From 4479b49bda602a73f6e1c24fdfb68dfbbf15b069 Mon Sep 17 00:00:00 2001
From: Marcello Stanisci <marcello.stanisci@inria.fr>
Date: Mon, 15 Feb 2016 19:15:11 +0100
Subject: /hash-contract in backend

---
 impl-merchant.rst | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'impl-merchant.rst')

diff --git a/impl-merchant.rst b/impl-merchant.rst
index 0b5d1975..505376d0 100644
--- a/impl-merchant.rst
+++ b/impl-merchant.rst
@@ -50,6 +50,22 @@ The Merchant Backend HTTP API
 
 The following API are made available by the merchant's `backend` to the merchant's `frontend`.
 
+.. http:post:: /hash-contract
+  
+  Ask the backend to compute the hash of the `contract` given in the POST's body. This feature
+  allows frontends to verify that names of resources which are going to be sold are actually `in`
+  the paid cotnract. Without this feature, a malicious wallet can request resource A and pay for
+  resource B without the frontend being aware of that.
+
+  **Response**
+
+  :status 200 OK:
+    hash succesfully computed. The returned value is a JSON having one field called `hash` containing
+    the hashed contract
+  :status 400 Bad Request:
+    Request not understood. The JSON was invalid. Possibly due to some error in
+    formatting the JSON by the `frontend`.
+
 .. http:post:: /contract
 
   Ask the backend to add some missing (mostly related to cryptography) information to the contract.
-- 
cgit v1.2.3