Payback API is a service to track and optimize debts between a group of friends.
Currently the Payback API does not provide authenticated access.
Authentication will be implemented using OAuth, with logins by username and password, Facebook, Google and other services.
## Digital Signature
To prevent tampering of the data, a digital signature is included as a header in every request.
The header name is X-Checksum and it is calculated using HMAC-SHA1 of the JSON representation of an object
including url, query parameters and request body.
## Media Types
Where applicable this API uses the JSON media-type to represent resources states and affordances.
Requests with a message-body are using plain JSON to set or update resource states.
## Error States
The common [HTTP Response Status Codes](https://github.com/for-GET/know-your-http-well/blob/master/status-codes.md) are used.