Avoid passing secret details of recipient in transfer

bigchaindb · Feb 10, 2017 · 6e2748c · 6e2748c
1 parent b6b019b
commit 6e2748c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -322,7 +322,7 @@ PAYLOAD:
     },
     "to": {
         "verifyingKey": "<base58 string>",
-        "signingKey": "<base58 string>"
+        "signingKey": null
     }
 }
 
@@ -336,6 +336,10 @@ RETURNS:
 }
 ```
 
+Note that the `to` field in the payload may avoid specifying the new holder's
+private details (i.e. `signingKey`), but should still provide the keys needed to
+conform to the [user model](#create-users).
+
 To check if your POST was successful, follow the steps in [registering a
 manifestation](#was-my-post-to-manifestations-successful) and use the returned
 Right's data instead.
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -177,7 +177,10 @@ def test_transfer_right(client, alice, bob,
             'action': 'loan',
         },
         'currentHolder': alice,
-        'to': bob,
+        'to': {
+            'verifyingKey': bob['verifyingKey'],
+            'signingKey': None,
+        }
     }
 
     expected = {