OAuth-2 is used as fallback authentication method in case of not having X509
key/certificate.

Do not create additional request endpoint, as requesting is like creation, so
reuse POST verb on instance endpoint.

Also as rename can be used to garbage collect instance avoid DELETE.

PUT can inform that nothing happens.

OPTIONS is required by web-browser embedded JavaScript calls in order to allow
for CORS.

Accept is used in order to require response type from server, Content-Type is
about data which are going to be send.

Each time request body is sent, client HAVE to set content type.

Client might want to do anything with it, so append responso to such.

Provide request-access-token web section, with forced authorisation (see:
454f340583055d59ba3385786d16a851636e45c4 in erp5 repository) which allow to
grant or deny token which arrived from remote web site.

Depend on erp5_bearer_token in order to reuse common logic.

They shall have maximum one related predecessor.

requestSoftwareInstance requires much less arguments.

Expose tool which is capable to reply to low level HTTP requests (like POST,
DELETE, PUT).

Caller uses catalog to call method, avoid trusting it.

This replace the previous root_state property defined on Hosting Subscription.

Stay consistent with current API

This simplify retrieval of this information (and so, reduce system load).

Do not set any default value anymore.
This should ease compatibility issue (less maintainance).

Generally allow customer to repay payment. The work was based on:

 * Start date do not have to be set during building.
 * Allow to reuse existing ID and allow PayZen to inform user, that transaction
   is already registered.
 * Do not create too many ids.
 * Drop not needed logging.
 * Be as precise as invoice's currency.
 * Consider all planned or confirmed transactions and take actions based on
   transaction status.

Do not kill the client browser.

Sleep is bad, but better than destroying all components.

It is only used in vifib_web