commit c29dd690cca1f837ae3e79a8094eb421a30e5fa4 parent 00cfe7f8cf3be3d8f4c9133820649ad8563d9b85 Author: Christian Grothoff <christian@grothoff.org> Date: Mon, 27 Jul 2020 11:10:28 +0200 fix spec: when which auth form is needed Diffstat:
| M | core/api-merchant.rst | | | 4 | ++-- |
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst @@ -1375,8 +1375,8 @@ Payment processing **Request:** - :query h_contract=HASH: hash of the order's contract terms (this is used to authenticate the wallet/customer in case $ORDER_ID is guessable). Either this field or *token* is *mandatory*. - :query token=TOKEN: *Optional*. Authorizes the request via the claim token that was returned in the `PostOrderResponse`. Either this field or *h_contract* is *mandatory*. + :query h_contract=HASH: hash of the order's contract terms (this is used to authenticate the wallet/customer in case $ORDER_ID is guessable). Required once an order was claimed. + :query token=TOKEN: *Optional*. Authorizes the request via the claim token that was returned in the `PostOrderResponse`. Used with unclaimed orders only. Whether token authorization is required is determined by the merchant when the frontend creates the order. :query session_id=STRING: *Optional*. Session ID that the payment must be bound to. If not specified, the payment is not session-bound. :query timeout_ms=NUMBER: *Optional.* If specified, the merchant backend will wait up to ``timeout_ms`` milliseconds for completion of the payment before