SEP-6: Accept financial information via SEP-12 #1380
Conversation
philipliu
force-pushed
the
anchor-387-withdrawal
branch
from
f88a667
to
7eccb12
Compare
philipliu
force-pushed
the
anchor-387-withdrawal
branch
from
7eccb12
to
e296687
Compare
philipliu
force-pushed
the
anchor-387-withdrawal
branch
from
e296687
to
bff3848
Compare
|
I'm skipping a version here as I assume that the deposit PR will be merged first. |
There was a problem hiding this comment.
I definitely agree with the outcome we're trying to achieve here, but I think we should encourage clients to provide financial account data via SEP-12's PUT /customer requests, rather than SEP-6's PATCH /transaction request.
I think this simplifies client implementations (and the design of the anchor platform) because we don't have to support PATCH /transaction or the pending_transaction_info_update status. What do you think?
|
The challenge with using SEP-12 for accepting financial account information is when a user wants to use two different bank accounts (or two accounts of the same type) between withdrawals. Let's suppose a user requests a withdrawal to the first bank account. Then, they submit another withdrawal request to another bank account. I see two ways of doing this:
I think multi-account withdrawals are a use case we want to support. SEP-12 does not look like it's designed for ephemeral/transaction-related data, so using it would require us to design a partial delete API. I agree that using |
|
I'm not sure I understand how this approach solves the multiple-account-per-type-per-customer problem though. If a first-time customer initiates a withdraw to bank account and omits |
|
The second withdrawal request would be moved into |
|
If the business doesn't store bank details of their customers for future transactions, then that puts responsibility on the wallet to do so, otherwise wallets will need to ask their users for the their bank account info on each transaction. And I don't know if it makes sense to have wallets store customer bank details, especially noncustodial wallets. While its not ideal, the existing approach of having at most 1 account per type on file works and ensures that customers only have to provide their bank details once. If customers want to use a different bank account, they can update their account on file with the anchor, and the wallet can decide how to build the UX for that. But I'd rather not try to solve a problem a small percentage of customers will use at the expense of additional complexity for wallets or a worse UX for the majority of customers who just use one off-chain account. |
|
Thanks, @JakeUrban, that makes sense. I'll make the changes then. |
philipliu
changed the title
| @@ -958,7 +962,7 @@ All assets listed in a `withdraw` and `withdraw-exchange` can contain these attr | |||
|
|
|||
| * `enabled`: `true` if SEP-6 withdrawal for this asset is supported | |||
| * `authentication_required`: Optional. `true` if client must be [authenticated](#authentication) before accessing the withdraw endpoint for this asset. `false` if not specified. | |||
| * `types`: a field with each type of withdrawal supported for that asset as a key. Each type can specify a `fields` object as below explaining what fields are needed and what they do. | |||
| * `types`: a field with each type of withdrawal supported for that asset as a key. Each type can specify a `fields` object as below explaining what fields are needed and what they do. Anchors are encouraged to use [SEP-9 financial account fields](sep-0009.md#financial-account-fields), but can also define custom fields if necessary. If a `fields` object is not specified, the wallet should assume that no extra fields are needed for that type of withdrawal. In the case that the Anchor requires additional fields for a withdrawal, it should set the transaction status to `pending_customer_info_update`. The wallet can query the `/transaction` endpoint to get the fields needed to complete the transaction in `required_customer_info_updates` and then use [SEP-12](sep-0012.md#customer-put) to collect the information from the user. | |||
There was a problem hiding this comment.
Can you update Basic Wallet Implementation section to reflect this change?
Abstract
Today, wallets are required to send a user's financial account information mainly through the
destanddest_extrarequest parameters when requesting a withdrawal. This is a security risk as web servers often log their GET requests which will include personally identifiable information such as a user's bank account number. The standard should define an alternative method for allowing users to provide their information.Proposal
This PR proposes excluding the
fieldsfrom the withdrawal types returned by theGET /infoendpoint as a means to collect these fields through an alternative flow. This will force the anchor to put the transaction into thepending_customer_info_updatestatus. The wallet will use then SEP-12PUT /customerto provide the missing financial account information. This allows us to deprecate thedestanddest_extrarequest parameters by making them optional when a withdraw type'sfieldsobject is missing.Backwards Compatibility
This change is backward compatible as wallets will continue sending financial account information through the request parameters if the anchors define them as part of the
GET /inforesponse.This depends on some changes from #1379.