1.6. The Auditor RESTful JSON API¶
The API specified here follows the general conventions for all details not specified in the individual requests. The glossary defines all specific terms used in this section.
1.6.1. Authentication¶
Each auditor instance has separate authentication settings for the private API resources of that instance.
Currently, the API supports two main authentication methods:
external
: With this method, no checks are done by the auditor backend. Instead, a reverse proxy / API gateway must do all authentication/authorization checks.token
: With this method, the client must provide aAuthorization: Bearer $TOKEN
header, where$TOKEN
is a secret authentication token configured for the instance which must begin with the RFC 8959 prefix.
1.6.2. Obtaining Auditor Version¶
This endpoint is used by merchants to obtain a list of all exchanges audited by this auditor. This may be required for the merchant to perform the required know-your-customer (KYC) registration before issuing contracts.
- GET /config¶
Get the protocol version and some meta data about the auditor. This specification corresponds to
current
protocol being version 1.Response:
- 200 OK:
The auditor responds with an AuditorVersion object. This request should virtually always be successful.
Details:
interface AuditorVersion { // libtool-style representation of the Taler protocol version, see // https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning // The format is "current:revision:age". Note that the auditor // protocol is versioned independently of the exchange's protocol. version: string; // URN of the implementation (needed to interpret 'revision' in version). // @since v0, may become mandatory in the future. implementation?: string; // Return which currency this auditor is auditing for. currency: string; // EdDSA master public key of the auditor. auditor_public_key: EddsaPublicKey; // EdDSA master public key of the exchange. // Added in protocol v1. exchange_master_public_key: EddsaPublicKey; }
Note
This endpoint is still experimental (and is not yet implemented at the time of this writing).
1.6.3. Deposit Confirmations¶
Merchants should probabilistically submit some of the deposit confirmations they receive from the exchange to auditors to ensure that the exchange does not lie about recording deposit confirmations with the exchange. Participating in this scheme ensures that in case an exchange runs into financial trouble to pay its obligations, the merchants that did participate in detecting the bad behavior can be paid out first.
- PUT /deposit-confirmation¶
Submits a DepositConfirmation to the exchange. Should succeed unless the signature provided is invalid or the exchange is not audited by this auditor.
Response:
- 200 Ok:
The auditor responds with a DepositAudited object. This request should virtually always be successful.
- 403 Forbidden:
The signature on the deposit confirmation is invalid.
- 410 Gone:
The public key used to sign the deposit confirmation was revoked.
Details:
interface DepositAudited { // TODO: maybe change to 204 No content instead? }
interface DepositConfirmation { // Hash over the contract for which this deposit is made. h_contract_terms: HashCode; // Hash over the extensions. h_extensions: HashCode; // Hash over the wiring information of the merchant. h_wire: HashCode; // Time when the deposit confirmation confirmation was generated. timestamp: Timestamp; // How much time does the merchant have to issue a refund // request? Zero if refunds are not allowed. refund_deadline: Timestamp; // By what time does the exchange have to wire the funds? wire_deadline: Timestamp; // Amount to be deposited, excluding fee. Calculated from the // amount with fee and the fee from the deposit request. amount_without_fee: Amount; // Array of public keys of the deposited coins. coin_pubs: EddsaPublicKey[]; // Array of deposit signatures of the deposited coins. // Must have the same length as coin_pubs. coin_sigs: EddsaSignature[]; // The Merchant's public key. Allows the merchant to later refund // the transaction or to inquire about the wire transfer identifier. merchant_pub: EddsaPublicKey; // Signature from the exchange of type // TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT. exchange_sig: EddsaSignature; // Public signing key from the exchange matching exchange_sig. exchange_pub: EddsaPublicKey; // Master public key of the exchange corresponding to master_sig. // Identifies the exchange this is about. // @deprecated since v1 (now ignored, global per auditor) master_pub: EddsaPublicKey; // When does the validity of the exchange_pub end? ep_start: Timestamp; // When will the exchange stop using the signing key? ep_expire: Timestamp; // When does the validity of the exchange_pub end? ep_end: Timestamp; // Exchange master signature over exchange_sig. master_sig: EddsaSignature; }
Note
This endpoint is still experimental (and is not yet implemented at the time of this writing). A key open question is whether the auditor should sign the response information.
1.6.4. Monitoring API¶
The following entries specify how to access the results of an audit.
For most endpoints, rows may be marked as ‘suppressed’ to not send them again upon subsequent GET requests. To do this, a GenericAuditorMonitorPatchRequest object is used in the respective PATCH request.
Details:
interface GenericAuditorMonitorPatchRequest { // If true, subsequent GET requests will not return this element by default suppressed : boolean; }
1.6.4.1. Fee Time Inconsistencies¶
This section highlights cases where validity periods associated with wire fees the exchange may charge merchants are invalid. This usually means that the validity periods given for the same type of fee are overlapping and it is thus unclear which fee really applies. This is a sign of a serious misconfiguration or data corruption as usually the exchange logic should prevent such a fee configuration from being accepted.
- GET /monitoring/fee-time-inconsistency¶
Get a list of fee time inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of FeeTimeInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface FeeTimeInconsistency { // Row ID of the fee in the exchange database. row_id : Integer; // Specifies the wire method for which the fee is inconsistent. type : string; // Gives the start date of the inconsistent fee. time : Timestamp; // Human readable description of the problem. diagnostic : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/fee-time-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress selected elements of fee time inconsistencies. Updates the ‘suppressed’ field of a fee time inconsistency element with row ID
$SERIAL_ID
.Request:
The body must be a GenericAuditorMonitorPatchRequest.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.2. Emergencies¶
This endpoint is used to obtain a list of emergencies.
Emergencies are errors where the total value of coins deposited (of a particular denomination) exceeds the total value that the exchange remembers issuing. This usually means that the private keys of the exchange were compromised (stolen or factored) and subsequently used to sign coins off the books. If this happens, all coins of the respective denomination that the exchange has redeemed so far may have been created by the attacker, and the exchange would have to refund all of the outstanding coins from ordinary users. Thus, the risk exposure is the amount of coins in circulation for a particular denomination and the maximum loss for the exchange from this type of compromise.
The difference between emergencies and emergencies by count is how the auditor detected the problem: by comparing amounts, or by counting coins. Theroretically, counting coins should always detect an issue first, but given the importance of emergencies, the auditor checks both total amounts and total numbers of coins (they may differ as coins may be partially deposited).
- GET /monitoring/emergency¶
Get a list of emergencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of Emergency objects. If no elements could be found, an empty array is returned
Details:
interface Emergency { // Unique row identifier row_id : Integer; // Hash of denomination public key denompub_h : HashCode; // What is the total value of all coins of this denomination that // were put into circulation (and thus the maximum loss the // exchange may experience due to this emergency). denom_risk : Amount; // What is the loss we have experienced so far (that // is, the amount deposited in excess of the amount // we issued). denom_loss : Amount; // When did the exchange start issuing coins in this the denomination. deposit_start : Timestamp; // When does the deposit period end for coins of this denomination. deposit_end : Timestamp; // What is the value of an individual coin of this denomination. value : Amount; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/emergency/$SERIAL_ID¶
This endpoint is used to suppress select elements of emergencies. Update the ‘suppressed’ field of an emergency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.3. Emergencies By Count¶
This endpoint is used to obtain a list of emergencies by count.
Emergencies are errors where more coins were deposited than the exchange remembers issuing. This usually means that the private keys of the exchange were compromised (stolen or factored) and subsequently used to sign coins off the books. If this happens, all coins of the respective denomination that the exchange has redeemed so far may have been created by the attacker, and the exchange would have to refund all of the outstanding coins from ordinary users. Thus, the risk exposure is the amount of coins in circulation for a particular denomination and the maximum loss for the exchange from this type of compromise.
Emergencies “by count” are cases where this type of money printing was detected simply by counting the number of coins the exchange officially put into circulation and comparing it to the number of coins that were redeemed. If the number of redeemed coins is higher than the number of issued coins, the auditor reports an emergency-by-count.
- GET /monitoring/emergency-by-count¶
Get a list of emergencies by count stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of EmergencyByCount objects.
Details:
interface EmergencyByCount { // Row ID of the fee in the exchange database. row_id : Integer; // Hash of the public denomination key to which the // emergency applies. denompub_h : HashCode; // Number of coins the exchange officially issued of this // denomination. num_issued : Integer; // Number of coins that were redeemed. num_known : Integer; // What is the total value of all coins of this denomination that // were put into circulation (and thus the maximum loss the // exchange may experience due to this emergency). risk : Amount; // When did the exchange start issuing coins in this the denomination. start : Timestamp; // When does the deposit period end for coins of this denomination. deposit_end : Timestamp; // What is the value of an individual coin of this denomination. value : Amount; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/emergency-by-count/$SERIAL_ID¶
This endpoint is used to suppress select elements of emergencies by count. Update the ‘suppressed’ field of an emergency by count element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Request:
The body must be a GenericAuditorMonitorPatchRequest.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.4. Row Inconsistencies¶
This section highlights inconsistencies in a specific row of a specific table of the exchange. Row inconsistencies are reported from different sources, and largely point to some kind of data corruption (or bug). Nothing is implied about the seriousness of the inconsistency. Most inconsistencies are detected if some signature fails to validate. The affected table is noted in the ‘table’ field. A description of the nature of the inconsistency is noted in ‘diagnostic’.
- GET /monitoring/row-inconsistency¶
Get a list of row inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of RowInconsistency objects.
Details:
interface RowInconsistency { // Number of the affected row. row_id : Integer; // Name of the affected exchange table. row_table : string; // Human-readable diagnostic about what went wrong. diagnostic : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/row-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of row inconsistencies. Update the ‘suppressed’ field of a row inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.5. Reserve In Inconsistencies¶
This section lists cases where the exchange’s and auditor’s expectation of amounts transferred into a reserve differs. Basically, the exchange database states that a certain reserve was credited for a certain amount via a wire transfer, but the auditor disagrees about this basic fact. This may result in either a customer loosing funds (by being issued less digital cash than they should be) or the exchange loosing funds (by issuing a customer more digital cash than they should be).
- GET /monitoring/reserve-in-inconsistency¶
Get a list of reserve in inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of ReserveInInconsistency objects.
Details:
interface ReserveInInconsistency { // Unique row identifier row_id : Integer; // Amount the exchange expects to be in the reserve amount_exchange_expected : Amount; // Amount deposited into the reserve amount_wired : Amount; // Public key of the reserve reserve_pub : EddsaPublicKey; // Time of the deposit timestamp : Timestamp; // Account associated with the reserve account : string; // Human readable diagnostic of the problem diagnostic : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/reserve-in-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of reserve in inconsistencies. Update the ‘suppressed’ field of a reserve in inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.6. Purse Not Closed Inconsistencies¶
This section highlights cases, in which either payer or payee did not finish their part of a P2P payment. This caused a purse –– which may contain some money — to reach its expiration date. However, the exchange failed to properly expire the purse, which means the payer did not get their money back. The cause is usually that the taler-exchange-expire helper is not running properly.
- GET /monitoring/purse-not-closed-inconsistencies¶
Get a list of purse not closed inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of PurseNotClosedInconsistencies objects.
Details:
interface PurseNotClosedInconsistencies { // Unique row identifier. row_id : Integer; // Public key of the affected purse purse_pub : EddsaPublicKey; // Amount still in the purse, which should have been refunded amount : Amount; // When the purse expired expiration_date : Timestamp; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/purse-not-closed-inconsistencies/$SERIAL_ID¶
This endpoint is used to suppress select elements of purse not closed inconsistencies. Update the ‘suppressed’ field of a purse not closed inconsistencies element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.7. Reserve Not Closed Inconsistencies¶
This section highlights cases, in which reserves were not closed, despite being expired. As a result, customers that wired funds to the exchange and then failed to withdraw them are not getting their money back. The cause is usually that the taler-exchange-closer process is not running properly.
- GET /monitoring/reserve-not-closed-inconsistency¶
Get a list of reserve not closed inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of ReserveNotClosedInconsistency objects.
Details:
interface ReserveNotClosedInconsistency { // Unique row identifier row_id : Integer; // Public key of the reserve reserve_pub : EddsaPublicKey; // Amount still in the reserve at the time of expiration balance : Amount; // Date the reserve expired expiration_time : Timestamp; // Human readable string describing the problem diagnostic : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/reserve-not-closed-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of reserve not closed inconsistencies. Update the ‘suppressed’ field of a reserve not closed inconsistency element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.8. Reserve Balance Insufficient Inconsistencies¶
This section highlights cases where more coins were withdrawn from a reserve than the reserve contained funding for. This is a serious compromise resulting in proportional financial losses to the exchange.
- GET /monitoring/reserve-balance-insufficient-inconsistency¶
Get a list of reserve balance insufficient inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of ReserveBalanceInsufficientInconsistency objects.
Details:
interface ReserveBalanceInsufficientInconsistency { // Unique row identifier row_id : Integer; // Public key of the affected reserve reserve_pub : EddsaPublicKey; // Whether this inconsistency is profitable for the exchange inconsistency_gain : boolean; // Amount possibly lost or gained by the exchange inconsistency_amount : Amount; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/reserve-balance-insufficient-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of reserve balance insufficient inconsistencies. Update the ‘suppressed’ field of a reserve balance insufficient inconsistency element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.9. Invalid Signature Losses¶
This section lists operations that the exchange performed, but for which the signatures provided are invalid. Hence the operations are invalid and the amount involved could be a loss for the exchange (as the involved parties could successfully dispute the resulting transactions).
- GET /monitoring/bad-sig-losses¶
Get a list of invalid signature losses stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
operation – A string. If specified, only returns eligible rows with this BadSigLosses.operation value. The default value is NULL which means to not filter by operation.
op_spec_pub – An EddsaPublicKey (in base32 encoding). If given, use its value to only return rows with this BadSigLosses.operation_specific_pub value. The default value is NULL.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of BadSigLosses objects.
Details:
interface BadSigLosses { // Unique row identifier row_id : Integer; // Operation performed, even though a signature was invalid operation : string; // Amount considered lost by the exchange loss : Amount; // Public key associated with an operation operation_specific_pub : EddsaPublicKey; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/bad-sig-losses/$SERIAL_ID¶
This endpoint is used to suppress select elements of bad sig losses. Update the ‘suppressed’ field of a bad sig losses element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.10. Coin Inconsistencies¶
This section lists cases where the exchange made arithmetic errors found when looking at the transaction history of a coin. The totals sum up the differences in amounts that matter for profit/loss calculations of the exchange. When an exchange merely shifted money from customers to merchants (or vice versa) without any effects on its own balance, those entries are excluded from the total.
- GET /monitoring/coin-inconsistency¶
Get a list of coin inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of CoinInconsistency objects.
Details:
interface CoinInconsistency { // Unique row identifier row_id : Integer; // The operation performed by the exchange operation : string; // Total the exchange calculated exchange_amount : Amount; // Total the auditor calculated auditor_amount : Amount; // Public key of the coin in question coin_pub : EddsaPublicKey; // Whether this arithmetic error was profitable for the exchange profitable : boolean; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/coin-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of coin inconsistencies. Update the ‘suppressed’ field of a coin inconsistency element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.11. Denominations Without Signatures¶
This section highlights denomination keys that lack a proper signature from the taler-auditor-offline tool. This may be legitimate, say in case where the auditor’s involvement in the exchange business is ending and a new auditor is responsible for future denominations. So this must be read with a keen eye on the business situation.
- GET /monitoring/denominations-without-sigs¶
Get a list of denominations without signatures stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of DenominationsWithoutSigs objects.
Details:
interface DenominationsWithoutSigs { // Unique row identifier row_id : Integer; // Hash of the denomination public key denompub_h : HashCode; // Value of each coin of the denomination that lacks // the auditor's signature. value : Amount; // From when the denomination key in question is valid start_time : Timestamp; // When the denomination key in question expires end_time : Timestamp; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/denominations-without-sigs/$SERIAL_ID¶
This endpoint is used to suppress select elements of denominations without sigs. Update the ‘suppressed’ field of a denominations without signatures element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.12. Misattribution In Inconsistencies¶
This section lists cases where the sender account record of an incoming wire transfer differs between the exchange and the bank. This may cause funds to be sent to the wrong account should the reserve be closed with a remaining balance, as that balance would be credited to the original account.
- GET /monitoring/misattribution-in-inconsistency¶
Get a list of misattribution in inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of MisattributionInInconsistency objects.
Details:
interface MisattributionInInconsistency { // Unique row identifier in the exchange database. row_id : Integer; // Amount of money sent to the wrong account amount : Amount; // Row of the transaction in the bank database as // returned by the bank revenue API. bank_row : Integer; // Public key of the affected reserve reserve_pub : EddsaPublicKey; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/misattribution-in-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of misattribution in inconsistencies. Update the ‘suppressed’ field of an misattribution in inconsistency element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.13. Deposit Confirmations¶
This section contains a list of deposits confirmations that an exchange provided to merchants but failed to store in its own database. This is indicative of potential fraud by the exchange operator, as the exchange should only issue deposit confirmations after storing the respective deposit records in its database. Not storing the deposit data means that the exchange would not pay the merchant (pocketing the money) or allow the customer to double-spend the money (which is naturally also not good).
Note that entries could appear in this list also because the exchange database replication is delayed. Hence, entries that are only a few seconds old might not be indicative of an actual problem. If entries in this list are more than a few seconds old, the first thing to check is whether or not the database replication from the exchange is working properly.
- GET /monitoring/deposit-confirmations¶
Get a list of deposit confirmations stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of DepositConfirmations objects.
Details:
interface DepositConfirmations { // Row id in the exchange database deposit_confirmation_serial_id : Integer; // Hash over the contract for which this deposit is made. h_contract_terms : HashCode; // Hash over the policy concerning this deposit h_policy : HashCode; // Hash over the wiring information of the merchant. h_wire : HashCode; // Time when the deposit confirmation confirmation was generated. exchange_timestamp : Timestamp; // How much time does the merchant have to issue a refund // request? Zero if refunds are not allowed. refund_deadline : Timestamp; // By what time does the exchange have to wire the funds? wire_deadline : Timestamp; // Amount to be deposited, excluding fee. Calculated from the // amount with fee and the fee from the deposit request. total_without_fee : Amount; // Array of public keys of the deposited coins. coin_pubs : EddsaPublicKey[]; // Array of deposit signatures of the deposited coins. // Must have the same length as coin_pubs. coin_sigs : EddsaSignature[]; // The Merchant's public key. Allows the merchant to later refund // the transaction or to inquire about the wire transfer identifier. merchant_pub : EddsaPublicKey; // Signature from the exchange of type // TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT. exchange_sig : EddsaSignature; // Public signing key from the exchange matching exchange_sig. exchange_pub : EddsaPublicKey; // Exchange master signature over exchange_sig. master_sig : EddsaSignature; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/deposit-confirmations/$SERIAL_ID¶
This endpoint is used to suppress select elements of deposit confirmations. Update the ‘suppressed’ field of an deposit confirmations element with row ID
$SERIAL_ID
, according to GenericAuditorMonitorPatchRequest, stored by the auditor.Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.14. Denomination Key Validity Withdraw Inconsistencies¶
This section highlights cases, where denomination keys were used to sign coins withdrawn from a reserve before the denomination was valid or after it was already expired for signing. This doesn’t exactly imply any financial loss for anyone, it is mostly weird and may have affected the fees the customer paid.
- GET /monitoring/denomination-key-validity-withdraw-inconsistency¶
Get a list of denomination key validity withdraw inconsistencies stored by the auditor. The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of DenominationKeyValidityWithdrawInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface DenominationKeyValidityWithdrawInconsistency { // Unique row identifier row_id : Integer; // When the withdrawal took place execution_date : Timestamp; // Public key of the reserve affected reserve_pub : EddsaPublicKey; // Hash of the denomination public key involved in the withdrawal denompub_h : HashCode; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/denomination-key-validity-withdraw-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of denomination key validity withdraw inconsistencies. Update the ‘suppressed’ field of a denomination key validity withdraw inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.15. Amount Arithmetic Inconsistencies¶
This endpoint is used to obtain a list of amount arithmetic inconsistencies.
This section lists cases where the arithmetic of the exchange involving amounts disagrees with the arithmetic of the auditor. Disagreements imply that either the exchange made a loss (sending out too much money), or screwed a customer (and thus at least needs to fix the financial damage done to the customer). The profitable column is set to true if the arithmetic problem was be determined to be profitable for the exchange, false if the problem resulted in a net loss for the exchange.
- GET /monitoring/amount-arithmetic-inconsistency¶
Get a list of amount arithmetic inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of AmountArithmeticInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface AmountArithmeticInconsistency { // Unique row identifier row_id : Integer; // Name of the arithmetic operation performed operation : string; // Amount according to the exchange exchange_amount : Amount; // Amount according to the auditor auditor_amount : Amount; // Whether the miscalculation is profitable for the exchange profitable : boolean; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/amount-arithmetic-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of amount arithmetic inconsistencies. Update the ‘suppressed’ field of an amount arithmetic inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.16. Wire Format Inconsistencies¶
This section highlights cases where the wire transfer subject was used more than once and is thus not unique. This indicates a problem with the bank’s implementation of the revenue API, as the bank is supposed to warrant uniqueness of wire transfer subjects exposed via the revenue API (and bounce non-unique transfers).
- GET /monitoring/wire-format-inconsistency¶
Get a list of wire format inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of WireFormatInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface WireFormatInconsistency { // Unique row identifier row_id : Integer; // Amount that was part of the wire amount : Amount; // Offset of the duplicate wire transfer subject // in the bank database according to the revenue API. wire_offset : Integer; // True if this diagnostic was suppressed. diagnostic : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/wire-format-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of wire format inconsistencies. Update the ‘suppressed’ field of a wire format inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.17. Refreshes Hanging¶
This section highlights cases, where a coin was melted but the reveal process was not finished by the wallet. Usually, a wallet will do both requests in rapid succession to refresh a coin. This might happen, even if the exchange is operating correctly, if a wallet goes offline after melting. However, after some time wallets should in most cases come back online and finish the operation. If many operations are hanging, this might be indicative of a bug (exchange failing on reveal, or wallets not implementing refresh correctly).
- GET /monitoring/refreshes-hanging¶
Get a list of refreshes hanging stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of RefreshesHanging objects. If no elements could be found, an empty array is returned
Details:
interface RefreshesHanging { // Unique row identifier row_id : Integer; // Amount in coin not found in the exchange amount : Amount; // Public key of coin coin_pub : EddsaPublicKey; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/refreshes-hanging/$SERIAL_ID¶
This endpoint is used to suppress select elements of refreshes hanging. Update the ‘suppressed’ field of a refreshes hanging element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.18. Closure Lags¶
This endpoint is used to obtain a list of closure lags.
A closure lag happens if a reserve should have closed a reserve and wired (remaining) funds back to the originating account, but did not do so on time. Significant lag may be indicative of fraud, while moderate lag is indicative that the systems may be too slow to handle the load. Small amounts of lag can occur in normal operation.
If closure lag is experienced, the administrator should check that the taler-exchange-closer component is operating correctly.
- GET /monitoring/closure-lags¶
Get a list of closure lags stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of ClosureLags objects. If no elements could be found, an empty array is returned
Details:
interface ClosureLags { // Unique row identifier row_id : Integer; // Amount of money left in the reserve amount : Amount; // When should the reserve have been closed deadline : Timestamp; // The wire transfer identifier wtid : HashCode; // Full payto:// URI (RFC 8905) of the account that // should have been credited. account : string; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/closure-lags/$SERIAL_ID¶
This endpoint is used to suppress select elements of closure lags. Update the ‘suppressed’ field of a closure lags element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.19. Wire Out Inconsistencies¶
This section highlights cases where the exchange wired a different amount to a destimation account than the auditor expected.
- GET /monitoring/wire-out-inconsistency¶
Get a list of wire out inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of WireOutInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface WireOutInconsistency { // Unique row identifier row_id : Integer; // Account money was wired to destination_account : string; // How much was suppossed to be wired according to the auditor. expected : Amount; // The amount the exchange claims to have wired. claimed : Amount; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/wire-out-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of wire out inconsistencies. Update the ‘suppressed’ field of a wire out inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.20. Reserve Balance Summary Wrong Inconsistencies¶
This section highlights cases, where the exchange’s and auditors’ expectation of the amount of money left in a reserve differs.
- GET /monitoring/reserve-balance-summary-wrong-inconsistency¶
Get a list of reserve balance summary wrong inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of ReserveBalanceSummaryWrongInconsistency objects. If no elements could be found, an empty array is returned
Details:
interface ReserveBalanceSummaryWrongInconsistency { // Unique row identifier row_id : Integer; // Public key of the reserve affected reserve_pub : EddsaPublicKey; // Amount of summary the exchange calculated exchange_amount : Amount; // Amount of summary the auditor calculated auditor_amount : Amount; // True if this diagnostic was suppressed. suppressed : boolean; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/reserve-balance-summary-wrong-inconsistency/$SERIAL_ID¶
This endpoint is used to suppress select elements of reserve balance summary wrong inconsistencies. Update the ‘suppressed’ field of a reserve balance summary wrong inconsistency element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.4.21. Row Minor Inconsistencies¶
The section highlights inconsistencies where a row in an exchange table has a value that is does not satisfy expectations (such as a malformed signature). These are cause for concern, but not necessarily point to a monetary loss (yet).
- GET /monitoring/row-minor-inconsistencies¶
Get a list of row minor inconsistencies stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
return_suppressed – A boolean. If true, returns all eligible rows, otherwise only returns eligible rows that are not suppressed. The default value is false.
With the default settings, the endpoint returns at most the 20 latest elements that are not suppressed.
Response:
- 200 OK:
The auditor responds with a top level array of RowMinorInconsistencies objects. If no elements could be found, an empty array is returned
Details:
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
- PATCH /monitoring/row-minor-inconsistencies/$SERIAL_ID¶
This endpoint is used to suppress select elements of row minor inconsistencies. Update the ‘suppressed’ field of a row minor inconsistencies element with row_id $SERIAL_ID, according to GenericAuditorMonitorPatchRequest, stored by the auditor.
Response:
- 204 No Content:
The element has been updated.
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5. Monitoring Auditor Status¶
The following entries specify how to access information the auditor keeps to properly perform audits. These tables do not contain inconsistencies, instead they store information about balances, reserves, purses etc. Values in these tables should not differ from their respective exchanges’ version.
1.6.5.1. Balances¶
Returns the various balances the auditor tracks for the exchange, such as coins in circulation, fees earned, losses experienced, etc.
- GET /monitoring/balances¶
Get a list of balances stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
balance_key – a string identifying a balance. If specified, only returns the balance with this exact key. The default value is NULL.
Response:
- 200 OK:
The auditor responds with a top level array of Balances objects. If no elements could be found, an empty array is returned
Details:
interface Balances { // String identifying a balance balance_key : string; // Amount of the balance balance_value : Amount; }
1.6.5.2. Historic Denomination Revenue¶
This endpoint is used to obtain a list of historic denomination revenue, that is the profits and losses an exchange has made from coins of a particular denomination where the denomination is past its (deposit) expiration and thus all values are final.
- GET /monitoring/historic-denomination-revenue¶
Get a list of historic denomination revenue stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
With the default settings, the endpoint returns at most the 20 latest elements.
Response:
- 200 OK:
The auditor responds with a top level array of HistoricDenominationRevenue objects. If no elements could be found, an empty array is returned
Details:
interface HistoricDenominationRevenue { // Unique row identifier row_id : Integer; // Hash code of the denomination public key involved denom_pub_hash : HashCode; // Time when the denomination expired and thus the revenue // was computed. revenue_timestamp : Timestamp; // Total fee revenue the exchange earned from coins of this // denomination. revenue_balance : Amount; // Total losses the exchange experienced from this denomination // (this basically only happens if someone was able to forge // denomination signatures). So non-zero values are indicative // of a serious problem. loss_balance : Amount; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5.3. Denomination Pending¶
This endpoint is used to obtain a list of balances for denominations that are still active, that is coins may still be deposited (or possibly even withdrawn) and thus the amounts given are not final.
- GET /monitoring/denomination-pending¶
Get a list of denomination pending stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
With the default settings, the endpoint returns at most the 20 latest elements.
Response:
- 200 OK:
The auditor responds with a top level array of DenominationPending objects. If no elements could be found, an empty array is returned
Details:
interface DenominationPending { // Unique row identifier row_id : Integer; // Hash of the denomination public key denom_pub_hash : HashCode; // Total value of coins remaining in circulation (excluding // the value of coins that were recouped, those are always // just under recoup_loss). denom_balance : Amount; // Total value of coins redeemed that exceeds the amount we // put into circulation. Basically, this value grows if we // wanted to reduce denom_balance (because a coin was deposited) // but we could not because the denom_balance was already zero. denom_loss : Amount; // Total number of coins of this denomination that were // put into circulation. num_issued : Integer; // Total value of the coins put into circulation. denom_risk : Amount; // Losses the exchange had from this denomination due to coins // that were recouped (after the denomination was revoked). recoup_loss : Amount; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5.4. Historic Reserve Summary¶
This section summarizes historic profits an exchange made from reserves and associated reserve-specific fees.
- GET /monitoring/historic-reserve-summary¶
Get a list of historic reserve summary stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
With the default settings, the endpoint returns at most the 20 latest elements.
Response:
- 200 OK:
The auditor responds with a top level array of HistoricReserveSummary objects. If no elements could be found, an empty array is returned
Details:
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5.5. Reserves¶
This endpoint is used to obtain a list of open reserves that the auditor is currently tracking balances for.
- GET /monitoring/reserves¶
Get a list of reserves stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
With the default settings, the endpoint returns at most the 20 latest elements.
Response:
- 200 OK:
The auditor responds with a top level array of Reserves objects. If no elements could be found, an empty array is returned
Details:
interface Reserves { // Unique row identifier auditor_reserves_rowid : Integer; // Public key of the reserve reserve_pub : EddsaPublicKey; // Amount in the balance reserve_balance : Amount; // Reserve losses are incurred if (a) a reserve is // incorrectly credited from a recoup for a non-revoked // coin, or (b) if the exchange allowed more digital cash // to be withdrawn from a reserve than the balance of the // reserve should have permitted. FIXME: We may want to // distinguish these two cases in the future. reserve_loss : Amount; // Amount earned by charging withdraw fees withdraw_fee_balance : Amount; // Amount earned by charging a closing fee on the reserve close_fee_balance : Amount; // Total purse fees earned from this reserve purse_fee_balance : Amount; // Total reserve open fees earned from the reserve open_fee_balance : Amount; // Total reserve history fees earned from this reserve history_fee_balance : Amount; // When the purse expires expiration_date : Timestamp; // Who created the account origin_account : string; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5.6. Purses¶
This endpoint is used to obtain information about open purses.
- GET /monitoring/purses¶
Get a list of purses stored by the auditor.
The following query parameters are optional, and can be used to customise the response:
Request:
- Query Parameters:
limit – A signed integer, indicating how many elements relative to the offset query parameter should be returned. The default value is -20.
offset – An unsigned integer, indicating from which row onward to return elements. The default value is INT_MAX.
With the default settings, the endpoint returns at most the 20 latest elements.
Response:
- 200 OK:
The auditor responds with a top level array of Purses objects. If no elements could be found, an empty array is returned
Details:
interface Purses { // Unique row identifier auditor_purses_rowid : Integer; // Public key of the purse purse_pub : EddsaPublicKey; // Amount currently stored in the purse balance : Amount; // Amount the purse is intended for / the maximum amount that can be in the purse target : Amount; // When the purse expires expiration_date : Timestamp; }
Note
This endpoint is still experimental. The endpoint will be further developed as needed.
1.6.5.7. Progress¶
This section contains information about the auditing progress an auditor has made.
- GET /monitoring/progress¶
Get the progress stored by the auditor.
Request:
- Query Parameters:
progress_key – a string identifying a progress point. If specified, only returns the element with this exact key. The default value is NULL.
Response:
- 200 OK:
The auditor responds with a top level array of Progress objects. If no elements could be found, an empty array is returned
Details:
interface Progress { // Key associated with a given progress point progress_key: string; // How much of the exchanges data has been processed so far progress_offset: Integer; }
1.6.6. Complaints¶
This endpoint is used by the wallet or merchants to submit proof of misbehavior of an exchange to the auditor.
Note
To be designed and implemented.
- PUT /complain¶
Complain about misbehavior to the auditor.