[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: libeufin bank API login endpoints, m
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: libeufin bank API login endpoints, misc. comments and TODOs |
Date: |
Tue, 05 Sep 2023 14:22:41 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new a86345eb libeufin bank API login endpoints, misc. comments and TODOs
a86345eb is described below
commit a86345eb94ac5797ce27a92bfdc10aa87bc30f27
Author: Florian Dold <florian@dold.me>
AuthorDate: Tue Sep 5 14:22:31 2023 +0200
libeufin bank API login endpoints, misc. comments and TODOs
---
core/api-libeufin-bank.rst | 92 +++++++++++++++++++++++++++++++++++-----------
1 file changed, 71 insertions(+), 21 deletions(-)
diff --git a/core/api-libeufin-bank.rst b/core/api-libeufin-bank.rst
index 9fc51d22..ad6bb1b0 100644
--- a/core/api-libeufin-bank.rst
+++ b/core/api-libeufin-bank.rst
@@ -29,16 +29,21 @@ Libeufin Bank API
* Clarify where the libeufin-bank API provides the Taler Wire Gateway API
and Bank Integration API
- * as a top-level ``/bank-integration-api/${USERNAME}`` or
``/accounts/${username}/bank-integration-api``?
+ * /config => { type: "libeufin-bank" }
+ * /bank-integration-api/config => { type: "taler-bank-integration" }
+ * /accounts/$USERNAME/taler-wire-gateway-api/config => { type:
"taler-wire-gateway" }
+ * only for accounts that have been configured as a Taler exchange account
+ * /accounts/$USERNAME/taler-revenue-api/config { type: "taler-revenue-api" }
- * With how it's currently documented, the TWG API and bank integration API
- is *part* of the libeufin-bank API. Is this correct?
- Or do we want a separate name for the "libeufin account access" API?
- That was the original intention with the (now gone) bank access API.
- The libeufin-bank API would then just be a composition of multiple
- other specified APIs.
+ * we used to call this the anastasis facade
- * The pagination of accounts right now is page-based, do we want that?
+ * have flag for exchange account to enable bouncing transactions that don't
have a reserve pub
+ or above a certain threshold
+ * in (all?) accounts, we can manage an access token for read-only access
+ * for public accounts, the read-only access token could simply be empty or
a well-known token
+ * path: ``/accounts/${username}/taler-wire-gateway-api``?
+
+ * The pagination of account transactions right now is page-based, do we
want that?
.. contents:: Table of Contents
@@ -51,13 +56,59 @@ it provides features for local/regional currencies.
Authentication
--------------
-Some requests require the client to authenticate via HTTP Basic auth (RFC
-7617). The user-id must be the libeufin-bank username, and the password the
-password for the corresponding user.
+Some requests require the client to authenticate via HTTP Basic auth (RFC 7617)
+or using a bearer token which can be obtained or refreshed from the
+``/accounts/$USERNAME/login`` endpoint.
+When using Basic authentication, the user-id must be the libeufin-bank
+username, and the password the password for the corresponding user.
+
+Another way to obtain a login token is by manually configuring it for certain
+endpoints. For example, the exchange could give an auditor read-only access to
+the taler-wire-gateway facade via such a manually configured access token.
The ``admin`` user is a special, hard-coded username. Some requests require the
client to authenticate as the admin.
+.. http:post:: /accounts/$USERNAME/login
+
+ **Parameters**
+
+ .. ts:def:: LoginRquest
+
+ interface LoginRequest {
+ scope: "readonly" | "write";
+
+ // Server may impose its own upper bound
+ // on the token validity duration
+ duration?: RelativeTime;
+
+ // Can this token be refreshed?
+ // Defaults to false.
+ refreshable?: boolean;
+ }
+
+ **Response:**
+
+ TBD.
+
+ **Details:**
+
+ .. note::
+
+ Typically the ``access_token`` would be an EdDSA signature
+ over (username, scope, timestamp, expiry).
+
+ Alternatively, valid access tokens could also be random identifiers
+ stored in a database table.
+
+ .. ts:def:: LoginSuccessResponse
+
+ interface LoginSuccessResponse {
+ expiration: Timestamp;
+ access_token: string;
+ }
+
+
Libeufin Bank Web UI
--------------------
@@ -393,6 +444,11 @@ Transactions
**Request**
+ .. note::
+
+ We should migrate this to use the same kind of pagination interface
+ that we use elsewhere in Taler (start and +/- delta).
+
:query long_poll_ms: Optional number to express how many milliseconds the
server
should wait for at least one result to be shown. If not given, the server
responds immediately, regardless of the result.
@@ -422,23 +478,17 @@ Transactions
.. ts:def:: BankAccountTransactionInfo
interface BankAccountTransactionInfo {
+ creditor_payto_uri: string;
+ debtor_payto_uri: string;
- creditor_iban: string;
- creditor_bic: string; // Optional
- creditor_name: string;
-
- debtor_iban: string;
- debtor_bic: string;
- debtor_name: string;
+ amount: Amount;
+ direction: "debit" | "credit";
- amount: number;
- currency: string;
subject: string;
// Transaction unique ID. Matches
// $transaction_id from the URI.
uid: string;
- direction: "DBIT" | "CRDT";
date: Timestamp;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: libeufin bank API login endpoints, misc. comments and TODOs,
gnunet <=