post-management-auditors-AUDITOR_PUB-disable.rst (1568B)
1 .. http:post:: /management/auditors/$AUDITOR_PUB/disable 2 3 This request will be used to disable the use of the given auditor. 4 We use POST instead of DELETE because the exchange will retain state 5 about the auditor (specifically the end date) to prevent replay 6 attacks abusing the `AuditorSetupMessage`. Also, DELETE would not 7 support a body, which is needed to provide the signature authorizing 8 the operation. 9 10 **Request:** 11 12 The request must be a `AuditorTeardownMessage`. 13 14 **Response** 15 16 :http:statuscode:`204 No content`: 17 The auditor has successfully disabled the auditor. The body is empty. 18 :http:statuscode:`403 Forbidden`: 19 The signature is invalid. 20 :http:statuscode:`404 Not found`: 21 The auditor is unknown to the exchange. 22 :http:statuscode:`409 Conflict`: 23 The exchange has a more recent request related to this auditor key (replay detected). 24 25 **Details:** 26 27 .. ts:def:: AuditorTeardownMessage 28 29 interface AuditorTeardownMessage { 30 31 // Signature by the exchange master key over a 32 // `TALER_MasterDelAuditorPS`. 33 // Must have purpose ``TALER_SIGNATURE_MASTER_AUDITOR_DEL``. 34 master_sig: EddsaSignature; 35 36 // When does the auditor become inactive? 37 // Should be the time when the signature was created, 38 // using the (monotonic!) local time of the system 39 // with the offline master public key. Note that 40 // even if the time is in the future, the auditor will 41 // become inactive immediately! Used ONLY to detect replay attacks. 42 validity_end: Timestamp; 43 44 }