api-exchange.rst (35067B)
1 .. 2 This file is part of GNU TALER. 3 Copyright (C) 2014-2025 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU Affero General Public License as published by the Free Software 7 Foundation; either version 2.1, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. 12 13 You should have received a copy of the GNU Affero General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 16 @author Christian Grothoff 17 @author Özgür Kesim 18 19 ==================== 20 Exchange RESTful API 21 ==================== 22 23 The API specified here follows the :ref:`general conventions <http-common>` 24 for all details not specified in the individual requests. 25 The `glossary <https://docs.taler.net/taler-developer-manual.html#developer-glossary>`_ 26 defines all specific terms used in this section. 27 28 29 --------------- 30 Version History 31 --------------- 32 33 The current protocol version is **v34**. 34 35 * The merchant is currently targeting **v34**. 36 * The AML SPA is currently targeting **v31**. 37 * The KYC SPA is currently targeting **v30**. 38 39 **Version history:** 40 41 * ``v29``: AML reporting on KYC auth transfers 42 * ``v30``: various minor feature additions 43 * ``v31``: improvements for AML reporting 44 * ``v32``: support for extra_wire_subject_metadata 45 * ``v33``: addition of accumulated_total_without_fee in ``/batch-deposit`` 46 * ``v34``: new offline signature; support for open_banking_gateway and 47 wire_transfer_gateway per wire account in ``/keys`` 48 49 **Upcoming versions:** 50 51 * ``vRECOUP``: improved recoup protocol 52 * ``vATTEST``: KYC attestation support 53 54 **Ideas for future version:** 55 56 * ``vXXX``: marker for features not yet targeted for release 57 58 59 60 .. include:: tos.rst 61 62 .. _keys: 63 64 --------------------------- 65 Exchange status information 66 --------------------------- 67 68 This API is used by wallets and merchants to obtain global information about 69 the exchange, such as online signing keys, available denominations and the fee 70 structure. This is typically the first call any exchange client makes, as it 71 returns information required to process all of the other interactions with the 72 exchange. The returned information is secured by (1) signature(s) from the exchange, 73 especially the long-term offline signing key of the exchange, which clients should 74 cache; (2) signature(s) from auditors, and the auditor keys should be 75 hard-coded into the wallet as they are the trust anchors for Taler; (3) 76 possibly by using HTTPS. 77 78 79 .. include:: exchange/get-seed.rst 80 81 .. include:: exchange/get-config.rst 82 83 .. include:: exchange/get-keys.rst 84 85 86 ---------------------------------------------- 87 Management operations authorized by master key 88 ---------------------------------------------- 89 90 .. include:: exchange/get-management-keys.rst 91 92 .. include:: exchange/post-management-keys.rst 93 94 .. include:: exchange/post-management-denominations-H_DENOM_PUB-revoke.rst 95 96 .. include:: exchange/post-management-signkeys-EXCHANGE_PUB-revoke.rst 97 98 .. include:: exchange/post-management-auditors.rst 99 100 .. include:: exchange/post-management-auditors-AUDITOR_PUB-disable.rst 101 102 .. include:: exchange/post-management-wire-fee.rst 103 104 .. include:: exchange/post-management-global-fees.rst 105 106 .. include:: exchange/post-management-wire.rst 107 108 .. include:: exchange/post-management-wire-disable.rst 109 110 .. include:: exchange/post-management-drain.rst 111 112 .. include:: exchange/post-management-aml-officers.rst 113 114 .. include:: exchange/post-management-partners.rst 115 116 --------------- 117 Auditor actions 118 --------------- 119 120 .. _auditor_action: 121 122 This part of the API is for the use by auditors interacting with the exchange. 123 124 125 .. include:: exchange/post-auditors-AUDITOR_PUB-H_DENOM_PUB.rst 126 127 128 ---------------- 129 Blinding Prepare 130 ---------------- 131 132 Certain denomination cipher types, such as Clause-Schnorr, require input values 133 from the exchange-side as preparation for the blinding of the coins. See the 134 Bachelor thesis of Gian Demarmels and Lucien Heuzeveldt, 135 `Adding Schnorr’s Blind Signature in Taler <https://www.taler.net/papers/cs-thesis.pdf>`_, 136 for details. 137 138 .. include:: exchange/post-blinding-prepare.rst 139 140 141 142 .. _exchange-withdrawal: 143 144 ---------- 145 Withdrawal 146 ---------- 147 148 This API is used by the wallet to obtain digital coins. 149 150 When transferring money to the exchange such as via SEPA transfers, the exchange creates 151 a *reserve*, which keeps the money from the customer. The customer must 152 specify an EdDSA reserve public key as part of the transfer, and can then 153 withdraw digital coins using the corresponding private key. All incoming and 154 outgoing transactions are recorded under the corresponding public key by the 155 exchange. 156 157 .. note:: 158 159 Eventually the exchange will need to advertise a policy for how long it will 160 keep transaction histories for inactive or even fully drained reserves. We 161 will therefore need some additional handler similar to ``/keys`` to 162 advertise those terms of service. 163 164 165 .. include:: exchange/get-reserves-RESERVE_PUB.rst 166 167 168 169 .. _withdraw: 170 .. include:: exchange/post-withdraw.rst 171 172 173 .. ts:def:: WithdrawRequest 174 175 interface WithdrawRequest { 176 // Cipher that is used for the rerserve's signatures. 177 // For now, only ed25519 signatures are applicable, 178 // but this might change in future versions. 179 cipher: "ED25519"; 180 181 // The reserve's public key, for the the cipher ED25519, 182 // to verify the signature ``reserve_sig``. 183 reserve_pub: EddsaPublicKey; 184 185 // Array of ``n`` hash codes of denomination public keys to order. 186 // The sum of all denomination's values and fees MUST be 187 // at most the balance of the reserve. The balance of 188 // the reserve will be immediatley reduced by that amount. 189 // If ``max_age`` is set, these denominations MUST support 190 // age restriction as defined in the output to /keys. 191 denoms_h: HashCode[]; 192 193 // If set, the maximum age to commit to. This implies: 194 // 1.) it MUST be the same value as the maximum age 195 // of the reserve. 196 // 2.) ``coin_evs`` MUST be an array of ``n*kappa`` 197 // 3.) the denominations in ``denoms_h`` MUST support 198 // age restriction. 199 max_age?: Integer; 200 201 // Master seed for the Clause-Schnorr R-value creation. 202 // MUST match the /blinding-prepare request. 203 // MUST NOT have been used in any prior withdraw request. 204 // MUST be present if one of the fresh coin's 205 // denomination is of type Clause-Schnorr. 206 blinding_seed?: BlindingMasterSeed; 207 208 // Array of blinded coin envelopes of type `CoinEnvelope`. 209 // If ``max_age`` is not set, MUST be n entries. 210 // If ``max_age`` is set, MUST be ``n*kappa`` entries, 211 // arranged in [0..n)..[0..n), with the first n entries 212 // belonging to kappa=0 etc. 213 // In case of age restriction, the exchange will 214 // respond with an index ``gamma``, which is the index 215 // that shall remain undisclosed during the subsequent 216 // reveal phase. 217 // This hash value along with the reserve's public key 218 // will also be used for recoup operations, if needed. 219 coin_evs: CoinEnvelope[]; 220 221 // Signature of `TALER_WithdrawRequestPS` created with 222 // the `reserves's private key <reserve-priv>`. 223 reserve_sig: EddsaSignature; 224 } 225 226 .. ts:def:: WithdrawResponse 227 228 interface WithdrawResponse { 229 // Array of blinded signatures over each ``coin_evs``, 230 // in the same order as was given in the request. 231 // The blinded signatures affirm the coin's validity 232 // after unblinding. 233 ev_sigs: BlindedDenominationSignature[]; 234 235 } 236 237 238 .. ts:def:: AgeWithdrawResponse 239 240 interface AgeWithdrawResponse { 241 // index of the commitments that the client doesn't 242 // have to disclose in the subsequent call to 243 // ``/reveal-withdraw``. 244 noreveal_index: Integer; 245 246 // Signature of `TALER_WithdrawConfirmationPS` whereby 247 // the exchange confirms the ``noreveal_index``. 248 exchange_sig: EddsaSignature; 249 250 // `Public EdDSA key <sign-key-pub>` of the exchange that was used to 251 // generate the signature. Should match one of the exchange's signing 252 // keys from ``/keys``. Again given explicitly as the client might 253 // otherwise be confused by clock skew as to which signing key was used. 254 exchange_pub: EddsaPublicKey; 255 256 } 257 258 .. ts:def:: DenominationGoneMessage 259 260 interface DenominationGoneMessage { 261 262 // Taler error code. Note that beyond 263 // expiration this message format is also 264 // used if the key is not yet valid, or 265 // has been revoked. May be one of 266 // - ``TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE`` 267 // - ``TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED`` 268 // - ``TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED`` 269 code: Integer; 270 271 // Signature by the exchange over a 272 // `TALER_DenominationExpiredAffirmationPS`. 273 // Must have purpose ``TALER_SIGNATURE_EXCHANGE_AFFIRM_DENOM_EXPIRED``. 274 exchange_sig: EddsaSignature; 275 276 // Public key of the exchange used to create 277 // the 'exchange_sig. 278 exchange_pub: EddsaPublicKey; 279 280 // Hash of the denomination public key that is unknown. 281 h_denom_pub: HashCode; 282 283 // When was the signature created. 284 timestamp: Timestamp; 285 286 // What kind of operation was requested that now 287 // failed? 288 oper: string; 289 290 } 291 292 293 .. ts:def:: WithdrawError 294 295 interface SingleWithdrawError { 296 // Text describing the error. 297 hint: string; 298 299 // Detailed error code. 300 code: Integer; 301 302 // Amount left in the reserve. 303 balance: Amount; 304 305 } 306 307 308 309 ------------------ 310 311 312 .. _reveal-withdraw: 313 314 **Reveal-Withdraw** 315 316 This endpoint is called by the client after a call to `withdraw`_, 317 *if* the original request had ``max_age`` set and 318 the response was of type `AgeWithdrawResponse`. 319 Now the client has to disclose for each coin all but one of the κ secrets 320 that went into creating the blinded coin's planchets, 321 including the commitment to age restriction, 322 and prove that the age restriction was set correctly. 323 324 .. include:: exchange/post-reveal-withdraw.rst 325 326 327 328 ---------- 329 Refreshing 330 ---------- 331 332 Refreshing creates ``n`` new coins from ``m`` old coins, where the sum of 333 denominations of the new coins must be smaller than the sum of the old coins' 334 denominations plus melting (refresh) and withdrawal fees charged by the exchange. 335 The refreshing API can be used by wallets to melt partially spent coins, making 336 transactions with the freshly exchangeed coins unlinkabe to previous transactions 337 by anyone except the wallet itself. 338 339 Refreshing is a two step process, consisting of 340 341 1. the **melting** of the old coin, together with ``kappa`` batches 342 of blinded planchets candidates, 343 2. the **reveal** of ``kappa-1`` secrets to prove the proper construction 344 of the (revealed) batches of blinded planchets candidates. 345 346 347 ^^^^ 348 Melt 349 ^^^^ 350 351 .. _melt: 352 .. include:: exchange/post-melt.rst 353 354 ^^^^^^^^^^^ 355 Reveal-Melt 356 ^^^^^^^^^^^ 357 358 This endpoint is called by the client after a call to `melt`_. 359 Now the client has to disclose --for each coin-- 360 all but one of the κ secrets that went into creating the blinded coin's planchets, 361 the transfer public keys (linking the ownership of the old and new coin), 362 and the commitment to age restriction, 363 as proof that the age restriction was set correctly (if applicable). 364 365 .. include:: exchange/post-reveal-melt.rst 366 367 368 .. _deposit-par: 369 370 ------- 371 Deposit 372 ------- 373 374 Deposit operations are requested f.e. by a merchant during a transaction or a 375 bidder during an auction. 376 377 For the deposit operation during purchase, the merchant has to obtain the 378 deposit permission for a coin from their customer who owns the coin. When 379 depositing a coin, the merchant is credited an amount specified in the deposit 380 permission, possibly a fraction of the total coin's value, minus the deposit 381 fee as specified by the coin's denomination. 382 383 For auctions, a bidder performs an deposit operation and provides all relevant 384 information for the auction policy (such as timeout and public key as bidder) 385 and can use the ``exchange_sig`` field from the `DepositSuccess` message as a 386 proof to the seller for the escrow of sufficient fund. 387 388 389 .. _deposit: 390 391 .. include:: exchange/post-batch-deposit.rst 392 393 394 395 ------ 396 Recoup 397 ------ 398 399 The purpose of this API is to allow coins to be cashed back in, 400 in certain exceptional situations. 401 This API is only used if the exchange is either about to go out of 402 business or has had its private signing keys compromised (so in 403 either case, the protocol is only used in **abnormal** 404 situations). In the above cases, the exchange signals to the 405 wallets that the emergency cash back protocol has been activated 406 by putting the affected denomination keys into the cash-back 407 part of the ``/keys`` response. If and only if this has happened, 408 coins that were signed with those denomination keys can be cashed 409 in using this API. 410 411 For a recoup, a coin has to provide the necessary information to 412 identify the original transaction (either a withdraw or a refresh) it 413 became minted, and proof ownership of the coin itself. 414 415 416 .. include:: exchange/post-recoup-withdraw.rst 417 418 419 .. include:: exchange/post-recoup-refresh.rst 420 421 422 423 .. _exchange_refund: 424 425 ------- 426 Refunds 427 ------- 428 429 .. include:: exchange/post-coins-COIN_PUB-refund.rst 430 431 432 .. _reserve-history: 433 434 --------------- 435 Reserve History 436 --------------- 437 438 .. include:: exchange/get-reserves-RESERVE_PUB-history.rst 439 440 441 442 .. _coin-history: 443 444 ------------ 445 Coin History 446 ------------ 447 448 .. include:: exchange/get-coins-COIN_PUB-history.rst 449 450 Obtain the transaction history of a coin. Used only in special cases, like 451 when the exchange claims a double-spending error and the wallet does not 452 believe it. Usually, the wallet knows the transaction history of each coin 453 and thus has no need to inquire. 454 455 **Request:** 456 457 The GET request should come with the following HTTP headers: 458 459 *If-None-Match*: 460 The client MAY provide an ``If-None-Match`` header with an 461 Etag. In that case, the server MUST additionally respond with an ``304`` 462 status code in case the coin history matches the provided Etag. 463 464 *Taler-Coin-History-Signature*: 465 The client MUST provide Base-32 encoded EdDSA signature over a 466 ``TALER_SIGNATURE_COIN_HISTORY_REQUEST`` made with the respective 467 ``$COIN_PRIV``, affirming desire to download the current coin 468 transaction history. 469 470 :query start=OFFSET: *Optional.* Only return coin history entries with 471 offsets above the given OFFSET. Allows clients to not 472 retrieve history entries they already have. 473 474 **Response:** 475 476 :http:statuscode:`200 OK`: 477 The operation succeeded, the exchange confirms that no double-spending took 478 place. The response will include a `CoinHistoryResponse` object. 479 :http:statuscode:`204 No content`: 480 The reserve history is known, but at this point from the given starting point it is empty. Can only happen if OFFSET was positive. 481 :http:statuscode:`304 Not modified`: 482 The coin history has not changed since the previous query (detected via Etag 483 in "If-none-match" header). 484 :http:statuscode:`403 Forbidden`: 485 The *TALER_SIGNATURE_COIN_HISTORY_REQUEST* is invalid. 486 This response comes with a standard `ErrorDetail` response. 487 :http:statuscode:`404 Not found`: 488 The coin public key is not (yet) known to the exchange. 489 490 **Details:** 491 492 .. ts:def:: CoinHistoryResponse 493 494 interface CoinHistoryResponse { 495 // Current balance of the coin. 496 balance: Amount; 497 498 // Hash of the coin's denomination. 499 h_denom_pub: HashCode; 500 501 // Transaction history for the coin. 502 history: CoinSpendHistoryItem[]; 503 } 504 505 .. ts:def:: CoinSpendHistoryItem 506 507 // Union discriminated by the "type" field. 508 type CoinSpendHistoryItem = 509 | CoinDepositTransaction 510 | CoinMeltTransaction 511 | CoinRefundTransaction 512 | CoinRecoupWithdrawTransaction 513 | CoinRecoupRefreshTransaction 514 | CoinRecoupRefreshReceiverTransaction 515 | CoinPurseDepositTransaction 516 | CoinPurseRefundTransaction 517 | CoinReserveOpenDepositTransaction; 518 519 .. ts:def:: CoinDepositTransaction 520 521 interface CoinDepositTransaction { 522 type: "DEPOSIT"; 523 524 // Offset of this entry in the reserve history. 525 // Useful to request incremental histories via 526 // the "start" query parameter. 527 history_offset: Integer; 528 529 // The total amount of the coin's value absorbed (or restored in the 530 // case of a refund) by this transaction. 531 // The amount given includes 532 // the deposit fee. The current coin value can thus be computed by 533 // subtracting this amount. 534 amount: Amount; 535 536 // Deposit fee. 537 deposit_fee: Amount; 538 539 // Public key of the merchant. 540 merchant_pub: EddsaPublicKey; 541 542 // Date when the operation was made. 543 timestamp: Timestamp; 544 545 // Date until which the merchant can issue a refund to the customer via the 546 // exchange, possibly zero if refunds are not allowed. 547 refund_deadline?: Timestamp; 548 549 // Hash over the proposal data of the contract that 550 // is being paid. 551 h_contract_terms: HashCode; 552 553 // Hash of the bank account from where we received the funds. 554 h_wire: HashCode; 555 556 // Hash of the public denomination key used to sign the coin. 557 // Needed because 'coin_sig' signs over this, and 558 // that is important to fix the coin's denomination. 559 h_denom_pub: HashCode; 560 561 // Hash over the deposit policy extension. Optional. 562 h_policy?: HashCode; 563 564 // Hash over auxiliary wallet data provided by the wallet 565 // to complete the contract. Optional. 566 wallet_data_hash?: HashCode; 567 568 // Hash over the age commitment of the coin. Optional. 569 h_age_commitment?: HashCode; 570 571 // Signature over `TALER_DepositRequestPS`, made by the customer with the 572 // `coin's private key <coin-priv>`. 573 coin_sig: EddsaSignature; 574 575 } 576 577 .. ts:def:: CoinMeltTransaction 578 579 interface CoinMeltTransaction { 580 type: "MELT"; 581 582 // Offset of this entry in the reserve history. 583 // Useful to request incremental histories via 584 // the "start" query parameter. 585 history_offset: Integer; 586 587 // The total amount of the coin's value absorbed by this transaction. 588 // Note that for melt this means the amount given includes 589 // the melt fee. The current coin value can thus be computed by 590 // subtracting the amounts. 591 amount: Amount; 592 593 // Melt fee. 594 melt_fee: Amount; 595 596 // Commitment from the melt operation, see `TALER_RefreshCommitmentP` 597 rc: HashCode; 598 599 // Hash of the public denomination key used to sign the old coin. 600 // Needed because 'coin_sig' signs over this, and 601 // that is important to fix the coin's denomination. 602 old_denom_pub_h: HashCode; 603 604 // Hash over the age commitment of the coin. Optional. 605 old_age_commitment_h?: AgeCommitmentHash; 606 607 // @since **v32** 608 // This value is opaque to the exchange. It was provided by the client 609 // as part of the original refresh request, and was therefore verified 610 // with the confirm_sig below. 611 // If the reveal step was not performed yet by the old coin owner, 612 // they can use this value and the old coin's private key to derive 613 // all indivual seeds for the n*κ coin candidates for the original 614 // refresh request and replay it 615 refresh_seed: HashCode; 616 617 // @since **v32** 618 // The kappa*n list of transfer public keys that were provided by the 619 // old coin owner during the melt request. 620 transfer_pubs: EddsaPublicKey[kappa][]; 621 622 // @since **v32** 623 // The n denomination public keys for the fresh coins 624 // that the coin owner had requested. 625 denoms_h: HashCode[]; 626 627 // @since **v32** 628 // The ``noreveal_index`` value that was returned by the exchange as response 629 // to the melt request. 630 noreveal_index: Integer; 631 632 // @since **v32** 633 // If the reveal step was successfully peformed by the coin owner, 634 // this field contains the blind coin signatures that were returned 635 // by the exchange for the chosen batch of coins. 636 ev_sigs?: BlindedDenominationSignature[]; 637 638 // Master seed for the Clause-Schnorr R-value 639 // Present if one of the fresh coin's 640 // denominations is of type Clause-Schnorr. 641 blinding_seed?: BlindingMasterSeed; 642 643 // Signature by the coin over a 644 // `TALER_RefreshMeltCoinAffirmationPS` of 645 // purpose ``TALER_SIGNATURE_WALLET_COIN_MELT``. 646 confirm_sig: EddsaSignature; 647 648 } 649 650 .. ts:def:: CoinRefundTransaction 651 652 interface CoinRefundTransaction { 653 type: "REFUND"; 654 655 // Offset of this entry in the reserve history. 656 // Useful to request incremental histories via 657 // the "start" query parameter. 658 history_offset: Integer; 659 660 // The total amount of the coin's value restored 661 // by this transaction. 662 // The amount given excludes the transaction fee. 663 // The current coin value can thus be computed by 664 // adding the amounts to the coin's denomination value. 665 amount: Amount; 666 667 // Refund fee. 668 refund_fee: Amount; 669 670 // Hash over the proposal data of the contract that 671 // is being refunded. 672 h_contract_terms: HashCode; 673 674 // Public key of the merchant. 675 merchant_pub: EddsaPublicKey; 676 677 // Refund transaction ID. 678 rtransaction_id: Integer; 679 680 // `EdDSA Signature <eddsa-sig>` authorizing the REFUND over a 681 // `TALER_MerchantRefundConfirmationPS` with 682 // purpose ``TALER_SIGNATURE_MERCHANT_REFUND_OK``. Made with 683 // the `public key of the merchant <merchant-pub>`. 684 merchant_sig: EddsaSignature; 685 686 } 687 688 689 .. note:: 690 691 The `CoinRecoupWithdrawTransaction` interface defintion is WIP. 692 It will be fully specified and implemented with **vRECOUP**. 693 694 .. ts:def:: CoinRecoupWithdrawTransaction 695 696 // This represents a transaction of a call to /recoup-withdraw 697 // where the coin's residual value has been credited to the 698 // original reserve, from which this coin was withdrawn. 699 interface CoinRecoupWithdrawTransaction { 700 type: "RECOUP-WITHDRAW"; 701 702 // Offset of this entry in the reserve history. 703 // Useful to request incremental histories via 704 // the "start" query parameter. 705 history_offset: Integer; 706 707 // The total amount of the coin's value absorbed 708 // by this transaction. 709 // The current coin value can thus be computed by 710 // subtracting the amount from 711 // the coin's denomination value. 712 amount: Amount; 713 714 // Signature by the exchange over a 715 // `TALER_RecoupConfirmationPS`, must be 716 // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP``. 717 exchange_sig: EddsaSignature; 718 719 // Public key of the private key used to create 'exchange_sig'. 720 exchange_pub: EddsaPublicKey; 721 722 // Signature by the coin over a 723 // `TALER_RecoupRequestPS` with purpose 724 // ``TALER_SIGNATURE_WALLET_COIN_RECOUP``. 725 coin_sig: EddsaSignature; 726 727 // Hash of the public denomination key used to sign the coin. 728 // Needed because 'coin_sig' signs over this, and 729 // that is important to fix the coin's denomination. 730 h_denom_pub: HashCode; 731 732 // Coin blinding key that was used in the original withdraw request. 733 coin_blind: DenominationBlindingKeyP; 734 735 // The hash of the withdraw commitment of the original withdraw 736 // request that this coin was part of 737 h_commitment: HashCode; 738 739 // Coin's index in the original withdraw request, starting at 0 740 coin_index: Integer; 741 742 // Reserve receiving the recoup. 743 reserve_pub: EddsaPublicKey; 744 745 // Date when the operation was made. 746 timestamp: Timestamp; 747 748 } 749 750 751 .. note:: 752 753 The `CoinRecoupRefreshTransaction` interface defintion is WIP. 754 It will be fully specified and implemented with **vRECOUP**. 755 756 .. ts:def:: CoinRecoupRefreshTransaction 757 758 // This represents a transaction of a call to /recoup-refresh 759 // where this coin was _part_ of the batch of coins whose 760 // residual values were credited to the original coin, from 761 // which also this coin was refresh from. 762 interface CoinRecoupRefreshTransaction { 763 type: "RECOUP-REFRESH"; 764 765 // Offset of this entry in the reserve history. 766 // Useful to request incremental histories via 767 // the "start" query parameter. 768 history_offset: Integer; 769 770 // The total amount of the coin's value absorbed 771 // by this transaction. 772 // The current coin value can thus be computed by 773 // subtracting this amounts from 774 // the coin's denomination value. 775 amount: Amount; 776 777 // Signature by the exchange over a 778 // `TALER_RecoupRefreshConfirmationPS` 779 // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH``. 780 exchange_sig: EddsaSignature; 781 782 // Public key used to sign 'exchange_sig'. 783 exchange_pub: EddsaPublicKey; 784 785 // The original coin, from which this coin was derived from 786 // in a call to /refresh, and which was then credited with 787 // the residual value of this coin in a call to /recoup-refresh. 788 old_coin_pub: EddsaPublicKey; 789 790 // Signature by the coin over a `TALER_RecoupRequestPS` 791 // with purpose ``TALER_SIGNATURE_WALLET_COIN_RECOUP``. 792 coin_sig: EddsaSignature; 793 794 // Hash of the public denomination key used to sign the coin. 795 // Needed because 'coin_sig' signs over this, and 796 // that is important to fix the coin's denomination. 797 h_denom_pub: HashCode; 798 799 // Coin blinding key that was used in the original refresh request. 800 coin_blind: DenominationBlindingKeyP; 801 802 // The hash of the refresh commitment of the original refresh 803 // request that this coin was derived from. 804 h_commitment: HashCode; 805 806 // Coin's index in the original refresh request, starting at 0 807 coin_index: Integer; 808 809 // Blinding factor of the revoked new coin. 810 new_coin_blinding_secret: DenominationBlindingKeySecret; 811 812 // Blinded public key of the revoked new coin. 813 new_coin_ev: DenominationBlindingKeySecret; 814 815 // Date when the operation was made. 816 timestamp: Timestamp; 817 818 } 819 820 821 .. note:: 822 823 The `CoinRecoupRefreshReceiverTransaction` interface defintion is WIP. 824 It will be fully specified and implemented with **vRECOUP**. 825 826 .. ts:def:: CoinRecoupRefreshReceiverTransaction 827 828 // This represents a transaction of a call to /recoup-refresh 829 // where this coin was the _receiver_ of the residual values 830 // from coins, that originated from a call to /refresh of this coin. 831 interface CoinRecoupRefreshReceiverTransaction { 832 type: "RECOUP-REFRESH-RECEIVER"; 833 834 // Offset of this entry in the reserve history. 835 // Useful to request incremental histories via 836 // the "start" query parameter. 837 history_offset: Integer; 838 839 // The total amount of the coin's value restored 840 // by this transaction. 841 // The current coin value can thus be computed by 842 // adding the amount to the coin's denomination value. 843 amount: Amount; 844 845 // Date when the operation was made. 846 timestamp: Timestamp; 847 848 // Signature by the exchange over a 849 // `TALER_RecoupRefreshConfirmationPS` 850 // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH``. 851 exchange_sig: EddsaSignature; 852 853 // Public key of the private key used to create 'exchange_sig'. 854 exchange_pub: EddsaPublicKey; 855 856 } 857 858 .. ts:def:: CoinPurseDepositTransaction 859 860 interface CoinPurseDepositTransaction { 861 type: "PURSE-DEPOSIT"; 862 863 // Offset of this entry in the reserve history. 864 // Useful to request incremental histories via 865 // the "start" query parameter. 866 history_offset: Integer; 867 868 // The total amount of the coin's value absorbed 869 // by this transaction. 870 // Note that this means the amount given includes 871 // the deposit fee. The current coin value can thus be computed by 872 // subtracting the amount from 873 // the coin's denomination value. 874 amount: Amount; 875 876 // Base URL of the exchange the purse lives at. 877 exchange_base_url: string; 878 879 // The hash of the age-commitment for the coin. Only present 880 // if the denomination has support for age restriction. 881 h_age_commitment?: AgeCommitmentHash; 882 883 // Deposit fee. 884 deposit_fee: Amount; 885 886 // Public key of the purse. 887 purse_pub: EddsaPublicKey; 888 889 // True if the deposit was refunded for any reason. 890 refunded: boolean; 891 892 // Signature by the coin over a 893 // `TALER_PurseDepositSignaturePS` of 894 // purpose ``TALER_SIGNATURE_PURSE_DEPOSIT``. 895 coin_sig: EddsaSignature; 896 897 // Hash of the public denomination key used to sign the coin. 898 // Needed because 'coin_sig' signs over this, and 899 // that is important to fix the coin's denomination. 900 h_denom_pub: HashCode; 901 902 } 903 904 .. ts:def:: CoinPurseRefundTransaction 905 906 interface CoinPurseRefundTransaction { 907 type: "PURSE-REFUND"; 908 909 // Offset of this entry in the reserve history. 910 // Useful to request incremental histories via 911 // the "start" query parameter. 912 history_offset: Integer; 913 914 // The total amount of the coin's value restored 915 // by this transaction. 916 // The amount given excludes the refund fee. 917 // The current coin value can thus be computed by 918 // adding the amount to the coin's denomination value. 919 amount: Amount; 920 921 // Refund fee (of the coin's denomination). The deposit 922 // fee will be waived. 923 refund_fee: Amount; 924 925 // Signature by the exchange over a 926 // ``TALER_CoinPurseRefundConfirmationPS`` 927 // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_PURSE_REFUND``. 928 exchange_sig: EddsaSignature; 929 930 // Public key used to sign 'exchange_sig'. 931 exchange_pub: EddsaPublicKey; 932 933 // Public key of the purse that expired. 934 purse_pub: EddsaPublicKey; 935 936 } 937 938 .. ts:def:: CoinReserveOpenDepositTransaction 939 940 interface CoinReserveOpenDepositTransaction { 941 type: "RESERVE-OPEN-DEPOSIT"; 942 943 // Offset of this entry in the reserve history. 944 // Useful to request incremental histories via 945 // the "start" query parameter. 946 history_offset: Integer; 947 948 // The total amount of the coin's value absorbed 949 // by this transaction. 950 // Note that this means the amount given includes 951 // the deposit fee. 952 coin_contribution: Amount; 953 954 // Signature of the reserve open operation being paid for. 955 reserve_sig: EddsaSignature; 956 957 // Signature by the coin over a 958 // `TALER_ReserveOpenDepositSignaturePS` of 959 // purpose ``TALER_SIGNATURE_RESERVE_OPEN_DEPOSIT``. 960 coin_sig: EddsaSignature; 961 962 } 963 964 965 ----------------------- 966 Tracking wire transfers 967 ----------------------- 968 969 This API is used by merchants that need to find out which wire 970 transfers (from the exchange to the merchant) correspond to which deposit 971 operations. Typically, a merchant will receive a wire transfer with a 972 **wire transfer identifier** and want to know the set of deposit 973 operations that correspond to this wire transfer. This is the 974 preferred query that merchants should make for each wire transfer they 975 receive. If a merchant needs to investigate a specific deposit 976 operation (i.e. because it seems that it was not paid), then the 977 merchant can also request the wire transfer identifier for a deposit 978 operation. 979 980 Sufficient information is returned to verify that the coin signatures 981 are correct. This also allows governments to use this API when doing 982 a tax audit on merchants. 983 984 Naturally, the returned information may be sensitive for the merchant. 985 We do not require the merchant to sign the request, as the same requests 986 may also be performed by the government auditing a merchant. 987 However, wire transfer identifiers should have sufficient entropy to 988 ensure that obtaining a successful reply by brute-force is not practical. 989 Nevertheless, the merchant should protect the wire transfer identifiers 990 from his bank statements against unauthorized access, lest his income 991 situation is revealed to an adversary. (This is not a major issue, as 992 an adversary that has access to the line-items of bank statements can 993 typically also view the balance.) 994 995 996 .. include:: exchange/get-transfers-WTID.rst 997 998 .. include:: exchange/get-deposits-H_WIRE-MERCHANT_PUB-H_CONTRACT_TERMS-COIN_PUB.rst 999 1000 1001 .. _exchange_w2w: 1002 1003 -------------------------- 1004 Wallet-to-wallet transfers 1005 -------------------------- 1006 1007 .. include:: exchange/get-purses-PURSE_PUB-merge.rst 1008 1009 1010 1011 .. include:: exchange/post-purses-PURSE_PUB-create.rst 1012 1013 1014 .. include:: exchange/delete-purses-PURSE_PUB.rst 1015 1016 1017 .. include:: exchange/post-purses-PURSE_PUB-merge.rst 1018 1019 1020 1021 .. include:: exchange/post-reserves-RESERVE_PUB-purse.rst 1022 1023 .. include:: exchange/get-contracts-CONTRACT_PUB.rst 1024 1025 1026 .. include:: exchange/post-purses-PURSE_PUB-deposit.rst 1027 1028 .. _exchange_wads: 1029 1030 1031 ---- 1032 Wads 1033 ---- 1034 1035 .. note:: 1036 1037 This is a draft API that is not yet implemented. 1038 1039 1040 These endpoints are used to manage exchange-to-exchange payments in support of 1041 wallet-to-wallet payments. Only another exchange should access this endpoint. 1042 1043 1044 .. include:: exchange/get-wads-WAD_ID.rst 1045 1046 1047 ------------------ 1048 KYC status updates 1049 ------------------ 1050 1051 This section describes endpoints used to set up, complete and 1052 inquire about KYC operations performed by an exchange for 1053 regulatory compliance. 1054 1055 .. include:: exchange/post-kyc-wallet.rst 1056 1057 1058 .. include:: exchange/get-kyc-check-H_NORMALIZED_PAYTO.rst 1059 1060 .. include:: exchange/get-kyc-spa-ACCESS_TOKEN.rst 1061 1062 1063 .. include:: exchange/get-kyc-info-ACCESS_TOKEN.rst 1064 1065 .. include:: exchange/post-kyc-upload-ID.rst 1066 1067 .. include:: exchange/post-kyc-start-ID.rst 1068 1069 .. include:: exchange/get-kyc-proof-PROVIDER_NAME.rst 1070 1071 1072 .. include:: exchange/get-kyc-webhook-PROVIDER_NAME-star.rst 1073 1074 1075 -------------- 1076 AML operations 1077 -------------- 1078 1079 This API is only for designated AML officers. It is used 1080 to allow exchange staff to monitor suspicious transactions 1081 and freeze or unfreeze accounts suspected of money laundering. 1082 1083 1084 .. include:: exchange/get-aml-OFFICER_PUB-measures.rst 1085 1086 .. include:: exchange/get-aml-OFFICER_PUB-kyc-statistics-NAMES.rst 1087 1088 1089 .. include:: exchange/get-aml-OFFICER_PUB-decisions.rst 1090 1091 1092 .. include:: exchange/get-aml-OFFICER_PUB-legitimizations.rst 1093 1094 1095 .. include:: exchange/get-aml-OFFICER_PUB-accounts.rst 1096 1097 1098 1099 .. include:: exchange/get-aml-OFFICER_PUB-attributes-H_NORMALIZED_PAYTO.rst 1100 1101 1102 .. include:: exchange/post-aml-OFFICER_PUB-decision.rst 1103 1104 1105 .. include:: exchange/get-aml-OFFICER_PUB-transfers-credit.rst 1106 1107 1108 1109 1110 --------------- 1111 Reserve control 1112 --------------- 1113 1114 This section describes the reserve control API which can be used to (1) 1115 prevent a reserve from expiring, to (2) pay an annual fee to allow a number of 1116 purses to be created for the respective reserve without paying a purse fee 1117 each time, to (3) obtain KYC information associated with a reserve to prove 1118 the identity of the person sending an invoice to the payer, and to (4) close a 1119 reserve before it would naturally expire and possibly (5) wire the funds to a 1120 designated account. 1121 1122 .. note:: 1123 1124 This section is about a proposed API. It is not implemented. See also DD 31. 1125 1126 .. include:: exchange/post-reserves-RESERVE_PUB-open.rst 1127 1128 1129 .. include:: exchange/get-reserves-attest-RESERVE_PUB.rst 1130 1131 1132 .. include:: exchange/post-reserves-attest-RESERVE_PUB.rst 1133 1134 1135 .. include:: exchange/post-reserves-RESERVE_PUB-close.rst 1136 1137 1138 .. _delete-reserve: 1139 1140 .. include:: exchange/delete-reserves-RESERVE_PUB.rst