View Issue Details

IDProjectCategoryView StatusLast Update
0005851Talermerchant backend API (C)public2019-09-16 09:42
ReporterFlorian DoldAssigned ToFlorian Dold 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status feedbackResolutionopen 
Product VersionSVN HEAD 
Target VersionFixed in Version 
Summary0005851: /check-payment should support long polling and a 2nd, public endpoint
DescriptionIdeally we'd be able to specify a timeout=... query parameter.

The second public endpoint is necessary for JS in the browser to check if a mobile payment has happened.

Unlike the private /check-payment, the public version must be provided with both the order ID as well as the contract hash, and the backend must validate the contract hash. This prevents enumeration of orders and their status when order IDs have low entropy.
TagsNo tags attached.


Christian Grothoff

2019-09-16 09:42

manager   ~0014903

Florian, I'm not sure this bug note (still) properly describes the endpoint(s) we had discussed in the API spec. Could you please update the description (or link to spec) to make sure we are agreed on what should be done here?

Issue History

Date Modified Username Field Change
2019-08-23 19:37 Florian Dold New Issue
2019-08-23 19:37 Florian Dold Status new => assigned
2019-08-23 19:37 Florian Dold Assigned To => Marcello Stanisci
2019-09-16 09:41 Christian Grothoff Assigned To Marcello Stanisci => Christian Grothoff
2019-09-16 09:42 Christian Grothoff Severity minor => feature
2019-09-16 09:42 Christian Grothoff Product Version => SVN HEAD
2019-09-16 09:42 Christian Grothoff Note Added: 0014903
2019-09-16 09:42 Christian Grothoff Assigned To Christian Grothoff => Florian Dold
2019-09-16 09:42 Christian Grothoff Status assigned => feedback