summaryrefslogtreecommitdiff
path: root/api-merchant.rst
blob: 339498d0b82a0fb2e166e0d3bef19e11d2e402da (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
The Merchant JSON API
=====================

The Merchant API serves the protocol interactions between a customer and a
merchant.  The protocol allows the customer and the merchant to agree upon a
contract and for the customer to spend coins according to the contract at the
merchant.  It should be noted that the interactions are strictly one way: The
customer *always* initiates the requests by contacting the merchant.  It is also
assumed that the customer knows the merchant's public key.

The protocol allows for three different type of interactions.  In the first type
of interaction, which we refer to as *direct deposit*, an interested customer
asks the merchant to provide a ``contract`` for the merchant's services or
products.  Details about the services or products and the merchant's payment
information are provided in the contract.  The customer then agrees upon one of
these contracts by giving the the merchant a ``deposit permission``.  The
merchant then submits this deposit permission at the mint for verification.
Upon successful verification, the merchant delivers the promised services or
products.

The second type of interaction, *incremental deposit*, allows the merchant to
charge the customer incrementally.  This is useful for subscription based
e-commerce systems.  Examples for such systems are app stores and news websites.
The idea here is that the merchant will be assured that he will receive a
certain amount of money from the transaction, and then he can charge small
amounts over the assured amount without contacting the mint.  In these
interactions, the customer asks merchant to make an ``offer`` for the
subscription by specifying the maximum amount the merchant may charge during the
interaction.  The customer conveys his acceptance of the offer by sending a
``lock permission`` to the merchant.  The merchant asks the mint to verify the
lock permission and if verified successfully, the customer then obtains a
contract from the merchant and the first type interaction follows.  The customer
can then obtain further contracts until the maximum amount made in the offer is
reached.

The thrid type of interactions allows probablistic spending.  `To be done.`

The following are the API made available by the merchant:

.. http:GET:: /contract
.. http:POST:: /contract

   Ask the merchant to prepare a contract.  The request parameters are specific
   to the merchant's implementation, however, they are recommended to contain
   information required for the merchant to identify which product or service
   the customer is interested int.

   **Success Response**

   :status 200 OK: The request was successful.

   The merchant responds with a JSON object containing the following fields:

   * `transaction_id`: A string representing the transaction identifier.
   * `expiry`: The timestamp after which this contract expires.
   * `amount`: Price of the contract as a Denomination object.
   * `description`: The contract description as string.
   * `H_wire`: The hash of a JSON object containing the merchant's payment
     information.  See :ref:`wireformats`.
   * `msig`: Signature of the merchant over the fields `m`, `t`, `f`, `a`, `H_wire`.

   **Failure response**

   :status 400: Request not understood.
   :status 404: No products or services given in the request were found.

   It is also possible to receive other error status codes depending on the
   merchant's implementation.

.. http:GET:: /deposit

   Send a ``deposit-permission`` JSON object to the merchant.  The object should
   contain the following fields:

   * `coin_pub`: The coin's public key.
   * `mint_pub`: The public key of the mint from where the coin is obtained.
   * `denom_pub`: Denomination key with which the coin is signed
   * `ubsig`: Mint's unblinded signature of the coin
   * `type`: the string constant `"DIRECT_DEPOSIT"` or `"INCREMENTAL_DEPOSIT"`
     respectively for direct deposit or incremental deposit type of interaction.
   * `transaction_id`: The transaction identifier obtained from the contract.
   * `amount`: The amount to be deposited as a Denomination object.  Its value should
     be less than or equal to the coin's face value.  Additionally, for direct
     deposit type of interactions, this should be equal to the amount stated in
     the contract.
   * `merchant_pub`: The public key of the merchant.
   * `H_a`: The hash of the contract.
   * `H_wire`: The hash of the merchant's payment information.
   * `csig`: The signature with the coin's private key over the parameters
     `type`, `m`, `f`, `M`, `H_a` and, `H_wire`.

   **Success Response**

   :status 200 OK: The deposit permission is successful.

   It is left upto the merchant's implementation to carry over the process of
   fulfilling the agreed contract `a` from here.  For example, for services or
   products which can be served through HTTP, this response could contain them.

   **Failure Response**

   :status 400: Request not understood.
   :status 404: The merchant does not entertain this type of interaction.  Try
                another one.
   :status 403: The request doesn't comply to the contract provided.  The
                request should not be repeated.
   :status 403: The deposit operation has failed because the coin has previously
                been deposited or it has been already refreshed; the request
                should not be repeated again.  The response body contains the
                failure response objects from the :ref:`Mint API deposit
                request<deposit>`.

Other interactions tbd..