taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE

get-kyc-proof-PROVIDER_NAME.rst (2550B)

      1 .. http:get:: /kyc-proof/$PROVIDER_NAME?state=$H_NORMALIZED_PAYTO
      2 
      3   Upon completion of the process at the external KYC provider, the provider
      4   must redirect the client (browser) to trigger a GET request to a new
      5   ``/kyc-proof/$H_NORMALIZED_PAYTO/$PROVIDER_NAME`` endpoint.  Once this endpoint is
      6   triggered, the exchange will pass the received arguments to the respective
      7   logic plugin.  The logic plugin will then (asynchronously) update the KYC
      8   status of the user.  The logic plugin should redirect the user to the KYC
      9   SPA. This endpoint deliberately does not use the ``$ACCESS_TOKEN`` as the
     10   external KYC provider should not learn that token.
     11 
     12   This endpoint is thus accessed from the user's browser at the *end* of a
     13   KYC process, possibly providing the exchange with additional
     14   credentials to obtain the results of the KYC process.
     15   Specifically, the URL arguments should provide
     16   information to the exchange that allows it to verify that the
     17   user has completed the KYC process. The details depend on
     18   the logic, which is selected by the "$PROVIDER_NAME".
     19 
     20   While this is a GET (and thus safe, and idempotent), the operation
     21   may actually trigger significant changes in the exchange's state.
     22   In particular, it may update the KYC status of a particular
     23   payment target.
     24 
     25   **Request:**
     26 
     27   Details on the request depend on the specific KYC logic
     28   that was used.
     29 
     30   If the KYC plugin logic is OAuth 2.0, the query parameters are:
     31 
     32   :query code=CODE:
     33      OAuth 2.0 code argument.
     34   :query state=STATE:
     35      OAuth 2.0 state argument with the H_NORMALIZED_PAYTO.
     36 
     37   .. note::
     38 
     39     Depending on the OAuth variant used, additional
     40     query parameters may need to be passed here.
     41 
     42   **Response:**
     43 
     44   Given that the response is returned to a user using a browser and **not** to
     45   a Taler wallet, the response format is in human-readable HTML and not in
     46   machine-readable JSON.
     47 
     48   :http:statuscode:`302 Found`:
     49     The KYC operation succeeded and the
     50     payment target is now authorized to transact.
     51     The browser is redirected to a human-readable
     52     page configured by the exchange operator.
     53   :http:statuscode:`401 Unauthorized`:
     54     The provided authorization token is invalid.
     55   :http:statuscode:`404 Not found`:
     56     The payment target is unknown.
     57   :http:statuscode:`502 Bad Gateway`:
     58     The exchange received an invalid reply from the
     59     legitimization service.
     60   :http:statuscode:`504 Gateway Timeout`:
     61     The exchange did not receive a reply from the legitimization
     62     service within a reasonable time period.