@delopay/sdk 0.27.0 → 0.29.0

package/dist/index.d.cts

@@ -12,11 +12,10 @@ type PaymentMethod = 'card' | 'card_redirect' | 'pay_later' | 'wallet' | 'bank_r
 type PaymentMethodType = string;
 type ConnectorType = 'payment_processor' | 'payment_vas' | 'fin_operations' | 'fiz_operations' | 'networks' | 'banking_entities' | 'non_banking_finance' | 'payout_processor' | 'payment_method_auth' | 'authentication_processor' | 'tax_processor' | 'billing_processor' | 'vault_processor';
 /**
- * Snake-case connector identifiers, mirroring the backend `Connector`
- * enum in `crates/common_enums/src/connector_enums.rs`. The trailing
- * `string` keeps it open: new connectors land in the backend before the
- * SDK is regenerated, so consumers can pass any name without a type
- * error. Known names get IDE autocomplete.
+ * Snake-case connector identifiers recognized by the Delopay API. The
+ * trailing `string` keeps this type open: new connectors may be added
+ * to the API before the SDK is updated, so any name can be passed
+ * without a type error. Known names get IDE autocomplete.
  */
 type Connector = 'aci' | 'adyen' | 'adyenplatform' | 'affirm' | 'airwallex' | 'amazonpay' | 'archipel' | 'authipay' | 'authorizedotnet' | 'bambora' | 'bamboraapac' | 'bankofamerica' | 'barclaycard' | 'billwerk' | 'bitpay' | 'blackhawknetwork' | 'bluesnap' | 'boku' | 'braintree' | 'breadpay' | 'calida' | 'cardinal' | 'cashtocode' | 'celero' | 'chargebee' | 'checkbook' | 'checkout' | 'coinbase' | 'coingate' | 'creem' | 'cryptomus' | 'cryptopay' | 'ctp_mastercard' | 'ctp_visa' | 'cybersource' | 'cybersourcedecisionmanager' | 'datatrans' | 'delopay_vault' | 'delopaythreedsserver' | 'deutschebank' | 'digitalvirgo' | 'dlocal' | 'dwolla' | 'ebanx' | 'elavon' | 'envoy' | 'facilitapay' | 'finix' | 'fiserv' | 'fiservcommercehub' | 'fiservemea' | 'fiuu' | 'flexiti' | 'forte' | 'getnet' | 'gigadat' | 'globalpay' | 'globepay' | 'gocardless' | 'gpayments' | 'helcim' | 'hipay' | 'hyperpg' | 'iatapay' | 'inespay' | 'itaubank' | 'jpmorgan' | 'klarna' | 'loonio' | 'mifinity' | 'mollie' | 'moneris' | 'multisafepay' | 'netcetera' | 'nexinets' | 'nexixpay' | 'nmi' | 'nomupay' | 'noon' | 'nordea' | 'novalnet' | 'nowpayments' | 'nuvei' | 'opennode' | 'paybox' | 'payload' | 'payme' | 'payone' | 'paypal' | 'paysafe' | 'paysepro' | 'paystack' | 'paytm' | 'payu' | 'payjustnow' | 'payjustnowinstore' | 'peachpayments' | 'phonepe' | 'placetopay' | 'plaid' | 'powertranz' | 'prophetpay' | 'rapyd' | 'razorpay' | 'recurly' | 'redsys' | 'revolv3' | 'riskified' | 'santander' | 'shift4' | 'signifyd' | 'silverflow' | 'skinsback' | 'square' | 'stax' | 'stripe' | 'stripebilling' | 'taxjar' | 'tesouro' | 'threedsecureio' | 'tokenex' | 'tokenio' | 'truelayer' | 'trustly' | 'trustpay' | 'trustpayments' | 'tsys' | 'vgs' | 'volt' | 'wellsfargo' | 'wise' | 'worldline' | 'worldpay' | 'worldpaymodular' | 'worldpayvantiv' | 'worldpayxml' | 'xendit' | 'zen' | 'zift' | 'zsl' | (string & {});
 type DisputeStage = 'pre_dispute' | 'dispute' | 'pre_arbitration' | 'arbitration' | 'dispute_reversal';
@@ -347,8 +346,8 @@ interface PaymentListParams {
 interface PaymentRetrieveOptions {
     /** Reconcile intent state with the connector before responding. */
     force_sync?: boolean;
-    /** Bypass the backend's `should_call_connector` gate so even a
-     *  `requires_payment_method` intent triggers a sync. */
+    /** Force a connector sync even for intents in early states like
+     *  `requires_payment_method` that would otherwise return the local snapshot. */
     all_keys_required?: boolean;
 }
 interface PaymentListResponse {
@@ -758,7 +757,6 @@ interface ProfileLogoUploadResponse {
  * Event scope when registering a connector webhook.
  * - `'all_events'`: wildcard registration (cheapest default).
  * - `{ specific_event: '<EventType>' }`: register only one event type.
- * Matches the backend's internally-tagged `ConnectorWebhookEventType`.
  */
 type ConnectorWebhookEventType = 'all_events' | {
     specific_event: string;
@@ -1335,6 +1333,7 @@ interface SwitchProfileRequest {
 interface InviteUsersRequest {
     email: string;
     role_id: string;
+    profile_ids?: string[];
 }
 interface InviteUsersResponse {
     email: string;
@@ -1357,7 +1356,7 @@ interface FromEmailRequest {
     token: string;
 }
 /**
- * Purpose of a single-purpose JWT. The backend decides which purpose to issue
+ * Purpose of a single-purpose JWT. The API decides which purpose to issue
  * next based on the user's current state (e.g. TOTP not set → `totp`, TOTP
  * verified → `reset_password`).
  */
@@ -1376,13 +1375,13 @@ interface VerifyTotpRequest {
 /** Optional query params for `GET /user/2fa/terminate`. */
 interface Terminate2faQueryParams {
     /**
-     * Skip the TOTP requirement entirely. Only honored when the backend has
-     * `force_two_factor_auth = false`. Use sparingly — it weakens security.
+     * Skip the TOTP requirement entirely. Only honored when the server has
+     * `force_two_factor_auth = false`. Use sparingly -- it weakens security.
      */
     skip_two_factor_auth?: boolean;
 }
 /**
- * Optional query for `GET /user/me/login-activity`. Backend clamps `limit`
+ * Optional query for `GET /user/me/login-activity`. The API clamps `limit`
  * to `1..=200` (default 25) and floors `offset` at 0 (default 0).
  */
 interface LoginHistoryParams {
@@ -1407,9 +1406,8 @@ interface LoginHistoryParams {
  * `password`, `magic_link`, `sso_oidc`, `totp`, `recovery_code`.
  *
  * Geo fields (`country_code`, `city`, `latitude`, `longitude`) are populated
- * by an offline MaxMind GeoLite2-City lookup at signin time. They stay
- * `null` for private/loopback IPs, when the lookup misses, or when the
- * GeoIP service is disabled in backend config.
+ * by a GeoIP lookup at signin time. They stay `null` for private/loopback
+ * IPs, when the lookup misses, or when GeoIP is not enabled.
  */
 interface LoginHistoryEntry {
     id: string;
@@ -1429,11 +1427,10 @@ interface LoginHistoryEntry {
  * Response shape for `GET /user/me/login-activity`. `total_count` is the
  * unpaginated row count for client-side page-count calculation.
  *
- * When the authenticated user is a Delopay admin currently impersonating
- * a non-admin merchant via `switch_merchant_for_user_in_org`, the backend
- * returns `entries: []` and `total_count: 0` so the admin's IP / geo
- * doesn't render inside the merchant dashboard. The admin can still see
- * their real activity by switching back to the admin organization.
+ * When a Delopay admin is impersonating a merchant, the API returns
+ * `entries: []` and `total_count: 0` so the admin's IP / geo data is
+ * not exposed inside the merchant dashboard. The admin can still see
+ * their own activity by switching back to the admin organization.
  */
 interface LoginHistoryResponse {
     entries: LoginHistoryEntry[];
@@ -1877,10 +1874,9 @@ interface RegionResponse {
     [key: string]: unknown;
 }
 /**
- * Top-level permission group recognised by the backend. Matches the
- * `ParentGroup` enum in the Delopay backend — keep in lock-step.
- * The dashboard / any client that wants to hide buttons for actions
- * the caller can't perform reads this off `getRoleV3()`.
+ * Top-level permission group recognized by the Delopay API. The
+ * dashboard (or any client) uses these to hide UI elements for actions
+ * the caller's role cannot perform, via `getRolePermissions()`.
  */
 type ParentGroup = 'Operations' | 'Connectors' | 'Workflows' | 'Analytics' | 'Users' | 'Account' | 'ReconOps' | 'ReconReports' | 'Internal' | 'Theme' | 'ShopDetails';
 /** Two scopes — `Read` allows viewing, `Write` is required for any mutation. */
@@ -2095,8 +2091,8 @@ declare class Connectors {
      * `POST /account/{merchantId}/connectors/webhooks/{connectorId}`
      *
      * @param params - Optional event scope. Defaults to `{ event_type: 'all_events' }`
-     *   on the backend when omitted; pass `{ event_type: { specific_event: '…' } }`
-     *   to scope to a single event.
+     *   when omitted; pass `{ event_type: { specific_event: '…' } }` to scope
+     *   to a single event.
      */
     registerWebhook(merchantId: string, connectorId: string, params?: ConnectorWebhookRegisterRequest): Promise<ConnectorWebhookRegisterResponse>;
     /** Get registered webhooks for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
@@ -2511,13 +2507,12 @@ declare class Payments {
      * Retrieve a payment by its ID.
      *
      * @param paymentId - The unique payment intent ID.
-     * @param options - Optional query flags. `force_sync` asks the backend to
-     *   reconcile state with the connector before returning (used to recover a
-     *   stuck intent when a webhook was lost). `all_keys_required` lifts the
-     *   backend's `should_call_connector` gate so a `requires_payment_method`
-     *   intent can still trigger a sync — without it the backend short-circuits
-     *   and returns the local snapshot. Both flags are JWT-authenticated dashboard
-     *   helpers; API-key callers can use them too where the backend allows.
+     * @param options - Optional query flags. `force_sync` reconciles the
+     *   intent's state with the connector before returning (useful to recover
+     *   a stuck intent when a webhook was lost). `all_keys_required` forces a
+     *   connector sync even for intents in early states like
+     *   `requires_payment_method` that would otherwise return the local
+     *   snapshot. Both flags work with JWT and API-key authentication.
      * @returns The payment intent.
      *
      * @example
@@ -3121,16 +3116,15 @@ declare class Users {
     signIn(params: SignInRequest): Promise<AuthResponse>;
     signOut(): Promise<Record<string, unknown>>;
     /**
-     * Paginated login history for the authenticated user — IP, User-Agent,
-     * country / city / lat-lon (when GeoIP is enabled in backend), success
-     * and failure events with their reasons. Strictly scoped to the JWT
-     * subject; a user can only see their own activity.
+     * Paginated login history for the authenticated user -- IP, User-Agent,
+     * country / city / lat-lon (when GeoIP is enabled), success and failure
+     * events with their reasons. Strictly scoped to the JWT subject; a user
+     * can only see their own activity.
      *
      * `GET /user/me/login-activity`. Requires a logged-in JWT.
      *
-     * The backend returns an empty page when a Delopay admin is impersonating
-     * a non-admin merchant, so the admin's metadata never renders inside the
-     * merchant dashboard.
+     * Returns an empty page when a Delopay admin is impersonating a merchant,
+     * so the admin's metadata is not exposed inside the merchant dashboard.
      */
     listLoginActivity(params?: LoginHistoryParams): Promise<LoginHistoryResponse>;
     /**
@@ -3162,15 +3156,14 @@ declare class Users {
     update(params: UpdateUserDetailsRequest): Promise<UserResponse>;
     /**
      * Permanently delete the caller's account. Requires a fresh password
-     * (and a current 6-digit TOTP code if the user has TOTP enrolled). The
-     * backend hard-deletes every `user_roles` row for the caller and soft-
-     * deletes the user record itself (`is_active = false`, password / TOTP
-     * wiped). On success all in-flight sessions are blacklisted, so the
-     * caller should clear local credentials and route to the login page.
+     * (and a current 6-digit TOTP code if the user has TOTP enrolled). On
+     * success all role assignments are removed, the user record is
+     * deactivated, and all in-flight sessions are invalidated. The caller
+     * should clear local credentials and route to the login page.
      *
-     * Refuses (`InvalidDeleteOperation`) when the caller is the sole
-     * owner-level admin of an org / merchant / profile — they must transfer
-     * ownership first.
+     * Returns `InvalidDeleteOperation` when the caller is the sole
+     * owner-level admin of an org / merchant / profile -- they must
+     * transfer ownership first.
      */
     deleteAccount(params: DeleteAccountRequest): Promise<Record<string, unknown>>;
     changePassword(params: ChangePasswordRequest): Promise<UserResponse>;
@@ -3276,7 +3269,9 @@ declare class Users {
     /** Select auth method. `POST /user/auth/select` */
     selectAuth(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /** List users in lineage. `GET /user/employees/list` */
-    listUsersInLineage(): Promise<Record<string, unknown>[]>;
+    listUsersInLineage(params?: {
+        entity_type?: string;
+    }): Promise<Record<string, unknown>[]>;
     /** Resend invite. `POST /user/employees/resend-invite` */
     resendInvite(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /**

package/dist/index.d.ts

@@ -12,11 +12,10 @@ type PaymentMethod = 'card' | 'card_redirect' | 'pay_later' | 'wallet' | 'bank_r
 type PaymentMethodType = string;
 type ConnectorType = 'payment_processor' | 'payment_vas' | 'fin_operations' | 'fiz_operations' | 'networks' | 'banking_entities' | 'non_banking_finance' | 'payout_processor' | 'payment_method_auth' | 'authentication_processor' | 'tax_processor' | 'billing_processor' | 'vault_processor';
 /**
- * Snake-case connector identifiers, mirroring the backend `Connector`
- * enum in `crates/common_enums/src/connector_enums.rs`. The trailing
- * `string` keeps it open: new connectors land in the backend before the
- * SDK is regenerated, so consumers can pass any name without a type
- * error. Known names get IDE autocomplete.
+ * Snake-case connector identifiers recognized by the Delopay API. The
+ * trailing `string` keeps this type open: new connectors may be added
+ * to the API before the SDK is updated, so any name can be passed
+ * without a type error. Known names get IDE autocomplete.
  */
 type Connector = 'aci' | 'adyen' | 'adyenplatform' | 'affirm' | 'airwallex' | 'amazonpay' | 'archipel' | 'authipay' | 'authorizedotnet' | 'bambora' | 'bamboraapac' | 'bankofamerica' | 'barclaycard' | 'billwerk' | 'bitpay' | 'blackhawknetwork' | 'bluesnap' | 'boku' | 'braintree' | 'breadpay' | 'calida' | 'cardinal' | 'cashtocode' | 'celero' | 'chargebee' | 'checkbook' | 'checkout' | 'coinbase' | 'coingate' | 'creem' | 'cryptomus' | 'cryptopay' | 'ctp_mastercard' | 'ctp_visa' | 'cybersource' | 'cybersourcedecisionmanager' | 'datatrans' | 'delopay_vault' | 'delopaythreedsserver' | 'deutschebank' | 'digitalvirgo' | 'dlocal' | 'dwolla' | 'ebanx' | 'elavon' | 'envoy' | 'facilitapay' | 'finix' | 'fiserv' | 'fiservcommercehub' | 'fiservemea' | 'fiuu' | 'flexiti' | 'forte' | 'getnet' | 'gigadat' | 'globalpay' | 'globepay' | 'gocardless' | 'gpayments' | 'helcim' | 'hipay' | 'hyperpg' | 'iatapay' | 'inespay' | 'itaubank' | 'jpmorgan' | 'klarna' | 'loonio' | 'mifinity' | 'mollie' | 'moneris' | 'multisafepay' | 'netcetera' | 'nexinets' | 'nexixpay' | 'nmi' | 'nomupay' | 'noon' | 'nordea' | 'novalnet' | 'nowpayments' | 'nuvei' | 'opennode' | 'paybox' | 'payload' | 'payme' | 'payone' | 'paypal' | 'paysafe' | 'paysepro' | 'paystack' | 'paytm' | 'payu' | 'payjustnow' | 'payjustnowinstore' | 'peachpayments' | 'phonepe' | 'placetopay' | 'plaid' | 'powertranz' | 'prophetpay' | 'rapyd' | 'razorpay' | 'recurly' | 'redsys' | 'revolv3' | 'riskified' | 'santander' | 'shift4' | 'signifyd' | 'silverflow' | 'skinsback' | 'square' | 'stax' | 'stripe' | 'stripebilling' | 'taxjar' | 'tesouro' | 'threedsecureio' | 'tokenex' | 'tokenio' | 'truelayer' | 'trustly' | 'trustpay' | 'trustpayments' | 'tsys' | 'vgs' | 'volt' | 'wellsfargo' | 'wise' | 'worldline' | 'worldpay' | 'worldpaymodular' | 'worldpayvantiv' | 'worldpayxml' | 'xendit' | 'zen' | 'zift' | 'zsl' | (string & {});
 type DisputeStage = 'pre_dispute' | 'dispute' | 'pre_arbitration' | 'arbitration' | 'dispute_reversal';
@@ -347,8 +346,8 @@ interface PaymentListParams {
 interface PaymentRetrieveOptions {
     /** Reconcile intent state with the connector before responding. */
     force_sync?: boolean;
-    /** Bypass the backend's `should_call_connector` gate so even a
-     *  `requires_payment_method` intent triggers a sync. */
+    /** Force a connector sync even for intents in early states like
+     *  `requires_payment_method` that would otherwise return the local snapshot. */
     all_keys_required?: boolean;
 }
 interface PaymentListResponse {
@@ -758,7 +757,6 @@ interface ProfileLogoUploadResponse {
  * Event scope when registering a connector webhook.
  * - `'all_events'`: wildcard registration (cheapest default).
  * - `{ specific_event: '<EventType>' }`: register only one event type.
- * Matches the backend's internally-tagged `ConnectorWebhookEventType`.
  */
 type ConnectorWebhookEventType = 'all_events' | {
     specific_event: string;
@@ -1335,6 +1333,7 @@ interface SwitchProfileRequest {
 interface InviteUsersRequest {
     email: string;
     role_id: string;
+    profile_ids?: string[];
 }
 interface InviteUsersResponse {
     email: string;
@@ -1357,7 +1356,7 @@ interface FromEmailRequest {
     token: string;
 }
 /**
- * Purpose of a single-purpose JWT. The backend decides which purpose to issue
+ * Purpose of a single-purpose JWT. The API decides which purpose to issue
  * next based on the user's current state (e.g. TOTP not set → `totp`, TOTP
  * verified → `reset_password`).
  */
@@ -1376,13 +1375,13 @@ interface VerifyTotpRequest {
 /** Optional query params for `GET /user/2fa/terminate`. */
 interface Terminate2faQueryParams {
     /**
-     * Skip the TOTP requirement entirely. Only honored when the backend has
-     * `force_two_factor_auth = false`. Use sparingly — it weakens security.
+     * Skip the TOTP requirement entirely. Only honored when the server has
+     * `force_two_factor_auth = false`. Use sparingly -- it weakens security.
      */
     skip_two_factor_auth?: boolean;
 }
 /**
- * Optional query for `GET /user/me/login-activity`. Backend clamps `limit`
+ * Optional query for `GET /user/me/login-activity`. The API clamps `limit`
  * to `1..=200` (default 25) and floors `offset` at 0 (default 0).
  */
 interface LoginHistoryParams {
@@ -1407,9 +1406,8 @@ interface LoginHistoryParams {
  * `password`, `magic_link`, `sso_oidc`, `totp`, `recovery_code`.
  *
  * Geo fields (`country_code`, `city`, `latitude`, `longitude`) are populated
- * by an offline MaxMind GeoLite2-City lookup at signin time. They stay
- * `null` for private/loopback IPs, when the lookup misses, or when the
- * GeoIP service is disabled in backend config.
+ * by a GeoIP lookup at signin time. They stay `null` for private/loopback
+ * IPs, when the lookup misses, or when GeoIP is not enabled.
  */
 interface LoginHistoryEntry {
     id: string;
@@ -1429,11 +1427,10 @@ interface LoginHistoryEntry {
  * Response shape for `GET /user/me/login-activity`. `total_count` is the
  * unpaginated row count for client-side page-count calculation.
  *
- * When the authenticated user is a Delopay admin currently impersonating
- * a non-admin merchant via `switch_merchant_for_user_in_org`, the backend
- * returns `entries: []` and `total_count: 0` so the admin's IP / geo
- * doesn't render inside the merchant dashboard. The admin can still see
- * their real activity by switching back to the admin organization.
+ * When a Delopay admin is impersonating a merchant, the API returns
+ * `entries: []` and `total_count: 0` so the admin's IP / geo data is
+ * not exposed inside the merchant dashboard. The admin can still see
+ * their own activity by switching back to the admin organization.
  */
 interface LoginHistoryResponse {
     entries: LoginHistoryEntry[];
@@ -1877,10 +1874,9 @@ interface RegionResponse {
     [key: string]: unknown;
 }
 /**
- * Top-level permission group recognised by the backend. Matches the
- * `ParentGroup` enum in the Delopay backend — keep in lock-step.
- * The dashboard / any client that wants to hide buttons for actions
- * the caller can't perform reads this off `getRoleV3()`.
+ * Top-level permission group recognized by the Delopay API. The
+ * dashboard (or any client) uses these to hide UI elements for actions
+ * the caller's role cannot perform, via `getRolePermissions()`.
  */
 type ParentGroup = 'Operations' | 'Connectors' | 'Workflows' | 'Analytics' | 'Users' | 'Account' | 'ReconOps' | 'ReconReports' | 'Internal' | 'Theme' | 'ShopDetails';
 /** Two scopes — `Read` allows viewing, `Write` is required for any mutation. */
@@ -2095,8 +2091,8 @@ declare class Connectors {
      * `POST /account/{merchantId}/connectors/webhooks/{connectorId}`
      *
      * @param params - Optional event scope. Defaults to `{ event_type: 'all_events' }`
-     *   on the backend when omitted; pass `{ event_type: { specific_event: '…' } }`
-     *   to scope to a single event.
+     *   when omitted; pass `{ event_type: { specific_event: '…' } }` to scope
+     *   to a single event.
      */
     registerWebhook(merchantId: string, connectorId: string, params?: ConnectorWebhookRegisterRequest): Promise<ConnectorWebhookRegisterResponse>;
     /** Get registered webhooks for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
@@ -2511,13 +2507,12 @@ declare class Payments {
      * Retrieve a payment by its ID.
      *
      * @param paymentId - The unique payment intent ID.
-     * @param options - Optional query flags. `force_sync` asks the backend to
-     *   reconcile state with the connector before returning (used to recover a
-     *   stuck intent when a webhook was lost). `all_keys_required` lifts the
-     *   backend's `should_call_connector` gate so a `requires_payment_method`
-     *   intent can still trigger a sync — without it the backend short-circuits
-     *   and returns the local snapshot. Both flags are JWT-authenticated dashboard
-     *   helpers; API-key callers can use them too where the backend allows.
+     * @param options - Optional query flags. `force_sync` reconciles the
+     *   intent's state with the connector before returning (useful to recover
+     *   a stuck intent when a webhook was lost). `all_keys_required` forces a
+     *   connector sync even for intents in early states like
+     *   `requires_payment_method` that would otherwise return the local
+     *   snapshot. Both flags work with JWT and API-key authentication.
      * @returns The payment intent.
      *
      * @example
@@ -3121,16 +3116,15 @@ declare class Users {
     signIn(params: SignInRequest): Promise<AuthResponse>;
     signOut(): Promise<Record<string, unknown>>;
     /**
-     * Paginated login history for the authenticated user — IP, User-Agent,
-     * country / city / lat-lon (when GeoIP is enabled in backend), success
-     * and failure events with their reasons. Strictly scoped to the JWT
-     * subject; a user can only see their own activity.
+     * Paginated login history for the authenticated user -- IP, User-Agent,
+     * country / city / lat-lon (when GeoIP is enabled), success and failure
+     * events with their reasons. Strictly scoped to the JWT subject; a user
+     * can only see their own activity.
      *
      * `GET /user/me/login-activity`. Requires a logged-in JWT.
      *
-     * The backend returns an empty page when a Delopay admin is impersonating
-     * a non-admin merchant, so the admin's metadata never renders inside the
-     * merchant dashboard.
+     * Returns an empty page when a Delopay admin is impersonating a merchant,
+     * so the admin's metadata is not exposed inside the merchant dashboard.
      */
     listLoginActivity(params?: LoginHistoryParams): Promise<LoginHistoryResponse>;
     /**
@@ -3162,15 +3156,14 @@ declare class Users {
     update(params: UpdateUserDetailsRequest): Promise<UserResponse>;
     /**
      * Permanently delete the caller's account. Requires a fresh password
-     * (and a current 6-digit TOTP code if the user has TOTP enrolled). The
-     * backend hard-deletes every `user_roles` row for the caller and soft-
-     * deletes the user record itself (`is_active = false`, password / TOTP
-     * wiped). On success all in-flight sessions are blacklisted, so the
-     * caller should clear local credentials and route to the login page.
+     * (and a current 6-digit TOTP code if the user has TOTP enrolled). On
+     * success all role assignments are removed, the user record is
+     * deactivated, and all in-flight sessions are invalidated. The caller
+     * should clear local credentials and route to the login page.
      *
-     * Refuses (`InvalidDeleteOperation`) when the caller is the sole
-     * owner-level admin of an org / merchant / profile — they must transfer
-     * ownership first.
+     * Returns `InvalidDeleteOperation` when the caller is the sole
+     * owner-level admin of an org / merchant / profile -- they must
+     * transfer ownership first.
      */
     deleteAccount(params: DeleteAccountRequest): Promise<Record<string, unknown>>;
     changePassword(params: ChangePasswordRequest): Promise<UserResponse>;
@@ -3276,7 +3269,9 @@ declare class Users {
     /** Select auth method. `POST /user/auth/select` */
     selectAuth(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /** List users in lineage. `GET /user/employees/list` */
-    listUsersInLineage(): Promise<Record<string, unknown>[]>;
+    listUsersInLineage(params?: {
+        entity_type?: string;
+    }): Promise<Record<string, unknown>[]>;
     /** Resend invite. `POST /user/employees/resend-invite` */
     resendInvite(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /**

package/dist/index.js

@@ -41,7 +41,7 @@ import {
   shadowFor,
   surfacePadValue,
   verticalGapValue
-} from "./chunk-TE4LLC2R.js";
+} from "./chunk-4Q3E7XLP.js";
 export {
   Analytics,
   AnalyticsDashboard,

package/dist/internal.cjs

@@ -430,8 +430,8 @@ var Connectors = class {
    * `POST /account/{merchantId}/connectors/webhooks/{connectorId}`
    *
    * @param params - Optional event scope. Defaults to `{ event_type: 'all_events' }`
-   *   on the backend when omitted; pass `{ event_type: { specific_event: '…' } }`
-   *   to scope to a single event.
+   *   when omitted; pass `{ event_type: { specific_event: '…' } }` to scope
+   *   to a single event.
    */
   async registerWebhook(merchantId, connectorId, params) {
     const path = `/account/${encodeURIComponent(merchantId)}/connectors/webhooks/${encodeURIComponent(connectorId)}`;
@@ -1027,13 +1027,12 @@ var Payments = class {
    * Retrieve a payment by its ID.
    *
    * @param paymentId - The unique payment intent ID.
-   * @param options - Optional query flags. `force_sync` asks the backend to
-   *   reconcile state with the connector before returning (used to recover a
-   *   stuck intent when a webhook was lost). `all_keys_required` lifts the
-   *   backend's `should_call_connector` gate so a `requires_payment_method`
-   *   intent can still trigger a sync — without it the backend short-circuits
-   *   and returns the local snapshot. Both flags are JWT-authenticated dashboard
-   *   helpers; API-key callers can use them too where the backend allows.
+   * @param options - Optional query flags. `force_sync` reconciles the
+   *   intent's state with the connector before returning (useful to recover
+   *   a stuck intent when a webhook was lost). `all_keys_required` forces a
+   *   connector sync even for intents in early states like
+   *   `requires_payment_method` that would otherwise return the local
+   *   snapshot. Both flags work with JWT and API-key authentication.
    * @returns The payment intent.
    *
    * @example
@@ -1975,16 +1974,15 @@ var Users = class {
     return this.request("POST", "/user/signout");
   }
   /**
-   * Paginated login history for the authenticated user — IP, User-Agent,
-   * country / city / lat-lon (when GeoIP is enabled in backend), success
-   * and failure events with their reasons. Strictly scoped to the JWT
-   * subject; a user can only see their own activity.
+   * Paginated login history for the authenticated user -- IP, User-Agent,
+   * country / city / lat-lon (when GeoIP is enabled), success and failure
+   * events with their reasons. Strictly scoped to the JWT subject; a user
+   * can only see their own activity.
    *
    * `GET /user/me/login-activity`. Requires a logged-in JWT.
    *
-   * The backend returns an empty page when a Delopay admin is impersonating
-   * a non-admin merchant, so the admin's metadata never renders inside the
-   * merchant dashboard.
+   * Returns an empty page when a Delopay admin is impersonating a merchant,
+   * so the admin's metadata is not exposed inside the merchant dashboard.
    */
   async listLoginActivity(params) {
     if (params === void 0) {
@@ -2031,15 +2029,14 @@ var Users = class {
   }
   /**
    * Permanently delete the caller's account. Requires a fresh password
-   * (and a current 6-digit TOTP code if the user has TOTP enrolled). The
-   * backend hard-deletes every `user_roles` row for the caller and soft-
-   * deletes the user record itself (`is_active = false`, password / TOTP
-   * wiped). On success all in-flight sessions are blacklisted, so the
-   * caller should clear local credentials and route to the login page.
+   * (and a current 6-digit TOTP code if the user has TOTP enrolled). On
+   * success all role assignments are removed, the user record is
+   * deactivated, and all in-flight sessions are invalidated. The caller
+   * should clear local credentials and route to the login page.
    *
-   * Refuses (`InvalidDeleteOperation`) when the caller is the sole
-   * owner-level admin of an org / merchant / profile — they must transfer
-   * ownership first.
+   * Returns `InvalidDeleteOperation` when the caller is the sole
+   * owner-level admin of an org / merchant / profile -- they must
+   * transfer ownership first.
    */
   async deleteAccount(params) {
     return this.request("DELETE", "/user/account", { body: params });
@@ -2226,8 +2223,10 @@ var Users = class {
     return this.request("POST", "/user/auth/select", { body: params });
   }
   /** List users in lineage. `GET /user/employees/list` */
-  async listUsersInLineage() {
-    return this.request("GET", "/user/employees/list");
+  async listUsersInLineage(params) {
+    return this.request("GET", "/user/employees/list", {
+      query: params
+    });
   }
   /** Resend invite. `POST /user/employees/resend-invite` */
   async resendInvite(params) {