Discussions

Ask a Question
Back to All

Include outgoing payment `/authorize` endpoint?

Outgoing payments are currently authorized by including authorized: true in either a create or update request.
The create grant action is required to create.
Instead of requiring the update (and authorize) action to authorize via update, what if there was a POST https://openpayments.guide/alice/outgoing-payments/{id}/authorize endpoint?
Update requests would then be intended for updating the send or receive amount (but additionally support authorizing, just like in create).
This saves the server's initial auth check from having to parse the body (checking for authorized: true) to determine the relevant grant action.
Instead:

  • create request requires create action
  • update request requires update action
  • authorize request requires authorize action

The server can later check for authorized: true when it is actually creating or updating a payment and check the grant (it is already checking the grant at that point for access limits).