALER_EC_TRACK_TRANSACTION_WIRE_TRANSFER_TRACE_ERROR = 2307,
+
+ /**
+ * We got conflicting reports from the exhange with
+ * respect to which transfers are included in which
+ * aggregate.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_FAILED_DEPENDENCY.
+ */
+ TALER_EC_TRACK_TRANSACTION_CONFLICTING_REPORTS = 2308,
+
+
+ /**
+ * We failed to contact the exchange for the /track/transfer
+ * request. This response is provided with HTTP status code
+ * MHD_HTTP_SERVICE_UNAVAILABLE.
+ */
+ TALER_EC_TRACK_TRANSFER_EXCHANGE_TIMEOUT = 2400,
+
+ /**
+ * The backend could not find the merchant instance specified
+ * in the request. This response is
+ * provided with HTTP status code MHD_HTTP_NOT_FOUND.
+ */
+ TALER_EC_TRACK_TRANSFER_INSTANCE_UNKNOWN = 2401,
+
+ /**
+ * We failed to persist coin wire transfer information in
+ * our merchant database.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_STORE_COIN_ERROR = 2402,
+
+ /**
+ * We internally failed to execute the /track/transfer request.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_REQUEST_ERROR = 2403,
+
+ /**
+ * We failed to persist wire transfer information in
+ * our merchant database.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_STORE_TRANSFER_ERROR = 2404,
+
+ /**
+ * The exchange returned an error from /track/transfer.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_FAILED_DEPENDENCY.
+ */
+ TALER_EC_TRACK_TRANSFER_EXCHANGE_ERROR = 2405,
+
+ /**
+ * We failed to fetch deposit information from
+ * our merchant database.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_FETCH_DEPOSIT_ERROR = 2406,
+
+ /**
+ * We encountered an internal logic error.
+ * The response is
+ * provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_DB_INTERNAL_LOGIC_ERROR = 2407,
+
+ /**
+ * The exchange gave conflicting information about a coin which has
+ * been wire transferred.
+ * The response is provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TRACK_TRANSFER_CONFLICTING_REPORTS = 2408,
+
+ /**
+ * The hash provided in the request of /map/in does not match
+ * the contract sent alongside in the same request.
+ */
+ TALER_EC_MAP_IN_UNMATCHED_HASH = 2500,
+
+ /**
+ * The backend encountered an error while trying to store the
+ * pair <contract, h_proposal_data> into the database.
+ * The response is provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_MAP_IN_STORE_DB_ERROR = 2501,
+
+ /**
+ * The backend encountered an error while trying to retrieve the
+ * contract from database. Likely to be an internal error.
+ */
+ TALER_EC_MAP_OUT_GET_FROM_DB_ERROR = 2502,
+
+
+ /**
+ * The backend encountered an error while trying to retrieve the
+ * contract from database. Likely to be an internal error.
+ */
+ TALER_EC_MAP_OUT_CONTRACT_UNKNOWN = 2503,
+
+ /* ********** /test API error codes ************* */
+
+ /**
+ * The exchange failed to compute ECDH. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TEST_ECDH_ERROR = 4000,
+
+ /**
+ * The EdDSA test signature is invalid. This response is provided
+ * with HTTP status code MHD_HTTP_BAD_REQUEST.
+ */
+ TALER_EC_TEST_EDDSA_INVALID = 4001,
+
+ /**
+ * The exchange failed to compute the EdDSA test signature. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TEST_EDDSA_ERROR = 4002,
+
+ /**
+ * The exchange failed to generate an RSA key. This response is provided
+ * with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TEST_RSA_GEN_ERROR = 4003,
+
+ /**
+ * The exchange failed to compute the public RSA key. This response
+ * is provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TEST_RSA_PUB_ERROR = 4004,
+
+ /**
+ * The exchange failed to compute the RSA signature. This response
+ * is provided with HTTP status code MHD_HTTP_INTERNAL_SERVER_ERROR.
+ */
+ TALER_EC_TEST_RSA_SIGN_ERROR = 4005,
+
+
+ /**
+ * End of error code range.
+ */
+ TALER_EC_END = 9999
+ };
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
new file mode 100644
index 00000000..1d03dae9
--- /dev/null
+++ b/core/api-exchange.rst
@@ -0,0 +1,1546 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2018 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Christian Grothoff
+
+=============================
+The Exchange RESTful JSON API
+=============================
+
+The API specified here follows the :ref:`general conventions <http-common>`
+for all details not specified in the individual requests.
+The `glossary <https://docs.taler.net/glossary.html#glossary>`
+defines all specific terms used in this section.
+
+.. _keys:
+
+-----------------------
+Obtaining Exchange Keys
+-----------------------
+
+This API is used by wallets and merchants to obtain global information about
+the exchange, such as online signing keys, available denominations and the fee
+structure. This is typically the first call any exchange client makes, as it
+returns information required to process all of the other interactions with the
+exchange. The returned information is secured by (1) signature(s) from the exchange,
+especially the long-term offline signing key of the exchange, which clients should
+cache; (2) signature(s) from auditors, and the auditor keys should be
+hard-coded into the wallet as they are the trust anchors for Taler; (3)
+possibly by using HTTPS.
+
+
+.. http:get:: /keys
+
+ Get a list of all denomination keys offered by the bank,
+ as well as the bank's current online signing key.
+
+ **Request:**
+
+ :query last_issue_date: optional argument specifying the maximum value of any of the "stamp_start" members of the denomination keys of a "/keys" response that is already known to the client. Allows the exchange to only return keys that have changed since that timestamp. The given value must be an unsigned 64-bit integer representing seconds after 1970. If the timestamp does not exactly match the "stamp_start" of one of the denomination keys, all keys are returned.
+
+ **Response:**
+
+ :status 200 OK:
+ The exchange responds with a `ExchangeKeysResponse`_ object. This request should
+ virtually always be successful.
+
+ **Details:**
+
+ .. _ExchangeKeysResponse:
+ .. code-block:: tsref
+
+ interface ExchangeKeysResponse {
+ // libtool-style representation of the Taler protocol version, see
+ // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning
+ // The format is "current:revision:age".
+ version: String;
+
+ // EdDSA master public key of the exchange, used to sign entries in `denoms` and `signkeys`
+ master_public_key: EddsaPublicKey;
+
+ // Relative duration until inactive reserves are closed; not signed, expressed as
+ // a string in relative time in microseconds, i.e. "/Delay(1000)/" for 1 second.
+ reserve_closing_delay: RelativeTime;
+
+ // Denominations offered by this exchange.
+ denoms: Denom[];
+
+ // Denominations for which the exchange currently offers/requests payback.
+ payback: Payback[];
+
+ // The date when the denomination keys were last updated.
+ list_issue_date: Timestamp;
+
+ // Auditors of the exchange.
+ auditors: Auditor[];
+
+ // The exchange's signing keys.
+ signkeys: SignKey[];
+
+ // compact EdDSA `signature`_ (binary-only) over the SHA-512 hash of the
+ // concatenation of all SHA-512 hashes of the RSA denomination public keys
+ // in `denoms` in the same order as they were in `denoms`. Note that for
+ // hashing, the binary format of the RSA public keys is used, and not their
+ // `base32 encoding <base32>`_. Wallets cannot do much with this signature by itself;
+ // it is only useful when multiple clients need to establish that the exchange
+ // is sabotaging end-user anonymity by giving disjoint denomination keys to
+ // different users. If a exchange were to do this, this signature allows the
+ // clients to demonstrate to the public that the exchange is dishonest.
+ eddsa_sig: EddsaSignature;
+
+ // Public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. It is given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ eddsa_pub: EddsaPublicKey;
+ }
+
+ .. _tsref-type-Denom:
+ .. code-block:: tsref
+
+ interface Denom {
+ // How much are coins of this denomination worth?
+ value: Amount;
+
+ // When does the denomination key become valid?
+ stamp_start: Timestamp;
+
+ // When is it no longer possible to deposit coins
+ // of this denomination?
+ stamp_expire_withdraw: Timestamp;
+
+ // Timestamp indicating by when legal disputes relating to these coins must
+ // be settled, as the exchange will afterwards destroy its evidence relating to
+ // transactions involving this coin.
+ stamp_expire_legal: Timestamp;
+
+ // Public (RSA) key for the denomination.
+ denom_pub: RsaPublicKey;
+
+ // Fee charged by the exchange for withdrawing a coin of this denomination
+ fee_withdraw: Amount;
+
+ // Fee charged by the exchange for depositing a coin of this denomination
+ fee_deposit: Amount;
+
+ // Fee charged by the exchange for refreshing a coin of this denomination
+ fee_refresh: Amount;
+
+ // Fee charged by the exchange for refunding a coin of this denomination
+ fee_refund: Amount;
+
+ // Signature of `TALER_DenominationKeyValidityPS`_
+ master_sig: EddsaSignature;
+ }
+
+ Fees for any of the operations can be zero, but the fields must still be
+ present. The currency of the `fee_deposit`, `fee_refresh` and `fee_refund` must match the
+ currency of the `value`. Theoretically, the `fee_withdraw` could be in a
+ different currency, but this is not currently supported by the
+ implementation.
+
+ .. _tsref-type-Payback:
+ .. code-block:: tsref
+
+ interface Payback {
+ // hash of the public key of the denomination that is being revoked under
+ // emergency protocol (see /payback).
+ h_denom_pub: HashCode;
+
+ // We do not include any signature here, as the primary use-case for
+ // this emergency involves the exchange having lost its signing keys,
+ // so such a signature here would be pretty worthless. However, the
+ // exchange will not honor /payback requests unless they are for
+ // denomination keys listed here.
+ }
+
+ A signing key in the `signkeys` list is a JSON object with the following fields:
+
+ .. _tsref-type-SignKey:
+ .. code-block:: tsref
+
+ interface SignKey {
+ // The actual exchange's EdDSA signing public key.
+ key: EddsaPublicKey;
+
+ // Initial validity date for the signing key.
+ stamp_start: Timestamp;
+
+ // Date when the exchange will stop using the signing key, allowed to overlap
+ // slightly with the next signing key's validity to allow for clock skew.
+ stamp_expire: Timestamp;
+
+ // Date when all signatures made by the signing key expire and should
+ // henceforth no longer be considered valid in legal disputes.
+ stamp_end: Timestamp;
+
+ // Signature over `key` and `stamp_expire` by the exchange master key.
+ // Must have purpose TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY.
+ master_sig: EddsaSignature;
+ }
+
+ An entry in the `auditors` list is a JSON object with the following fields:
+
+ .. _tsref-type-Auditor:
+ .. code-block:: tsref
+
+ interface Auditor {
+ // The auditor's EdDSA signing public key.
+ auditor_pub: EddsaPublicKey;
+
+ // The auditor's URL.
+ auditor_url: string;
+
+ // An array of denomination keys the auditor affirms with its signature.
+ // Note that the message only includes the hash of the public key, while the
+ // signature is actually over the expanded information including expiration
+ // times and fees. The exact format is described below.
+ denomination_keys: DenominationKey[];
+ }
+
+ .. _tsref-type-DenominationKey:
+ .. code-block:: tsref
+
+ interface DenominationKey {
+ // hash of the public RSA key used to sign coins of the respective
+ // denomination. Note that the auditor's signature covers more than just
+ // the hash, but this other information is already provided in `denoms` and
+ // thus not repeated here.
+ denom_pub_h: HashCode;
+
+ // Signature of `TALER_ExchangeKeyValidityPS`_
+ auditor_sig: EddsaSignature;
+ }
+
+ The same auditor may appear multiple times in the array for different subsets
+ of denomination keys, and the same denomination key hash may be listed
+ multiple times for the same or different auditors. The wallet or merchant
+ just should check that the denomination keys they use are in the set for at
+ least one of the auditors that they accept.
+
+ .. note::
+
+ Both the individual denominations *and* the denomination list is signed,
+ allowing customers to prove that they received an inconsistent list.
+
+.. _wire-req:
+
+-----------------------------------
+Obtaining wire-transfer information
+-----------------------------------
+
+.. http:get:: /wire
+
+ Returns a list of payment methods supported by the exchange. The idea is that wallets may use this information to instruct users on how to perform wire transfers to top up their wallets.
+
+ **Response:**
+
+ :status 200: The exchange responds with a `WireResponse`_ object. This request should virtually always be successful.
+
+ **Details:**
+
+ .. _WireResponse:
+ .. _tsref-type-WireResponse:
+ .. code-block:: tsref
+
+ interface WireResponse {
+
+ // Array of wire accounts operated by the exchange for
+ // incoming wire transfers.
+ accounts: WireAccount[];
+
+ // Object mapping names of wire methods (i.e. "sepa" or "x-taler-bank")
+ // to wire fees.
+ fees: { method : AggregateTransferFee };
+ }
+
+ The specification for the account object is:
+
+ .. _WireAccouunt:
+ .. _tsref-type-WireAccount:
+ .. code-block:: tsref
+
+ interface WireAccount {
+ // payto:// URL identifying the account and wire method
+ url: string;
+
+ // Salt value (used when hashing 'url' to verify signature)
+ salt: string;
+
+ // Signature using the exchange's offline key
+ // with purpose TALER_SIGNATURE_MASTER_WIRE_DETAILS.
+ master_sig: EddsaSignature;
+ }
+
+ Aggregate wire transfer fees representing the fees the exchange
+ charges per wire transfer to a merchant must be specified as an
+ array in all wire transfer response objects under `fees`. The
+ respective array contains objects with the following members:
+
+ .. _AggregateTransferFee:
+ .. _tsref-type-AggregateTransferFee:
+ .. code-block:: tsref
+
+ interface AggregateTransferFee {
+ // Per transfer wire transfer fee.
+ wire_fee: Amount;
+
+ // Per transfer closing fee.
+ closing_fee: Amount;
+
+ // What date (inclusive) does this fee go into effect?
+ // The different fees must cover the full time period in which
+ // any of the denomination keys are valid without overlap.
+ start_date: Timestamp;
+
+ // What date (exclusive) does this fee stop going into effect?
+ // The different fees must cover the full time period in which
+ // any of the denomination keys are valid without overlap.
+ end_date: Timestamp;
+
+ // Signature of `TALER_MasterWireFeePS`_ with purpose TALER_SIGNATURE_MASTER_WIRE_FEES
+ sig: EddsaSignature;
+ }
+
+----------
+Withdrawal
+----------
+
+This API is used by the wallet to obtain digital coins.
+
+When transfering money to the exchange such as via SEPA transfers, the exchange creates
+a *reserve*, which keeps the money from the customer. The customer must
+specify an EdDSA reserve public key as part of the transfer, and can then
+withdraw digital coins using the corresponding private key. All incoming and
+outgoing transactions are recorded under the corresponding public key by the
+exchange.
+
+ .. note::
+
+ Eventually the exchange will need to advertise a policy for how long it will keep transaction histories for inactive or even fully drained reserves. We will therefore need some additional handler similar to `/keys` to advertise those terms of service.
+
+
+.. http:get:: /reserve/status
+
+ Request information about a reserve.
+
+ .. note::
+ The client currently does not have to demonstrate knowledge of the private
+ key of the reserve to make this request, which makes the reserve's public
+ key privileged information known only to the client, their bank, and the
+ exchange. In future, we might wish to revisit this decision to improve
+ security, such as by having the client EdDSA-sign an ECDHE key to be used
+ to derive a symmetric key to encrypt the response. This would be useful if
+ for example HTTPS were not used for communication with the exchange.
+
+ **Request:**
+
+ :query reserve_pub: EdDSA reserve public key identifying the reserve.
+
+ **Response:**
+
+ :status 200 OK:
+ The exchange responds with a `ReserveStatus`_ object; the reserve was known to the exchange,
+ :status 404 Not Found: The reserve key does not belong to a reserve known to the exchange.
+
+ **Details:**
+
+ .. _ReserveStatus:
+ .. code-block:: tsref
+
+ interface ReserveStatus {
+ // Balance left in the reserve.
+ balance: Amount;
+
+ // Transaction history for this reserve
+ history: TransactionHistoryItem[];
+ }
+
+ Objects in the transaction history have the following format:
+
+ .. _tsref-type-TransactionHistoryItem:
+ .. code-block:: tsref
+
+ interface TransactionHistoryItem {
+ // Either "WITHDRAW", "DEPOSIT", "PAYBACK", or "CLOSING"
+ type: string;
+
+ // The amount that was withdrawn or deposited (incl. fee)
+ // or paid back, or the closing amount.
+ amount: Amount;
+
+ // Hash of the denomination public key of the coin, if
+ // type is "WITHDRAW".
+ h_denom_pub?: base32;
+
+ // Hash of the blinded coin to be signed, if
+ // type is "WITHDRAW".
+ h_coin_envelope?: base32;
+
+ // Signature of `TALER_WithdrawRequestPS`_ created with the `reserves's private key <reserve-priv>`_. Only present if type is "WITHDRAW".
+ reserve_sig?: EddsaSignature;
+
+ // The fee that was charged for "WITHDRAW".
+ withdraw_fee?: Amount;
+
+ // The fee that was charged for "CLOSING".
+ closing_fee?: Amount;
+
+ // Sender account payto://-URL, only present if type is "DEPOSIT".
+ sender_account_url?: String;
+
+ // Receiver account details, only present if type is "PAYBACK".
+ receiver_account_details?: any;
+
+ // Wire transfer identifier, only present if type is "PAYBACK".
+ wire_transfer?: any;
+
+ // Transfer details uniquely identifying the transfer, only present if type is "DEPOSIT".
+ wire_reference?: any;
+
+ // Wire transfer subject, only present if type is "CLOSING".
+ wtid?: any;
+
+ // Hash of the wire account into which the funds were
+ // returned to, present if type is "CLOSING".
+ h_wire?: base32;
+
+ // If `type` is "PAYBACK", this is a signature over a `struct TALER_PaybackConfirmationPS` with purpose TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK.
+ // If `type` is "CLOSING", this is a signature over a `struct TALER_ReserveCloseConfirmationPS` with purpose TALER_SIGNATURE_EXCHANGE_RESERVE_CLOSED.
+ // Not present for other values of `type`.
+ exchange_sig?: EddsaSignature;
+
+ // Public key used to create `exchange_sig`, only present if `exchange_sig` is present.
+ exchange_pub?: EddsaPublicKey;
+
+ // Public key of the coin that was paid back; only present if type is "PAYBACK".
+ coin_pub?: CoinPublicKey;
+
+ // Timestamp when the exchange received the /payback or executed the wire transfer. Only present if `type` is "DEPOSIT", "PAYBACK" or "CLOSING".
+ timestamp?: Timestamp;
+ }
+
+
+.. http:post:: /reserve/withdraw
+
+ Withdraw a coin of the specified denomination. Note that the client should
+ commit all of the request details, including the private key of the coin and
+ the blinding factor, to disk *before* issuing this request, so that it can
+ recover the information if necessary in case of transient failures, like
+ power outage, network outage, etc.
+
+ **Request:** The request body must be a `WithdrawRequest`_ object.
+
+ **Response:**
+
+ :status 200 OK:
+ The request was succesful, and the response is a `WithdrawResponse`. Note that repeating exactly the same request
+ will again yield the same response, so if the network goes down during the
+ transaction or before the client can commit the coin signature to disk, the
+ coin is not lost.
+ :status 401 Unauthorized: The signature is invalid.
+ :status 404 Not Found:
+ The denomination key or the reserve are not known to the exchange. If the
+ denomination key is unknown, this suggests a bug in the wallet as the
+ wallet should have used current denomination keys from `/keys`. If the
+ reserve is unknown, the wallet should not report a hard error yet, but
+ instead simply wait for up to a day, as the wire transaction might simply
+ not yet have completed and might be known to the exchange in the near future.
+ In this case, the wallet should repeat the exact same request later again
+ using exactly the same blinded coin.
+ :status 403 Forbidden:
+ The balance of the reserve is not sufficient to withdraw a coin of the indicated denomination.
+ The response is `WithdrawError`_ object.
+
+
+ **Details:**
+
+ .. _WithdrawRequest:
+ .. code-block:: tsref
+
+ interface WithdrawRequest {
+ // Hash of a denomination public key (RSA), specifying the type of coin the client
+ // would like the exchange to create.
+ denom_pub_hash: HashCode;
+
+ // coin's blinded public key, should be (blindly) signed by the exchange's
+ // denomination private key
+ coin_ev: CoinEnvelope;
+
+ // `public (EdDSA) key <reserve-pub>`_ of the reserve from which the coin should be
+ // withdrawn. The total amount deducted will be the coin's value plus the
+ // withdrawal fee as specified with the denomination information.
+ reserve_pub: EddsaPublicKey;
+
+ // Signature of `TALER_WithdrawRequestPS`_ created with the `reserves's private key <reserve-priv>`_
+ reserve_sig: EddsaSignature;
+ }
+
+
+ .. _WithdrawResponse:
+ .. code-block:: tsref
+
+ interface WithdrawResponse {
+ // The blinded RSA signature over the `coin_ev`, affirms the coin's
+ // validity after unblinding.
+ ev_sig: BlindedRsaSignature;
+ }
+
+ .. _WithdrawError:
+ .. code-block:: tsref
+
+ interface WithdrawError {
+ // Constant "Insufficient funds"
+ error: string;
+
+ // Amount left in the reserve
+ balance: Amount;
+
+ // History of the reserve's activity, in the same format as returned by /reserve/status.
+ history: TransactionHistoryItem[]
+ }
+
+.. _deposit-par:
+
+-------
+Deposit
+-------
+
+Deposit operations are requested by a merchant during a transaction. For the
+deposit operation, the merchant has to obtain the deposit permission for a coin
+from their customer who owns the coin. When depositing a coin, the merchant is
+credited an amount specified in the deposit permission, possibly a fraction of
+the total coin's value, minus the deposit fee as specified by the coin's
+denomination.
+
+
+.. _deposit:
+
+.. http:POST:: /deposit
+
+ Deposit the given coin and ask the exchange to transfer the given :ref:`amount`
+ to the merchants bank account. This API is used by the merchant to redeem
+ the digital coins. The request should contain a JSON object with the
+ following fields:
+
+ **Request:** The request body must be a `DepositRequest`_ object.
+
+ **Response:**
+
+ :status 200 Ok:
+ The operation succeeded, the exchange confirms that no double-spending took place. The response will include a `DepositSuccess`_ object.
+ :status 401 Unauthorized:
+ One of the signatures is invalid.
+ :status 403 Forbidden:
+ The deposit operation has failed because the coin has insufficient
+ residual value; the request should not be repeated again with this coin.
+ In this case, the response is a `DepositDoubleSpendError`_.
+ :status 404 Not Found:
+ Either the denomination key is not recognized (expired or invalid) or
+ the wire type is not recognized.
+
+ **Details:**
+
+ .. _DepositRequest:
+ .. code-block:: tsref
+
+ interface DepositRequest {
+ // Amount to be deposited, can be a fraction of the
+ // coin's total value.
+ f: Amount;
+
+ // The merchant's account details. This must be a JSON object whose format
+ // must correspond to one of the supported wire transfer formats of the exchange.
+ // See `wireformats`_.
+ wire: Object;
+
+ // SHA-512 hash of the merchant's payment details from `wire`. Although
+ // strictly speaking redundant, this helps detect inconsistencies.
+ // TODO: change to 'h_wire'.
+ H_wire: HashCode;
+
+ // SHA-512 hash of the contact of the merchant with the customer. Further
+ // details are never disclosed to the exchange.
+ h_contract_terms: HashCode;
+
+ // `coin's public key <eddsa-coin-pub>`_, both ECDHE and EdDSA.
+ coin_pub: CoinPublicKey;
+
+ // Hash of denomination RSA key with which the coin is signed
+ denom_pub_hash: HashCode;
+
+ // exchange's unblinded RSA signature of the coin
+ ub_sig: RsaSignature;
+
+ // timestamp when the contract was finalized, must match approximately the
+ // current time of the exchange; if the timestamp is too far off, the
+ // exchange returns "400 Bad Request" with an error code of
+ // "TALER_EC_DEPOSIT_INVALID_TIMESTAMP".
+ timestamp: Timestamp;
+
+ // indicative time by which the exchange undertakes to transfer the funds to
+ // the merchant, in case of successful payment.
+ wire_deadline: Timestamp;
+
+ // EdDSA `public key of the merchant <merchant-pub>`_, so that the client can identify the
+ // merchant for refund requests.
+ merchant_pub: EddsaPublicKey;
+
+ // date until which the merchant can issue a refund to the customer via the
+ // exchange, possibly zero if refunds are not allowed.
+ refund_deadline: Timestamp;
+
+ // Signature of `TALER_DepositRequestPS`_, made by the customer with the `coin's private key <coin-priv>`_
+ coin_sig: EddsaSignature;
+ }
+
+ The deposit operation succeeds if the coin is valid for making a deposit and
+ has enough residual value that has not already been deposited or melted.
+
+
+ .. _`tsref-type-DepositSuccess`:
+ .. _DepositSuccess:
+ .. code-block:: tsref
+
+ interface DepositSuccess {
+ // The string constant "DEPOSIT_OK"
+ status: string;
+
+ // the EdDSA signature of `TALER_DepositConfirmationPS`_ using a current
+ // `signing key of the exchange <sign-key-priv>`_ affirming the successful
+ // deposit and that the exchange will transfer the funds after the refund
+ // deadline, or as soon as possible if the refund deadline is zero.
+ sig: EddsaSignature;
+
+ // `public EdDSA key of the exchange <sign-key-pub>`_ that was used to
+ // generate the signature.
+ // Should match one of the exchange's signing keys from /keys. It is given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ pub: EddsaPublicKey;
+ }
+
+ .. _DepositDoubleSpendError:
+ .. code-block:: tsref
+
+ interface DepositDoubleSpendError {
+ // The string constant "insufficient funds"
+ error: string;
+
+ // Transaction history for the coin that is
+ // being double-spended
+ history: CoinSpendHistoryItem[];
+ }
+
+ .. _`tsref-type-CoinSpendHistoryItem`:
+ .. _CoinSpendHistoryItem:
+ .. code-block:: tsref
+
+ interface CoinSpendHistoryItem {
+ // Either "DEPOSIT", "MELT", "REFUND", "PAYBACK",
+ // "OLD-COIN-PAYBACK" or "PAYBACK-REFRESH"
+ type: string;
+
+ // The total amount of the coin's value absorbed (or restored in the case of a refund) by this transaction.
+ // Note that for deposit and melt this means the amount given includes
+ // the transaction fee, while for refunds the amount given excludes
+ // the transaction fee. The current coin value can thus be computed by
+ // subtracting deposit and melt amounts and adding refund amounts from
+ // the coin's denomination value.
+ amount: Amount;
+
+ // Deposit fee in case of type "DEPOSIT".
+ deposit_fee: Amount;
+
+ // public key of the merchant, for "DEPOSIT" operations.
+ merchant_pub?: EddsaPublicKey;
+
+ // date when the operation was made.
+ // Only for "DEPOSIT", "PAYBACK", "OLD-COIN-PAYBACK" and
+ // "PAYBACK-REFRESH" operations.
+ timestamp?: Timestamp;
+
+ // date until which the merchant can issue a refund to the customer via the
+ // exchange, possibly zero if refunds are not allowed. Only for "DEPOSIT" operations.
+ refund_deadline?: Timestamp;
+
+ // Signature by the coin, only present if `type` is "DEPOSIT" or "MELT"
+ coin_sig?: EddsaSignature;
+
+ // Deposit fee in case of type "MELT".
+ melt_fee: Amount;
+
+ // Commitment from the melt operation, only for "MELT".
+ rc?: TALER_RefreshCommitmentP;
+
+ // Hash of the bank account from where we received the funds,
+ // only present if `type` is "DEPOSIT"
+ h_wire?: HashCode;
+
+ // Deposit fee in case of type "REFUND".
+ refund_fee?: Amount;
+
+ // Hash over the proposal data of the contract that
+ // is being paid (if type is "DEPOSIT") or refunded (if
+ // `type` is "REFUND"); otherwise absent.
+ h_contract_terms?: HashCode;
+
+ // Refund transaction ID. Only present if `type` is
+ // "REFUND"
+ rtransaction_id?: integer;
+
+ // `EdDSA Signature <eddsa-sig>`_ authorizing the REFUND. Made with
+ // the `public key of the merchant <merchant-pub>`_.
+ // Only present if `type` is "REFUND"
+ merchant_sig?: EddsaSignature;
+
+ // public key of the reserve that will receive the funds, for "PAYBACK" operations.
+ reserve_pub?: EddsaPublicKey;
+
+ // Signature by the exchange, only present if `type` is "PAYBACK",
+ // "OLD-COIN-PAYBACK" or "PAYBACK-REFRESH". Signature is
+ // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK for "PAYBACK",
+ // and of type TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK_REFRESH otherwise.
+ exchange_sig?: EddsaSignature;
+
+ // public key used to sign `exchange_sig`, only present if `exchange_sig` present.
+ exchange_pub?: EddsaPublicKey;
+
+ // Blinding factor of the revoked new coin,
+ // only present if `type` is "REFRESH_PAYBACK".
+ new_coin_blinding_secret: RsaBlindingKeySecret;
+
+ // Blinded public key of the revoked new coin,
+ // only present if `type` is "REFRESH_PAYBACK".
+ new_coin_ev: RsaBlindingKeySecret;
+ }
+
+----------
+Refreshing
+----------
+
+Refreshing creates `n` new coins from `m` old coins, where the sum of
+denominations of the new coins must be smaller than the sum of the old coins'
+denominations plus melting (refresh) and withdrawal fees charged by the exchange.
+The refreshing API can be used by wallets to melt partially spent coins, making
+transactions with the freshly exchangeed coins unlinkabe to previous transactions
+by anyone except the wallet itself.
+
+However, the new coins are linkable from the private keys of all old coins
+using the /refresh/link request. While /refresh/link must be implemented by
+the exchange to achieve taxability, wallets do not really ever need that part of
+the API during normal operation.
+
+.. _refresh:
+.. http:post:: /refresh/melt
+
+ "Melts" coins. Invalidates the coins and prepares for exchangeing of fresh
+ coins. Taler uses a global parameter `kappa` for the cut-and-choose
+ component of the protocol, for which this request is the commitment. Thus,
+ various arguments are given `kappa`-times in this step. At present `kappa`
+ is always 3.
+
+
+ :status 401 Unauthorized:
+ One of the signatures is invalid.
+ :status 200 OK:
+ The request was succesful. The response body is `MeltResponse`_ in this case.
+ :status 403 Forbidden:
+ The operation is not allowed as at least one of the coins has insufficient funds. The response
+ is `MeltForbiddenResponse`_ in this case.
+ :status 404:
+ the exchange does not recognize the denomination key as belonging to the exchange,
+ or it has expired
+
+ **Details:**
+
+
+ .. code-block:: tsref
+
+ interface MeltRequest {
+
+ // `Coin public key <eddsa-coin-pub>`_, uniquely identifies the coin to be melted
+ coin_pub: string;
+
+ // Hash of the denomination public key, to determine total coin value.
+ denom_pub_hash: HashCode;
+
+ // Signature over the `coin public key <eddsa-coin-pub>`_ by the denomination.
+ denom_sig: RsaSignature;
+
+ // Signature by the `coin <coin-priv>`_ over the melt commitment.
+ confirm_sig: EddsaSignature;
+
+ // Amount of the value of the coin that should be melted as part of
+ // this refresh operation, including melting fee.
+ value_with_fee: Amount;
+
+ // Melt commitment. Hash over the various coins to be withdrawn.
+ // See also `TALER_refresh_get_commitment()`
+ rc: TALER_RefreshCommitmentP;
+
+ }
+
+ For details about the HKDF used to derive the new coin private keys and
+ the blinding factors from ECDHE between the transfer public keys and
+ the private key of the melted coin, please refer to the
+ implementation in `libtalerutil`.
+
+ .. _tsref-type-MeltResponse:
+ .. _MeltResponse:
+ .. code-block:: tsref
+
+ interface MeltResponse {
+ // Which of the `kappa` indices does the client not have to reveal.
+ noreveal_index: number;
+
+ // Signature of `TALER_RefreshMeltConfirmationPS`_ whereby the exchange
+ // affirms the successful melt and confirming the `noreveal_index`
+ exchange_sig: EddsaSignature;
+
+ // `public EdDSA key <sign-key-pub>`_ of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. Again given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ exchange_pub: EddsaPublicKey;
+ }
+
+
+ .. _tsref-type-MeltForbiddenResponse:
+ .. _MeltForbiddenResponse:
+ .. code-block:: tsref
+
+ interface MeltForbiddenResponse {
+ // Always "insufficient funds"
+ error: string;
+
+ // public key of a melted coin that had insufficient funds
+ coin_pub: EddsaPublicKey;
+
+ // original total value of the coin
+ original_value: Amount;
+
+ // remaining value of the coin
+ residual_value: Amount;
+
+ // amount of the coin's value that was to be melted
+ requested_value: Amount;
+
+ // The transaction list of the respective coin that failed to have sufficient funds left.
+ // Note that only the transaction history for one bogus coin is given,
+ // even if multiple coins would have failed the check.
+ history: CoinSpendHistoryItem[];
+ }
+
+
+.. http:post:: /refresh/reveal
+
+ Reveal previously commited values to the exchange, except for the values
+ corresponding to the `noreveal_index` returned by the /exchange/melt step.
+
+ Errors such as failing to do proper arithmetic when it comes to calculating
+ the total of the coin values and fees are simply reported as bad requests.
+ This includes issues such as melting the same coin twice in the same session,
+ which is simply not allowed. However, theoretically it is possible to melt a
+ coin twice, as long as the `value_with_fee` of the two melting operations is
+ not larger than the total remaining value of the coin before the melting
+ operations. Nevertheless, this is not really useful.
+
+ :status 200 OK:
+ The transfer private keys matched the commitment and the original request was well-formed.
+ The response body is a `RevealResponse`_
+ :status 409 Conflict:
+ There is a problem between the original commitment and the revealed private
+ keys. The returned information is proof of the missmatch, and therefore
+ rather verbose, as it includes most of the original /refresh/melt request,
+ but of course expected to be primarily used for diagnostics.
+ The response body is a `RevealConflictResponse`_.
+
+ **Details:**
+
+ Request body contains a JSON object with the following fields:
+
+ .. code-block:: tsref
+
+ interface RevealRequest {
+
+ // Array of `n` new hash codes of denomination public keys to order.
+ new_denoms_h: HashCode[];
+
+ // Array of `n` entries with blinded coins,
+ // matching the respective entries in `new_denoms`.
+ coin_evs: CoinEnvelope[];
+
+ // `kappa - 1` transfer private keys (ephemeral ECDHE keys)
+ transfer_privs: EddsaPrivateKey[];
+
+ // transfer public key at the `noreveal_index`.
+ transfer_pub: EddsaPublicKey;
+
+ // Array of `n` signatures made by the wallet using the old coin's private key,
+ // used later to verify the /refresh/link response from the exchange.
+ // Signs over a `TALER_CoinLinkSignaturePS`_
+ link_sigs: EddsaSignature[];
+
+ // The original commitment, used to match the /refresh/reveal
+ // to the corresponding /refresh/melt operation.
+ rc: HashCode;
+ }
+
+
+ .. _RevealResponse:
+ .. code-block:: tsref
+
+ interface RevealResponse {
+ // List of the exchange's blinded RSA signatures on the new coins. Each
+ // element in the array is another JSON object which contains the signature
+ // in the "ev_sig" field.
+ ev_sigs: BlindedRsaSignature[];
+ }
+
+
+ .. _RevealConflictResponse:
+ .. code-block:: tsref
+
+ interface RevealConflictResponse {
+ // Constant "commitment violation"
+ error: string;
+
+ // Detailed error code
+ code: integer;
+
+ // Commitment as calculated by the exchange from the revealed data.
+ rc_expected: HashCode;
+
+ }
+
+
+.. http:get:: /refresh/link
+
+ Link the old public key of a melted coin to the coin(s) that were exchangeed during the refresh operation.
+
+ **Request:**
+
+ :query coin_pub: melted coin's public key
+
+ **Response:**
+
+ :status 200 OK:
+ All commitments were revealed successfully. The exchange returns an array,
+ typically consisting of only one element, in which each each element contains
+ information about a melting session that the coin was used in.
+ :status 404 Not Found:
+ The exchange has no linkage data for the given public key, as the coin has not
+ yet been involved in a refresh operation.
+
+ **Details:**
+
+ .. _tsref-type-LinkResponse:
+ .. code-block:: tsref
+
+ interface LinkResponse {
+ // transfer ECDHE public key corresponding to the `coin_pub`, used to
+ // compute the blinding factor and private key of the fresh coins.
+ transfer_pub: EcdhePublicKey;
+
+ // array with (encrypted/blinded) information for each of the coins
+ // exchangeed in the refresh operation.
+ new_coins: NewCoinInfo[];
+ }
+
+ .. _tsref-type-NewCoinInfo:
+ .. code-block:: tsref
+
+ interface NewCoinInfo {
+ // RSA public key of the exchangeed coin.
+ denom_pub: RsaPublicKey;
+
+ // Exchange's blinded signature over the exchangeed coin.
+ ev_sig: BlindedRsaSignature;
+
+ // Blinded coin, to be verified by the wallet to protect against
+ // a malicious exchange.
+ coin_ev: CoinEnvelope;
+
+ // Signature made by the old coin over the refresh request.
+ // Signs over a `TALER_CoinLinkSignaturePS`_
+ link_sig: EddsaSignature;
+ }
+
+
+-------------------
+Emergency Cash-Back
+-------------------
+
+This API is only used if the exchange is either about to go out of
+business or has had its private signing keys compromised (so in
+either case, the protocol is only used in **abnormal**
+situations). In the above cases, the exchange signals to the
+wallets that the emergency cash back protocol has been activated
+by putting the affected denomination keys into the cash-back
+part of the /keys response. If and only if this has happened,
+coins that were signed with those denomination keys can be cashed
+in using this API.
+
+ .. note::
+
+ This is a proposed API, we are implementing it as bug #3887.
+
+.. http:post:: /payback
+
+ Demand that a coin be refunded via wire transfer to the original owner.
+
+ **Request:** The request body must be a `PaybackRequest`_ object.
+
+ **Response:**
+ :status 200 OK:
+ The request was succesful, and the response is a `PaybackConfirmation`.
+ Note that repeating exactly the same request
+ will again yield the same response, so if the network goes down during the
+ transaction or before the client can commit the coin signature to disk, the
+ coin is not lost.
+ :status 401 Unauthorized: The coin's signature is invalid.
+ :status 403 Forbidden: The coin was already used for payment.
+ The response is a `DepositDoubleSpendError`_.
+ :status 404 Not Found:
+ The denomination key is not in the set of denomination
+ keys where emergency pay back is enabled, or the blinded
+ coin is not known to have been withdrawn.
+
+ **Details:**
+
+ .. _PaybackRequest:
+ .. code-block:: tsref
+
+ interface PaybackRequest {
+ // Hash of denomination public key (RSA), specifying the type of coin the client
+ // would like the exchange to pay back.
+ denom_pub_hash: HashCode;
+
+ // Signature over the `coin public key <eddsa-coin-pub>`_ by the denomination.
+ denom_sig: RsaSignature;
+
+ // coin's public key
+ coin_pub: CoinPublicKey;
+
+ // coin's blinding factor
+ coin_blind_key_secret: RsaBlindingKeySecret;
+
+ // Signature of `TALER_PaybackRequestPS`_ created with the `coin's private key <coin-priv>`_
+ coin_sig: EddsaSignature;
+
+ // Was the coin refreshed (and thus the payback should go to the old coin)?
+ // Optional (for backwards compatibility); if absent, "false" is assumed
+ refreshed?: boolean;
+ }
+
+
+ .. _PaybackConfirmation:
+ .. code-block:: tsref
+
+ interface PaybackConfirmation {
+ // public key of the reserve that will receive the payback,
+ // provided if refreshed was false.
+ reserve_pub?: EddsaPublicKey;
+
+ // public key of the old coin that will receive the payback,
+ // provided if refreshed was true.
+ old_coin_pub?: EddsaPublicKey;
+
+ // How much will the exchange pay back (needed by wallet in
+ // case coin was partially spent and wallet got restored from backup)
+ amount: Amount;
+
+ // Time by which the exchange received the /payback request.
+ timestamp: Timestamp;
+
+ // the EdDSA signature of `TALER_PaybackConfirmationPS`_ (refreshed false)
+ // or `TALER_PaybackRefreshConfirmationPS_` (refreshed true) using a current
+ // `signing key of the exchange <sign-key-priv>`_ affirming the successful
+ // payback request, and that the exchange promises to transfer the funds
+ // by the date specified (this allows the exchange delaying the transfer
+ // a bit to aggregate additional payback requests into a larger one).
+ exchange_sig: EddsaSignature;
+
+ // Public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. It is given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ exchange_pub: EddsaPublicKey;
+ }
+
+
+-----------------------
+Tracking wire transfers
+-----------------------
+
+This API is used by merchants that need to find out which wire
+transfers (from the exchange to the merchant) correspond to which deposit
+operations. Typically, a merchant will receive a wire transfer with a
+**wire transfer identifier** and want to know the set of deposit
+operations that correspond to this wire transfer. This is the
+preferred query that merchants should make for each wire transfer they
+receive. If a merchant needs to investigate a specific deposit
+operation (i.e. because it seems that it was not paid), then the
+merchant can also request the wire transfer identifier for a deposit
+operation.
+
+Sufficient information is returned to verify that the coin signatures
+are correct. This also allows governments to use this API when doing
+a tax audit on merchants.
+
+Naturally, the returned information may be sensitive for the merchant.
+We do not require the merchant to sign the request, as the same requests
+may also be performed by the government auditing a merchant.
+However, wire transfer identifiers should have sufficient entropy to
+ensure that obtaining a successful reply by brute-force is not practical.
+Nevertheless, the merchant should protect the wire transfer identifiers
+from his bank statements against unauthorized access, least his income
+situation is revealed to an adversary. (This is not a major issue, as
+an adversary that has access to the line-items of bank statements can
+typically also view the balance.)
+
+
+.. http:get:: /track/transfer
+
+ Provides deposits associated with a given wire transfer.
+
+ **Request:**
+
+ :query wtid: raw wire transfer identifier identifying the wire transfer (a base32-encoded value)
+
+ **Response:**
+
+ :status 200 OK:
+ The wire transfer is known to the exchange, details about it follow in the body.
+ The body of the response is a `TrackTransferResponse`_.
+ :status 404 Not Found:
+ The wire transfer identifier is unknown to the exchange.
+
+ .. _TrackTransferResponse:
+ .. _tsref-type-TrackTransferResponse:
+ .. code-block:: tsref
+
+ interface TrackTransferResponse {
+ // Total amount transferred
+ total: Amount;
+
+ // Applicable wire fee that was charged
+ wire_fee: Amount;
+
+ // public key of the merchant (identical for all deposits)
+ merchant_pub: EddsaPublicKey;
+
+ // hash of the wire details (identical for all deposits)
+ H_wire: HashCode;
+
+ // Time of the execution of the wire transfer by the exchange
+ execution_time: Timestamp;
+
+ // details about the deposits
+ deposits: TrackTransferDetail[];
+
+ // signature from the exchange made with purpose
+ // `TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT`
+ exchange_sig: EddsaSignature;
+
+ // public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. Again given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ exchange_pub: EddsaSignature;
+ }
+
+ .. _tsref-type-TrackTransferDetail:
+ .. code-block:: tsref
+
+ interface TrackTransferDetail {
+ // SHA-512 hash of the contact of the merchant with the customer.
+ h_contract_terms: HashCode;
+
+ // coin's public key, both ECDHE and EdDSA.
+ coin_pub: CoinPublicKey;
+
+ // The total amount the original deposit was worth.
+ deposit_value: Amount;
+
+ // applicable fees for the deposit
+ deposit_fee: Amount;
+
+ }
+
+.. http:post:: /track/transaction
+
+ Provide the wire transfer identifier associated with an (existing) deposit operation.
+
+ **Request:** The request body must be a `TrackTransactionRequest`_ JSON object.
+
+ **Response:**
+
+ :status 200 OK:
+ The deposit has been executed by the exchange and we have a wire transfer identifier.
+ The response body is a `TrackTransactionResponse`_ object.
+ :status 202 Accepted:
+ The deposit request has been accepted for processing, but was not yet
+ executed. Hence the exchange does not yet have a wire transfer identifier. The
+ merchant should come back later and ask again.
+ The response body is a `TrackTransactionAcceptedResponse`_.
+ :status 401 Unauthorized: The signature is invalid.
+ :status 404 Not Found: The deposit operation is unknown to the exchange
+
+ **Details:**
+
+ .. _tsref-type-TrackTransactionRequest:
+ .. _TrackTransactionRequest:
+ .. code-block:: tsref
+
+ interface TrackTransactionRequest {
+ // SHA-512 hash of the merchant's payment details.
+ H_wire: HashCode;
+
+ // SHA-512 hash of the contact of the merchant with the customer.
+ h_contract_terms: HashCode;
+
+ // coin's public key, both ECDHE and EdDSA.
+ coin_pub: CoinPublicKey;
+
+ // the EdDSA public key of the merchant, so that the client can identify
+ // the merchant for refund requests.
+ merchant_pub: EddsaPublicKey;
+
+ // the EdDSA signature of the merchant made with purpose
+ // `TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION` , affirming that it is really the
+ // merchant who requires obtaining the wire transfer identifier.
+ merchant_sig: EddsaSignature;
+ }
+
+
+ .. _tsref-type-TrackTransactionResponse:
+ .. _TrackTransactionResponse:
+ .. code-block:: tsref
+
+ interface TrackTransactionResponse {
+ // raw wire transfer identifier of the deposit.
+ wtid: Base32;
+
+ // when was the wire transfer given to the bank.
+ execution_time: Timestamp;
+
+ // The contribution of this coin to the total (without fees)
+ coin_contribution: Amount;
+
+ // Total amount transferred
+ total_amount: Amount;
+
+ // binary-only Signature_ for purpose `TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE`
+ // whereby the exchange affirms the successful wire transfer.
+ exchange_sig: EddsaSignature;
+
+ // public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. Again given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ exchange_pub: EddsaPublicKey;
+ }
+
+ .. _tsref-type-TrackTransactionAcceptedResponse:
+ .. _TrackTransactionAcceptedResponse:
+ .. code-block:: tsref
+
+ interface TrackTransactionAcceptedResponse {
+ // time by which the exchange currently thinks the deposit will be executed.
+ execution_time: Timestamp;
+ }
+
+
+-------
+Refunds
+-------
+
+.. _refund:
+.. http:POST:: /refund
+
+ Undo deposit of the given coin, restoring its value.
+
+ **Request:** The request body must be a `RefundRequest`_ object.
+
+ **Response:**
+
+ :status 200 Ok:
+ The operation succeeded, the exchange confirms that the coin can now be refreshed. The response will include a `RefundSuccess`_ object.
+ :status 401 Unauthorized:
+ Merchant signature is invalid.
+ :status 404 Not found:
+ The refund operation failed as we could not find a matching deposit operation (coin, contract, transaction ID and merchant public key must all match).
+ :status 410 Gone:
+ It is too late for a refund by the exchange, the money was already sent to the merchant.
+
+ **Details:**
+
+ .. _RefundRequest:
+ .. code-block:: tsref
+
+ interface RefundRequest {
+
+ // Amount to be refunded, can be a fraction of the
+ // coin's total deposit value (including deposit fee);
+ // must be larger than the refund fee.
+ refund_amount: Amount;
+
+ // Refund fee associated with the given coin.
+ // must be smaller than the refund amount.
+ refund_fee: Amount;
+
+ // SHA-512 hash of the contact of the merchant with the customer.
+ h_contract_terms: HashCode;
+
+ // coin's public key, both ECDHE and EdDSA.
+ coin_pub: CoinPublicKey;
+
+ // 64-bit transaction id of the refund transaction between merchant and customer
+ rtransaction_id: number;
+
+ // EdDSA public key of the merchant.
+ merchant_pub: EddsaPublicKey;
+
+ // EdDSA signature of the merchant affirming the refund.
+ merchant_sig: EddsaPublicKey;
+
+ }
+
+ .. _RefundSuccess:
+ .. code-block:: tsref
+
+ interface RefundSuccess {
+ // The string constant "REFUND_OK"
+ status: string;
+
+ // the EdDSA :ref:`signature` (binary-only) with purpose
+ // `TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND` using a current signing key of the
+ // exchange affirming the successful refund
+ sig: EddsaSignature;
+
+ // public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. It is given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ pub: EddsaPublicKey;
+ }
+
+
+------------
+The Test API
+------------
+
+The test API is not there to test the exchange, but to allow
+clients of the exchange (merchant and wallet implementations)
+to test if their implemenation of the cryptography is
+binary-compatible with the implementation of the exchange.
+
+.. http:POST:: /test/base32
+
+ Test hashing and Crockford :ref:`base32` encoding.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ // some base32-encoded value
+ input: Base32;
+ }
+
+ **Response:**
+
+ .. code-block:: tsref
+
+ {
+ // the base32_-encoded hash of the input value
+ output: Base32;
+ }
+
+.. http:POST:: /test/encrypt
+
+ Test symmetric encryption.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ // Some `base32`_-encoded value
+ input: Base32;
+
+ // some `base32`_-encoded hash that is used to derive the symmetric key and
+ // initialization vector for the encryption using the HKDF with "skey" and
+ // "iv" as the salt.
+ key_hash: Base32;
+ }
+
+ **Response:**
+
+
+ .. code-block:: tsref
+
+ {
+ // the encrypted value
+ output: Base32;
+ }
+
+.. http:POST:: /test/hkdf
+
+ Test Hash Key Deriviation Function.
+
+ **Request:**
+
+
+ .. code-block:: tsref
+
+ {
+ // Some `base32`_-encoded value
+ input: Base32;
+ }
+
+ **Response:**
+
+
+ .. code-block:: tsref
+
+ {
+ // the HKDF of the input using "salty" as salt
+ output: Base32;
+ }
+
+.. http:POST:: /test/ecdhe
+
+ Test ECDHE.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ ecdhe_pub: EcdhePublicKey;
+ ecdhe_priv: EcdhePrivateKey;
+ }
+
+ **Response:**
+
+ .. code-block:: tsref
+
+ {
+ // ECDH result from the two keys
+ ecdhe_hash: HashCode;
+ }
+
+
+.. http:POST:: /test/eddsa
+
+ Test EdDSA.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ eddsa_pub: EddsaPublicKey;
+
+ // EdDSA signature using purpose TALER_SIGNATURE_CLIENT_TEST_EDDSA. Note:
+ // the signed payload must be empty, we sign just the purpose here.
+ eddsa_sig: EddsaSignature;
+ }
+
+ **Response:**
+
+ :status 200: the signature was valid
+ :status 401 Unauthorized: the signature was invalid
+
+ The exchange responds with another valid signature, which gives the
+ client the opportunity to test its signature verification implementation.
+
+ .. code-block:: tsref
+
+ {
+ // Another EdDSA public key
+ eddsa_pub: EddsaPublicKey;
+
+ // EdDSA signature using purpose TALER_SIGNATURE_EXCHANGE_TEST_EDDSA
+ eddsa_sig: EddsaSignature;
+ }
+
+
+.. http:GET:: /test/rsa/get
+
+ Obtain the RSA public key used for signing in /test/rsa/sign.
+
+ **Response:**
+
+ .. code-block:: tsref
+
+ {
+ // The RSA public key the client should use when blinding a value for the /test/rsa/sign API.
+ rsa_pub: RsaPublicKey;
+ }
+
+.. http:POST:: /test/rsa/sign
+
+ Test RSA blind signatures.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ // Blinded value to sign.
+ blind_ev: BlindedRsaSignature;
+ }
+
+ **Response:**
+
+
+ .. code-block:: tsref
+
+ {
+ // Blind RSA signature over the `blind_ev` using the private key
+ // corresponding to the RSA public key returned by /test/rsa/get.
+ rsa_blind_sig: BlindedRsaSignature;
+ }
+
+.. http:POST:: /test/transfer
+
+ Test Transfer decryption.
+
+ **Request:**
+
+ .. code-block:: tsref
+
+ {
+ // Private transfer key
+ trans_priv: string;
+
+ // `Coin public key <eddsa-coin-pub>`_
+ coin_pub: EddsaPublicKey;
+ }
+
+ **Response:**
+
+ :status 200: the operation succeeded
+
+ .. code-block:: tsref
+
+ {
+ // Decrypted transfer secret
+ secret: string;
+ }
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
new file mode 100644
index 00000000..9eb69812
--- /dev/null
+++ b/core/api-merchant.rst
@@ -0,0 +1,1194 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014, 2015, 2016, 2017 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Marcello Stanisci
+ @author Florian Dold
+ @author Christian Grothoff
+
+.. _merchant-api:
+
+====================
+Merchant Backend API
+====================
+
+------------------
+Receiving Payments
+------------------
+
+.. _post-order:
+
+.. http:post:: /order
+
+ Create a new order that a customer can pay for.
+
+ This request is not idempotent unless an `order_id` is explicitly specified.
+
+ .. note::
+
+ This endpoint does not return a URL to redirect your user to confirm the payment.
+ In order to get this URL use :http:get:`/check-payment`. The API is structured this way
+ since the payment redirect URL is not unique for every order, there might be varying parameters
+ such as the session id.
+
+ **Request:**
+
+ The request must be a `PostOrderRequest`_.
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully created the proposal. The response is a
+ `PostOrderResponse`_.
+
+ .. _PostOrderRequest:
+ .. code-block:: tsref
+
+ interface PostOrderRequest {
+ // The order must at least contain the minimal
+ // order detail, but can override all
+ order: MinimalOrderDetail | ContractTerms;
+ }
+
+ The following fields of the `ContractTerms`_
+
+ .. _MinimalOrderDetail:
+ .. _tsref-type-MinimalOrderDetail:
+ .. code-block:: tsref
+
+ interface MinimalOrderRequest {
+ // Amount to be paid by the customer
+ amount: Amount
+
+ // Short summary of the order
+ summary: string;
+
+ // URL that will show that the order was successful after
+ // it has been paid for. The wallet will always automatically append
+ // the order_id as a query parameter.
+ fulfillment_url: string;
+
+ // Merchant instance to use (leave empty to use instance "default")
+ instance?: string;
+ }
+
+ .. _PostOrderResponse:
+ .. code-block:: tsref
+
+ interface PostOrderResponse {
+ // Order ID of the response that was just created
+ order_id: string;
+ }
+
+
+.. http:get:: /check-payment
+
+ Check the payment status of an order. If the order exists but is not payed yet,
+ the response provides a redirect URL.
+ When the user goes to this URL, they will be prompted for payment.
+
+ **Request:**
+
+ :query order_id: order id that should be used for the payment
+ :query instance: *Optional*. Instance used for the payment. Defaults to the instance with identifier "default".
+ :query session_id: *Optional*. Session ID that the payment must be bound to. If not specified, the payment is not session-bound.
+
+ **Response:**
+
+ Returns a `CheckPaymentResponse`_, whose format can differ based on the status of the payment.
+
+ .. _CheckPaymentResponse:
+ .. code-block:: tsref
+
+ type CheckPaymentResponse = CheckPaymentPaidResponse | CheckPaymentUnpaidResponse
+
+ .. _CheckPaymentPaidResponse:
+ .. _tsref-type-CheckPaymentPaidResponse:
+ .. code-block:: tsref
+
+ interface CheckPaymentPaidResponse {
+ paid: true;
+
+ // Was the payment refunded (even partially)
+ refunded: boolean;
+
+ // Amount that was refunded
+ refund_amount: Amount;
+
+ // Contract terms
+ contract_terms: ContractTerms;
+ }
+
+ .. _CheckPaymentUnpaidResponse:
+ .. _tsref-type-CheckPaymentUnpaidResponse:
+ .. code-block:: tsref
+
+ interface CheckPaymentUnpaidResponse {
+ paid: false;
+
+ // URI that the wallet must process to complete the payment.
+ taler_pay_uri: string;
+
+ }
+
+
+--------------
+Giving Refunds
+--------------
+
+
+.. http:post:: /refund
+
+ Increase the refund amount associated with a given order. The user should be
+ redirected to the `refund_redirect_url` to trigger refund processing in the wallet.
+
+ **Request**
+
+ The request body is a `RefundRequest`_ object.
+
+ **Response**
+
+ :status 200 OK:
+ The refund amount has been increased, the backend responds with a `MerchantRefundResponse`_
+ :status 400 Bad request:
+ The refund amount is not consistent: it is not bigger than the previous one.
+
+ .. _RefundRequest:
+ .. code-block:: tsref
+
+ interface RefundRequest {
+ // Order id of the transaction to be refunded
+ order_id: string;
+
+ // Amount to be refunded
+ refund: Amount;
+
+ // Human-readable refund justification
+ reason: string;
+
+ // Merchant instance issuing the request
+ instance?: string;
+ }
+
+ .. _MerchantRefundResponse:
+ .. code-block:: tsref
+
+ interface MerchantRefundResponse {
+ // Public key of the merchant
+ merchant_pub: string;
+
+
+ // Contract terms hash of the contract that
+ // is being refunded.
+ h_contract_terms: string;
+
+ // The signed refund permissions, to be sent to the exchange.
+ refund_permissions: MerchantRefundPermission[];
+
+ // URL (handled by the backend) that will
+ // trigger refund processing in the browser/wallet
+ refund_redirect_url: string;
+ }
+
+ .. _MerchantRefundPermission:
+ .. _tsref-type-MerchantRefundPermissoin:
+ .. code-block:: tsref
+
+ interface MerchantRefundPermission {
+ // Amount to be refunded.
+ refund_amount: AmountJson;
+
+ // Fee for the refund.
+ refund_fee: AmountJson;
+
+ // Public key of the coin being refunded.
+ coin_pub: string;
+
+ // Refund transaction ID between merchant and exchange.
+ rtransaction_id: number;
+
+ // Signature made by the merchant over the refund permission.
+ merchant_sig: string;
+ }
+
+
+--------------------
+Giving Customer Tips
+--------------------
+
+
+.. http:post:: /tip-authorize
+
+ Authorize a tip that can be picked up by the customer's wallet by POSTing to
+ `/tip-pickup`. Note that this is simply the authorization step the back
+ office has to trigger first. The user should be navigated to the `tip_redirect_url`
+ to trigger tip processing in the wallet.
+
+ **Request**
+
+ The request body is a `TipCreateRequest`_ object.
+
+ **Response**
+
+ :status 200 OK:
+ A tip has been created. The backend responds with a `TipCreateConfirmation`_
+ :status 404 Not Found:
+ The instance is unknown to the backend, expired or was never enabled or
+ the reserve is unknown to the exchange or expired (see detailed status
+ either being TALER_EC_RESERVE_STATUS_UNKNOWN or
+ TALER_EC_TIP_AUTHORIZE_INSTANCE_UNKNOWN or
+ TALER_EC_TIP_AUTHORIZE_INSTANCE_DOES_NOT_TIP or
+ TALER_EC_TIP_AUTHORIZE_RESERVE_EXPIRED.
+ :status 412 Precondition Failed:
+ The tip amount requested exceeds the available reserve balance for tipping.
+
+ .. _TipCreateRequest:
+ .. code-block:: tsref
+
+ interface TipCreateRequest {
+ // Amount that the customer should be tipped
+ amount: Amount;
+
+ // Merchant instance issuing the request
+ instance?: string;
+
+ // Justification for giving the tip
+ justification: string;
+
+ // URL that the user should be directed to after tipping,
+ // will be included in the tip_token.
+ next_url: string;
+ }
+
+ .. _TipCreateConfirmation:
+ .. code-block:: tsref
+
+ interface TipCreateConfirmation {
+ // Token that will be handed to the wallet,
+ // contains all relevant information to accept
+ // a tip.
+ tip_token: string;
+
+ // URL that will directly trigger procesing
+ // the tip when the browser is redirected to it
+ tip_redirect_url: string;
+ }
+
+
+.. http:post:: /tip-query
+
+ Query the status of an instance's tipping reserve.
+
+ **Request**
+
+ :query instance: instance to query
+
+ **Response**
+
+ :status 200 OK:
+ A tip has been created. The backend responds with a `TipQueryResponse`_
+ :status 404 Not Found:
+ The instance is unknown to the backend.
+ :status 412 Precondition Failed:
+ The instance does not have a tipping reserve configured.
+
+ .. _TipQueryResponse:
+ .. code-block:: tsref
+
+ interface TipQueryResponse {
+ // Amount still available
+ amount_available: Amount;
+
+ // Amount that we authorized for tips
+ amount_authorized: Amount;
+
+ // Amount that was picked up by users already
+ amount_picked_up: Amount;
+
+ // Timestamp indicating when the tipping reserve will expire
+ expiration: Timestamp;
+
+ // Reserve public key of the tipping reserve
+ reserve_pub: string;
+ }
+
+
+------------------------
+Tracking Wire Transfers
+------------------------
+
+.. http:get:: /track/transfer
+
+ Provides deposits associated with a given wire transfer.
+
+ **Request**
+
+ :query wtid: raw wire transfer identifier identifying the wire transfer (a base32-encoded value)
+ :query wire_method: name of the wire transfer method used for the wire transfer
+ :query exchange: base URL of the exchange that made the wire transfer
+ :query instance: (optional) identificative token of the merchant `instance <https://docs.taler.net/operate-merchant.html#instances-lab>`_ which is being tracked.
+
+ **Response:**
+
+ :status 200 OK:
+ The wire transfer is known to the exchange, details about it follow in the body.
+ The body of the response is a `MerchantTrackTransferResponse`_. Note that
+ the similarity to the response given by the exchange for a /track/transfer
+ is completely intended.
+
+ :status 404 Not Found:
+ The wire transfer identifier is unknown to the exchange.
+
+ :status 424 Failed Dependency: The exchange provided conflicting information about the transfer. Namely,
+ there is at least one deposit among the deposits aggregated by `wtid` that accounts for a coin whose
+ details don't match the details stored in merchant's database about the same keyed coin.
+ The response body contains the `TrackTransferConflictDetails`_.
+
+ .. _MerchantTrackTransferResponse:
+ .. _tsref-type-TrackTransferResponse:
+ .. code-block:: tsref
+
+ interface TrackTransferResponse {
+ // Total amount transferred
+ total: Amount;
+
+ // Applicable wire fee that was charged
+ wire_fee: Amount;
+
+ // public key of the merchant (identical for all deposits)
+ merchant_pub: EddsaPublicKey;
+
+ // hash of the wire details (identical for all deposits)
+ H_wire: HashCode;
+
+ // Time of the execution of the wire transfer by the exchange
+ execution_time: Timestamp;
+
+ // details about the deposits
+ deposits_sums: TrackTransferDetail[];
+
+ // signature from the exchange made with purpose
+ // `TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT`
+ exchange_sig: EddsaSignature;
+
+ // public EdDSA key of the exchange that was used to generate the signature.
+ // Should match one of the exchange's signing keys from /keys. Again given
+ // explicitly as the client might otherwise be confused by clock skew as to
+ // which signing key was used.
+ exchange_pub: EddsaSignature;
+ }
+
+ .. _tsref-type-TrackTransferDetail:
+ .. code-block:: tsref
+
+ interface TrackTransferDetail {
+ // Business activity associated with the wire transferred amount
+ // `deposit_value`.
+ order_id: string;
+
+ // The total amount the exchange paid back for `order_id`.
+ deposit_value: Amount;
+
+ // applicable fees for the deposit
+ deposit_fee: Amount;
+ }
+
+
+ **Details:**
+
+ .. _tsref-type-TrackTransferConflictDetails:
+ .. _TrackTransferConflictDetails:
+ .. code-block:: tsref
+
+ interface TrackTransferConflictDetails {
+ // Numerical `error code <error-codes>`_
+ code: number;
+
+ // Text describing the issue for humans.
+ hint: String;
+
+ // A /deposit response matching `coin_pub` showing that the
+ // exchange accepted `coin_pub` for `amount_with_fee`.
+ exchange_deposit_proof: DepositSuccess;
+
+ // Offset in the `exchange_transfer_proof` where the
+ // exchange's response fails to match the `exchange_deposit_proof`.
+ conflict_offset: number;
+
+ // The response from the exchange which tells us when the
+ // coin was returned to us, except that it does not match
+ // the expected value of the coin.
+ exchange_transfer_proof: TrackTransferResponse;
+
+ // Public key of the coin for which we have conflicting information.
+ coin_pub: EddsaPublicKey;
+
+ // Merchant transaction in which `coin_pub` was involved for which
+ // we have conflicting information.
+ transaction_id: number;
+
+ // Expected value of the coin.
+ amount_with_fee: Amount;
+
+ // Expected deposit fee of the coin.
+ deposit_fee: Amount;
+
+ }
+
+
+.. http:get:: /track/transaction
+
+ Provide the wire transfer identifier associated with an (existing) deposit operation.
+
+ **Request:**
+
+ :query id: ID of the transaction we want to trace (an integer)
+ :query instance: merchant instance
+
+ **Response:**
+
+ :status 200 OK:
+ The deposit has been executed by the exchange and we have a wire transfer identifier.
+ The response body is a JSON array of `TransactionWireTransfer`_ objects.
+ :status 202 Accepted:
+ The deposit request has been accepted for processing, but was not yet
+ executed. Hence the exchange does not yet have a wire transfer identifier.
+ The merchant should come back later and ask again.
+ The response body is a :ref:`TrackTransactionAcceptedResponse <TrackTransactionAcceptedResponse>`. Note that
+ the similarity to the response given by the exchange for a /track/order
+ is completely intended.
+ :status 404 Not Found: The transaction is unknown to the backend.
+ :status 424 Failed Dependency:
+ The exchange previously claimed that a deposit was not included in a wire
+ transfer, and now claims that it is. This means that the exchange is
+ dishonest. The response contains the cryptographic proof that the exchange
+ is misbehaving in the form of a `TransactionConflictProof`_.
+
+ **Details:**
+
+ .. _tsref-type-TransactionWireTransfer:
+ .. _TransactionWireTransfer:
+ .. code-block:: tsref
+
+ interface TransactionWireTransfer {
+
+ // Responsible exchange
+ exchange_uri: string;
+
+ // 32-byte wire transfer identifier
+ wtid: Base32;
+
+ // execution time of the wire transfer
+ execution_time: Timestamp;
+
+ // Total amount that has been wire transfered
+ // to the merchant
+ amount: Amount;
+ }
+
+ .. _tsref-type-CoinWireTransfer:
+ .. _CoinWireTransfer:
+ .. code-block:: tsref
+
+ interface CoinWireTransfer {
+ // public key of the coin that was deposited
+ coin_pub: EddsaPublicKey;
+
+ // Amount the coin was worth (including deposit fee)
+ amount_with_fee: Amount;
+
+ // Deposit fee retained by the exchange for the coin
+ deposit_fee: Amount;
+ }
+
+ .. _TransactionConflictProof:
+ .. _tsref-type-TransactionConflictProof:
+ .. code-block:: tsref
+
+ interface TransactionConflictProof {
+ // Numerical `error code <error-codes>`_
+ code: number;
+
+ // Human-readable error description
+ hint: string;
+
+ // A claim by the exchange about the transactions associated
+ // with a given wire transfer; it does not list the
+ // transaction that `transaction_tracking_claim` says is part
+ // of the aggregate. This is
+ // a `/track/transfer` response from the exchange.
+ wtid_tracking_claim: TrackTransferResponse;
+
+ // The current claim by the exchange that the given
+ // transaction is included in the above WTID.
+ // (A response from `/track/order`).
+ transaction_tracking_claim: TrackTransactionResponse;
+
+ // Public key of the coin for which we got conflicting information.
+ coin_pub: CoinPublicKey;
+
+ }
+
+
+-------------------
+Transaction history
+-------------------
+
+.. http:get:: /history
+
+ Returns transactions up to some point in the past
+
+ **Request**
+
+ :query date: time threshold, see `delta` for its interpretation.
+ :query start: row number threshold, see `delta` for its interpretation. Defaults to `UINT64_MAX`, namely the biggest row id possible in the database.
+ :query delta: takes value of the form `N (-N)`, so that at most `N` values strictly younger (older) than `start` and `date` are returned. Defaults to `-20`.
+ :query instance: on behalf of which merchant instance the query should be accomplished.
+ :query ordering: takes value `descending` or `ascending` according to the results wanted from younger to older or vice versa. Defaults to `descending`.
+
+ **Response**
+
+ :status 200 OK: The response is a JSON `array` of `TransactionHistory`_. The array is sorted such that entry `i` is younger than entry `i+1`.
+
+ .. _tsref-type-TransactionHistory:
+ .. _TransactionHistory:
+ .. code-block:: tsref
+
+ interface TransactionHistory {
+ // The serial number this entry has in the merchant's DB.
+ row_id: number;
+
+ // order ID of the transaction related to this entry.
+ order_id: string;
+
+ // Transaction's timestamp
+ timestamp: Timestamp;
+
+ // Total amount associated to this transaction.
+ amount: Amount;
+ }
+
+.. _proposal:
+
+
+-------------------------
+Dynamic Merchant Instance
+-------------------------
+
+.. note::
+
+ The endpoints to dynamically manage merchant instances has not been
+ implemented yet. The bug id for this refernce is 5349.
+
+.. http:get:: /instances
+
+ This is used to return the list of all the merchant instances
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully returned the list of instances stored. Returns
+ a `InstancesResponse`_.
+
+ .. _InstancesResponse:
+ .. code-block:: tsref
+
+ interface InstancesResponse {
+ // List of instances that are present in the backend(see `below <Instance>`_)
+ instances: Instance[];
+ }
+
+The `instance` object describes the instance registered with the backend. It has the following structure:
+
+ .. Instance:
+ .. _tsref-type-Instance:
+ .. code-block:: tsref
+
+ interface Instance {
+ // Merchant name corresponding to this instance.
+ name: string;
+
+ // The URL where the wallet will send coins.
+ payto: string;
+
+ // Merchant instance of the response to create
+ instance: string;
+
+ //unique key for each merchant
+ merchant_id: string;
+ }
+
+
+.. http:put:: /instances/
+
+ This request will be used to create a new merchant instance in the backend.
+
+ **Request**
+
+ The request must be a `CreateInstanceRequest`_.
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully created the instance. The response is a
+ `CreateInstanceResponse`_.
+
+ .. _CreateInstanceRequest:
+ .. code-block:: tsref
+
+ interface CreateInstanceRequest {
+ // The URL where the wallet has to send coins.
+ // payto://-URL of the merchant's bank account. Required.
+ payto: string;
+
+ // Merchant instance of the response to create
+ // This field is optional. If it is not specified
+ // then it will automatically be created.
+ instance?: string;
+
+ // Merchant name corresponding to this instance.
+ name: string;
+
+ }
+
+ .. _CreateInstanceResponse:
+ .. code-block:: tsref
+
+ interface CreateInstanceResponse {
+ // Merchant instance of the response that was created
+ instance: string;
+
+ //unique key for each merchant
+ merchant_id: string;
+ }
+
+
+.. http:get:: /instances/<instance-id>
+
+ This is used to query a specific merchant instance.
+
+ **Request:**
+
+ :query instance_id: instance id that should be used for the instance
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully returned the list of instances stored. Returns
+ a `QueryInstancesResponse`_.
+
+ .. _QueryInstancesResponse:
+ .. code-block:: tsref
+
+ interface QueryInstancesResponse {
+ // The URL where the wallet has to send coins.
+ // payto://-URL of the merchant's bank account. Required.
+ payto: string;
+
+ // Merchant instance of the response to create
+ // This field is optional. If it is not specified
+ // then it will automatically be created.
+ instance?: string;
+
+ // Merchant name corresponding to this instance.
+ name: string;
+
+ }
+
+
+.. http:post:: /instances/<instance-id>
+
+ This request will be used to update merchant instance in the backend.
+
+
+ **Request**
+
+ The request must be a `PostInstanceUpdateRequest`_.
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully updated the instance. The response is a
+ `PostInstanceUpdateResponse`_.
+
+ .. _PostInstanceUpdateRequest:
+ .. code-block:: tsref
+
+ interface PostInstanceUpdateRequest {
+ // Merchant instance that is to be updaated. Required.
+ instance: string;
+
+ // New URL where the wallet has to send coins.
+ // payto://-URL of the merchant's bank account. Required.
+ payto: string;
+
+ // Merchant name coreesponding to this instance.
+ name: string;
+
+ }
+
+ .. _PostInstanceUpdateResponse:
+ .. code-block:: tsref
+
+ interface PostInstanceUpdateResponse {
+ // Merchant instance of the response that was updated
+ instance: string;
+
+ //unique key for each merchant
+ merchant_id: string;
+ }
+
+
+.. http:delete:: /instances/<instance-id>
+
+ This request will be used to delete merchant instance in the backend.
+
+ **Request:**
+
+ :query instance_id: instance id that should be used for the instance
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully removed the instance. The response is a
+ `PostInstanceRemoveResponse`_.
+
+ .. _PostInstanceRemoveResponse:
+ .. code-block:: tsref
+
+ interface PostInstanceRemoveResponse {
+ deleted: true;
+ }
+
+
+------------------
+The Contract Terms
+------------------
+
+The `contract terms` must have the following structure:
+
+ .. _ContractTerms:
+ .. _tsref-type-ContractTerms:
+ .. code-block:: tsref
+
+ interface ContractTerms {
+ // Human-readable description of the whole purchase
+ summary: string;
+
+ // Unique, free-form identifier for the proposal.
+ // Must be unique within a merchant instance.
+ // For merchants that do not store proposals in their DB
+ // before the customer paid for them, the order_id can be used
+ // by the frontend to restore a proposal from the information
+ // encoded in it (such as a short product identifier and timestamp).
+ order_id: string;
+
+ // Total price for the transaction.
+ // The exchange will subtract deposit fees from that amount
+ // before transfering it to the merchant.
+ amount: Amount;
+
+ // The URL where the wallet has to send coins.
+ pay_url: string;
+
+ // The URL for this purchase. Every time is is visited, the merchant
+ // will send back to the customer the same proposal. Clearly, this URL
+ // can be bookmarked and shared by users.
+ fulfillment_url: string;
+
+ // Maximum total deposit fee accepted by the merchant for this contract
+ max_fee: Amount;
+
+ // Maximum wire fee accepted by the merchant (customer share to be
+ // divided by the 'wire_fee_amortization' factor, and further reduced
+ // if deposit fees are below 'max_fee'). Default if missing is zero.
+ max_wire_fee: Amount;
+
+ // Over how many customer transactions does the merchant expect to
+ // amortize wire fees on average? If the exchange's wire fee is
+ // above 'max_wire_fee', the difference is divided by this number
+ // to compute the expected customer's contribution to the wire fee.
+ // The customer's contribution may further be reduced by the difference
+ // between the 'max_fee' and the sum of the actual deposit fees.
+ // Optional, default value if missing is 1. 0 and negative values are
+ // invalid and also interpreted as 1.
+ wire_fee_amortization: Integer;
+
+ // List of products that are part of the purchase (see `below <Product>`_)
+ products: Product[];
+
+ // Time when this contract was generated
+ timestamp: Timestamp;
+
+ // After this deadline has passed, no refunds will be accepted.
+ refund_deadline: Timestamp;
+
+ // After this deadline, the merchant won't accept payments for the contact
+ pay_deadline: Timestamp;
+
+ // Merchant's public key used to sign this proposal; this information
+ // is typically added by the backend Note that this can be an ephemeral key.
+ merchant_pub: EddsaPublicKey;
+
+ // More info about the merchant, see below
+ merchant: Merchant;
+
+ // The hash of the merchant instance's wire details.
+ H_wire: HashCode;
+
+ // Wire transfer method identifier for the wire method associated with H_wire.
+ // The wallet may only select exchanges via a matching auditor if the
+ // exchange also supports this wire method.
+ // The wire transfer fees must be added based on this wire transfer method.
+ wire_method: string;
+
+ // Any exchanges audited by these auditors are accepted by the merchant.
+ auditors: Auditor[];
+
+ // Exchanges that the merchant accepts even if it does not accept any auditors that audit them.
+ exchanges: Exchange[];
+
+ // Map from labels to locations
+ locations: { [label: string]: [location: Location], ... };
+
+ // Nonce generated by the wallet and echoed by the merchant
+ // in this field when the proposal is generated.
+ nonce: string;
+
+ // Extra data that is only interpreted by the merchant frontend.
+ // Useful when the merchant needs to store extra information on a
+ // contract without storing it separately in their database.
+ extra?: any;
+ }
+
+ The wallet must select a exchange that either the mechant accepts directly by
+ listing it in the exchanges arry, or for which the merchant accepts an auditor
+ that audits that exchange by listing it in the auditors array.
+
+ The `product` object describes the product being purchased from the merchant. It has the following structure:
+
+ .. _Product:
+ .. _tsref-type-Product:
+ .. code-block:: tsref
+
+ interface Product {
+ // Human-readable product description.
+ description: string;
+
+ // The quantity of the product to deliver to the customer (optional, if applicable)
+ quantity?: string;
+
+ // The price of the product; this is the total price for the amount specified by `quantity`
+ price: Amount;
+
+ // merchant-internal identifier for the product
+ product_id?: string;
+
+ // a list of objects indicating a `taxname` and its amount. Again, italics denotes the object field's name.
+ taxes?: any[];
+
+ // time indicating when this product should be delivered
+ delivery_date: Timestamp;
+
+ // where to deliver this product. This may be an URL for online delivery
+ // (i.e. `http://example.com/download` or `mailto:customer@example.com`),
+ // or a location label defined inside the proposition's `locations`.
+ // The presence of a colon (`:`) indicates the use of an URL.
+ delivery_location: string;
+ }
+
+ .. _tsref-type-Merchant:
+ .. code-block:: ts
+
+ interface Merchant {
+ // label for a location with the business address of the merchant
+ address: string;
+
+ // the merchant's legal name of business
+ name: string;
+
+ // label for a location that denotes the jurisdiction for disputes.
+ // Some of the typical fields for a location (such as a street address) may be absent.
+ jurisdiction: string;
+
+ // Which instance is working this proposal.
+ // See `Merchant Instances <https://docs.taler.net/operate-merchant.html#instances-lab>`_.
+ // This field is optional, as the "default" instance is not forced to provide any
+ // `instance` identificator.
+ instance: string;
+ }
+
+
+ .. _tsref-type-Location:
+ .. _Location:
+ .. code-block:: ts
+
+ interface Location {
+ country?: string;
+ city?: string;
+ state?: string;
+ region?: string;
+ province?: string;
+ zip_code?: string;
+ street?: string;
+ street_number?: string;
+ }
+
+ .. _tsref-type-Auditor:
+ .. code-block:: tsref
+
+ interface Auditor {
+ // official name
+ name: string;
+
+ // Auditor's public key
+ auditor_pub: EddsaPublicKey;
+
+ // Base URL of the auditor
+ url: string;
+ }
+
+ .. _tsref-type-Exchange:
+ .. code-block:: tsref
+
+ interface Exchange {
+ // the exchange's base URL
+ url: string;
+
+ // master public key of the exchange
+ master_pub: EddsaPublicKey;
+ }
+
+
+-------------------
+Customer-facing API
+-------------------
+
+The `/public/*` endpoints are publicly exposed on the internet and accessed
+both by the user's browser and their wallet.
+
+
+.. http:post:: /public/pay
+
+ Pay for a proposal by giving a deposit permission for coins. Typically used by
+ the customer's wallet. Can also be used in `abort-refund` mode to refund coins
+ that were already deposited as part of a failed payment.
+
+ **Request:**
+
+ The request must be a :ref:`pay request <PayRequest>`.
+
+ **Response:**
+
+ :status 200 OK:
+ The exchange accepted all of the coins. The body is a `PaymentResponse`_ if the request used the mode "pay", or a `MerchantRefundResponse`_ if the request used was the mode "abort-refund".
+ The `frontend` should now fullfill the contract.
+ :status 412 Precondition Failed:
+ The given exchange is not acceptable for this merchant, as it is not in the
+ list of accepted exchanges and not audited by an approved auditor.
+ :status 401 Unauthorized:
+ One of the coin signatures was not valid.
+ :status 403 Forbidden:
+ The exchange rejected the payment because a coin was already spent before.
+ The response will include the `coin_pub` for which the payment failed,
+ in addition to the response from the exchange to the `/deposit` request.
+
+ The `backend` will return verbatim the error codes received from the exchange's
+ :ref:`deposit <deposit>` API. If the wallet made a mistake, like by
+ double-spending for example, the `frontend` should pass the reply verbatim to
+ the browser/wallet. This should be the expected case, as the `frontend`
+ cannot really make mistakes; the only reasonable exception is if the
+ `backend` is unavailable, in which case the customer might appreciate some
+ reassurance that the merchant is working on getting his systems back online.
+
+ .. _PaymentResponse:
+ .. code-block:: tsref
+
+ interface PaymentResponse {
+ // Signature on `TALER_PaymentResponsePS`_ with the public
+ // key of the instance in the proposal.
+ sig: EddsaSignature;
+
+ // Proposal data hash being signed over
+ h_proposal_data: HashCode;
+
+ // Proposal, send for convenience so the frontend
+ // can do order processing without a second lookup on
+ // a successful payment
+ proposal: Proposal;
+ }
+
+
+ .. _tsref-type-Proposal:
+ .. code-block:: tsref
+
+ interface Proposal {
+ // The proposal data, effectively the frontend's order with some data filled in
+ // by the merchant backend.
+ data: ProposalData;
+
+ // Contract's hash, provided as a convenience. All components that do
+ // not fully trust the merchant must verify this field.
+ H_proposal: HashCode;
+
+ // Signature over the hashcode of `proposal` made by the merchant.
+ merchant_sig: EddsaSignature;
+ }
+
+
+ .. _PayRequest:
+ .. code-block:: tsref
+
+ interface PayRequest {
+ // Signature on `TALER_PaymentResponsePS`_ with the public
+ // key of the instance in the proposal.
+ sig: EddsaSignature;
+
+ // Proposal data hash being signed over
+ h_proposal_data: HashCode;
+
+ // Proposal, send for convenience so the frontend
+ // can do order processing without a second lookup on
+ // a successful payment
+ proposal: Proposal;
+
+ // Coins with signature.
+ coins: CoinPaySig[];
+
+ // The merchant public key, used to uniquely
+ // identify the merchant instance.
+ merchant_pub: string;
+
+ // Order ID that's being payed for.
+ order_id: string;
+
+ // Mode for /pay ("pay" or "abort-refund")
+ mode: "pay" | "abort-refund";
+ }
+
+
+.. http:get:: /public/proposal
+
+ Retrieve and take ownership (via nonce) over a proposal.
+
+ **Request**
+
+ :query instance: the merchant instance issuing the request
+ :query order_id: the order id whose refund situation is being queried
+ :query nonce: the nonce for the proposal
+
+ **Response**
+
+ :status 200 OK:
+ The backend has successfully retrieved the proposal. It responds with a :ref:`proposal <proposal>`.
+
+ :status 403 Forbidden:
+ The frontend used the same order ID with different content in the order.
+
+
+.. http:post:: /public/tip-pickup
+
+ Handle request from wallet to pick up a tip.
+
+ **Request**
+
+ The request body is a `TipPickupRequest`_ object.
+
+ **Response**
+
+ :status 200 OK:
+ A tip is being returned. The backend responds with a `TipResponse`_
+ :status 401 Unauthorized:
+ The tip amount requested exceeds the tip.
+ :status 404 Not Found:
+ The tip identifier is unknown.
+ :status 409 Conflict:
+ Some of the denomination key hashes of the request do not match those currently available from the exchange (hence there is a conflict between what the wallet requests and what the merchant believes the exchange can provide).
+
+ .. _TipPickupRequest:
+ .. code-block:: tsref
+
+ interface TipPickupRequest {
+
+ // Identifier of the tip.
+ tip_id: HashCode;
+
+ // List of planches the wallet wants to use for the tip
+ planchets: PlanchetDetail[];
+ }
+
+ interface PlanchetDetail {
+ // Hash of the denomination's public key (hashed to reduce
+ // bandwidth consumption)
+ denom_pub_hash: HashCode;
+
+ // coin's blinded public key
+ coin_ev: CoinEnvelope;
+
+ }
+
+ .. _TipResponse:
+ .. code-block:: tsref
+
+ interface TipResponse {
+ // Public key of the reserve
+ reserve_pub: EddsaPublicKey;
+
+ // The order of the signatures matches the planchets list.
+ reserve_sigs: EddsaSignature[];
+ }
+
+
+.. http:get:: /public/refund
+
+ Pick up refunds for an order.
+
+ **Request**
+
+ :query instance: the merchant instance issuing the request
+ :query order_id: the order id whose refund situation is being queried
+
+ **Response**
+
+ If case of success, an *array of* `RefundLookup`_ objects is returned.
+
+ .. _RefundLookup:
+ .. code-block:: tsref
+
+ interface RefundLookup {
+
+ // Coin from which the refund is going to be taken
+ coin_pub: EddsaPublicKey;
+
+ // Refund amount taken from coin_pub
+ refund_amount: Amount;
+
+ // Refund fee
+ refund_fee: Amount;
+
+ // Identificator of the refund
+ rtransaction_id: number;
+
+ // Merchant public key
+ merchant_pub: EddsaPublicKey
+
+ // Merchant signature of a TALER_RefundRequestPS object
+ merchant_sig: EddsaSignature;
+ }
+
+
+.. http:get:: /public/trigger-pay
+
+ Used to trigger processing of payments, refunds and tips in the browser. The exact behavior
+ can be dependent on the user's browser.
diff --git a/core/api-sync.rst b/core/api-sync.rst
new file mode 100644
index 00000000..701c7df5
--- /dev/null
+++ b/core/api-sync.rst
@@ -0,0 +1,407 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2018 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Christian Grothoff
+
+.. _sync-api:
+
+=============================================
+Wallet Backup and Synchronization Service API
+=============================================
+
+The wallet backup and synchronization service uses an EdDSA wallet key
+to identify the "account" of the user. The wallet key is Crockford
+Base32-encoded in the URI to access the data and used to sign requests
+as well as to encrypt the contents (see below). These signatures are
+provided in detached from as HTTP headers.
+
+Once the user activates backup or synchronization, the wallet should
+display the wallet key as a QR code as well as in text format together
+with the synchronization service's URL and ask the user to print this
+key material and keep it safe.
+
+The actual format of the wallet database is not relevant for the
+backup and synchronization service, as the service must only ever see
+a padded and encrypted version of the data.
+
+However, there are a few general rules that will apply to
+any version of the wallet database. Still, except for the
+32 byte minimum upload size, the synchronization service
+itself cannot not enforce these rules.
+
+ * First, the database should be compressed (i.e. gzip), then
+ padded to a power of 2 in kilobytes or a multiple of
+ megabytes, then encrypted and finally protected with
+ an HDKF.
+ * The encryption should use an ephemeral Curve25519 point that
+ is prefixed to the actual database, and combined with
+ the private wallet key via ECDH to create a symmetric secret.
+ With every revision of the wallet (but only real
+ revisions or merge operations), a fresh ephemeral must be
+ used to ensure that the symmetric secret differs every
+ time. HKDFs are used to derive symmetric key material
+ for authenticated encryption (encrypt-then-mac or a
+ modern AEAD-cipher like Keccak). Given that AES is more
+ easily available and will likey increase the code of
+ the wallet less, AES plus a SHA-512 HMAC should suffice
+ for now.
+ * The wallet must enable merging databases in a way that is
+ associative and commutative. For most activities, this implies
+ merging lists, applying expirations, dropping duplicates and
+ sorting the result. For deletions (operations by which the user
+ removed records prior to their scheduled expiration), it means
+ keeping a summarizing log of all deletion operations and applying
+ the deletions after each merge. A summarizing log of a deletion
+ operation would combine two deletion operations of the form
+ "delete all transactions smaller than amount X before time T" and
+ "delete all transactions smaller than amount Y before time T"
+ into "delete all transactions smaller than amount max(X,Y) before
+ time T". Similar summarizations should be applied to all
+ deletion operations supported by the wallet. Deletion operations
+ themselves are associated with an expiration time reflecting the
+ expiration of the longest lasting record that they explicitly
+ deleted.
+ Purchases do not have an expiration time, thus they create
+ a challenge if an indivdiual purchase is deleted. Thus, when
+ an individual purchase is deleted, the wallet is to keep track
+ of the deletion with a deletion record. The deletion record
+ still includes the purchase amount and purchase date. Thus,
+ when purchases are deleted "in bulk" in a way that would have
+ covered the individual deletion, such deletion records may
+ still be subsumed by a more general deletion clause. In addition
+ to the date and amount, the deletion record should only contain
+ a salted hash of the original purchase record's primary key,
+ so as to minimize information leakage.
+ * The database should contain a "last modified" timestamp to ensure
+ we do not go backwards in time if the synchronization service is
+ malicious. Merging two databases means taking the max of the
+ "last modified" timestamps, not setting it to the current time.
+ The wallet should reject a "fast forward" database update if the
+ result would imply going back in time. If the wallet receives a
+ database with a timestamp into the future, it must still
+ increment it by the smallest possible amount when uploading an
+ update.
+
+It is assumed that the synchronization service is only ever accessed
+over TLS, and that the synchronization service is trusted to not build
+user's location profiles by linking client IP addresses and wallet
+keys.
+
+
+--------------------------
+Receiving Terms of Service
+--------------------------
+
+.. http:get:: /terms
+
+ Obtain the terms of service provided by the storage service.
+
+ **Response:**
+
+ Returns a `SyncTermsOfServiceResponse`_.
+
+ .. _SyncTermsOfServiceResponse:
+ .. _tsref-type-SyncTermsOfServiceResponse:
+ .. code-block:: tsref
+
+ interface SyncTermsOfServiceResponse {
+ // maximum wallet database backup size supported
+ storage_limit_in_megabytes: number;
+
+ // maximum number of sync requests per day (per account)
+ daily_sync_limit: number;
+
+ // how long after an account (or device) becomes dormant does the
+ // service expire the respective records?
+ inactive_expiration: relative-time;
+
+ // Fee for an account, per year.
+ annual_fee: Amount;
+
+ }
+
+
+.. http:get:: /salt
+
+ Obtain the salt used by the storage service.
+
+
+ **Response:**
+
+ Returns a `SaltResponse`_.
+
+ .. _SaltResponse:
+ .. _tsref-type-SaltResponse:
+ .. code-block:: tsref
+
+ interface SaltResponse {
+ // salt value, at least 128 bits of entropy
+ salt: string;
+ }
+
+
+.. _sync:
+
+.. http:get:: /$WALLET-KEY
+
+ Download latest version of the wallet database.
+ The returned headers must include "Etags" based on
+ the hash of the (encrypted) database. The server must
+ check the client's caching headers and only return the
+ full database if it has changed since the last request
+ of the client.
+
+ This method is generally only performed once per device
+ when the private key and URL of a synchronization service are
+ first given to the wallet on the respective device. Once a
+ wallet has a database, it should always use the POST method.
+
+ A signature is not required, as (1) the wallet-key should
+ be reasonably private and thus unauthorized users should not
+ know how to produce the correct request, and (2) the
+ information returned is encrypted to the private key anyway
+ and thus virtually useless even to an attacker who somehow
+ managed to obtain the public key.
+
+ **Response**
+
+ :status 200 OK:
+ The body contains the current version of the wallet's
+ database as known to the server.
+
+ :status 204 No content:
+ This is a fresh account, no previous wallet data exists at
+ the server.
+
+ :status 402 Payment required:
+ The synchronization service requires payment before the
+ account can continue to be used. The fulfillment URL
+ should be the /$WALLET-KEY URL, but can be safely ignored
+ by the wallet. The contract should be shown to the user
+ in the canonical dialog, possibly in a fresh tab.
+
+ :status 410 Gone:
+ The backup service has closed operations. The body will
+ contain the latest version still available at the server.
+ The body may be empty if no version is available.
+ The user should be urged to find another provider.
+
+ :status 429 Too many requests:
+ This account has exceeded daily thresholds for the number of
+ requests. The wallet should try again later, and may want
+ to decrease its synchronization frequency.
+
+ .. note::
+
+ "200 OK" responses include an HTTP header
+ "X-Taler-Sync-Signature" with the signature of the
+ wallet from the orginal upload, and an
+ "X-Taler-Sync-Previous" with the version that was
+ being updated (unless this is the first revision).
+ "X-Taler-Sync-Previous" is only given to enable
+ signature validation.
+
+
+.. http:post:: /$WALLET-KEY
+
+ Upload a new version of the wallet's database, or download the
+ latest version. The request must include the "Expect: 100 Continue"
+ header. The client must wait for "100 Continue" before proceeding
+ with the upload, regardless of the size of the upload.
+
+ **Request**
+
+ The request must include a "If-Match" header indicating the latest
+ version of the wallet's database known to the client. If the server
+ knows a more recent version, it will respond with a "409 conflict"
+ and return the server's version in the response. The client must
+ then merge the two versions before retrying the upload. Note that
+ a "409 Conflict" response will typically be given before the upload,
+ (instead of "100 continue"), but may also be given after the upload,
+ for example due to concurrent activities from other wallets on the
+ same account!
+
+ The request must also include an "X-Taler-Sync-Signature" signing
+ the "If-Match" SHA-512 value and the SHA-512 hash of the body with
+ the wallet private key.
+
+ Finally, the SHA-512 hash of the body must also be given in an
+ "E-tag" header of the request (so that the signature can be verified
+ before the upload is allowed to proceed). We note that the use
+ of "E-tag" in HTTP requests is non-standard, but in this case
+ logical.
+
+ The uploaded body must have at least 32 bytes of payload (see
+ suggested upload format beginning with an ephemeral key).
+
+
+ **Response**
+
+ :status 204 No content:
+ The transfer was successful, and the server has registered
+ the new version.
+
+ :status 304 Not modified:
+ The server is already aware of this version of the wallet.
+ Returned before 100 continue to avoid upload.
+
+ :status 400 Bad request:
+ Most likely, the uploaded body is too short (less than 32 bytes).
+
+ :status 401 Unauthorized:
+ The signature is invalid or missing (or body does not match).
+
+ :status 402 Payment required:
+ The synchronization service requires payment before the
+ account can continue to be used. The fulfillment URL
+ should be the /$WALLET-KEY URL, but can be safely ignored
+ by the wallet. The contract should be shown to the user
+ in the canonical dialog, possibly in a fresh tab.
+
+ :status 409 Conflict:
+ The server has a more recent version than what is given
+ in "If-Match". The more recent version is returned. The
+ client should merge the two versions and retry using the
+ given response's "E-Tag" in the next attempt in "If-Match".
+
+ :status 410 Gone:
+ The backup service has closed operations. The body will
+ contain the latest version still available at the server.
+ The body may be empty if no version is available.
+ The user should be urged to find another provider.
+
+ :status 411 Length required:
+ The client must specify the "Content-length" header before
+ attempting upload. While technically optional by the
+ HTTP specification, the synchronization service may require
+ the client to provide the length upfront.
+
+ :status 413 Request Entity Too Large:
+ The requested upload exceeds the quota for the type of
+ account. The wallet should suggest to the user to
+ migrate to another backup and synchronization service
+ (like with "410 Gone").
+
+ :status 429 Too many requests:
+ This account has exceeded daily thresholds for the number of
+ requests. The wallet should try again later, and may want
+ to decrease its synchronization frequency.
+
+ .. note::
+
+ Responses with a body include an HTTP header
+ "X-Taler-Sync-Signature" with the signature of the
+ wallet from the orginal upload, and an
+ "X-Taler-Sync-Previous" with the version that was
+ being updated (unless this is the first revision).
+ "X-Taler-Sync-Previous" is only given to enable
+ signature validation.
+
+
+
+---------------------------
+Special constraints for Tor
+---------------------------
+
+We might introduce the notion of a "constraint" into the wallet's
+database that states that the database is a "Tor wallet". Then,
+synchronizing a "Tor-wallet" with a non-Tor wallet should trigger a
+stern warning and require user confirmation (as otherwise
+cross-browser synchronization may weaken the security of Tor browser
+users).
+
+
+------------------------------------------------
+Discovery of backup and synchronization services
+------------------------------------------------
+
+The wallet should keep a list of "default" synchronization services
+per currency (by the currency the synchronization service accepts
+for payment). If a synchronization service is entirely free, it
+should be kept in a special list that is always available.
+
+Extending (or shortening) the list of synchronization services should
+be possible using the same mechanism that is used to add/remove
+auditors or exchanges.
+
+The wallet should urge the user to make use of a synchronization
+service upon first withdrawal, suggesting one that is free or
+accepts payment in the respective currency. If none is available,
+the wallet should warn the user about the lack of availalable
+backups and synchronization and suggest to the user to find a
+reasonable service. Once a synchronization service was selected,
+the wallet should urge the user to print the respective key
+material.
+
+When the wallet starts the first time on a new device, it should
+ask the user if he wants to synchronize with an existing wallet,
+and if so, ask the user to enter the respective key and the
+(base) URL of the synchronization service.
+
+
+-------------------------
+Synchronization frequency
+-------------------------
+
+Generally, the wallet should attempt to synchronize at a randomized
+time interval between 30 and 300 seconds of being started, unless it
+already synchronized less than two hours ago already. Afterwards,
+the wallet should synchronize every two hours, or after purchases
+exceed 5 percent of the last bulk amount that the user withdrew.
+In all cases the exact time of synchronization should be randomized
+between 30 and 300 seconds of the specified event, both to minimize
+obvious correlations and to spread the load.
+
+If the two hour frequency would exceed half of the rate budget offered
+by the synchronization provider, it should be reduced to remain below
+that threshold.
+
+
+-------------------------------
+Synchronization user experience
+-------------------------------
+
+The menu should include three entries for synchronization:
+
+* "synchronize" to manually trigger synchronization,
+ insensitive if no synchronization provider is available
+* "export backup configuration" to re-display (and possibly
+ print) the synchronization and backup parameters (URL and
+ private key), insensitive if no synchronization
+ provider is available, and
+* "import backup configuration" to:
+
+ * import another devices' synchronization options
+ (by specifying URL and private key, or possibly
+ scanning a QR code), or
+ * select a synchronization provider from the list,
+ including manual specification of a URL; here
+ confirmation should only be possible if the provider
+ is free or can be paid for; in this case, the
+ wallet should trigger the payment interaction when
+ the user presses the "select" button.
+ * a special button to "disable synchronization and backup"
+
+One usability issue here is that we are asking users to deal with a
+private key. It is likely better to map private keys to trustwords
+(PEP-style). Also, when putting private keys into a QR code, there is
+the danger of the QR code being scanned and interpreted as a "public"
+URL. Thus, the QR code should use the schema
+"taler-sync://$SYNC-DOMAIN/$SYNC-PATH#private-key" where
+"$SYNC-DOMAIN" is the domainname of the synchronization service and
+$SYNC-PATH the (usually empty) path. By putting the private key after
+"#", we may succeed in disclosing the value even to eager Web-ish
+interpreters of URLs. Note that the actual synchronization service
+must use the HTTPS protocol, which means we can leave out this prefix.
diff --git a/core/index.rst b/core/index.rst
new file mode 100644
index 00000000..76b77903
--- /dev/null
+++ b/core/index.rst
@@ -0,0 +1,40 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2018 GNUnet e.V.
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Florian Dold
+ @author Benedikt Muller
+ @author Sree Harsha Totakura
+ @author Marcello Stanisci
+ @author Christian Grothoff
+
+---------------------------
+Core Protocol Specification
+---------------------------
+
+The *Protocol Specification* defines the HTTP-based, predominantly RESTful
+interfaces between the core components of Taler.
+
+.. toctree::
+ :maxdepth: 2
+
+ api-common
+ api-error
+ api-exchange
+ api-merchant
+ api-auditor
+ api-bank
+ wireformats
+ api-sync
+ taler-uri
diff --git a/core/taler-uri.rst b/core/taler-uri.rst
new file mode 100644
index 00000000..d69b4b0c
--- /dev/null
+++ b/core/taler-uri.rst
@@ -0,0 +1,84 @@
+====================
+The taler URI scheme
+====================
+
+The `taler` URI scheme represents actions that are processed by a Taler wallet. The basic syntax is as follows:
+
+.. code:: none
+
+ 'taler://' action '/' params
+
+--------------------
+Requesting a Payment
+--------------------
+
+Payments are requested with the `pay` action. The parameters are a hierarchical identifier for the requested payment:
+
+
+.. code:: none
+
+ 'taler://pay/' merchant-host '/' merchant-query '/' merchant-instance '/' order-id [ '/' session-id ]
+
+The components `merchant-host`, `merchant-query` and `order-id` identify the URL that is used to claim the contract
+for this payment request.
+
+To make the URI shorter (which is important for QR code payments), `-` (minus) can be substituted to get a default value
+for some components:
+
+* the default for `merchant-instance` is `default`
+* the default for `merchant-query` is `/public/proposal`
+
+The following is a minimal example for a payment request from the demo merchant, using the default instance and no session-bound payment:
+
+.. code:: none
+
+ taler://pay/backend.demo.taler.net/-/-/2019.08.26-ABCED
+
+
+-----------
+Withdrawing
+-----------
+
+.. code:: none
+
+ 'taler://withdraw/' bank-host '/' bank-query '/' withdraw-uid
+
+When `bank-query` is `-`, the default `withdraw-operation` will be used.
+
+Example:
+
+.. code:: none
+
+ 'taler://withdraw/bank.taler.net/-/ABDE123
+
+
+-------------------------
+Low-level Reserve Actions
+-------------------------
+
+The following actions are deprecated. They might not be supported
+in newer wallets.
+
+.. code:: none
+
+ 'taler://reserve-create/' reserve-pub
+
+.. code:: none
+
+ 'taler://reserve-confirm/' query
+
+----------------------------
+Special URLs for fulfillment
+----------------------------
+
+The special `fulfillment-success` action can be used in a fulfillment URI to indicate success
+with a message, without directing the user to a website. This is useful in applications that are not Web-based:
+
+When wallets encounter this URI in any other circumstance than going to a fulfillment URL, they must raise an error.
+
+Example:
+
+.. code:: none
+
+ taler://fulfillment-success/Thank+you+for+donating+to+GNUnet
+
diff --git a/core/wireformats.rst b/core/wireformats.rst
new file mode 100644
index 00000000..12d23630
--- /dev/null
+++ b/core/wireformats.rst
@@ -0,0 +1,70 @@
+.. _wireformats:
+
+Wire Transfer Methods
+=====================
+
+A wire transfer is essential for the exchange to transfer funds into a merchant's
+account upon a successful deposit (see :ref:`deposit request <deposit>`). The
+merchant has to include the necessary information for the exchange to initiate the
+wire transfer.
+
+The information required for wire transfer depends on the method of wire transfer
+used. Since the wire transfers differ for each region, we document here the
+ones currently supported by the exchange.
+
+X-TALER-BANK
+------------
+
+The "x-taler-bank" wire format is used for testing and for integration with Taler's
+simple "bank" system which in the future might be useful to setup a bank
+for a local / regional currency or accounting system. Using the @code{x-taler-bank}
+wire method in combination with the Taler's bank, it is thus possible to
+fully test the Taler system without using "real" currencies. The URL
+format for "x-taler-bank" is simple, in that it only specifies an account
+number and the URL of the bank:
+
+ * payto://x-taler-bank/BANK_URI/ACCOUNT_NUMBER
+
+The account number given must be a positive 53-bit integer. As with
+any payto://-URI, additional fields may be present (after a ?), but
+are not required. The BANK_URI may include a port number. If none is
+given, @code{https} over port 443 is assumed. If a port number is
+given, @code{http} over the given port is to be used. Note that this
+means that you cannot run an x-taler-bank over @code{https} on a
+non-canonical port.
+
+Note that a particular exchange is usually only supporting one
+particular bank with the "x-taler-bank" wire format, so it is not
+possible for a merchant with an account at a different bank to use
+"x-taler-bank" to transfer funds across banks. After all, this is for
+testing and not for real banking.
+
+The "x-taler-bank" method is implemented by the @code{taler_bank} plugin.
+
+
+SEPA
+----
+
+The Single Euro Payments Area (SEPA) [#sepa]_ is a regulation for electronic
+payments. Since its adoption in 2012, all of the banks in the Eurozone and some
+banks in other countries adhere to this standard for sending and receiving
+payments. Note that the currency of the transfer will (currently) always be *EUR*. In
+case the receiving account is in a currency other than EURO, the receiving bank
+may covert the amount into that currency; currency exchange charges may be
+levied by the receiving bank.
+
+For the merchant to receive deposits through SEPA, the deposit request must
+follow the payto:// specification for SEPA:
+
+ * payto://sepa/IBAN
+
+
+The implementation of the @code{ebics} plugin which is envisioned to
+support the @code{sepa} method is currently incomplete. Specifically,
+we need a working implementation of `libebics` which is a sub-project
+trying to implement the EBICS [#ebics]_ standard.
+
+.. [#sepa] SEPA - Single Euro Payments Area:
+ http://www.ecb.europa.eu/paym/sepa/html/index.en.html
+.. [#ebics] EBCIS - European Banking Computer Interface Standard
+ http://www.ebics.org/