commit 8aff69970ee05ad89cf999e2d944388971966a68
parent d22528544f5b16ad742806e92c6f6d9cd69ee5a5
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 5 May 2016 13:47:31 +0200
document check for duplicate transaction ID
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/impl-merchant.rst b/impl-merchant.rst
@@ -78,9 +78,6 @@ The following API are made available by the merchant's `backend` to the merchant
:status 200 OK:
hash succesfully computed. The returned value is a JSON having one field called `hash` containing
the hashed contract
- :status 400 Bad Request:
- Request not understood. The JSON was invalid. Possibly due to some error in
- formatting the JSON by the `frontend`.
.. http:post:: /contract
@@ -101,9 +98,12 @@ The following API are made available by the merchant's `backend` to the merchant
:status 200 OK:
The backend has successfully created the contract. It responds with a `ContractBackendResponse`_ object. This request should virtually always be successful.
-
On success, the `frontend` should pass this response verbatim to the wallet.
+ :status 403 Forbidden:
+ The frontend used the same transaction ID twice. This is only allowed if the response from the backend was lost ("instant" replay), but to assure that frontends usually create fresh transaction IDs this is forbidden if the contract was already paid. So attempting to have the backend sign a contract for a contract that was already paid by a wallet (and thus was generated by the frontend a "long" time ago), is forbidden and results in this error. Frontends must make sure that they increment the transaction ID properly and persist the largest value used so far.
+
+
**Details:**
.. _ContractBackendResponse:
