From 47b4c292a77493d6ea6e9c207632a087867e8025 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <grothoff@gnunet.org>
Date: Thu, 31 Aug 2023 19:35:38 +0200
Subject: do not let client choose salt

---
 core/api-merchant.rst | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'core/api-merchant.rst')

diff --git a/core/api-merchant.rst b/core/api-merchant.rst
index 7b77aba0..80314473 100644
--- a/core/api-merchant.rst
+++ b/core/api-merchant.rst
@@ -1355,12 +1355,12 @@ into any of the active bank accounts of an instance.
 
   **Request:**
 
-  The request must be an `AccountAddDetails`.
+  The request must have an `AccountAddDetails` body.
 
   **Response:**
 
-  :http:statuscode:`204 No content`:
-    Adding the account was successful.
+  :http:statuscode:`200 Ok`:
+    Adding the account was successful, we return the salt selected by the backend and the resulting wire hash in an `AccountAddResponse`.
   :http:statuscode:`404 Not found`:
     The merchant instance is unknown or it is not in our data.
   :http:statuscode:`409 Conflict`:
@@ -1419,6 +1419,18 @@ into any of the active bank accounts of an instance.
        password: string;
     };
 
+  .. ts:def:: AccountAddResponse
+
+    interface AccountAddResponse {
+
+      // Hash over the wire details (including over the salt).
+      h_wire: HashCode;
+
+      // Salt used to compute h_wire.
+      salt: HashCode;
+
+    }
+
 
 .. http:patch:: [/instances/$INSTANCE]/private/accounts/$H_WIRE
 
-- 
cgit v1.2.3