@@ -443,14 +443,17 @@ paths:
443443 - `update_invoice`
444444 - This action only is valid if you are the buyer. The `invoice`
445445 field needs to be present in the body and the value must be a
446- valid LN invoice as cleartext PGP message signed with the robot key. Make sure to perform this action only when
446+ valid LN invoice as cleartext PGP message signed (SHA512) with the robot key.
447+ The amount of the invoice should be `invoice_amount` minus the routing
448+ budget whose parts per million should be specified by `routing_budget_ppm`.
449+ Make sure to perform this action only when
447450 both the bonds are locked. i.e The status of your order is
448451 at least `6` (Waiting for trade collateral and buyer invoice)
449452 - `update_address`
450453 - This action is only valid if you are the buyer. This action is
451454 used to set an on-chain payout address if you wish to have your
452455 payout be received on-chain. Only valid if there is an address in the body as
453- cleartext PGP message signed with the robot key. This enables on-chain swap for the
456+ cleartext PGP message signed (SHA512) with the robot key. This enables on-chain swap for the
454457 order, so even if you earlier had submitted a LN invoice, it
455458 will be ignored. You get to choose the `mining_fee_rate` as
456459 well. Mining fee rate is specified in sats/vbyte.
@@ -470,9 +473,7 @@ paths:
470473 mid-trade so use this action carefully:
471474
472475 - As a maker if you cancel an order after you have locked your
473- maker bond, you are returned your bond. This may change in
474- the future to prevent DDoSing the LN node and you won't be
475- returned the maker bond.
476+ maker bond, you are returned your bond.
476477 - As a taker there is a time penalty involved if you `take` an
477478 order and cancel it without locking the taker bond.
478479 - For both taker or maker, if you cancel the order when both
@@ -631,7 +632,7 @@ paths:
631632 post :
632633 operationId : reward_create
633634 description : Withdraw user reward by submitting an invoice. The invoice must
634- be send as cleartext PGP message signed with the robot key
635+ be send as cleartext PGP message signed (SHA512) with the robot key
635636 summary : Withdraw reward
636637 tags :
637638 - reward
@@ -721,12 +722,13 @@ paths:
721722 An authenticated request (has the token's sha256 hash encoded as base 91 in the Authorization header) will be
722723 returned the information about the state of a robot.
723724
724- Make sure you generate your token using cryptographically secure methods. [Here's]() the function the Javascript
725- client uses to generate the tokens. Since the server only receives the hash of the
725+ Make sure you generate your token using cryptographically secure methods.
726+ Since the server only receives the hash of the
726727 token, it is responsibility of the client to create a strong token. Check
727- [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.js )
728+ [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.ts )
728729 to see how the Javascript client creates a random strong token and how it validates entropy is optimal for tokens
729730 created by the user at will.
731+ The PGP key should be an EdDSA ed25519/cert,sign+cv25519/encr key.
730732
731733 `public_key` - PGP key associated with the user (Armored ASCII format)
732734 `encrypted_private_key` - Private PGP key. This is only stored on the backend for later fetching by
@@ -737,7 +739,7 @@ paths:
737739 A gpg key can be created by:
738740
739741 ```shell
740- gpg --full-gen-key
742+ gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" -- full-gen-key
741743 ```
742744
743745 it's public key can be exported in ascii armored format with:
0 commit comments