Yet Another SPSP Proposal
Terms
- SPSP - "simple payment setup protocol"
- KEP - "key exchange protocol", formerly known as SSP ("shared secret protocol"). (it lets you KEP sending payments) (name subject to further change)
Flow
This protocol MUST use HTTPS.
(Optional) Webfinger Lookup
GET /.well-known/webfinger?resource=acct:alice@example.com HTTP/1.1
Host: example.com
Accept: application/json
HTTP/1.1 200 OK
Content-Type: application/json
{
"subject": "acct:alice@example.com",
"links": [
{
"rel": "https://interledger.org/rel/spsp/v1",
"href": "https://example.com/api/propose/alice"
}
]
}
Proposal ("Establish"? "Proposition"?)
GET /api/propose/alice HTTP/1.1
Host: red.ilpdemo.org
Accept: application/json
HTTP/1.1 200 OK
Content-Type: application/json
{
"shared_secret": "ZiI6-BbXMNud44kz2zIjlS_mztonBC0AKbeQqLmsVik",
"destination_account": "example.main.alice.300e3f06-7501-46e9-9a5c-4ebba322c7de",
"maximum_destination_amount": "20",
"minimum_destination_amount": "0.01",
"receiver": {
"name": "Alice",
"type": "payee",
"image_url": "https://example.com/api/receivers/alice/profile_pic.jpg"
},
"ledger": {
"currency_code": "USD",
"currency_symbol": "$",
"amount_scale": "4",
"amount_precision": "10"
}
}
If the receiver wants to present an invoice, this object would look more like:
{
"shared_secret": "ZiI6-BbXMNud44kz2zIjlS_mztonBC0AKbeQqLmsVik",
"destination_account": "example.main.alice.invoices.3463266",
"maximum_destination_amount": "15.76", // minimum and maximum amount leave only one option
"minimum_destination_amount": "15.76"
"receiver": {
"name": "Invoice for order number #346266",
"type": "invoice",
"image_url": "https://example.com/api/invoices/3463266/items.jpg"
},
"ledger": {
"currency_code": "USD",
"currency_symbol": "$",
"amount_scale": "4",
"amount_precision": "10"
}
}
Generate Payment
Done via KEEP.
Sender converts payment details to canonical form, and then HMAC's them with payment.shared_secret
.
The sender then sends this payment to payment.address
.
const proposal = yield request.get('https://example.com/api/propose/alice')
const transfer = {
id: uuid(),
amount: '15.76',
account: proposal.payment.account,
// ...
}
// something along these lines
const hmac = crypto.hmac('sha256', proposal.payment.shared_secret)
hmac.update(canonicalJSON.stringify(transfer)
const condition = hmac.digest().toString('base64')
yield plugin.sendTransfer(Object.assign({ condition }, transfer)
This comment has been minimized.
emschwartz commentedFeb 1, 2017
I don't like that there are 3 objects returned. Also weren't we getting rid of the receiver "types"?