@delopay/sdk 0.3.2 → 0.4.0

package/dist/index.d.cts

@@ -1100,6 +1100,36 @@ interface TotpResponse {
 interface RecoveryCodesResponse {
     recovery_codes: string[];
 }
+/** Request shape for exchanging an email-link token for a single-purpose token. */
+interface FromEmailRequest {
+    /** The JWT delivered in the password-reset / verify-email / invite link. */
+    token: string;
+}
+/**
+ * Purpose of a single-purpose JWT. The backend decides which purpose to issue
+ * next based on the user's current state (e.g. TOTP not set → `totp`, TOTP
+ * verified → `reset_password`).
+ */
+type TokenPurpose = 'totp' | 'reset_password' | 'sso' | 'auth_select' | 'merchant_select' | 'accept_invitation_from_email' | 'force_set_password' | 'verify_email' | string;
+/** Response shape from endpoints that issue a new single-purpose token. */
+interface TokenResponse {
+    /** Signed JWT — pass as `Authorization: Bearer <token>` on the next call. */
+    token: string;
+    /** Kind of token — tells the client which step to perform next. */
+    token_type: TokenPurpose;
+}
+/** Body for `POST|PUT /user/2fa/totp/verify` — 6-digit code from authenticator app. */
+interface VerifyTotpRequest {
+    totp: string;
+}
+/** Optional query params for `GET /user/2fa/terminate`. */
+interface Terminate2faQueryParams {
+    /**
+     * Skip the TOTP requirement entirely. Only honored when the backend has
+     * `force_two_factor_auth = false`. Use sparingly — it weakens security.
+     */
+    skip_two_factor_auth?: boolean;
+}
 interface PhoneOtpRequest {
     phone_number: string;
 }
@@ -2985,17 +3015,26 @@ declare class Users {
     rotatePassword(params: ResetPasswordRequest): Promise<UserResponse>;
     forgotPassword(params: ForgotPasswordRequest): Promise<Record<string, unknown>>;
     /**
-     * Reset a user's password using the single-purpose JWT delivered by the
-     * forgot-password email.
+     * Commit a password reset.
      *
-     * The backend validates the token **twice**: first by the
-     * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
-     * then by the handler itself (decodes `body.token` as an `EmailToken` and
-     * looks up the user by the embedded email — see
-     * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
-     * the SDK sends it in both places. Callers still pass `{ password, token }`.
+     * The caller is responsible for obtaining a `SinglePurposeToken` with
+     * `purpose: reset_password` via the email-token exchange + TOTP flow
+     * (see `fromEmail`, `beginTotp`, `updateTotp`/`verifyTotp`,
+     * `generateRecoveryCodes`, `terminate2fa`) and setting it on the client
+     * via `setJwtToken` before calling this method. `body.token` must still
+     * be the original `EmailToken` from the reset-link URL — the handler
+     * decodes it a second time to find the user
+     * (`delopay-backend/crates/router/src/core/user.rs:687`).
      */
     resetPassword(params: ResetPasswordRequest): Promise<Record<string, unknown>>;
+    /**
+     * Exchange an email-link token (`EmailToken`) for a single-purpose JWT
+     * that drives the next step of the flow (TOTP, verify email, accept
+     * invitation, etc.). No authentication required.
+     *
+     * The `token_type` in the response tells you which step to run next.
+     */
+    fromEmail(params: FromEmailRequest): Promise<TokenResponse>;
     verifyEmail(params: Record<string, unknown>): Promise<AuthResponse>;
     sendVerificationEmail(params: ForgotPasswordRequest): Promise<Record<string, unknown>>;
     createMerchant(params: Record<string, unknown>): Promise<AuthResponse>;
@@ -3005,8 +3044,23 @@ declare class Users {
     listProfiles(): Promise<Record<string, unknown>[]>;
     inviteUsers(params: InviteUsersRequest[]): Promise<InviteUsersResponse[]>;
     acceptInvitation(params: Record<string, unknown>): Promise<AuthResponse>;
+    /**
+     * Start TOTP setup (or no-op if already set).
+     *
+     * Returns the QR-code payload when the user has no TOTP configured yet;
+     * returns `{ secret: null }` when the user is already set up (caller
+     * should then prompt for a 6-digit code and call `verifyTotp`).
+     *
+     * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
     beginTotp(): Promise<TotpResponse>;
-    verifyTotp(params: Record<string, unknown>): Promise<AuthResponse>;
+    /**
+     * Verify a 6-digit TOTP code for a user whose TOTP is already set up.
+     * Marks the code as used in Redis so subsequent flow steps can advance.
+     *
+     * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    verifyTotp(params: VerifyTotpRequest): Promise<Record<string, unknown>>;
     resetTotp(): Promise<Record<string, unknown>>;
     generateRecoveryCodes(): Promise<RecoveryCodesResponse>;
     verifyRecoveryCode(params: Record<string, unknown>): Promise<AuthResponse>;
@@ -3031,10 +3085,21 @@ declare class Users {
     check2faStatus(): Promise<Record<string, unknown>>;
     /** Check 2FA status (v2). `GET /user/2fa/v2` */
     check2faStatusV2(): Promise<Record<string, unknown>>;
-    /** Update TOTP. `PUT /user/2fa/totp/verify` */
-    updateTotp(params: Record<string, unknown>): Promise<Record<string, unknown>>;
-    /** Terminate 2FA. `GET /user/2fa/terminate` */
-    terminate2fa(): Promise<Record<string, unknown>>;
+    /**
+     * Finish first-time TOTP setup: commit the secret generated by `beginTotp`
+     * against a 6-digit code from the user's authenticator app.
+     *
+     * `PUT /user/2fa/totp/verify`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    updateTotp(params: VerifyTotpRequest): Promise<Record<string, unknown>>;
+    /**
+     * Complete the TOTP step and advance to the next flow stage (e.g.
+     * `reset_password`). Returns a fresh single-purpose token with the
+     * next `token_type`.
+     *
+     * `GET /user/2fa/terminate`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    terminate2fa(query?: Terminate2faQueryParams): Promise<TokenResponse>;
     /** Create auth method. `POST /user/auth` */
     createAuthMethod(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /** Update auth method. `PUT /user/auth` */
@@ -3540,4 +3605,4 @@ declare const Webhooks: {
     verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
 };
 
-export { type Address, type AddressDetails, type AdminAdjustmentRequest, type AdminAdjustmentResponse, type AdminAnalyticsRequest, type AdminCustomerDetail, type AdminCustomerListParams, type AdminCustomerListResponse, type AdminSignInRequest, type AdminTransactionListParams, type AdminTransactionListResponse, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuditLogListParams, type AuditLogListResponse, type AuditLogResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AuthorizeResponse, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, Cache, type CaptureMethod, type CardDetail, type CardDetailFromLocker, type CardIssuerCreateRequest, type CardIssuerListResponse, type CardIssuerResponse, type CardIssuerUpdateRequest, Cards, type ChangePasswordRequest, Configs, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type CreateInternalUserRequest, type CreateTenantUserRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerSummary, type CustomerUpdateRequest, type CustomerUser, type DashboardMetadataResponse, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type GatewayConnectRequest, type GatewayResponse, type GsmDecision, type GsmRuleCreateRequest, type GsmRuleResponse, type GsmRuleUpdateRequest, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type OnboardMerchantRequest, type OnboardMerchantResponse, type OverviewStat, type OverviewStatsResponse, type PaymentAnalyticsRequest, type PaymentAnalyticsResponse, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentStat, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PlatformAnalyticsResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type SignupToggleRequest, type SignupToggleResponse, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };
+export { type Address, type AddressDetails, type AdminAdjustmentRequest, type AdminAdjustmentResponse, type AdminAnalyticsRequest, type AdminCustomerDetail, type AdminCustomerListParams, type AdminCustomerListResponse, type AdminSignInRequest, type AdminTransactionListParams, type AdminTransactionListResponse, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuditLogListParams, type AuditLogListResponse, type AuditLogResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AuthorizeResponse, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, Cache, type CaptureMethod, type CardDetail, type CardDetailFromLocker, type CardIssuerCreateRequest, type CardIssuerListResponse, type CardIssuerResponse, type CardIssuerUpdateRequest, Cards, type ChangePasswordRequest, Configs, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type CreateInternalUserRequest, type CreateTenantUserRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerSummary, type CustomerUpdateRequest, type CustomerUser, type DashboardMetadataResponse, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type GsmDecision, type GsmRuleCreateRequest, type GsmRuleResponse, type GsmRuleUpdateRequest, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type OnboardMerchantRequest, type OnboardMerchantResponse, type OverviewStat, type OverviewStatsResponse, type PaymentAnalyticsRequest, type PaymentAnalyticsResponse, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentStat, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PlatformAnalyticsResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type SignupToggleRequest, type SignupToggleResponse, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };

package/dist/index.d.ts

@@ -1100,6 +1100,36 @@ interface TotpResponse {
 interface RecoveryCodesResponse {
     recovery_codes: string[];
 }
+/** Request shape for exchanging an email-link token for a single-purpose token. */
+interface FromEmailRequest {
+    /** The JWT delivered in the password-reset / verify-email / invite link. */
+    token: string;
+}
+/**
+ * Purpose of a single-purpose JWT. The backend decides which purpose to issue
+ * next based on the user's current state (e.g. TOTP not set → `totp`, TOTP
+ * verified → `reset_password`).
+ */
+type TokenPurpose = 'totp' | 'reset_password' | 'sso' | 'auth_select' | 'merchant_select' | 'accept_invitation_from_email' | 'force_set_password' | 'verify_email' | string;
+/** Response shape from endpoints that issue a new single-purpose token. */
+interface TokenResponse {
+    /** Signed JWT — pass as `Authorization: Bearer <token>` on the next call. */
+    token: string;
+    /** Kind of token — tells the client which step to perform next. */
+    token_type: TokenPurpose;
+}
+/** Body for `POST|PUT /user/2fa/totp/verify` — 6-digit code from authenticator app. */
+interface VerifyTotpRequest {
+    totp: string;
+}
+/** Optional query params for `GET /user/2fa/terminate`. */
+interface Terminate2faQueryParams {
+    /**
+     * Skip the TOTP requirement entirely. Only honored when the backend has
+     * `force_two_factor_auth = false`. Use sparingly — it weakens security.
+     */
+    skip_two_factor_auth?: boolean;
+}
 interface PhoneOtpRequest {
     phone_number: string;
 }
@@ -2985,17 +3015,26 @@ declare class Users {
     rotatePassword(params: ResetPasswordRequest): Promise<UserResponse>;
     forgotPassword(params: ForgotPasswordRequest): Promise<Record<string, unknown>>;
     /**
-     * Reset a user's password using the single-purpose JWT delivered by the
-     * forgot-password email.
+     * Commit a password reset.
      *
-     * The backend validates the token **twice**: first by the
-     * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
-     * then by the handler itself (decodes `body.token` as an `EmailToken` and
-     * looks up the user by the embedded email — see
-     * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
-     * the SDK sends it in both places. Callers still pass `{ password, token }`.
+     * The caller is responsible for obtaining a `SinglePurposeToken` with
+     * `purpose: reset_password` via the email-token exchange + TOTP flow
+     * (see `fromEmail`, `beginTotp`, `updateTotp`/`verifyTotp`,
+     * `generateRecoveryCodes`, `terminate2fa`) and setting it on the client
+     * via `setJwtToken` before calling this method. `body.token` must still
+     * be the original `EmailToken` from the reset-link URL — the handler
+     * decodes it a second time to find the user
+     * (`delopay-backend/crates/router/src/core/user.rs:687`).
      */
     resetPassword(params: ResetPasswordRequest): Promise<Record<string, unknown>>;
+    /**
+     * Exchange an email-link token (`EmailToken`) for a single-purpose JWT
+     * that drives the next step of the flow (TOTP, verify email, accept
+     * invitation, etc.). No authentication required.
+     *
+     * The `token_type` in the response tells you which step to run next.
+     */
+    fromEmail(params: FromEmailRequest): Promise<TokenResponse>;
     verifyEmail(params: Record<string, unknown>): Promise<AuthResponse>;
     sendVerificationEmail(params: ForgotPasswordRequest): Promise<Record<string, unknown>>;
     createMerchant(params: Record<string, unknown>): Promise<AuthResponse>;
@@ -3005,8 +3044,23 @@ declare class Users {
     listProfiles(): Promise<Record<string, unknown>[]>;
     inviteUsers(params: InviteUsersRequest[]): Promise<InviteUsersResponse[]>;
     acceptInvitation(params: Record<string, unknown>): Promise<AuthResponse>;
+    /**
+     * Start TOTP setup (or no-op if already set).
+     *
+     * Returns the QR-code payload when the user has no TOTP configured yet;
+     * returns `{ secret: null }` when the user is already set up (caller
+     * should then prompt for a 6-digit code and call `verifyTotp`).
+     *
+     * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
     beginTotp(): Promise<TotpResponse>;
-    verifyTotp(params: Record<string, unknown>): Promise<AuthResponse>;
+    /**
+     * Verify a 6-digit TOTP code for a user whose TOTP is already set up.
+     * Marks the code as used in Redis so subsequent flow steps can advance.
+     *
+     * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    verifyTotp(params: VerifyTotpRequest): Promise<Record<string, unknown>>;
     resetTotp(): Promise<Record<string, unknown>>;
     generateRecoveryCodes(): Promise<RecoveryCodesResponse>;
     verifyRecoveryCode(params: Record<string, unknown>): Promise<AuthResponse>;
@@ -3031,10 +3085,21 @@ declare class Users {
     check2faStatus(): Promise<Record<string, unknown>>;
     /** Check 2FA status (v2). `GET /user/2fa/v2` */
     check2faStatusV2(): Promise<Record<string, unknown>>;
-    /** Update TOTP. `PUT /user/2fa/totp/verify` */
-    updateTotp(params: Record<string, unknown>): Promise<Record<string, unknown>>;
-    /** Terminate 2FA. `GET /user/2fa/terminate` */
-    terminate2fa(): Promise<Record<string, unknown>>;
+    /**
+     * Finish first-time TOTP setup: commit the secret generated by `beginTotp`
+     * against a 6-digit code from the user's authenticator app.
+     *
+     * `PUT /user/2fa/totp/verify`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    updateTotp(params: VerifyTotpRequest): Promise<Record<string, unknown>>;
+    /**
+     * Complete the TOTP step and advance to the next flow stage (e.g.
+     * `reset_password`). Returns a fresh single-purpose token with the
+     * next `token_type`.
+     *
+     * `GET /user/2fa/terminate`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+     */
+    terminate2fa(query?: Terminate2faQueryParams): Promise<TokenResponse>;
     /** Create auth method. `POST /user/auth` */
     createAuthMethod(params: Record<string, unknown>): Promise<Record<string, unknown>>;
     /** Update auth method. `PUT /user/auth` */
@@ -3540,4 +3605,4 @@ declare const Webhooks: {
     verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
 };
 
-export { type Address, type AddressDetails, type AdminAdjustmentRequest, type AdminAdjustmentResponse, type AdminAnalyticsRequest, type AdminCustomerDetail, type AdminCustomerListParams, type AdminCustomerListResponse, type AdminSignInRequest, type AdminTransactionListParams, type AdminTransactionListResponse, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuditLogListParams, type AuditLogListResponse, type AuditLogResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AuthorizeResponse, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, Cache, type CaptureMethod, type CardDetail, type CardDetailFromLocker, type CardIssuerCreateRequest, type CardIssuerListResponse, type CardIssuerResponse, type CardIssuerUpdateRequest, Cards, type ChangePasswordRequest, Configs, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type CreateInternalUserRequest, type CreateTenantUserRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerSummary, type CustomerUpdateRequest, type CustomerUser, type DashboardMetadataResponse, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type GatewayConnectRequest, type GatewayResponse, type GsmDecision, type GsmRuleCreateRequest, type GsmRuleResponse, type GsmRuleUpdateRequest, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type OnboardMerchantRequest, type OnboardMerchantResponse, type OverviewStat, type OverviewStatsResponse, type PaymentAnalyticsRequest, type PaymentAnalyticsResponse, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentStat, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PlatformAnalyticsResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type SignupToggleRequest, type SignupToggleResponse, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };
+export { type Address, type AddressDetails, type AdminAdjustmentRequest, type AdminAdjustmentResponse, type AdminAnalyticsRequest, type AdminCustomerDetail, type AdminCustomerListParams, type AdminCustomerListResponse, type AdminSignInRequest, type AdminTransactionListParams, type AdminTransactionListResponse, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuditLogListParams, type AuditLogListResponse, type AuditLogResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AuthorizeResponse, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, Cache, type CaptureMethod, type CardDetail, type CardDetailFromLocker, type CardIssuerCreateRequest, type CardIssuerListResponse, type CardIssuerResponse, type CardIssuerUpdateRequest, Cards, type ChangePasswordRequest, Configs, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type CreateInternalUserRequest, type CreateTenantUserRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerSummary, type CustomerUpdateRequest, type CustomerUser, type DashboardMetadataResponse, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type GsmDecision, type GsmRuleCreateRequest, type GsmRuleResponse, type GsmRuleUpdateRequest, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type OnboardMerchantRequest, type OnboardMerchantResponse, type OverviewStat, type OverviewStatsResponse, type PaymentAnalyticsRequest, type PaymentAnalyticsResponse, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentStat, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PlatformAnalyticsResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type SignupToggleRequest, type SignupToggleResponse, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };

package/dist/index.js

@@ -2030,21 +2030,29 @@ var Users = class {
     return this.request("POST", "/user/forgot_password", { body: params });
   }
   /**
-   * Reset a user's password using the single-purpose JWT delivered by the
-   * forgot-password email.
+   * Commit a password reset.
    *
-   * The backend validates the token **twice**: first by the
-   * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
-   * then by the handler itself (decodes `body.token` as an `EmailToken` and
-   * looks up the user by the embedded email — see
-   * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
-   * the SDK sends it in both places. Callers still pass `{ password, token }`.
+   * The caller is responsible for obtaining a `SinglePurposeToken` with
+   * `purpose: reset_password` via the email-token exchange + TOTP flow
+   * (see `fromEmail`, `beginTotp`, `updateTotp`/`verifyTotp`,
+   * `generateRecoveryCodes`, `terminate2fa`) and setting it on the client
+   * via `setJwtToken` before calling this method. `body.token` must still
+   * be the original `EmailToken` from the reset-link URL — the handler
+   * decodes it a second time to find the user
+   * (`delopay-backend/crates/router/src/core/user.rs:687`).
    */
   async resetPassword(params) {
-    return this.request("POST", "/user/reset_password", {
-      body: params,
-      headers: { Authorization: `Bearer ${params.token}` }
-    });
+    return this.request("POST", "/user/reset_password", { body: params });
+  }
+  /**
+   * Exchange an email-link token (`EmailToken`) for a single-purpose JWT
+   * that drives the next step of the flow (TOTP, verify email, accept
+   * invitation, etc.). No authentication required.
+   *
+   * The `token_type` in the response tells you which step to run next.
+   */
+  async fromEmail(params) {
+    return this.request("POST", "/user/from_email", { body: params });
   }
   async verifyEmail(params) {
     return this.request("POST", "/user/verify_email", { body: params });
@@ -2073,9 +2081,24 @@ var Users = class {
   async acceptInvitation(params) {
     return this.request("POST", "/user/user/invite/accept", { body: params });
   }
+  /**
+   * Start TOTP setup (or no-op if already set).
+   *
+   * Returns the QR-code payload when the user has no TOTP configured yet;
+   * returns `{ secret: null }` when the user is already set up (caller
+   * should then prompt for a 6-digit code and call `verifyTotp`).
+   *
+   * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+   */
   async beginTotp() {
     return this.request("GET", "/user/2fa/totp/begin");
   }
+  /**
+   * Verify a 6-digit TOTP code for a user whose TOTP is already set up.
+   * Marks the code as used in Redis so subsequent flow steps can advance.
+   *
+   * Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+   */
   async verifyTotp(params) {
     return this.request("POST", "/user/2fa/totp/verify", { body: params });
   }
@@ -2142,13 +2165,29 @@ var Users = class {
   async check2faStatusV2() {
     return this.request("GET", "/user/2fa/v2");
   }
-  /** Update TOTP. `PUT /user/2fa/totp/verify` */
+  /**
+   * Finish first-time TOTP setup: commit the secret generated by `beginTotp`
+   * against a 6-digit code from the user's authenticator app.
+   *
+   * `PUT /user/2fa/totp/verify`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+   */
   async updateTotp(params) {
     return this.request("PUT", "/user/2fa/totp/verify", { body: params });
   }
-  /** Terminate 2FA. `GET /user/2fa/terminate` */
-  async terminate2fa() {
-    return this.request("GET", "/user/2fa/terminate");
+  /**
+   * Complete the TOTP step and advance to the next flow stage (e.g.
+   * `reset_password`). Returns a fresh single-purpose token with the
+   * next `token_type`.
+   *
+   * `GET /user/2fa/terminate`. Requires `Authorization: Bearer <SPT{purpose:totp}>`.
+   */
+  async terminate2fa(query) {
+    if (query === void 0) {
+      return this.request("GET", "/user/2fa/terminate");
+    }
+    return this.request("GET", "/user/2fa/terminate", {
+      query
+    });
   }
   /** Create auth method. `POST /user/auth` */
   async createAuthMethod(params) {