1 files changed, 76 insertions, 12 deletions

diff --git a/taler-merchant-api-tutorial.rst b/taler-merchant-api-tutorial.rst
index ea8f72b6..eb9505ce 100644
--- a/taler-merchant-api-tutorial.rst
+++ b/taler-merchant-api-tutorial.rst
@@ -1,5 +1,26 @@
+..
+  This file is part of GNU TALER.
+  Copyright (C) 2014-2020 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 2.1, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+
+  @author Marcello Stanisci
+  @author Florian Dold
+  @author Christian Grothoff
+
+.. _merchant-api-tutorial:
+
 GNU Taler Merchant API Tutorial
-###################################
+###############################
 
 Introduction
 ============
@@ -66,7 +87,7 @@ components:
 The following image illustrates the various interactions of these key
 components:
 
-|image0|
+.. image:: arch-api.png
 
 The backend provides the cryptographic protocol support, stores
 Taler-specific financial information and communicates with the GNU Taler
@@ -80,11 +101,12 @@ Some functionality of the backend (the “public interface“) is also
 exposed to the customer’s browser directly. In the HTTP API, all public
 endpoints are prefixed with ``/public/``.
 
+
+.. index:: sandbox, authorization
+
 Public Sandbox Backend and Authentication
 -----------------------------------------
 
-sandbox
-authorization
 How the frontend authenticates to the Taler backend depends on the
 configuration. See Taler Merchant Operating Manual.
 
@@ -107,10 +129,11 @@ The sandbox backend https://backend.demo.taler.net/ uses ``KUDOS`` as an
 imaginary currency. Coins denominated in ``KUDOS`` can be withdrawn from
 https://bank.demo.taler.net/.
 
+.. index:: instance
+
 Merchant Instances
 ------------------
 
-instance
 The same Taler merchant backend server can be used by multiple separate
 merchants that are separate business entities. Each of these separate
 business entities is called a *merchant instance*, and is identified by
@@ -136,10 +159,11 @@ not affiliated with or officially approved by the respective projects.
 Accepting a Simple Payment
 ==========================
 
+.. index:: order
+
 Creating an Order for a Payment
 -------------------------------
 
-order
 Payments in Taler revolve around an *order*, which is a machine-readable
 description of the business transaction for which the payment is to be
 made. Before accepting a Taler payment as a merchant you must create
@@ -225,11 +249,11 @@ usually needs to trigger the business logic for the merchant to fulfill
 the merchant’s obligations under the contract.
 
 .. _Giving-Refunds:
+.. index:: refunds
 
 Giving Refunds
 ==============
 
-refunds
 A refund in GNU Taler is a way to “undo” a payment. It needs to be
 authorized by the merchant. Refunds can be for any fraction of the
 original amount paid, but they cannot exceed the original payment.
@@ -274,12 +298,56 @@ This code snipped illustrates giving a refund:
    ...              headers={"Authorization": "ApiKey sandbox"})
    <Response [200]>
 
+
+.. index:: repurchase
+.. _repurchase:
+
+Repurchase detection and fulfillment URLs
+=========================================
+
+A possible problem for merchants selling access to digital articles
+is that a customer may have paid for an article on one device, but
+may then want to read it on a different device, possibly one that
+does not even have a Taler wallet installed.
+
+Naturally, at this point the customer would at first still be prompted to pay
+for the article again. If the customer then opens the taler://-link in the
+wallet that did previously pay for the article (for example by scanning the QR
+code on the desktop with the Android App), the wallet will claim the contract,
+detect that the fulfillment URL is identical to one that it already has made a
+payment for in the past, and initiate **repurchase redirection**: Here, the
+wallet will contact the merchant and replay the previous payment, except this
+time using the (current) session ID of the browser (it learns the session ID
+from the QR code).
+
+The merchant backend then updates the session ID of the existing order to
+the current session ID of the browser.  When the payment status for the
+"new" unpaid order is checked (or already in long-polling), the backend
+detects that for the browser's *session ID* and *fulfillment URL* there is an
+existing paid contract. It then tells the browser to immediately redirect to
+the fulfillment URL where the already paid article is available.
+
+To ensure this mechanism works as designed, merchants must make sure to not
+use the same fulfillment URL for different products or for physical products
+where customers may be expected to buy the article repeatedly.  Similarly,
+it is crucial that merchants consistently use the same fulfillment URL for
+the same digital product where repurchase detection is desired.
+
+Note that changing the session ID to a different device requires the
+involvement of the wallet that made the payment, thus reasonably limiting the
+possibility of broadly sharing the digital purchases.  Repurchase detection is
+also *only* done for HTTP(S) fulfillment URLs. In particular, this means
+fulfillment URIs like "taler://fulfillment-success/$MESSAGE" are not
+considered to identify a resource you can pay for and thus do not have to be
+unique.
+
+
 .. _Giving-Customers-Tips:
+.. index:: tips
 
 Giving Customers Tips
 =====================
 
-tips
 GNU Taler allows Web sites to grant small amounts directly to the
 visitor. The idea is that some sites may want incentivize actions such
 as filling out a survey or trying a new feature. It is important to note
@@ -689,7 +757,3 @@ locations
    and they is also allowed to have additional fields. Contract
    renderers must render at least the fields listed above, and should
    render fields that they do not understand as a key-value list.
-
-
-.. |image0| image:: arch-api.png
-