SEP-6: Add support for asynchronous deposit instructions #1379
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
philipliu
force-pushed
the
anchor-386-deposit
branch
5 times, most recently
from
09eb55a to
16212a2
Compare
philipliu
force-pushed
the
anchor-386-deposit
branch
from
16212a2 to
823fab8
Compare
JakeUrban
reviewed
Aug 15, 2023
JakeUrban
reviewed
Aug 16, 2023
JakeUrban
reviewed
Aug 16, 2023
|
I appreciate the thorough review @JakeUrban! I believe I've addressed your comments now. |
JakeUrban
previously approved these changes
Aug 16, 2023
Co-authored-by: Jake Urban <[email protected]>
JakeUrban
previously approved these changes
Aug 16, 2023
|
Good improvement. |
|
Great update! Enhances UX significantly! |
JakeUrban
approved these changes
Aug 30, 2023
philipliu
added a commit
that referenced
this pull request
Aug 30, 2023
### Abstract Today, wallets are required to send a user's financial account information mainly through the `dest` and `dest_extra` request parameters when requesting a withdrawal. This is a security risk as web servers often log their GET requests which will include personally identifiable information such as a user's bank account number. The standard should define an alternative method for allowing users to provide their information. ### Proposal This PR proposes excluding the `fields` from the withdrawal types returned by the `GET /info` endpoint as a means to collect these fields through an alternative flow. This will force the anchor to put the transaction into the `pending_customer_info_update` status. The wallet will use then SEP-12 `PUT /customer` to provide the missing financial account information. This allows us to deprecate the `dest` and `dest_extra` request parameters by making them optional when a withdraw type's `fields` object is missing. ### Backwards Compatibility This change is backward compatible as wallets will continue sending financial account information through the request parameters if the anchors define them as part of the `GET /info` response. This depends on some changes from #1379.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposal
This adds new fields to the
transactionobject to facilitate Anchors providing deposit instructions outside ofGET /depositresponse.Backwards Compatability
This change is backward compatible as it does not introduce new required fields if Anchors can provide deposit instructions in the
GET /depositresponse.Resolves #1372, #1368.