api-taldir.rst (9183B)
1 .. 2 This file is part of GNU TALER. 3 Copyright (C) 2022 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU Affero General Public License as published by the Free Software 7 Foundation; either version 2.1, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. 12 13 You should have received a copy of the GNU Affero General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 16 @author Christian Grothoff 17 @author Martin Schanzenbach 18 19 .. _api-taldir: 20 21 ===================== 22 Directory RESTful API 23 ===================== 24 25 This is the API for the Taler Directory (TalDir) service which allows Taler wallets to 26 securely associate an inbox service (URL and public key) with the alias of a 27 wallet's user. Wallets can also lookup the 28 inbox of other users. This will enable wallets to make wallet-to-wallet 29 payments to distant wallets where the target user is only identified by their 30 alias. Examples for aliases include E-mail and phone numbers but also 31 social handles. 32 The service in principle allows registration of any valid URI as inbox 33 service. 34 For Taler, the URI is a link to a :ref:`mailbox <api-mailbox>`. 35 36 The API specified here follows the :ref:`general conventions <http-common>` 37 for all details not specified in the individual requests. 38 The `glossary <https://docs.taler.net/taler-developer-manual.html#developer-glossary>`_ 39 defines all specific terms used in this section. 40 41 .. contents:: Table of Contents 42 :local: 43 44 .. include:: tos.rst 45 46 47 ------------------------- 48 Configuration information 49 ------------------------- 50 51 .. http:get:: /config 52 53 Return the protocol version and currency supported by this service. 54 55 **Response:** 56 57 :http:statuscode:`200 OK`: 58 The body is a `VersionResponse`. 59 60 .. ts:def:: VersionResponse 61 62 interface VersionResponse { 63 // libtool-style representation of the Merchant protocol version, see 64 // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning 65 // The format is "current:revision:age". 66 version: string; 67 68 // Name of the protocol. 69 name: "taler-directory"; 70 71 // Supported alias types 72 alias_types: TaldirAliasType[]; 73 74 // fee for one month of registration 75 monthly_fee: Amount; 76 77 } 78 79 .. ts:def:: TaldirAliasType 80 81 interface TaldirAliasType { 82 // Name of the alias type, e.g. "email" or "sms". 83 name: string; 84 85 // per challenge fee 86 challenge_fee: Amount; 87 88 } 89 90 ------------------ 91 Alias registration 92 ------------------ 93 94 .. http:post:: /register/$ALIASTYPE 95 96 Endpoint to register, extend or modify the registration for an alias in 97 the directory. 98 Here, $ALIASTYPE is the type of alias to register, e.g. "email", or "phone". 99 Supported alias types are listed in the VersionResponse. 100 Note that duration should be given as a multiple of a month in microseconds. 101 If the duration is not a multiple of a month it will be rounded to the 102 nearest multiple. Halfway values will be rounded away from zero. 103 The cost calculation and resulting registration validity will be adjusted 104 automatically. 105 In order to only modify the data, the duration may be set to 0. 106 When the call is made with unmodified data and a duration of 0, the 107 endpoint will return how long this registration is currently paid for. 108 In order to delete the mapping, the target URI may be set to the empty string. 109 When the call is made with the empty string, and upon re-validation, the mapping 110 will be deleted. 111 112 **Request** 113 114 .. ts:def:: IdentityMessage 115 116 interface IdentityMessage { 117 // Alias, in $ALIASTYPE-specific format 118 alias: string; 119 120 // Target URI to associate with this alias. 121 target_uri: string; 122 123 // For how long should the registration last/be extended. 124 duration: RelativeTime; 125 126 } 127 128 **Response** 129 130 :http:statuscode:`200 Ok` 131 Registration already exists for this alias for the specified duration. 132 Returns for how long this registration is paid for. 133 The response format is given by `AlreadyPaidResponse`_. 134 :http:statuscode:`202 Accepted` 135 Registration was initiated, the client should check for receiving 136 a challenge at the alias where registration was attempted. 137 :http:statuscode:`402 Payment Required` 138 Client needs to make a Taler payment before proceeding. See 139 standard Taler payment procedure. 140 :http:statuscode:`404 Not found` 141 The TalDir service does not support the specified alias type. 142 This response comes with a standard `ErrorDetail` response. 143 :http:statuscode:`429 Too Many Requests`: 144 The client exceeded the number of allowed attempts for initiating 145 a challenge for this alias in the given timeframe. 146 The response format is given by `RateLimitedResponse`_. 147 148 .. _RateLimitedResponse: 149 .. ts:def:: RateLimitedResponse 150 151 interface RateLimitedResponse { 152 153 // Taler error code, TALER_EC_TALDIR_REGISTER_RATE_LIMITED. 154 code: Integer; 155 156 // At what frequency are new registrations allowed. 157 request_frequency: RelativeTime; 158 159 // The human readable error message. 160 hint: string; 161 162 } 163 164 .. _AlreadyPaidResponse: 165 .. ts:def:: AlreadyPaidResponse 166 167 interface AlreadyPaidResponse { 168 169 // The remaining duration for which this registration is still paid for 170 valid_for: RelativeTime; 171 172 } 173 174 175 .. http:get:: /register/$H_ALIAS/$PINTAN?alias=$ALIAS 176 177 Endpoint that generates an HTML Web site with a link for completing the 178 registration. Useful to open the registration challenge in a browser (say if 179 it was received on a different device than where the wallet is running). 180 Does NOT complete the registration, as some providers automatically click on 181 all links in messages. Yes, we do not like them doing so either, but ``GET`` 182 is a "safe" method according to the HTTP standard, so technically this is 183 allowed. 184 185 Opening the link will allow the user to do the POST call to this endpoint. 186 If the Taler wallet can somehow intercept the URL (say for SMS, if it has the right 187 permissions) it can skip this request and directly do the POST, as all of 188 the required new information is already encoded in the URL. 189 190 Note that the wallet must be involved before the POST is made, as the 191 ``target_uri`` from the registration must be hashed with the ``$PINTAN`` 192 to protect the user against phishing. Otherwise, someone else might attempt 193 a concurrent registration of a different public key, and the user might 194 accidentally authorize the registration of the public key of a different 195 wallet. 196 ``$H_ALIAS`` is the SHA-512 hash of a prefix-free encoding of the 197 alias to be registered in Crockford Base32 encoding, specifically: 198 ``SHA-512(len($ALIASTYPE)+len($ALIAS)||$ALIASTYPE||$ALIAS)`` 199 The service verifies that ``$ALIAS`` is, in fact, the preimage of ``$H_ALIAS`` 200 and ``$ALIAS`` as well as the ``inbox_uri`` are displayed to the user 201 for verification. 202 203 .. http:post:: /$H_ALIAS 204 205 This request is the last step of a registration, proving to the TalDir that 206 the user of the wallet is indeed able to receive messages for the specified 207 alias. 208 ``$H_ALIAS`` is the SHA-512 hash of a prefix-free encoding of the 209 alias to be registered in Crockford Base32 encoding. 210 211 **Request** 212 213 .. ts:def:: IdentityConfirmation 214 215 interface IdentityConfirmation { 216 // The solution is the SHA-512 hash of the challenge ($PINTAN) value 217 // chosen by TalDir concatenated with the ``inbox_uri`` (both strings 218 // are hashed excluding the 0-terminator). 219 // The hash is provided as string in Crockford base32 encoding. 220 solution: HashCode; 221 222 } 223 224 **Response** 225 226 :http:statuscode:`204 No Content`: 227 Registration complete. 228 :http:statuscode:`403 Forbidden`: 229 The ``solution`` is invalid. Retrying immediately is allowed. 230 :http:statuscode:`404 Not found`: 231 The alias is unknown (original registration attempt may have expired). 232 :http:statuscode:`429 Too Many Requests`: 233 The client exceeded the number of allowed attempts for solving 234 a challenge for this alias in the given timeframe. 235 236 ------------ 237 Alias lookup 238 ------------ 239 240 .. http:get:: /$H_ALIAS 241 242 Lookup the target URI associated with 243 an alias in the TalDir. Here, 244 ``$H_ALIAS`` is the SHA-512 hash of a prefix-free encoding of the 245 alias to be registered in Crockford base32 encoding. 246 247 **Response** 248 249 Standard HTTP cache control headers are used to specify how long the 250 registration is still expected to be valid. 251 252 :http:statuscode:`200 Ok`: 253 Registration information returned, of type `MailboxDetailResponse` 254 :http:statuscode:`404 Not found`: 255 The alias is unknown (original registration may have expired). 256 257 .. _MailboxDetailResponse: 258 .. ts:def:: MailboxDetailResponse 259 260 interface MailboxDetailResponse { 261 262 // Target URI to associate with this alias. 263 target_uri: string; 264 265 266 }