XSQ Verification Process
The http://tyaga.org/ipp/xotaur-sha1-query.html (XSQ) verification process is a means to query an accountant for the status of a specific payment.
A payment offer or decision notification is thus verified against the accountant of a co-transactor.
A notification is not assumed to have come from an authorized party unless the query verification is successful.
The XSQ verification process involves the following steps:
- Xotaur Serialization: For each payment record, a white-space concatenation of the following IPP parameters is formed into a string:
from: the 'from-brand' in the *original* payment record
to: the 'to-brand' in the *original* payment record
amount: original payment amount
unit: original payment unit
memo: original payment memo
Note that in case of a reset payment, the original amount, xtime, and/or memo values are used
for the xotaur serialization. Do not use the ref_amount, ref_xtime, and/or ref_memo.
- SHA1: The sha1 digest of the xotaur string is used as the record ID between the transacting entities. The Notifier must include the sha1 digest as the value of the "ver_data" parameter in the IPP notification.
- GET-Query: The verifier queries the Notifier Accountant with the GET-query parameters "?xsq=0.1&record_SHA1=...xotaur...sha1...".
- The Notifier Accountant responds with json-encoded string or xml-equivalent:
- The verification is considered successful if the response code, status and xotaur matches the expected values based on the IPP notification parameters.