Discussions
Include outgoing payment `/authorize` endpoint?
Outgoing payments are currently authorized by including authorized: true
in either a create or update request.
The create
grant action is required to create.
Instead of requiring the update
(and authorize
) action to authorize via update, what if there was a POST https://openpayments.guide/alice/outgoing-payments/{id}/authorize
endpoint?
Update requests would then be intended for updating the send or receive amount (but additionally support authorizing, just like in create).
This saves the server's initial auth check from having to parse the body (checking for authorized: true
) to determine the relevant grant action.
Instead:
- create request requires
create
action - update request requires
update
action - authorize request requires
authorize
action
The server can later check for authorized: true
when it is actually creating or updating a payment and check the grant (it is already checking the grant at that point for access limits).