Merchant Backend API

Receiving Payments

POST /order

Create a new order that a customer can pay for.

This request is not idempotent unless an order_id is explicitly specified.


This endpoint does not return a URL to redirect your user to confirm the payment. In order to get this URL use GET /check-payment. The API is structured this way since the payment redirect URL is not unique for every order, there might be varying parameters such as the session id.


The request must be a PostOrderRequest.


Status Codes:
  • 200 OK – The backend has successfully created the proposal. The response is a PostOrderResponse.
interface PostOrderRequest {
  // The order must at least contain the minimal
  // order detail, but can override all
  order: MinimalOrderDetail | ContractTerms;

The following fields of the ContractTerms

interface MinimalOrderRequest {
  // Amount to be paid by the customer
  amount: Amount

  // Short summary of the order
  summary: string;

  // URL that will show that the order was successful after
  // it has been paid for.  The wallet will automatically append
  // the order_id (always) and the session_sig (if applicable).
  fulfillment_url: string;

  // Merchant instance to use (leave empty to use instance "default")
  instance?: string;
interface PostOrderResponse {
  // Order ID of the response that was just created
  order_id: string;
GET /check-payment

Check the payment status of an order. If the order exists but is not payed yet, a redirect URL. When the user goes to this URL, they will be prompted for payment.


Query Parameters:
  • order_id – order id that should be used for the payment
  • instanceOptional. Instance used for the payment. Defaults to the instance named “default”.
  • resource_urlOptional. A resource URL that allows the wallet to identify whether it has already paid for this resource. Typically corresponds to the fulfillment URL.
  • session_idOptional. Session ID that the payment must be bound to. If not specified, the payment is not session-bound.
  • session_sigOptional. Signature from the wallet to prove that it paid with the given session_id. Not specified if the wallet has not paid yet or still has to replay payment to bound the payment to the session id.


Returns a CheckPaymentResponse, whose format can differ based on the status of the payment.

interface CheckPaymentPaidResponse {
  paid: true;

  // Was the payment refunded (even partially)
  refunded: boolean;

  // Amount that was refunded
  refund_amount: Amount;

  // Contract terms
  contract_terms: ContractTerms;
interface CheckPaymentUnpaidResponse {
  paid: false;

  // URL to redirect the customer to pay,
  // replay payment or confirm that the payment
  // is bound to a session.
  payment_redirect_url: string;

Giving Refunds

POST /refund

Increase the refund amount associated with a given order. The user should be redirected to the refund_redirect_url to trigger refund processing in the wallet.


The request body is a RefundRequest object.


Status Codes:
  • 200 OK – The refund amount has been increased, the backend responds with a MerchantRefundResponse
  • 400 Bad request – The refund amount is not consistent: it is not bigger than the previous one.
interface RefundRequest {
  // Order id of the transaction to be refunded
  order_id: string;

  // Amount to be refunded
  refund: Amount;

  // Human-readable refund justification
  reason: string;

  // Merchant instance issuing the request
  instance?: string;
interface MerchantRefundResponse {
  // Public key of the merchant
  merchant_pub: string;

  // Contract terms hash of the contract that
  // is being refunded.
  h_contract_terms: string;

  // The signed refund permissions, to be sent to the exchange.
  refund_permissions: MerchantRefundPermission[];

  // URL (handled by the backend) that will
  // trigger refund processing in the browser/wallet
  refund_redirect_url: string;
interface MerchantRefundPermission {
  // Amount to be refunded.
  refund_amount: AmountJson;

  // Fee for the refund.
  refund_fee: AmountJson;

  // Public key of the coin being refunded.
  coin_pub: string;

  // Refund transaction ID between merchant and exchange.
  rtransaction_id: number;

  // Signature made by the merchant over the refund permission.
  merchant_sig: string;

Giving Customer Tips

POST /tip-authorize

Authorize a tip that can be picked up by the customer’s wallet by POSTing to /tip-pickup. Note that this is simply the authorization step the back office has to trigger first. The user should be navigated to the tip_redirect_url to trigger tip processing in the wallet.


The request body is a TipCreateRequest object.


Status Codes:
  • 200 OK – A tip has been created. The backend responds with a TipCreateConfirmation
  • 404 Not Found – The instance is unknown to the backend, expired or was never enabled.
  • 412 Precondition Failed – The tip amount requested exceeds the available reserve balance for tipping.
interface TipCreateRequest {
  // Amount that the customer should be tipped
  amount: Amount;

  // Merchant instance issuing the request
  instance?: string;

  // Justification for giving the tip
  justification: string;

  // URL that the user should be directed to after tipping,
  // will be included in the tip_token.
  next_url: string;
interface TipCreateConfirmation {
  // Token that will be handed to the wallet,
  // contains all relevant information to accept
  // a tip.
  tip_token: string;

  // URL that will directly trigger procesing
  // the tip when the browser is redirected to it
  tip_redirect_url: string;
POST /tip-query

Query the status of an instance’s tipping reserve.


Query Parameters:
  • instance – instance to query


Status Codes:
  • 200 OK – A tip has been created. The backend responds with a TipQueryResponse
  • 404 Not Found – The instance is unknown to the backend.
  • 412 Precondition Failed – The instance does not have a tipping reserve configured.
interface TipQueryResponse {
  // Amount still available
  amount_available: Amount;

  // Amount that we authorized for tips
  amount_authorized: Amount;

  // Amount that was picked up by users already
  amount_picked_up: Amount;

  // Timestamp indicating when the tipping reserve will expire
  expiration: Timestamp;

  // Reserve public key of the tipping reserve
  reserve_pub: string;

Tracking Wire Transfers

GET /track/transfer

Provides deposits associated with a given wire transfer.


Query Parameters:
  • wtid – raw wire transfer identifier identifying the wire transfer (a base32-encoded value)
  • wire_method – name of the wire transfer method used for the wire transfer
  • exchange – base URL of the exchange that made the wire transfer
  • instance – (optional) identificative token of the merchant instance which is being tracked.


Status Codes:
  • 200 OK – The wire transfer is known to the exchange, details about it follow in the body. The body of the response is a MerchantTrackTransferResponse. Note that the similarity to the response given by the exchange for a /track/transfer is completely intended.
  • 404 Not Found – The wire transfer identifier is unknown to the exchange.
  • 424 Failed Dependency – The exchange provided conflicting information about the transfer. Namely, there is at least one deposit among the deposits aggregated by wtid that accounts for a coin whose details don’t match the details stored in merchant’s database about the same keyed coin. The response body contains the TrackTransferConflictDetails.
interface TrackTransferResponse {
  // Total amount transferred
  total: Amount;

  // Applicable wire fee that was charged
  wire_fee: Amount;

  // public key of the merchant (identical for all deposits)
  merchant_pub: EddsaPublicKey;

  // hash of the wire details (identical for all deposits)
  H_wire: HashCode;

  // Time of the execution of the wire transfer by the exchange
  execution_time: Timestamp;

  // details about the deposits
  deposits_sums: TrackTransferDetail[];

  // signature from the exchange made with purpose
  exchange_sig: EddsaSignature;

  // public EdDSA key of the exchange that was used to generate the signature.
  // Should match one of the exchange's signing keys from /keys.  Again given
  // explicitly as the client might otherwise be confused by clock skew as to
  // which signing key was used.
  exchange_pub: EddsaSignature;
interface TrackTransferDetail {
  // Business activity associated with the wire tranfered amount
  // `deposit_value`.
  order_id: string;

  // The total amount the exchange paid back for `order_id`.
  deposit_value: Amount;

  // applicable fees for the deposit
  deposit_fee: Amount;


interface TrackTransferConflictDetails {
  // Numerical error code
  code: number;

  // Text describing the issue for humans.
  hint: String;

  // A /deposit response matching `coin_pub` showing that the
  // exchange accepted `coin_pub` for `amount_with_fee`.
  exchange_deposit_proof: DepositSuccess;

  // Offset in the `exchange_transfer_proof` where the
  // exchange's response fails to match the `exchange_deposit_proof`.
  conflict_offset: number;

  // The response from the exchange which tells us when the
  // coin was returned to us, except that it does not match
  // the expected value of the coin.
  exchange_transfer_proof: TrackTransferResponse;

  // Public key of the coin for which we have conflicting information.
  coin_pub: EddsaPublicKey;

  // Merchant transaction in which `coin_pub` was involved for which
  // we have conflicting information.
  transaction_id: number;

  // Expected value of the coin.
  amount_with_fee: Amount;

  // Expected deposit fee of the coin.
  deposit_fee: Amount;

GET /track/transaction

Provide the wire transfer identifier associated with an (existing) deposit operation.


Query Parameters:
  • id – ID of the transaction we want to trace (an integer)
  • instance – merchant instance


Status Codes:
  • 200 OK – The deposit has been executed by the exchange and we have a wire transfer identifier. The response body is a JSON array of TransactionWireTransfer objects.
  • 202 Accepted – The deposit request has been accepted for processing, but was not yet executed. Hence the exchange does not yet have a wire transfer identifier. The merchant should come back later and ask again. The response body is a TrackTransactionAcceptedResponse. Note that the similarity to the response given by the exchange for a /track/order is completely intended.
  • 404 Not Found – The transaction is unknown to the backend.
  • 424 Failed Dependency – The exchange previously claimed that a deposit was not included in a wire transfer, and now claims that it is. This means that the exchange is dishonest. The response contains the cryptographic proof that the exchange is misbehaving in the form of a TransactionConflictProof.


interface TransactionWireTransfer {

  // Responsible exchange
  exchange_uri: string;

  // 32-byte wire transfer identifier
  wtid: Base32;

  // execution time of the wire transfer
  execution_time: Timestamp;

  // Total amount that has been wire transfered
  // to the merchant
  amount: Amount;
interface CoinWireTransfer {
  // public key of the coin that was deposited
  coin_pub: EddsaPublicKey;

  // Amount the coin was worth (including deposit fee)
  amount_with_fee: Amount;

  // Deposit fee retained by the exchange for the coin
  deposit_fee: Amount;
interface TransactionConflictProof {
  // Numerical error code
  code: number;

  // Human-readable error description
  hint: string;

  // A claim by the exchange about the transactions associated
  // with a given wire transfer; it does not list the
  // transaction that `transaction_tracking_claim` says is part
  // of the aggregate.  This is
  // a `/track/transfer` response from the exchange.
  wtid_tracking_claim: TrackTransferResponse;

  // The current claim by the exchange that the given
  // transaction is included in the above WTID.
  // (A response from `/track/order`).
  transaction_tracking_claim: TrackTransactionResponse;

  // Public key of the coin for which we got conflicting information.
  coin_pub: CoinPublicKey;


Transaction history

GET /history

Returns transactions up to some point in the past


Query Parameters:
  • date – only transactions older than this parameter will be returned. It’s a timestamp, given in seconds. Being optional, it defaults to the current time if not given.
  • start – only transactions having row_id less than start will be returned. Being optional, it defaults to the highest row_id contained in the DB (namely, the youngest entry).
  • delta – at most delta entries will be returned. Being optional, it defaults to 20.
  • instance – on behalf of which merchant instance the query should be accomplished.

A typical usage is to firstly call this API without start and date parameter, then fetch the oldest row_id from the results, and then keep calling the API by using the oldest row ID as start parameter. This way we simply “scroll” results from the youngest to the oldest, delta entries at time.


Status Codes:
  • 200 OK – The response is a JSON array of TransactionHistory. The array is sorted such that entry i is younger than entry i+1.
interface TransactionHistory {
  // The serial number this entry has in the merchant's DB.
  row_id: number;

  // order ID of the transaction related to this entry.
  order_id: string;

  // Transaction's timestamp
  timestamp: Timestamp;

  // Total amount associated to this transaction.
  amount: Amount;

The Contract Terms

The contract terms must have the following structure:

interface ContractTerms {
  // Human-readable description of the whole purchase
  summary: string;

  // Unique, free-form identifier for the proposal.
  // Must be unique within a merchant instance.
  // For merchants that do not store proposals in their DB
  // before the customer paid for them, the order_id can be used
  // by the frontend to restore a proposal from the information
  // encoded in it (such as a short product identifier and timestamp).
  order_id: string;

  // Total price for the transaction.
  // The exchange will subtract deposit fees from that amount
  // before transfering it to the merchant.
  amount: Amount;

  // The URL where the wallet has to send coins.
  pay_url: string;

  // The URL for this purchase.  Every time is is visited, the merchant
  // will send back to the customer the same proposal.  Clearly, this URL
  // can be bookmarked and shared by users.
  fulfillment_url: string;

  // Maximum total deposit fee accepted by the merchant for this contract
  max_fee: Amount;

  // Maximum wire fee accepted by the merchant (customer share to be
  // divided by the 'wire_fee_amortization' factor, and further reduced
  // if deposit fees are below 'max_fee').  Default if missing is zero.
  max_wire_fee: Amount;

  // Over how many customer transactions does the merchant expect to
  // amortize wire fees on average?  If the exchange's wire fee is
  // above 'max_wire_fee', the difference is divided by this number
  // to compute the expected customer's contribution to the wire fee.
  // The customer's contribution may further be reduced by the difference
  // between the 'max_fee' and the sum of the actual deposit fees.
  // Optional, default value if missing is 1.  0 and negative values are
  // invalid and also interpreted as 1.
  wire_fee_amortization: Integer;

  // List of products that are part of the purchase (see below)
  products: Product[];

  // Time when this contract was generated
  timestamp: Timestamp;

  // After this deadline has passed, no refunds will be accepted.
  refund_deadline: Timestamp;

  // After this deadline, the merchant won't accept payments for the contact
  pay_deadline: Timestamp;

  // Merchant's public key used to sign this proposal; this information
  // is typically added by the backend Note that this can be an ephemeral key.
  merchant_pub: EddsaPublicKey;

  // More info about the merchant, see below
  merchant: Merchant;

  // The hash of the merchant instance's wire details.
  H_wire: HashCode;

  // Wire transfer method identifier for the wire method associated with H_wire.
  // The wallet may only select exchanges via a matching auditor if the
  // exchange also supports this wire method.
  // The wire transfer fees must be added based on this wire transfer method.
  wire_method: string;

  // Any exchanges audited by these auditors are accepted by the merchant.
  auditors: Auditor[];

  // Exchanges that the merchant accepts even if it does not accept any auditors that audit them.
  exchanges: Exchange[];

  // Map from labels to locations
  locations: { [label: string]: [location: Location], ... };

  // Nonce generated by the wallet and echoed by the merchant
  // in this field when the proposal is generated.
  nonce: string;

  // Extra data that is only interpreted by the merchant frontend.
  // Useful when the merchant needs to store extra information on a
  // contract without storing it separately in their database.
  extra?: any;

The wallet must select a exchange that either the mechant accepts directly by listing it in the exchanges arry, or for which the merchant accepts an auditor that audits that exchange by listing it in the auditors array.

The product object describes the product being purchased from the merchant. It has the following structure:

interface Product {
  // Human-readable product description.
  description: string;

  // The quantity of the product to deliver to the customer (optional, if applicable)
  quantity?: string;

  // The price of the product; this is the total price for the amount specified by `quantity`
  price: Amount;

  // merchant-internal identifier for the product
  product_id?: string;

  // a list of objects indicating a `taxname` and its amount. Again, italics denotes the object field's name.
  taxes?: any[];

  // time indicating when this product should be delivered
  delivery_date: Timestamp;

  // where to deliver this product. This may be an URL for online delivery
  // (i.e. `` or ``),
  // or a location label defined inside the proposition's `locations`.
  // The presence of a colon (`:`) indicates the use of an URL.
  delivery_location: string;
interface Merchant {
  // label for a location with the business address of the merchant
  address: string;

  // the merchant's legal name of business
  name: string;

  // label for a location that denotes the jurisdiction for disputes.
  // Some of the typical fields for a location (such as a street address) may be absent.
  jurisdiction: string;

  // Which instance is working this proposal.
  // See `Merchant Instances <>`_.
  // This field is optional, as the "default" instance is not forced to provide any
  // `instance` identificator.
  instance: string;
interface Location {
  country?: string;
  city?: string;
  state?: string;
  region?: string;
  province?: string;
  zip_code?: string;
  street?: string;
  street_number?: string;
interface Auditor {
  // official name
  name: string;

  // Auditor's public key
  auditor_pub: EddsaPublicKey;

  // Base URL of the auditor
  url: string;
interface Exchange {
  // the exchange's base URL
  url: string;

  // master public key of the exchange
  master_pub: EddsaPublicKey;

Customer-facing API

The /public/* endpoints are publicly exposed on the internet and accessed both by the user’s browser and their wallet.

POST /public/pay

Pay for a proposal by giving a deposit permission for coins. Typically used by the customer’s wallet. Can also be used in abort-refund mode to refund coins that were already deposited as part of a failed payment.


The request must be a pay request.


Status Codes:
  • 200 OK – The exchange accepted all of the coins. The body is a PaymentResponse if the request used the mode “pay”, or a MerchantRefundResponse if the request used was the mode “abort-refund”. The frontend should now fullfill the contract.
  • 412 Precondition Failed – The given exchange is not acceptable for this merchant, as it is not in the list of accepted exchanges and not audited by an approved auditor.
  • 401 Unauthorized – One of the coin signatures was not valid.
  • 403 Forbidden – The exchange rejected the payment because a coin was already spent before. The response will include the coin_pub for which the payment failed, in addition to the response from the exchange to the /deposit request.

The backend will return verbatim the error codes received from the exchange’s deposit API. If the wallet made a mistake, like by double-spending for example, the frontend should pass the reply verbatim to the browser/wallet. This should be the expected case, as the frontend cannot really make mistakes; the only reasonable exception is if the backend is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online.

interface PaymentResponse {
  // Signature on TALER_PaymentResponsePS with the public
  // key of the instance in the proposal.
  sig: EddsaSignature;

  // Proposal data hash being signed over
  h_proposal_data: HashCode;

  // Proposal, send for convenience so the frontend
  // can do order processing without a second lookup on
  // a successful payment
  proposal: Proposal;
interface Proposal {
  // The proposal data, effectively the frontend's order with some data filled in
  // by the merchant backend.
  data: ProposalData;

  // Contract's hash, provided as a convenience.  All components that do
  // not fully trust the merchant must verify this field.
  H_proposal: HashCode;

  // Signature over the hashcode of `proposal` made by the merchant.
  merchant_sig: EddsaSignature;
interface PayRequest {
  // Signature on TALER_PaymentResponsePS with the public
  // key of the instance in the proposal.
  sig: EddsaSignature;

  // Proposal data hash being signed over
  h_proposal_data: HashCode;

  // Proposal, send for convenience so the frontend
  // can do order processing without a second lookup on
  // a successful payment
  proposal: Proposal;

  // Coins with signature.
  coins: CoinPaySig[];

  // The merchant public key, used to uniquely
  // identify the merchant instance.
  merchant_pub: string;

  // Order ID that's being payed for.
  order_id: string;

  // Mode for /pay ("pay" or "abort-refund")
  mode: "pay" | "abort-refund";
GET /public/proposal

Retrieve and take ownership (via nonce) over a proposal.


Query Parameters:
  • instance – the merchant instance issuing the request
  • order_id – the order id whose refund situation is being queried
  • nonce – the nonce for the proposal


Status Codes:
  • 200 OK – The backend has successfully retrieved the proposal. It responds with a proposal.
  • 403 Forbidden – The frontend used the same order ID with different content in the order.
POST /public/tip-pickup

Handle request from wallet to pick up a tip.


The request body is a TipPickupRequest object.


Status Codes:
  • 200 OK – A tip is being returned. The backend responds with a TipResponse
  • 401 Unauthorized – The tip amount requested exceeds the tip.
  • 404 Not Found – The tip identifier is unknown.
  • 409 Conflict – Some of the denomination key hashes of the request do not match those currently available from the exchange (hence there is a conflict between what the wallet requests and what the merchant believes the exchange can provide).
interface TipPickupRequest {

  // Identifier of the tip.
  tip_id: HashCode;

  // List of planches the wallet wants to use for the tip
  planchets: PlanchetDetail[];

interface PlanchetDetail {
  // Hash of the denomination's public key (hashed to reduce
  // bandwidth consumption)
  denom_pub_hash: HashCode;

  // coin's blinded public key
  coin_ev: CoinEnvelope;

interface TipResponse {
  // Public key of the reserve
  reserve_pub: EddsaPublicKey;

  // The order of the signatures matches the planchets list.
  reserve_sigs: EddsaSignature[];
GET /public/refund

Pick up refunds for an order.


Query Parameters:
  • instance – the merchant instance issuing the request
  • order_id – the order id whose refund situation is being queried


If case of success, an array of RefundLookup objects is returned.

interface RefundLookup {

  // Coin from which the refund is going to be taken
  coin_pub: EddsaPublicKey;

  // Refund amount taken from coin_pub
  refund_amount: Amount;

  // Refund fee
  refund_fee: Amount;

  // Identificator of the refund
  rtransaction_id: number;

  // Merchant public key
  merchant_pub: EddsaPublicKey

  // Merchant signature of a TALER_RefundRequestPS object
  merchant_sig: EddsaSignature;
GET /public/trigger-pay

Used to trigger processing of payments, refunds and tips in the browser. The exact behavior can be dependent on the user’s browser.