commit b909ded00c717c575b8110a689e7b7d2e1d582ac parent 4479b49bda602a73f6e1c24fdfb68dfbbf15b069 Author: Marcello Stanisci <marcello.stanisci@inria.fr> Date: Tue, 16 Feb 2016 20:16:54 +0100 minor Diffstat:
| M | impl-merchant.rst | | | 9 | +++++---- |
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/impl-merchant.rst b/impl-merchant.rst @@ -52,10 +52,11 @@ The following API are made available by the merchant's `backend` to the merchant .. http:post:: /hash-contract - Ask the backend to compute the hash of the `contract` given in the POST's body. This feature - allows frontends to verify that names of resources which are going to be sold are actually `in` - the paid cotnract. Without this feature, a malicious wallet can request resource A and pay for - resource B without the frontend being aware of that. + Ask the backend to compute the hash of the `contract` given in the POST's body (the full contract + should be the value of a JSON field named `contract`). This feature allows frontends to verify + that names of resources which are going to be sold are actually `in` the paid cotnract. Without + this feature, a malicious wallet can request resource A and pay for resource B without the frontend + being aware of that. **Response**