feat: add merchant onboarding field definitions API#2214
Conversation
|
|
||
| // Terminal | ||
| router.get( | ||
| '/terminals/onboarding', |
There was a problem hiding this comment.
Non-blocking:
Should this endpoint be public? or protected by a custom terminal auth middleware or a rate limiter if it's left public.
There was a problem hiding this comment.
Agreed with Daev. This endpoint should not be public. It is called only from Merchant API - We can pass some API key (uuid) in the request head for example and you can check if the header is correct - need to discuss about this.
Does testnet wallet has proper HTTP signatures (RFC 9421)?
There was a problem hiding this comment.
test wallet has different signature schemas based on who it's talking to.
In regards to RFC 9421 -> That is done by Rafiki, so the test wallet backend doesn't need to implement it directly. It only handles the key management. and verifies the webhooks with custom HMAC-SHA256.
The same HMAC signing is done for outbound requests towards the rafiki graphql api.
For gatehub, it also does signature verification, HMAC-SHA256 and outbound signing as well in the same style.
And stripe is handled by the stripe sdk.
So afaik the test wallet backend itself does not implement the RFC for http signatures, in case you were thinking of reusing that in some way. @golobitch
Co-authored-by: Daev Mithran <daevmithran1999@gmail.com>
Context
Changes
field_definitionsandoptionstables to store form configuration