Payment Relay

Author: raffecat

src/getting_started/introduction.md

@@ -4,6 +4,8 @@ DogeConnect is a payment protocol for transmitting a detail-rich _Payment Reques
 _Vendor_ to a _Client Wallet_ and receiving a _Payment Response_ containing a signed
 transaction, which is validated and relayed to the network by a _Payment Relay_.
 
+**Note: this specification is not yet final; please provide feedback.**
+
 DogeConnect comprises:
 * a _Payment QR Code_ specification,
 * a _Payment Envelope_ JSON schema,

src/payment_envelope/envelope.md

@@ -5,8 +5,8 @@
 ```json
 {
 	"version": "1.0",             // MUST be 1.0
-	"payload": "YTc2ZDc2MzEyZ..", // Base64-encoded JSON payload (e.g. ConnectPayment)
-	"pubkey": "c8a6927d0a004..",  // Gateway Public Key, BIP-340 Schnorr X-only (32 bytes)
+	"payload": "YTc2ZDc2MzEyZ..", // Base64-encoded JSON payload (e.g. Connect Payment)
+	"pubkey": "c8a6927d0a004..",  // Relay Public Key, BIP-340 Schnorr X-only (32 bytes)
 	"sig": "202d831c6437c..",     // Payload Signature, BIP-340 Schnorr (64 bytes)
 }
 ```
@@ -16,7 +16,7 @@
 ```json
 {
 	"type": "payment",                       // MUST be "payment"
-	"id": "xyz123",                          // Gateway unique payment ID
+	"id": "PID-123",                         // Relay-unique Payment ID
 	"issued": "2006-01-02T15:04:05-07:00",   // RFC 3339 Timestamp
 	"timeout": 60,                           // Timeout in seconds
 	"relay": "https://example.com/..",       // Payment Relay to submit payment tx
@@ -75,7 +75,7 @@ Use the following steps to decode and verify the payload.
 7. Parse the JSON payload bytes using a standard JSON parser.
 8. Check the `timeout` field: do not submit a payment transaction after the time `issued` + `timeout`.
 9. Display the payment information and ask the user to confirm payment.
-10. Create and sign a payment transaction and submit it to the `relay` URL.
+10. Create and sign a payment transaction and submit it to the [Payment Relay](../payment_relay/relay.md).
 
 The goals of the above process are to verify that the _Payment Envelope_ is cryptographically
 signed by the _Payment Relay's_ private key, i.e. the envelope was created by the _Payment Relay_.

src/payment_relay/relay.md

@@ -1 +1,93 @@
 # Payment Relay
+
+The _Payment Relay_ base URL is found in the `relay` field of _Connect Payment_.
+
+The following Web API must be implemented by a _Payment Relay_:
+
+| URL                | Method | Post Data               | Response              | Function                       |
+|--------------------|--------|-------------------------|-----------------------|--------------------------------|
+| _relay_/**pay**    | POST   | _Payment Response_ | _Payment Reply_  | Submit payment tx    |
+| _relay_/**status** | POST   | _Status Query_     | _Status Reply_   | Query payment status |
+
+Requests and responses are JSON payloads; JSON _must_ be UTF-8 encoded.
+
+All responses must include a `Cache-Control: no-store` header, to avoid
+leaking payment information into caches. Both endpoints additionally use
+the _POST_ method to avoid caching edge-cases (e.g. error responses.)
+
+
+### Payment Response
+
+This is the wallet's _response_ to the original _Payment Request_.
+
+```json
+{
+    "id": "PID-123",                // Relay-unique Payment ID from Connect Payment
+	"tx": "489c47f8a3ba3293737a.."  // hex-encoded signed dogecoin transaction
+}
+```
+
+
+### Payment Reply
+
+This is the _Payment Relay's_ reply from the `pay` URL.
+
+```json
+{
+    "id": "PID-123",       // Relay-unique Payment ID from Connect Payment
+	"status": "accepted",  // One of: accepted | declined
+    "reason": "",          // Reason for decline (message, optional)
+    "required": 5,         // number of block confirmations required (risk analysis)
+    "confirmed": 0,        // current number of block confirmations on-chain
+    "due_sec": 300,        // Estimated time in seconds until confirmed
+}
+```
+
+If the transaction is malformed, or does not pay the requested amounts to
+the requested addresses, the POST will be rejected with a **400 Bad Request**
+http response. This represents a _programming error_ in the wallet.
+
+Payments may also be rejected with a `declined` status, in the case that
+the _Vendor_ or their nominated _Relay_ believes the transaction is too
+risky. This represents a _customer-specific_ problem.
+
+The final three fields, `required`, `confirmed` and `due_sec` are in common
+with the _Status Reply_ below.
+
+
+### Status Query
+
+This allows the wallet to query the current status of a payment.
+
+```json
+{
+    "id": "PID-123"  // Relay-unique Payment ID from Connect Payment
+}
+```
+
+
+### Status Reply
+
+This is the _Payment Relay's_ reply from the `status` URL.
+
+```json
+{
+    "id": "PID-123",        // Relay-unique Payment ID from Connect Payment
+	"status": "accepted",   // unpaid | accepted | confirmed
+    "required": 5,          // number of block confirmations required
+    "confirmed": 4,         // current number of block confirmations on-chain
+    "due_sec": 30,          // Estimated time in seconds until confirmed
+}
+```
+
+Payments transition from `unpaid` to `accepted` after the signed transaction
+is submitted to the `pay` endpoint (provided payment was accepted.)
+
+After the required number of block confirmations have been seen on-chain,
+the payment status transitions to `confirmed`.
+
+When the payment status is `confirmed`, the `confirmed` field is always greater
+or equal to `required`, and the `due_sec` field is alway zero.
+
+Note: there are some edge-cases where the `confirmed` count can reduce,
+i.e. during a short-term blockchain fork.