XSQ Verification Process

The http://tyaga.org/ipp/xotaur-sha1-query.html (XSQ) verification process is a means to query an accountant for the status of a specific payment. A payment offer or decision notification is thus verified against the accountant of a co-transactor. A notification is not assumed to have come from an authorized party unless the query verification is successful.

The XSQ verification process involves the following steps:

1. Xotaur Serialization: For each payment record, a white-space concatenation of the following IPP parameters is formed into a string:
   xtime + " " + from + " " + to + " " + amount + " " + unit [ + " " + memo ] WHERE xtime: the payment record's Unix time</li> from: the 'from-brand' in the *original* payment record</li> to: the 'to-brand' in the *original* payment record</li> amount: original payment amount unit: original payment unit memo: original payment memo Note that in case of a reset payment, the original amount, xtime, and/or memo values are used for the xotaur serialization. Do not use the ref_amount, ref_xtime, and/or ref_memo.
2. SHA1: The sha1 digest of the xotaur string is used as the record ID between the transacting entities. The Notifier must include the sha1 digest as the value of the "ver_data" parameter in the IPP notification.
3. GET-Query: The verifier queries the Notifier Accountant with the GET-query parameters "?xsq=0.1&record_SHA1=...xotaur...sha1...".
4. The Notifier Accountant responds with json-encoded string or xml-equivalent:
   { "code": Numeric IPP Code "status": "offer" -OR- "accepted 0.00" (if rejected) -OR- "accepted " + orig_amount (if approved As-Is) -OR- "accepted" [+ " " + reset_amount] [+ " on " + reset_xtime] [+ " " + reset_memo] (if reset) -OR- "Error" "xotaur": xotaur-serialized string as described above -OR- null on Error } Note that one or more of the following payment parameters may be reset: amount, xtime, and/or memo. The status value is *different* from the IPP-specified text-equivalent of the numeric code.
5. The verification is considered successful if the response code, status and xotaur matches the expected values based on the IPP notification parameters.