2.5 KiB
2.5 KiB
Backend Handoff Checklist: Membership Activation Flow
This checklist maps current web behavior to required backend implementation.
Required Endpoints
POST /secret/wallet/intentPOST /secret/wallet/verifyPOST /secret/membership/quotePOST /secret/membership/confirmPOST /secret/notify
Web Behavior Dependency
The landing page currently executes these actions in order:
- Connect wallet (
eth_requestAccounts). - Get signature intent.
- Sign typed data (
eth_signTypedData_v4). - Verify signature.
- Request membership quote.
- Send wallet transaction (
eth_sendTransaction) using returned tx params. - Confirm membership by tx hash.
- Show acknowledged state and optional notify form.
If any endpoint is missing, flow fails closed and shows status error.
Response Requirements
Intent
Must return:
intent_iddesignation_codedisplay_tokennonceissued_atexpires_atchain_id
Verify
Must return:
status = signature_verifieddesignation_codedisplay_token
Membership Quote
Must return:
quote_idchain_idcurrencyamountoramount_atomic + decimalsdeadline- tx execution fields:
- either
txobject for wallet send - or
contract_address+calldata+value
- either
Membership Confirm
Must return:
status = membership_activedesignation_codedisplay_tokentx_hash
Notify
Must accept:
emaildesignation_codedesignation_tokenwalletlocale
Security Requirements
- Replay-safe intent nonce and quote nonce.
- Intent and quote TTL enforcement.
- Chain allowlist checks.
- Origin allowlist checks.
- Tx amount/currency/recipient exact-match checks.
- Idempotent confirm path for repeated tx_hash submissions.
Data Persistence Requirements
Persist at minimum:
- designation code and auth token
- wallet and chain id
- intent fields and verification time
- quote fields and expiry
- membership tx hash and activation timestamp
- notification email link metadata
Observability Requirements
- Correlation id per flow (
intent_idpreferred). - Structured logs for each transition.
- Metrics counters for:
- intent requests
- verify success/fail
- quote success/fail
- confirm success/fail
- notify success/fail
Done Criteria
- Web flow reaches acknowledged state on successful membership tx.
- Membership inactive wallets cannot complete flow.
- Confirm endpoint is idempotent and deterministic.
- API matches
docs/api/secret-system.openapi.yaml.