From 17d2d92487f398aa95f8a55224eb26ebda2e1ada Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 18 May 2021 19:20:52 +0200
Subject: hw

---
 core/api-exchange.rst | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'core/api-exchange.rst')

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index abb90c7c..23365ef8 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -1055,6 +1055,8 @@ exchange.
   :http:statuscode:`401 Unauthorized`:
     The *Account-Request-Signature* is invalid.
     This response comes with a standard `ErrorDetail` response.
+  :http:statuscode:`403 Forbidden`:
+    The provided timestamp is not close to the current time.
   :http:statuscode:`404 Not found`:
     The reserve key does not belong to a reserve known to the exchange.
 
@@ -1067,6 +1069,12 @@ exchange.
       // ``TALER_SIGNATURE_RESERVE_STATUS_REQUEST`` over
       // a `TALER_ReserveStatusRequestSignaturePS`.
       reserve_sig: EddsaSignature;
+
+      // Time when the client made the request.
+      // Timestamp must be reasonably close to the time of
+      // the exchange, otherwise the exchange may reject
+      // the request.
+      request_timestamp: Timestamp;
     }
 
   .. ts:def:: ReserveStatus
@@ -1300,6 +1308,8 @@ exchange.
   :http:statuscode:`401 Unauthorized`:
     The *Account-Request-Signature* is invalid.
     This response comes with a standard `ErrorDetail` response.
+  :http:statuscode:`403 Forbidden`:
+    The provided timestamp is not close to the current time.
   :http:statuscode:`404 Not found`:
     The reserve key does not belong to a reserve known to the exchange.
   :http:statuscode:`412 Precondition failed`:
@@ -2406,7 +2416,7 @@ typically also view the balance.)
     merchant should come back later and ask again.
     The response body is a `TrackTransactionAcceptedResponse`.
   :http:statuscode:`401 Unauthorized`:
-    The signature is invalid.
+    A signature is invalid.
   :http:statuscode:`404 Not found`:
     The deposit operation is unknown to the exchange.
 
@@ -2663,6 +2673,9 @@ Wallet-to-wallet transfers
     The response will include a `PurseDepositAccepted` object.
   :http:statuscode:`401 Unauthorized`:
     A coin signature is invalid.
+    FIXME: add message that tells the client
+    which coin signature(s) were valid. ErrorDetail is not enough
+    to identify the problematic coin.
     This response comes with a standard `ErrorDetail` response.
   :http:statuscode:`403 Forbidden`:
     The server is denying the operation as a purse with a
@@ -2731,6 +2744,7 @@ Wallet-to-wallet transfers
       contract?: EncryptedContract;
 
       // Array of coins being deposited into the purse.
+      // Maximum length is 128.
       deposits: PurseDeposit[];
     }
 
-- 
cgit v1.2.3