diff --git a/concept-partial-payments.html b/concept-partial-payments.html
index 2f4f54775d..885049def0 100644
--- a/concept-partial-payments.html
+++ b/concept-partial-payments.html
@@ -79,6 +79,7 @@
                   <li><a href="tutorial-rippleapi-beginners-guide.html">RippleAPI Beginners Guide</a></li>
                   <li><a href="tutorial-rippled-setup.html">rippled Setup</a></li>
                   <li><a href="tutorial-gateway-guide.html">Gateway Guide</a></li>
+                  <li><a href="tutorial-listing-xrp.html">Listing XRP as an Exchange</a></li>
             </ul>
           </li>
           <li class="dropdown">
@@ -151,7 +152,8 @@
 <li class="level-3"><a href="#partial-payment-limitations">Partial Payment Limitations</a></li>
 <li class="level-3"><a href="#the-delivered-amount-field">The  delivered_amount  Field</a></li>
 <li class="level-2"><a href="#partial-payments-exploit">Partial Payments Exploit</a></li>
-<li class="level-3"><a href="#avoiding-the-exploit">Avoiding the Exploit</a></li>
+<li class="level-3"><a href="#exploit-scenario-steps">Exploit Scenario Steps</a></li>
+<li class="level-3"><a href="#further-mitigations">Further Mitigations</a></li>
 
             </ul>
         </div>
@@ -195,8 +197,47 @@
 <li>Is included in a validated ledger before 2014-01-20</li>
 </ul>
 <p>If both conditions are true, then <code>delivered_amount</code> contains the string value <code>unavailable</code> instead of an actual amount. If this happens, you can only determine the actual delivered amount by reading the AffectedNodes in the transaction's metadata. If the transaction delivered an issued currency and the <code>issuer</code> of the <code>Amount</code> is the same account as the <code>Destination</code> address, the delivered amount may be divided among multiple <code>AffectedNodes</code> members representing trust lines to different counterparties.</p>
+<p>You can find the <code>delivered_amount</code> field in the following places:</p>
+<table>
+<thead>
+<tr>
+<th>API</th>
+<th>Method</th>
+<th>Field</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><a href="reference-rippled.html">JSON-RPC / WebSocket</a></td>
+<td><a href="reference-rippled.html#account-tx"><code>account_tx</code> command</a></td>
+<td><code>result.transactions</code> array members' <code>meta.delivered_amount</code></td>
+</tr>
+<tr>
+<td><a href="reference-rippled.html">JSON-RPC / WebSocket</a></td>
+<td><a href="reference-rippled.html#tx"><code>tx</code> command</a></td>
+<td><code>result.meta.delivered_amount</code></td>
+</tr>
+<tr>
+<td><a href="reference-rippled.html">JSON-RPC / WebSocket</a></td>
+<td><a href="reference-rippled.html#transaction-entry"><code>transaction_entry</code> command</a></td>
+<td><code>result.metadata.delivered_amount</code></td>
+</tr>
+<tr>
+<td><a href="reference-rippleapi.html">RippleAPI</a></td>
+<td><a href="reference-rippleapi.html#gettransaction"><code>getTransaction</code> method</a></td>
+<td><code>outcome.deliveredAmount</code></td>
+</tr>
+<tr>
+<td><a href="reference-rippleapi.html">RippleAPI</a></td>
+<td><a href="reference-rippleapi.html#gettransactions"><code>getTransactions</code> method</a></td>
+<td>array members' <code>outcome.deliveredAmount</code></td>
+</tr>
+</tbody>
+</table>
 <h2 id="partial-payments-exploit">Partial Payments Exploit</h2>
 <p>If a financial institution's integration with the Ripple Consensus Ledger assumes that the <code>Amount</code> field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution. This exploit can be used against gateways, exchanges, or merchants as long as those institutions' software does not process partial payments correctly.</p>
+<p><strong>The correct way to process incoming Payment transactions is to use <a href="#the-delivered-amount-field">the <code>delivered_amount</code> metadata field</a>,</strong> not the <code>Amount</code> field. This way, an institution is never mistaken about how much it <em>actually</em> received.</p>
+<h3 id="exploit-scenario-steps">Exploit Scenario Steps</h3>
 <p>To exploit a vulnerable financial institution, a malicious actor does something like this:</p>
 <ol>
 <li>The malicious actor sends a Payment transaction to the institution. This transaction has a large <code>Amount</code> field and has the <strong>tfPartialPayment</strong> flag enabled.</li>
@@ -219,9 +260,8 @@
 <li>The vulnerable merchant treats the invoice as paid and provides the goods or services to the malicious actor, despite only receiving a much smaller <code>delivered_amount</code> in the Ripple Consensus Ledger.</li>
 <li>The malicious actor uses, resells, or absconds with the goods and services before the merchant notices the discrepancy.</li>
 </ol>
-<h3 id="avoiding-the-exploit">Avoiding the Exploit</h3>
-<p>The simplest and most effective way to avoid partial payment exploits is to use the <code>delivered_amount</code> field of the transaction metadata, not the <code>Amount</code> field, when processing incoming transactions. This way, an institution is never mistaken about how much it <em>actually</em> received.</p>
-<p>Additional proactive business practices can also avoid or mitigate the likelihood of this and similar exploits. For example:</p>
+<h3 id="further-mitigations">Further Mitigations</h3>
+<p>Using <a href="#the-delivered-amount-field">the <code>delivered_amount</code> field</a> when processing incoming transactions is sufficient to avoid this exploit. Still, additional proactive business practices can also avoid or mitigate the likelihood of this and similar exploits. For example:</p>
 <ul>
 <li>Add additional sanity checks to your business logic for processing withdrawals. Never process a withdrawal if the total balance you hold in the Ripple Consensus Ledger does not match your expected assets and obligations.</li>
 <li>Follow "Know Your Customer" guidelines and strictly verify your customers' identities. You may be able to recognize and block malicious users in advance, or pursue legal action against a malicious actor who exploits your system.</li>
diff --git a/content/concept-partial-payments.md b/content/concept-partial-payments.md
index 8a75b3260d..707358057a 100644
--- a/content/concept-partial-payments.md
+++ b/content/concept-partial-payments.md
@@ -53,11 +53,28 @@ The delivered amount is **not available** for transactions that meet **both** of
 
 If both conditions are true, then `delivered_amount` contains the string value `unavailable` instead of an actual amount. If this happens, you can only determine the actual delivered amount by reading the AffectedNodes in the transaction's metadata. If the transaction delivered an issued currency and the `issuer` of the `Amount` is the same account as the `Destination` address, the delivered amount may be divided among multiple `AffectedNodes` members representing trust lines to different counterparties.
 
+You can find the `delivered_amount` field in the following places:
+
+| API | Method | Field |
+|-----|--------|-------|
+| [JSON-RPC / WebSocket][] | [`account_tx` command](reference-rippled.html#account-tx) | `result.transactions` array members' `meta.delivered_amount` |
+| [JSON-RPC / WebSocket][] | [`tx` command](reference-rippled.html#tx) | `result.meta.delivered_amount` |
+| [JSON-RPC / WebSocket][] | [`transaction_entry` command](reference-rippled.html#transaction-entry) | `result.metadata.delivered_amount` |
+| [RippleAPI][] | [`getTransaction` method](reference-rippleapi.html#gettransaction) | `outcome.deliveredAmount` |
+| [RippleAPI][] | [`getTransactions` method](reference-rippleapi.html#gettransactions) | array members' `outcome.deliveredAmount` |
+
+[JSON-RPC / WebSocket]: reference-rippled.html
+[RippleAPI]: reference-rippleapi.html
 
 ## Partial Payments Exploit
 
 If a financial institution's integration with the Ripple Consensus Ledger assumes that the `Amount` field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution. This exploit can be used against gateways, exchanges, or merchants as long as those institutions' software does not process partial payments correctly.
 
+**The correct way to process incoming Payment transactions is to use [the `delivered_amount` metadata field](#the-delivered-amount-field),** not the `Amount` field. This way, an institution is never mistaken about how much it _actually_ received.
+
+
+### Exploit Scenario Steps
+
 To exploit a vulnerable financial institution, a malicious actor does something like this:
 
 1. The malicious actor sends a Payment transaction to the institution. This transaction has a large `Amount` field and has the **tfPartialPayment** flag enabled.
@@ -78,11 +95,9 @@ In the case of a merchant, the order of operations is slightly different, but th
 6. The vulnerable merchant treats the invoice as paid and provides the goods or services to the malicious actor, despite only receiving a much smaller `delivered_amount` in the Ripple Consensus Ledger.
 7. The malicious actor uses, resells, or absconds with the goods and services before the merchant notices the discrepancy.
 
-### Avoiding the Exploit
+### Further Mitigations
 
-The simplest and most effective way to avoid partial payment exploits is to use the `delivered_amount` field of the transaction metadata, not the `Amount` field, when processing incoming transactions. This way, an institution is never mistaken about how much it _actually_ received.
-
-Additional proactive business practices can also avoid or mitigate the likelihood of this and similar exploits. For example:
+Using [the `delivered_amount` field](#the-delivered-amount-field) when processing incoming transactions is sufficient to avoid this exploit. Still, additional proactive business practices can also avoid or mitigate the likelihood of this and similar exploits. For example:
 
 - Add additional sanity checks to your business logic for processing withdrawals. Never process a withdrawal if the total balance you hold in the Ripple Consensus Ledger does not match your expected assets and obligations.
 - Follow "Know Your Customer" guidelines and strictly verify your customers' identities. You may be able to recognize and block malicious users in advance, or pursue legal action against a malicious actor who exploits your system.
diff --git a/tutorial-listing-xrp.html b/tutorial-listing-xrp.html
index a24d54a993..cd362f22c1 100644
--- a/tutorial-listing-xrp.html
+++ b/tutorial-listing-xrp.html
@@ -90,6 +90,7 @@
                   <li><a href="concept-fee-voting.html">Fee Voting</a></li>
                   <li><a href="concept-fees.html">Fees (Disambiguation)</a></li>
                   <li><a href="concept-freeze.html">Freeze</a></li>
+                  <li><a href="concept-partial-payments.html">Partial Payments</a></li>
                   <li><a href="concept-paths.html">Paths</a></li>
                   <li><a href="concept-reserves.html">Reserves</a></li>
                   <li><a href="concept-stand-alone-mode.html">Stand-Alone Mode</a></li>

API	Method	Field
JSON-RPC / WebSocket	`account_tx` command	`result.transactions` array members' `meta.delivered_amount`
JSON-RPC / WebSocket	`tx` command	`result.meta.delivered_amount`
JSON-RPC / WebSocket	`transaction_entry` command	`result.metadata.delivered_amount`
RippleAPI	`getTransaction` method	`outcome.deliveredAmount`
RippleAPI	`getTransactions` method	array members' `outcome.deliveredAmount`