@delopay/sdk 0.11.0 → 0.12.1

package/dist/index.d.cts

@@ -662,6 +662,13 @@ interface ShopUpdateRequest {
     webhook_url?: string | null;
     is_active?: boolean | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this shop's hosted checkout in an iframe.
+     * Each entry must be a full origin (`scheme://host[:port]`, no path,
+     * no wildcards). Empty/null defaults to same-origin only — strict
+     * clickjacking defense. Example: `["https://shop.acme.com"]`.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ShopResponse {
     shop_id: string;
@@ -673,6 +680,11 @@ interface ShopResponse {
     webhook_url?: string | null;
     project_id?: string | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this shop's hosted checkout in an iframe.
+     * See {@link ShopUpdateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 /** Branding and behavior overrides for a shop's hosted checkout. */
 interface BusinessPaymentLinkConfig {
@@ -1366,6 +1378,13 @@ interface ProfileCreateRequest {
     redirect_to_merchant_with_http_post?: boolean | null;
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. Each entry is a full origin (`scheme://host[:port]`, no
+     * path). Empty/null defaults to same-origin only — strict
+     * clickjacking defense.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ProfileUpdateRequest {
     profile_name?: string | null;
@@ -1376,6 +1395,11 @@ interface ProfileUpdateRequest {
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. See {@link ProfileCreateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ProfileResponse {
     merchant_id: string;
@@ -1394,6 +1418,11 @@ interface ProfileResponse {
     payment_response_hash_key?: string | null;
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. See {@link ProfileCreateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
     [key: string]: unknown;
 }
 type BlocklistAddRequest = {

package/dist/index.d.ts

@@ -662,6 +662,13 @@ interface ShopUpdateRequest {
     webhook_url?: string | null;
     is_active?: boolean | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this shop's hosted checkout in an iframe.
+     * Each entry must be a full origin (`scheme://host[:port]`, no path,
+     * no wildcards). Empty/null defaults to same-origin only — strict
+     * clickjacking defense. Example: `["https://shop.acme.com"]`.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ShopResponse {
     shop_id: string;
@@ -673,6 +680,11 @@ interface ShopResponse {
     webhook_url?: string | null;
     project_id?: string | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this shop's hosted checkout in an iframe.
+     * See {@link ShopUpdateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 /** Branding and behavior overrides for a shop's hosted checkout. */
 interface BusinessPaymentLinkConfig {
@@ -1366,6 +1378,13 @@ interface ProfileCreateRequest {
     redirect_to_merchant_with_http_post?: boolean | null;
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. Each entry is a full origin (`scheme://host[:port]`, no
+     * path). Empty/null defaults to same-origin only — strict
+     * clickjacking defense.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ProfileUpdateRequest {
     profile_name?: string | null;
@@ -1376,6 +1395,11 @@ interface ProfileUpdateRequest {
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
     payment_link_config?: BusinessPaymentLinkConfig | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. See {@link ProfileCreateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
 }
 interface ProfileResponse {
     merchant_id: string;
@@ -1394,6 +1418,11 @@ interface ProfileResponse {
     payment_response_hash_key?: string | null;
     webhook_details?: Record<string, unknown> | null;
     metadata?: Record<string, unknown> | null;
+    /**
+     * Origins permitted to embed this profile's hosted checkout in an
+     * iframe. See {@link ProfileCreateRequest.iframe_allowed_origins}.
+     */
+    iframe_allowed_origins?: string[] | null;
     [key: string]: unknown;
 }
 type BlocklistAddRequest = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delopay/sdk",
-  "version": "0.11.0",
+  "version": "0.12.1",
   "description": "Official Delopay TypeScript SDK",
   "type": "module",
   "sideEffects": false,