commit 6878d9b338e7616461c75361f85929e7e60391f5
parent 8fe45769a44c3c0a752d11fead4e0f2733778d44
Author: Florian Dold <florian@dold.me>
Date: Mon, 4 Aug 2025 18:36:29 +0200
merchant: tag new endpoints with version
Diffstat:
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
@@ -33,7 +33,7 @@ The current protocol version is ``v20``.
Version history:
-* ``v21`` (in development): Adds self-provisioning
+* ``v21`` (in development): Adds self-provisioning and two factor authentication.
-----------------------
Base URLs and Instances
@@ -260,6 +260,8 @@ Two Factor Auth
Request the validation of a 2FA channel.
+ @since **v21**
+
This endpoint may be used even when mandatory TAN channels
were not validated yet.
@@ -280,6 +282,8 @@ Two Factor Auth
Send TAN code for the ``CHALLENGE_ID`` challenge.
+ @since **v21**
+
This request can be posted several times to trigger TAN retransmission when the current code has expired or too many confirmation attempts have been made.
This endpoints is not authenticated for token creation challenges.
@@ -326,6 +330,8 @@ Two Factor Auth
Solves the ``CHALLENGE_ID`` challenge and allows performing the protected operation.
+ @since **v21**
+
When the challenge is confirmed, you can call the protected endpoint again with ``CHALLENGE_ID`` in the ``X-Challenge-Id`` HTTP header and an empty request body.
This endpoints is not authenticated for token creation challenges. Too many unsuccessful attempts to confirm token creation challenges block the account.
