From b0f7c0d26c5436757222d892a640a9ed2f3baedc Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Thu, 27 Jun 2019 16:29:10 +0200
Subject: [PATCH 1/6] riskline - api access

---
 resources/riskline-api-access.md | 74 ++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 resources/riskline-api-access.md

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
new file mode 100644
index 0000000..7a026d8
--- /dev/null
+++ b/resources/riskline-api-access.md
@@ -0,0 +1,74 @@
+# Riskline API Access
+
+*Riskline openned it's API for hackathon participants who creates a Winding
+Tree OrgID. To get limited access token you need to proof that you have access
+to an existing OrgID.
+
+Here is an example of communication which needs to be done to get limited free
+access token.
+
+This protocol is also a proof-of-concept of programatic control of access to an
+API for OrgIDs*
+
+
+Riskline API base url for token acquisition: To be defined.
+
+## Actors:
+
+- Owner of Org ID willing to get a token (further just "OrgID")
+- Riskline
+
+
+## Steps:
+
+### 1. Generate Nonce
+
+#### Request:
+
+    POST /api/nonce
+    content-type: application/json; charset: utf-8
+
+    {
+        "org_id_address": "0xab97c6afe5a025d1dff5341d935e21dfb8e5c468"
+    }
+
+
+#### Response:
+
+    201 Created
+
+    {
+        "nonce": "a-unique-string-specific-to-this-challenge-response-series"
+    }
+
+### 2. Sign the nonce
+
+#### Request:
+*OrgId creates message to sign as: `nonce` + `.` + `org_id_address`, signs the
+message using one of OrgID's associatedKeys and sends the response.*
+
+    POST /token/
+    content-type: application/json; charset: utf-8
+
+    {
+        "nonce": "a-unique-string-specific-to-this-challenge-response-series",
+        "signature": "0x...",
+        "org_id_address": "0x..."
+    }
+
+#### Response:
+*Riskline
+- checks whether the nonce was issued by Riskline,
+- re-created the signed message (`nonce` + `.` + `org_id_address`),
+- extracts signee from `signature` (using ethereum ecRecover function) and
+- verifies that the extracted signee is in OrgID.associatedKeys (by calling
+OrgID.hasAssociatedKey).
+If the verification succeeds, it returns OrgID's access token.*
+
+    201 Created
+
+    {
+        "token": "secret-token-for-the-org-id-address",
+    }
+    
+

From 224cf1be5146ff440a4657f30dcfe5a3e6009cab Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Thu, 27 Jun 2019 16:37:23 +0200
Subject: [PATCH 2/6] link to fiddle

---
 resources/riskline-api-access.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
index 7a026d8..c93a5f7 100644
--- a/resources/riskline-api-access.md
+++ b/resources/riskline-api-access.md
@@ -8,10 +8,13 @@ Here is an example of communication which needs to be done to get limited free
 access token.
 
 This protocol is also a proof-of-concept of programatic control of access to an
-API for OrgIDs*
+API for OrgIDs
 
+There is also a code snipped showing how to do sign nonce and verify it using
+javascript and Metamask's web3: https://jsfiddle.net/czervenka/cye5n9m6*
 
-Riskline API base url for token acquisition: To be defined.
+
+**Riskline API base url for token acquisition:** To be defined.
 
 ## Actors:
 
@@ -34,9 +37,7 @@ Riskline API base url for token acquisition: To be defined.
 
 
 #### Response:
-
-    201 Created
-
+201 Created 
     {
         "nonce": "a-unique-string-specific-to-this-challenge-response-series"
     }
@@ -68,7 +69,7 @@ If the verification succeeds, it returns OrgID's access token.*
     201 Created
 
     {
-        "token": "secret-token-for-the-org-id-address",
+        "token": "secret-token-for-the-org-id-address"
     }
     
 

From 4c1643452bbbbe1e2ca09af533eadd80c3b6ef01 Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Thu, 27 Jun 2019 16:40:31 +0200
Subject: [PATCH 3/6] formatting

---
 resources/riskline-api-access.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
index c93a5f7..1e03716 100644
--- a/resources/riskline-api-access.md
+++ b/resources/riskline-api-access.md
@@ -58,13 +58,13 @@ message using one of OrgID's associatedKeys and sends the response.*
     }
 
 #### Response:
-*Riskline
-- checks whether the nonce was issued by Riskline,
-- re-created the signed message (`nonce` + `.` + `org_id_address`),
-- extracts signee from `signature` (using ethereum ecRecover function) and
-- verifies that the extracted signee is in OrgID.associatedKeys (by calling
-OrgID.hasAssociatedKey).
-If the verification succeeds, it returns OrgID's access token.*
+*Riskline*
+*- checks whether the nonce was issued by Riskline,*
+*- re-created the signed message (`nonce` + `.` + `org_id_address`),*
+*- extracts signee from `signature` (using ethereum ecRecover function) and*
+*- verifies that the extracted signee is in OrgID.associatedKeys (by calling*
+*OrgID.hasAssociatedKey).*
+*If the verification succeeds, it returns OrgID's access token.*
 
     201 Created
 

From 8252ab59f661362ba8a81a7b202c5186e56b20ef Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Thu, 27 Jun 2019 16:41:17 +0200
Subject: [PATCH 4/6] formatting

---
 resources/riskline-api-access.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
index 1e03716..b271dee 100644
--- a/resources/riskline-api-access.md
+++ b/resources/riskline-api-access.md
@@ -59,11 +59,11 @@ message using one of OrgID's associatedKeys and sends the response.*
 
 #### Response:
 *Riskline*
-*- checks whether the nonce was issued by Riskline,*
-*- re-created the signed message (`nonce` + `.` + `org_id_address`),*
-*- extracts signee from `signature` (using ethereum ecRecover function) and*
-*- verifies that the extracted signee is in OrgID.associatedKeys (by calling*
-*OrgID.hasAssociatedKey).*
+- *checks whether the nonce was issued by Riskline,*
+- *re-created the signed message (`nonce` + `.` + `org_id_address`),*
+- *extracts signee from `signature` (using ethereum ecRecover function) and*
+- *verifies that the extracted signee is in OrgID.associatedKeys (by calling
+OrgID.hasAssociatedKey).*
 *If the verification succeeds, it returns OrgID's access token.*
 
     201 Created

From 05ffa2757f277bf65b001fe5d4c09b9af4ed3dd1 Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Thu, 27 Jun 2019 16:42:27 +0200
Subject: [PATCH 5/6] formatting

---
 resources/riskline-api-access.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
index b271dee..7c842d6 100644
--- a/resources/riskline-api-access.md
+++ b/resources/riskline-api-access.md
@@ -59,17 +59,17 @@ message using one of OrgID's associatedKeys and sends the response.*
 
 #### Response:
 *Riskline*
+
 - *checks whether the nonce was issued by Riskline,*
 - *re-created the signed message (`nonce` + `.` + `org_id_address`),*
 - *extracts signee from `signature` (using ethereum ecRecover function) and*
 - *verifies that the extracted signee is in OrgID.associatedKeys (by calling
-OrgID.hasAssociatedKey).*
+   OrgID.hasAssociatedKey).*
 *If the verification succeeds, it returns OrgID's access token.*
 
+
     201 Created
 
     {
         "token": "secret-token-for-the-org-id-address"
     }
-    
-

From 42680d7c0423051e1f2b6f0b760e4c396cd83218 Mon Sep 17 00:00:00 2001
From: Robin Gottfried <robin.gottfried@fragaria.cz>
Date: Fri, 28 Jun 2019 17:59:00 +0200
Subject: [PATCH 6/6] updated according to real implementation

---
 resources/riskline-api-access.md | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/resources/riskline-api-access.md b/resources/riskline-api-access.md
index 7c842d6..2dcf935 100644
--- a/resources/riskline-api-access.md
+++ b/resources/riskline-api-access.md
@@ -14,8 +14,7 @@ There is also a code snipped showing how to do sign nonce and verify it using
 javascript and Metamask's web3: https://jsfiddle.net/czervenka/cye5n9m6*
 
 
-**Riskline API base url for token acquisition:** To be defined.
-
+**Riskline API base url for token acquisition:** https://api.v2-staging.riskline.com/v2/org-id
 ## Actors:
 
 - Owner of Org ID willing to get a token (further just "OrgID")
@@ -28,12 +27,7 @@ javascript and Metamask's web3: https://jsfiddle.net/czervenka/cye5n9m6*
 
 #### Request:
 
-    POST /api/nonce
-    content-type: application/json; charset: utf-8
-
-    {
-        "org_id_address": "0xab97c6afe5a025d1dff5341d935e21dfb8e5c468"
-    }
+    POST /nonce
 
 
 #### Response:
@@ -48,7 +42,7 @@ javascript and Metamask's web3: https://jsfiddle.net/czervenka/cye5n9m6*
 *OrgId creates message to sign as: `nonce` + `.` + `org_id_address`, signs the
 message using one of OrgID's associatedKeys and sends the response.*
 
-    POST /token/
+    POST /token
     content-type: application/json; charset: utf-8
 
     {
@@ -71,5 +65,6 @@ message using one of OrgID's associatedKeys and sends the response.*
     201 Created
 
     {
-        "token": "secret-token-for-the-org-id-address"
+        "token": "secret-token-for-the-org-id-address",
+        "company_key": "key-for-the-org-id"
     }