taler-docs

taler-merchant.conf.5.rst (14213B)

---

 ..
   This file is part of GNU TALER.
   Copyright (C) 2014-2026 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Affero General Public License as published by the Free Software
   Foundation; either version 2.1, or (at your option) any later version.
 
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
 
   You should have received a copy of the GNU Affero General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 
   @author Florian Dold
   @author Benedikt Muller
   @author Sree Harsha Totakura
   @author Marcello Stanisci
   @author Christian Grothoff
   @author Javier Sepulveda
 
 
 taler-merchant.conf(5)
 ######################
 
 .. only:: html
 
    Name
    ====
 
    **taler-merchant.conf** - Taler configuration file
 
 
 Description
 ===========
 
 .. include:: ../frags/common-conf-syntax.rst
 
 Files containing default values for many of the options described below
 are installed under ``$TALER_MERCHANT_PREFIX/share/taler-merchant/config.d/``.
 The configuration file given with **-c** to Taler binaries
 overrides these defaults.
 
 A configuration file may include another, by using the ``@INLINE@`` directive,
 for example, in ``main.conf``, you could write ``@INLINE@ sub.conf`` to
 include the entirety of ``sub.conf`` at that point in ``main.conf``.
 
 Be extra careful when using ``taler-merchant-config -V VALUE`` to change configuration
 values: it will destroy all uses of ``@INLINE@`` and furthermore remove all
 comments from the configuration file!
 
 
 GLOBAL OPTIONS
 --------------
 
 The “[PATHS]” section is special in that it contains paths that can be
 referenced using “$” in other configuration values that specify
 filenames. For Taler, it commonly contains the following paths:
 
 TALER_HOME
   Home directory of the user, usually “${HOME}”. Can be overwritten by
   testcases by setting ${TALER_TEST_HOME}.
 
 TALER_DATA_HOME
   Where should Taler store its long-term data.
   Usually “${TALER_HOME}/.local/share/taler-merchant/”.
 
 TALER_CONFIG_HOME
   Where is the Taler configuration kept.
   Usually “${TALER_HOME}/.config/taler-merchant/”.
 
 TALER_CACHE_HOME
   Where should Taler store cached data.
   Usually “${TALER_HOME}/.cache/taler-merchant/”.
 
 TALER_RUNTIME_DIR
   Where should Taler store system runtime data (like UNIX domain
   sockets). Usually “${TMP}/taler-merchant-runtime”.
 
 .. include:: frags/currency-spec.rst
 
 
 MERCHANT OPTIONS
 ----------------
 
 The following options are from the “[merchant]” section and used by the
 merchant backend.
 
 DB
    Plugin to use for the database, e.g._“postgres”.
 
 SERVE
   Should the HTTP server listen on a UNIX domain socket (set option to "unix"), or on a TCP socket (set option to "tcp"), or be activated via systemd (set option to "systemd").
 
 BASE_URL
   Which base URL should the merchant backend assume for itself in the protocol. Optional. If not given, the base URL will be constructed from X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Prefix headers that a reverse-proxy should be setting.
 
 CURRENCY
   Default currency of the merchant. Used primarily in the SPA
   in dialogs. Note that the merchant backend is multi-currency
   capable and setting this option will not prevent other
   currencies from being used. The full set of allowed currencies
   is determined from the overall list of exchanges that are enabled
   in the configuration.
 
 UNIXPATH
   Path to listen on if we "SERVE" is set to "unix".
 
 UNIXPATH_MODE
   Access permission mask to use for the "UNIXPATH".
 
 PORT
    Port on which the HTTP server listens, e.g. 8080.
 
 BIND_TO
   Hostname to which the merchant HTTP server should be bound to, e.g. "localhost".
 
 LEGAL_PRESERVATION
    How long do we keep data in the database for tax audits after the
    transaction has completed?  Default is 10 years.
 
 DEFAULT_PAY_DELAY
    What is the default payment delay for new instances. This is how long the
    customer has to pay the order before the offer expires.
    This backend default can be changed per-instance and then still overridden per-order.
    Defaults to one day if not specified in the configuration.
 
 DEFAULT_REFUND_DELAY
    What is the default refund delay for new instances. This is how long the
    merchant can grant refunds to the customer. Is added on top of the
    payment deadline (for an actual order).
    This backend default can be changed per-instance and then still overridden per-order.
    If the order overrides the wire transfer deadline and does not
    specify a refund deadline and if the DEFAULT_REFUND_DELAY would
    imply a longer refund deadline, then the wire transfer deadline
    is used for the refund deadline.
    Defaults to 15 days if not specified in the configuration.
 
 DEFAULT_WIRE_TRANSFER_DELAY
    What is the default wire transfer delay for new instances. This is how long the
    exchange has to settle the payment with a wire transfer, enabling refunds and aggregation
    of multiple transfers to happen until this time.
    The value given is added on top of the refund deadline and is then
    subject to rounding as per DEFAULT_WIRE_TRANSFER_ROUNDING_INTERVAL.
    This backend default can be changed per-instance and then still overridden per-order.
    Defaults to one month if not specified in the configuration.
 
 DEFAULT_WIRE_TRANSFER_ROUNDING_INTERVAL
    Specifies to what time interval a wire transfer deadline computed
    via the DEFAULT_WIRE_TRANSFER_DELAY should be rounded up. Supported
    values are NONE, SECOND, MINUTE, HOUR, DAY, WEEK, MONTH, QUARTER and
    YEAR, each implying that wire transfer deadline computed
    should be rounded up to the respective end of the next interval
    using the local timezone of the merchant backend.
    This backend default can be changed per-instance.
    Rounding does not apply if the wire deadline is overridden per-order.
    Defaults to NONE (no rounding up) if not specified in the configuration.
 
 FORCE_AUDIT
    Force the merchant to report every transaction to the auditor
    (if the exchange has an auditor)?  Default is ``NO``.
    Do not change except for testing.
 
 ENABLE_SELF_PROVISIONING
    Set to YES to allow unauthenticated clients to create new instances.
 
 MANDATORY_TAN_CHANNELS
    Space-separted list of TAN channels required for password reset.
    Can be "sms" or "email" or both.
 
 PHONE_REGEX
    Posix regular expression specifying which phone numbers are acceptable for
    the instances. Useful to restrict phone numbers to those that work
    with the ``HELPER_SMS``. Optional, if missing no restrictions apply.
 
 HELPER_SMS
    Helper binary to use to send SMS.
    Will get the SMS phone number as the only command-line argument,
    and the message to send as the body.
    Optional, if missing "sms" will not work as a TAN channel.
 
 HELPER_EMAIL
    Helper binary to use to send e-mail.
    Will get the e-mail address as the only command-line argument,
    and the message to send as the body.
    Optional, if missing "email" will not work as a TAN channel.
 
 STRICT_PROTOCOL_V19
    Set to YES to strictly enforce protocol version 19 or later. Transient option for development.
 
 PAYMENT_TARGET_TYPES
    Space-separated list of allowed payment target types (like bitcoin, iban or x-taler-bank).
    Defaults to "\*" which means no restrictions if not specified.
 
 TERMS_DIR
   Directory where the terms of service of the merchant operator can be fund.
   The directory must contain sub-directories for every supported language,
   using the two-character language code in lower case, e.g. "en/" or "fr/".
   Each subdirectory must then contain files with the terms of service in
   various formats.  The basename of the file of the current policy must be
   specified under ``TERMS_ETAG``.  The extension defines the mime type.
   Supported extensions include "html", "htm", "txt", "pdf", "jpg", "jpeg",
   "png" and "gif".  For example, using a ``TERMS_ETAG`` of "0", the structure
   could be the following:
 
   - $TERMS_DIR/en/0.pdf
   - $TERMS_DIR/en/0.html
   - $TERMS_DIR/en/0.txt
   - $TERMS_DIR/fr/0.pdf
   - $TERMS_DIR/fr/0.html
   - $TERMS_DIR/de/0.txt
 
 TERMS_ETAG
   Basename of the file(s) in the ``TERMS_DIR`` with the current terms of service.
   The value is also used for the "Etag" in the HTTP request to control
   caching.  Whenever the terms of service change, the ``TERMS_ETAG`` MUST also
   change, and old values MUST NOT be repeated.  For example, the date or
   version number of the terms of service SHOULD be used for the Etag.  If
   there are minor (e.g. spelling) fixes to the terms of service, the
   ``TERMS_ETAG`` probably SHOULD NOT be changed. However, whenever users must
   approve the new terms, the ``TERMS_ETAG`` MUST change.
 
 PRIVACY_DIR
   Works the same as ``TERMS_DIR``, just for the privacy policy.
 
 PRIVACY_ETAG
   Works the same as ``TERMS_ETAG``, just for the privacy policy.
 
 DEFAULT_PERSONA
    Which "Persona" should be chosen by default for new clients
    using the SPA? The setting can always changed locally in the
    browser, but new clients without a setting stored locally will
    use this value.
    Possible values include: "expert", "offline-vending-machine",
    "point-of-sale", "digital-publishing", "e-commerce" and "developer".
    Defaults to "expert", which means all stable features are enabled.
 
 GLOBAL_SPA_CONFIG_DATA
    Additional configuration fields to pass to the SPA. This must be
    a JSON object mapping keys to values. The main configuration keys
    used are "contact_email", "contact_phone", "tax_info", "address"
    and "support_url". For example, typical configuration might be::
 
      '{"contact_email":"contact@example.com",
      "support_url":"https://tutorials.taler.net/",
      "tax_info":"VAT number: #12345678",
      "address":
      {"name":"Acme Inc",
      "street":"Acme St. 42",
      "post_code":"1234",
      "city":"Acme Town",
      "country":"Acme Land"}
      }'
 
    See https://docs.taler.net/core/api-merchant.html#tsref-type-Location
    for details on the "address" field. See also in the REST API specification
    for ``/config`` the entry for ``SpaConfigOptions`` for other
    SPA configuration options.
 
 PAYMENT_TARGET_REGEX
    POSIX regular expression imposing additional restrictions on the "payto://"-URIs allowed
    for bank accounts of instances of this system. For example, "payto://iban/CH.*" would
    restrict the system to only Swiss IBAN accounts. Optional, no restrictions if not set.
 
 MERCHANT KYCCHECK OPTIONS
 -------------------------
 
 The following options are from the “[merchant-kyccheck]” section and
 used by the ``taler-merchant-kyccheck`` helper process which checks
 with an exchange if we have know-your-customer (KYC) process issues
 to resolve.
 
 AML_FREQ
   Specifies how often the backend should check for KYC status
   changes at the exchange if we are experiencing KYC issues.
   Default is every 6h.
 
 AML_LOW_FREQ
   Specifies how often the backend should check for KYC status
   changes at the exchange if we are not experiencing any KYC
   issues, but there might be some with (delayed) aggregation
   so we should at a low frequency still check for reports.
   Default is every 7 days.
 
 
 MERCHANT POSTGRES BACKEND DATABASE OPTIONS
 ------------------------------------------
 
 The following options must be in section “[merchantdb-postgres]” if the
 “postgres” plugin was selected for the database.
 
 CONFIG
    How to access the database, e.g. “postgres:///taler” to use the
    “taler” database. Testcases use “talercheck”.
 
 
 KNOWN EXCHANGES (for merchants)
 -------------------------------
 
 The merchant configuration can include a list of known exchanges if the
 merchant wants to specify that certain exchanges are explicitly trusted.
 For each trusted exchange, a section [merchant-exchange-$NAME] must exist, where
 $NAME is a merchant-given name for the exchange. The following options
 must be given in each “[exchange-$NAME]” section.
 
 EXCHANGE_BASE_URL
    Base URL of the exchange, e.g. “https://exchange.demo.taler.net/”
 
 MASTER_KEY
    Crockford Base32 encoded master public key, public version of the
    exchange's long-time offline signing key.  Can be omitted, in that
    case the exchange will NOT be trusted unless it is audited by
    a known auditor.
    Omitting ``MASTER_KEY`` can be useful if we do not trust the exchange
    without an auditor, but should pre-load the keys of this
    particular exchange on startup instead of waiting for it to be
    required by a client.
 
 CURRENCY
    Name of the currency for which this exchange is used, e.g. “KUDOS”.
    The entire section is ignored if the currency does not match the currency
    we use, which must be given in the ``[taler]`` section.
 
 DISABLED
    Set to YES to disable this exchange. Optional option, defaults to NO.
 
 
 REPORT GENERATION
 -----------------
 
 The merchant backend can be used to fetch and submit periodic reports.
 The submission is handled using report generators. These are binaries
 that receive the main report from standard input (stdin), and are told:
 
   * the mime type using a "-m" command-line option,
   * the report target address using a "-t" command-line option, and
   * a report description using a "-d" command-line option.
 
 The report generators should return 0 on success. Custom report generators are
 configured using configuration sections [report-generator-$NAME], where $NAME
 is a merchant-given name for the report generator. The following options must
 be given in each “[report-generator-$NAME]” section.
 
 BINARY
    Name of the binary to execute. Currently this must be a single
    filename (usually with the path), no command-line arguments may
    be specified.
 
 Default report generators include:
 
 * ``[report-generator-email]`` with the BINARY
   taler-merchant-report-generator-email will
   send reports via e-mail using the UNIX mail program.
 
 
 SEE ALSO
 ========
 
 taler-merchant-passwd(1), taler-merchant-httpd(1)
 
 BUGS
 ====
 
 Report bugs by using https://bugs.taler.net/ or by sending electronic
 mail to <taler@gnu.org>.