-
Notifications
You must be signed in to change notification settings - Fork 308
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SEP-6: Accept financial information via SEP-12 (#1380)
### Abstract Today, wallets are required to send a user's financial account information mainly through the `dest` and `dest_extra` request parameters when requesting a withdrawal. This is a security risk as web servers often log their GET requests which will include personally identifiable information such as a user's bank account number. The standard should define an alternative method for allowing users to provide their information. ### Proposal This PR proposes excluding the `fields` from the withdrawal types returned by the `GET /info` endpoint as a means to collect these fields through an alternative flow. This will force the anchor to put the transaction into the `pending_customer_info_update` status. The wallet will use then SEP-12 `PUT /customer` to provide the missing financial account information. This allows us to deprecate the `dest` and `dest_extra` request parameters by making them optional when a withdraw type's `fields` object is missing. ### Backwards Compatibility This change is backward compatible as wallets will continue sending financial account information through the request parameters if the anchors define them as part of the `GET /info` response. This depends on some changes from #1379.
- Loading branch information
Showing
1 changed file
with
24 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters