rest api - HackMD

# rest api ```plantuml actor User as U participant "Wallet" as W participant "Bad Reader" as bad participant "Good Reader" as good hide footbox bad --> good: interaction note over good: creates a session for Attacker good -> good: generates a good request good -> bad: Good Reader's reader engagement\nwith referrerURL of a good Reader return device engagement with\ngood reader's referrerURL bad -> bad: generates a bad request U --> bad: interaction bad -> W: Bad Reader's reader engagement\nwith referrerURL of a bad Reader return deviceEngagement with a bad reader's referrerURL bad -> W: deviceRequest W -> bad: deviceResponse with mDL good -> bad: deviceRequest return deviceResponse with user's mDL note over good: Attacker's session tied to good user's mDL ``` // there is no MITM between wallet and bad reader but what's the point if bad reader got mDL? // referrerURL does not really matter