@delopay/sdk 0.9.0 → 0.11.0

package/dist/index.d.cts

@@ -335,6 +335,14 @@ interface PaymentListParams {
     'created.lte'?: string | null;
     'created.gte'?: string | null;
 }
+/** Optional query flags for `payments.retrieve`. See the method's JSDoc. */
+interface PaymentRetrieveOptions {
+    /** Reconcile intent state with the connector before responding. */
+    force_sync?: boolean;
+    /** Bypass the backend's `should_call_connector` gate so even a
+     *  `requires_payment_method` intent triggers a sync. */
+    all_keys_required?: boolean;
+}
 interface PaymentListResponse {
     size: number;
     data: PaymentResponse[];
@@ -726,6 +734,34 @@ interface ProfileLogoUploadResponse {
     /** Publicly-reachable HTTPS URL of the uploaded logo. */
     logo_url: string;
 }
+/**
+ * Event scope when registering a connector webhook.
+ * - `'all_events'`: wildcard registration (cheapest default).
+ * - `{ specific_event: '<EventType>' }`: register only one event type.
+ * Matches the backend's internally-tagged `ConnectorWebhookEventType`.
+ */
+type ConnectorWebhookEventType = 'all_events' | {
+    specific_event: string;
+};
+/** Body for `POST /account/{merchantId}/connectors/webhooks/{connectorId}`. */
+interface ConnectorWebhookRegisterRequest {
+    event_type?: ConnectorWebhookEventType;
+}
+interface ConnectorWebhookRegisterResponse {
+    event_type: ConnectorWebhookEventType;
+    connector_webhook_id: string | null;
+    webhook_registration_status: 'success' | 'failure';
+    error_code: string | null;
+    error_message: string | null;
+}
+interface ConnectorWebhookEntry {
+    event_type: ConnectorWebhookEventType;
+    connector_webhook_id: string;
+}
+interface ConnectorWebhookListResponse {
+    connector: string;
+    webhooks: ConnectorWebhookEntry[];
+}
 interface PaymentLinkBackgroundImageConfig {
     url: string;
     position?: 'top-left' | 'top-center' | 'top-right' | 'center-left' | 'center' | 'center-right' | 'bottom-left' | 'bottom-center' | 'bottom-right' | null;
@@ -1214,6 +1250,15 @@ interface Terminate2faQueryParams {
      */
     skip_two_factor_auth?: boolean;
 }
+/** Optional query params for `GET /user/role/list/invite`. */
+interface ListInvitableRolesParams {
+    /**
+     * Scope the listing to roles invitable for a given entity. The dashboard
+     * passes `'merchant'` when populating an invite-employee dialog so admin/
+     * platform-only roles don't leak into a merchant-side list.
+     */
+    entity_type?: string;
+}
 interface PhoneOtpRequest {
     phone_number: string;
 }
@@ -1783,10 +1828,17 @@ declare class Connectors {
     delete(accountId: string, connectorId: string): Promise<ConnectorResponse>;
     /** Verify connector credentials. `POST /account/connectors/verify` */
     verify(params: Record<string, unknown>): Promise<Record<string, unknown>>;
-    /** Register a webhook for a connector. `POST /account/{merchantId}/connectors/webhooks/{connectorId}` */
-    registerWebhook(merchantId: string, connectorId: string): Promise<Record<string, unknown>>;
-    /** Get a webhook for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
-    getWebhook(merchantId: string, connectorId: string): Promise<Record<string, unknown>>;
+    /**
+     * Register a webhook for a connector.
+     * `POST /account/{merchantId}/connectors/webhooks/{connectorId}`
+     *
+     * @param params - Optional event scope. Defaults to `{ event_type: 'all_events' }`
+     *   on the backend when omitted; pass `{ event_type: { specific_event: '…' } }`
+     *   to scope to a single event.
+     */
+    registerWebhook(merchantId: string, connectorId: string, params?: ConnectorWebhookRegisterRequest): Promise<ConnectorWebhookRegisterResponse>;
+    /** Get registered webhooks for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
+    getWebhook(merchantId: string, connectorId: string): Promise<ConnectorWebhookListResponse>;
     /** List available payment methods. `GET /account/payment_methods` */
     listPaymentMethods(): Promise<Record<string, unknown>[]>;
 }
@@ -2197,14 +2249,25 @@ declare class Payments {
      * Retrieve a payment by its ID.
      *
      * @param paymentId - The unique payment intent ID.
+     * @param options - Optional query flags. `force_sync` asks the backend to
+     *   reconcile state with the connector before returning (used to recover a
+     *   stuck intent when a webhook was lost). `all_keys_required` lifts the
+     *   backend's `should_call_connector` gate so a `requires_payment_method`
+     *   intent can still trigger a sync — without it the backend short-circuits
+     *   and returns the local snapshot. Both flags are JWT-authenticated dashboard
+     *   helpers; API-key callers can use them too where the backend allows.
      * @returns The payment intent.
      *
      * @example
      * ```typescript
      * const payment = await delopay.payments.retrieve('pay_abc123');
+     * const synced = await delopay.payments.retrieve('pay_abc123', {
+     *   force_sync: true,
+     *   all_keys_required: true,
+     * });
      * ```
      */
-    retrieve(paymentId: string): Promise<PaymentResponse>;
+    retrieve(paymentId: string, options?: PaymentRetrieveOptions): Promise<PaymentResponse>;
     /**
      * Update an existing payment intent before it is confirmed.
      *
@@ -2419,24 +2482,30 @@ declare class Projects {
      * Retrieve a project by its ID.
      *
      * @param projectId - The unique project ID.
+     * @param merchantId - Optional merchant scope. When provided, sent as
+     *   `?merchant_id=…` — required by dashboards that authenticate with a JWT
+     *   spanning multiple merchants and need to disambiguate which one this
+     *   call applies to. API-key callers can omit it.
      * @returns The project.
      */
-    retrieve(projectId: string): Promise<ProjectResponse>;
+    retrieve(projectId: string, merchantId?: string): Promise<ProjectResponse>;
     /**
      * Update a project's details.
      *
      * @param projectId - The project ID to update.
      * @param params - Fields to update.
+     * @param merchantId - Optional merchant scope. See {@link Projects.retrieve}.
      * @returns The updated project.
      */
-    update(projectId: string, params: ProjectUpdateRequest): Promise<ProjectResponse>;
+    update(projectId: string, params: ProjectUpdateRequest, merchantId?: string): Promise<ProjectResponse>;
     /**
      * Delete a project.
      *
      * @param projectId - The project ID to delete.
+     * @param merchantId - Optional merchant scope. See {@link Projects.retrieve}.
      * @returns The deleted project object.
      */
-    delete(projectId: string): Promise<ProjectResponse>;
+    delete(projectId: string, merchantId?: string): Promise<ProjectResponse>;
     /**
      * List all projects for a merchant.
      *
@@ -2863,8 +2932,14 @@ declare class Users {
     getRoleV3(): Promise<Record<string, unknown>>;
     /** List roles (v2). `GET /user/role/v2/list` */
     listRolesV2(): Promise<Record<string, unknown>[]>;
-    /** List invitable roles. `GET /user/role/list/invite` */
-    listInvitableRoles(): Promise<Record<string, unknown>[]>;
+    /**
+     * List invitable roles. `GET /user/role/list/invite`
+     *
+     * @param params - Optional query. `entity_type` scopes the role list to a
+     *   particular entity (e.g. `'merchant'` to list only merchant-scoped roles
+     *   when inviting employees from the merchant dashboard).
+     */
+    listInvitableRoles(params?: ListInvitableRolesParams): Promise<Record<string, unknown>[]>;
     /** List updatable roles. `GET /user/role/list/update` */
     listUpdatableRoles(): Promise<Record<string, unknown>[]>;
     /** Get permission info. `GET /user/permission_info` */
@@ -3097,7 +3172,7 @@ type RequestFn = <T>(method: string, path: string, options?: RequestOptions) =>
 declare class Delopay {
     /** Utility for verifying incoming webhook signatures (static, no instance needed). */
     static webhooks: {
-        verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
+        verify(rawBody: string | Uint8Array, signatureHeader: string, secret: string): Promise<WebhookEvent>;
     };
     /** The resolved base URL used for all API requests. */
     readonly baseUrl: string;
@@ -3261,58 +3336,58 @@ declare class DelopayAuthenticationError extends DelopayError {
 /**
  * A parsed and verified Delopay webhook event.
  *
- * The `type` field identifies the event (e.g. `'payment.succeeded'`).
+ * The `type` field identifies the event (e.g. `'payment_succeeded'`).
  * Specific event payload shapes are nested under `data`.
  */
 interface WebhookEvent {
-    /** Event type identifier, e.g. `'payment.succeeded'` or `'refund.created'`. */
+    /** Event type identifier, e.g. `'payment_succeeded'` or `'refund_succeeded'`. */
     type: string;
     /** Event payload. Shape depends on `type`. */
     data: Record<string, unknown>;
     [key: string]: unknown;
 }
-/**
- * Options for webhook signature verification.
- */
-interface VerifyOptions {
-    /**
-     * Maximum age of the webhook timestamp in seconds before the event is rejected.
-     * Defaults to `300` (5 minutes). Prevents replay attacks.
-     */
-    tolerance?: number;
-}
 declare const Webhooks: {
     /**
      * Verify the signature of an incoming Delopay webhook and return the parsed event.
      *
+     * Delopay signs each outgoing webhook with HMAC-SHA512 over the raw request body,
+     * using your shop's webhook secret (the *payment response hash key* configured on
+     * the shop). The hex-encoded digest is delivered in the `X-Webhook-Signature-512`
+     * HTTP header.
+     *
      * Uses the Web Crypto API (`globalThis.crypto.subtle`), so it runs unchanged in
      * Node 18+, modern browsers, Deno, Bun, and edge runtimes (Cloudflare Workers, Vercel Edge).
      *
-     * This method is available as a static property on the `Delopay` class
+     * Available as a static property on the `Delopay` class
      * (`Delopay.webhooks.verify`) and does not require a client instance.
      *
-     * @param rawBody - The raw request body string (do **not** parse it before passing).
-     * @param signatureHeader - The value of the `delopay-signature` HTTP header.
-     * @param secret - Your webhook signing secret from the Delopay dashboard.
-     * @param options - Optional verification settings (replay tolerance).
+     * @param rawBody - The raw request body. Pass the original bytes (`Uint8Array` /
+     *   `Buffer`) when possible; if you pass a string, it must be the unmodified UTF-8
+     *   text of the request body. Do **not** parse it before passing.
+     * @param signatureHeader - The value of the `X-Webhook-Signature-512` HTTP header.
+     * @param secret - Your shop's webhook signing secret.
      * @returns Promise that resolves to the parsed webhook event.
-     * @throws {Error} When the signature is invalid, the timestamp is missing, or the event is too old.
+     * @throws {Error} When the signature header is malformed or does not match the body.
      *
      * @example
      * ```typescript
      * // Express example
      * app.post('/webhook', express.raw({ type: 'application/json' }), async (req, res) => {
-     *   const event = await Delopay.webhooks.verify(
-     *     req.body.toString(),
-     *     req.headers['delopay-signature'] as string,
-     *     process.env.DELOPAY_WEBHOOK_SECRET!,
-     *   );
-     *   console.log(event.type, event.data);
-     *   res.sendStatus(200);
+     *   try {
+     *     const event = await Delopay.webhooks.verify(
+     *       req.body, // Buffer from express.raw()
+     *       req.header('x-webhook-signature-512') ?? '',
+     *       process.env.DELOPAY_WEBHOOK_SECRET!,
+     *     );
+     *     console.log(event.type, event.data);
+     *     res.sendStatus(200);
+     *   } catch {
+     *     res.status(400).send('Invalid signature');
+     *   }
      * });
      * ```
      */
-    verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
+    verify(rawBody: string | Uint8Array, signatureHeader: string, secret: string): Promise<WebhookEvent>;
 };
 
-export { type Address, type AddressDetails, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, type BusinessPaymentLinkConfig, type CaptureMethod, type CardDetail, type CardDetailFromLocker, Cards, type ChangePasswordRequest, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerUpdateRequest, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkBackgroundImageConfig, type PaymentLinkConfigRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentLinkTransactionDetails, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileLogoUploadResponse, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TierSummary, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };
+export { type Address, type AddressDetails, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, type BusinessPaymentLinkConfig, type CaptureMethod, type CardDetail, type CardDetailFromLocker, Cards, type ChangePasswordRequest, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type ConnectorWebhookEntry, type ConnectorWebhookEventType, type ConnectorWebhookListResponse, type ConnectorWebhookRegisterRequest, type ConnectorWebhookRegisterResponse, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerUpdateRequest, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type ListInvitableRolesParams, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkBackgroundImageConfig, type PaymentLinkConfigRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentLinkTransactionDetails, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentRetrieveOptions, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileLogoUploadResponse, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TierSummary, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };

package/dist/index.d.ts

@@ -335,6 +335,14 @@ interface PaymentListParams {
     'created.lte'?: string | null;
     'created.gte'?: string | null;
 }
+/** Optional query flags for `payments.retrieve`. See the method's JSDoc. */
+interface PaymentRetrieveOptions {
+    /** Reconcile intent state with the connector before responding. */
+    force_sync?: boolean;
+    /** Bypass the backend's `should_call_connector` gate so even a
+     *  `requires_payment_method` intent triggers a sync. */
+    all_keys_required?: boolean;
+}
 interface PaymentListResponse {
     size: number;
     data: PaymentResponse[];
@@ -726,6 +734,34 @@ interface ProfileLogoUploadResponse {
     /** Publicly-reachable HTTPS URL of the uploaded logo. */
     logo_url: string;
 }
+/**
+ * Event scope when registering a connector webhook.
+ * - `'all_events'`: wildcard registration (cheapest default).
+ * - `{ specific_event: '<EventType>' }`: register only one event type.
+ * Matches the backend's internally-tagged `ConnectorWebhookEventType`.
+ */
+type ConnectorWebhookEventType = 'all_events' | {
+    specific_event: string;
+};
+/** Body for `POST /account/{merchantId}/connectors/webhooks/{connectorId}`. */
+interface ConnectorWebhookRegisterRequest {
+    event_type?: ConnectorWebhookEventType;
+}
+interface ConnectorWebhookRegisterResponse {
+    event_type: ConnectorWebhookEventType;
+    connector_webhook_id: string | null;
+    webhook_registration_status: 'success' | 'failure';
+    error_code: string | null;
+    error_message: string | null;
+}
+interface ConnectorWebhookEntry {
+    event_type: ConnectorWebhookEventType;
+    connector_webhook_id: string;
+}
+interface ConnectorWebhookListResponse {
+    connector: string;
+    webhooks: ConnectorWebhookEntry[];
+}
 interface PaymentLinkBackgroundImageConfig {
     url: string;
     position?: 'top-left' | 'top-center' | 'top-right' | 'center-left' | 'center' | 'center-right' | 'bottom-left' | 'bottom-center' | 'bottom-right' | null;
@@ -1214,6 +1250,15 @@ interface Terminate2faQueryParams {
      */
     skip_two_factor_auth?: boolean;
 }
+/** Optional query params for `GET /user/role/list/invite`. */
+interface ListInvitableRolesParams {
+    /**
+     * Scope the listing to roles invitable for a given entity. The dashboard
+     * passes `'merchant'` when populating an invite-employee dialog so admin/
+     * platform-only roles don't leak into a merchant-side list.
+     */
+    entity_type?: string;
+}
 interface PhoneOtpRequest {
     phone_number: string;
 }
@@ -1783,10 +1828,17 @@ declare class Connectors {
     delete(accountId: string, connectorId: string): Promise<ConnectorResponse>;
     /** Verify connector credentials. `POST /account/connectors/verify` */
     verify(params: Record<string, unknown>): Promise<Record<string, unknown>>;
-    /** Register a webhook for a connector. `POST /account/{merchantId}/connectors/webhooks/{connectorId}` */
-    registerWebhook(merchantId: string, connectorId: string): Promise<Record<string, unknown>>;
-    /** Get a webhook for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
-    getWebhook(merchantId: string, connectorId: string): Promise<Record<string, unknown>>;
+    /**
+     * Register a webhook for a connector.
+     * `POST /account/{merchantId}/connectors/webhooks/{connectorId}`
+     *
+     * @param params - Optional event scope. Defaults to `{ event_type: 'all_events' }`
+     *   on the backend when omitted; pass `{ event_type: { specific_event: '…' } }`
+     *   to scope to a single event.
+     */
+    registerWebhook(merchantId: string, connectorId: string, params?: ConnectorWebhookRegisterRequest): Promise<ConnectorWebhookRegisterResponse>;
+    /** Get registered webhooks for a connector. `GET /account/{merchantId}/connectors/webhooks/{connectorId}` */
+    getWebhook(merchantId: string, connectorId: string): Promise<ConnectorWebhookListResponse>;
     /** List available payment methods. `GET /account/payment_methods` */
     listPaymentMethods(): Promise<Record<string, unknown>[]>;
 }
@@ -2197,14 +2249,25 @@ declare class Payments {
      * Retrieve a payment by its ID.
      *
      * @param paymentId - The unique payment intent ID.
+     * @param options - Optional query flags. `force_sync` asks the backend to
+     *   reconcile state with the connector before returning (used to recover a
+     *   stuck intent when a webhook was lost). `all_keys_required` lifts the
+     *   backend's `should_call_connector` gate so a `requires_payment_method`
+     *   intent can still trigger a sync — without it the backend short-circuits
+     *   and returns the local snapshot. Both flags are JWT-authenticated dashboard
+     *   helpers; API-key callers can use them too where the backend allows.
      * @returns The payment intent.
      *
      * @example
      * ```typescript
      * const payment = await delopay.payments.retrieve('pay_abc123');
+     * const synced = await delopay.payments.retrieve('pay_abc123', {
+     *   force_sync: true,
+     *   all_keys_required: true,
+     * });
      * ```
      */
-    retrieve(paymentId: string): Promise<PaymentResponse>;
+    retrieve(paymentId: string, options?: PaymentRetrieveOptions): Promise<PaymentResponse>;
     /**
      * Update an existing payment intent before it is confirmed.
      *
@@ -2419,24 +2482,30 @@ declare class Projects {
      * Retrieve a project by its ID.
      *
      * @param projectId - The unique project ID.
+     * @param merchantId - Optional merchant scope. When provided, sent as
+     *   `?merchant_id=…` — required by dashboards that authenticate with a JWT
+     *   spanning multiple merchants and need to disambiguate which one this
+     *   call applies to. API-key callers can omit it.
      * @returns The project.
      */
-    retrieve(projectId: string): Promise<ProjectResponse>;
+    retrieve(projectId: string, merchantId?: string): Promise<ProjectResponse>;
     /**
      * Update a project's details.
      *
      * @param projectId - The project ID to update.
      * @param params - Fields to update.
+     * @param merchantId - Optional merchant scope. See {@link Projects.retrieve}.
      * @returns The updated project.
      */
-    update(projectId: string, params: ProjectUpdateRequest): Promise<ProjectResponse>;
+    update(projectId: string, params: ProjectUpdateRequest, merchantId?: string): Promise<ProjectResponse>;
     /**
      * Delete a project.
      *
      * @param projectId - The project ID to delete.
+     * @param merchantId - Optional merchant scope. See {@link Projects.retrieve}.
      * @returns The deleted project object.
      */
-    delete(projectId: string): Promise<ProjectResponse>;
+    delete(projectId: string, merchantId?: string): Promise<ProjectResponse>;
     /**
      * List all projects for a merchant.
      *
@@ -2863,8 +2932,14 @@ declare class Users {
     getRoleV3(): Promise<Record<string, unknown>>;
     /** List roles (v2). `GET /user/role/v2/list` */
     listRolesV2(): Promise<Record<string, unknown>[]>;
-    /** List invitable roles. `GET /user/role/list/invite` */
-    listInvitableRoles(): Promise<Record<string, unknown>[]>;
+    /**
+     * List invitable roles. `GET /user/role/list/invite`
+     *
+     * @param params - Optional query. `entity_type` scopes the role list to a
+     *   particular entity (e.g. `'merchant'` to list only merchant-scoped roles
+     *   when inviting employees from the merchant dashboard).
+     */
+    listInvitableRoles(params?: ListInvitableRolesParams): Promise<Record<string, unknown>[]>;
     /** List updatable roles. `GET /user/role/list/update` */
     listUpdatableRoles(): Promise<Record<string, unknown>[]>;
     /** Get permission info. `GET /user/permission_info` */
@@ -3097,7 +3172,7 @@ type RequestFn = <T>(method: string, path: string, options?: RequestOptions) =>
 declare class Delopay {
     /** Utility for verifying incoming webhook signatures (static, no instance needed). */
     static webhooks: {
-        verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
+        verify(rawBody: string | Uint8Array, signatureHeader: string, secret: string): Promise<WebhookEvent>;
     };
     /** The resolved base URL used for all API requests. */
     readonly baseUrl: string;
@@ -3261,58 +3336,58 @@ declare class DelopayAuthenticationError extends DelopayError {
 /**
  * A parsed and verified Delopay webhook event.
  *
- * The `type` field identifies the event (e.g. `'payment.succeeded'`).
+ * The `type` field identifies the event (e.g. `'payment_succeeded'`).
  * Specific event payload shapes are nested under `data`.
  */
 interface WebhookEvent {
-    /** Event type identifier, e.g. `'payment.succeeded'` or `'refund.created'`. */
+    /** Event type identifier, e.g. `'payment_succeeded'` or `'refund_succeeded'`. */
     type: string;
     /** Event payload. Shape depends on `type`. */
     data: Record<string, unknown>;
     [key: string]: unknown;
 }
-/**
- * Options for webhook signature verification.
- */
-interface VerifyOptions {
-    /**
-     * Maximum age of the webhook timestamp in seconds before the event is rejected.
-     * Defaults to `300` (5 minutes). Prevents replay attacks.
-     */
-    tolerance?: number;
-}
 declare const Webhooks: {
     /**
      * Verify the signature of an incoming Delopay webhook and return the parsed event.
      *
+     * Delopay signs each outgoing webhook with HMAC-SHA512 over the raw request body,
+     * using your shop's webhook secret (the *payment response hash key* configured on
+     * the shop). The hex-encoded digest is delivered in the `X-Webhook-Signature-512`
+     * HTTP header.
+     *
      * Uses the Web Crypto API (`globalThis.crypto.subtle`), so it runs unchanged in
      * Node 18+, modern browsers, Deno, Bun, and edge runtimes (Cloudflare Workers, Vercel Edge).
      *
-     * This method is available as a static property on the `Delopay` class
+     * Available as a static property on the `Delopay` class
      * (`Delopay.webhooks.verify`) and does not require a client instance.
      *
-     * @param rawBody - The raw request body string (do **not** parse it before passing).
-     * @param signatureHeader - The value of the `delopay-signature` HTTP header.
-     * @param secret - Your webhook signing secret from the Delopay dashboard.
-     * @param options - Optional verification settings (replay tolerance).
+     * @param rawBody - The raw request body. Pass the original bytes (`Uint8Array` /
+     *   `Buffer`) when possible; if you pass a string, it must be the unmodified UTF-8
+     *   text of the request body. Do **not** parse it before passing.
+     * @param signatureHeader - The value of the `X-Webhook-Signature-512` HTTP header.
+     * @param secret - Your shop's webhook signing secret.
      * @returns Promise that resolves to the parsed webhook event.
-     * @throws {Error} When the signature is invalid, the timestamp is missing, or the event is too old.
+     * @throws {Error} When the signature header is malformed or does not match the body.
      *
      * @example
      * ```typescript
      * // Express example
      * app.post('/webhook', express.raw({ type: 'application/json' }), async (req, res) => {
-     *   const event = await Delopay.webhooks.verify(
-     *     req.body.toString(),
-     *     req.headers['delopay-signature'] as string,
-     *     process.env.DELOPAY_WEBHOOK_SECRET!,
-     *   );
-     *   console.log(event.type, event.data);
-     *   res.sendStatus(200);
+     *   try {
+     *     const event = await Delopay.webhooks.verify(
+     *       req.body, // Buffer from express.raw()
+     *       req.header('x-webhook-signature-512') ?? '',
+     *       process.env.DELOPAY_WEBHOOK_SECRET!,
+     *     );
+     *     console.log(event.type, event.data);
+     *     res.sendStatus(200);
+     *   } catch {
+     *     res.status(400).send('Invalid signature');
+     *   }
      * });
      * ```
      */
-    verify(rawBody: string, signatureHeader: string, secret: string, options?: VerifyOptions): Promise<WebhookEvent>;
+    verify(rawBody: string | Uint8Array, signatureHeader: string, secret: string): Promise<WebhookEvent>;
 };
 
-export { type Address, type AddressDetails, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, type BusinessPaymentLinkConfig, type CaptureMethod, type CardDetail, type CardDetailFromLocker, Cards, type ChangePasswordRequest, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerUpdateRequest, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkBackgroundImageConfig, type PaymentLinkConfigRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentLinkTransactionDetails, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileLogoUploadResponse, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TierSummary, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyOptions, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };
+export { type Address, type AddressDetails, type AllocationListResponse, type AllocationResponse, type AllocationTransferRequest, type AllocationTransferResponse, Analytics, AnalyticsDashboard, type ApiKeyCreateRequest, type ApiKeyCreateResponse, type ApiKeyExpiration, type ApiKeyResponse, type ApiKeyRevokeResponse, type ApiKeyUpdateRequest, type ApplePayVerificationRequest, type ApplePayVerificationResponse, type ApplePayVerifiedDomainsResponse, type AuthResponse, type AuthenticationCreateRequest, type AuthenticationResponse, type AuthenticationStatus, type AuthenticationType, type AutoRechargeConfig, type AutoRechargeUpdateRequest, type BillingCompleteSetupRequest, type BillingProfileResponse, type BillingSetupRequest, type BillingSetupResponse, type BlocklistAddRequest, type BlocklistDataKind, type BlocklistResponse, type BusinessPaymentLinkConfig, type CaptureMethod, type CardDetail, type CardDetailFromLocker, Cards, type ChangePasswordRequest, type ConnectorCreateRequest, type ConnectorListResponse, type ConnectorResponse, type ConnectorType, type ConnectorUpdateRequest, type ConnectorWebhookEntry, type ConnectorWebhookEventType, type ConnectorWebhookListResponse, type ConnectorWebhookRegisterRequest, type ConnectorWebhookRegisterResponse, type Currency, type CustomerCreateRequest, type CustomerListParams, type CustomerPaymentMethodsListParams, type CustomerPaymentMethodsListResponse, type CustomerResponse, type CustomerUpdateRequest, Delopay, DelopayAuthenticationError, DelopayError, type DelopayLogger, type DelopayOptions, type DisputeEvidenceRequest, type DisputeListParams, type DisputeResponse, type DisputeStage, type DisputeStatus, type EphemeralKeyCreateRequest, type EphemeralKeyCreateResponse, type EventClass, type EventDeliveryAttemptResponse, type EventDetailResponse, type EventListParams, type EventListResponse, type EventResponse, type EventType, Export, FeatureMatrix, type FeeOwner, type FeeScheduleCreateRequest, type FeeScheduleResponse, type FeeScheduleUpdateRequest, type FeeType, Files, Forex, type ForgotPasswordRequest, type FromEmailRequest, type GatewayConnectRequest, type GatewayResponse, type IntentStatus, type InviteUsersRequest, type InviteUsersResponse, type LedgerEntry, type LedgerListParams, type LedgerResponse, type ListInvitableRolesParams, type MandateListParams, type MandateResponse, type MandateRevokedResponse, type MandateStatus, type MandateType, type MerchantAccountCreateRequest, type MerchantAccountResponse, type MerchantAccountType, type MerchantAccountUpdateRequest, type MerchantOverviewResponse, type MerchantOverviewStat, type PaymentCancelRequest, type PaymentCaptureRequest, type PaymentConfirmRequest, type PaymentCreateRequest, type PaymentLinkBackgroundImageConfig, type PaymentLinkConfigRequest, type PaymentLinkListParams, type PaymentLinkListResponse, type PaymentLinkResponse, type PaymentLinkTransactionDetails, type PaymentListParams, type PaymentListResponse, type PaymentMethod, type PaymentMethodCreateRequest, type PaymentMethodDeleteResponse, type PaymentMethodListParams, type PaymentMethodResponse, type PaymentMethodType, type PaymentMethodUpdateRequest, type PaymentResponse, type PaymentRetrieveOptions, type PaymentUpdateRequest, type PayoutCreateRequest, type PayoutListParams, type PayoutListResponse, type PayoutResponse, type PayoutStatus, type PayoutType, type PayoutUpdateRequest, type PhoneDetails, type PhoneOtpRequest, type PhoneOtpResponse, type PhoneOtpVerifyRequest, type PhoneOtpVerifyResponse, type PollStatus, type PollStatusResponse, type ProfileAcquirerCreateRequest, type ProfileAcquirerResponse, type ProfileAcquirerUpdateRequest, type ProfileCreateRequest, type ProfileLogoUploadResponse, type ProfileResponse, type ProfileUpdateRequest, type ProjectCreateRequest, type ProjectResponse, type ProjectStats, type ProjectStatsResponse, type ProjectUpdateRequest, type RecoveryCodesResponse, type RefundCreateRequest, type RefundListParams, type RefundListResponse, type RefundResponse, type RefundStatus, type RefundType, type RefundUpdateRequest, type RegionCreateRequest, type RegionResponse, type RegionUpdateRequest, Regions, type RelayRequest, type RelayResponse, type RelayStatus, type RelayType, type RequestFn, type RequestOptions, type ResetPasswordRequest, type RoutingConfigCreateRequest, type RoutingConfigResponse, type ShopCreateRequest, type ShopResponse, type ShopStats, type ShopUpdateRequest, type SignInRequest, type SignUpRequest, type SignUpWithMerchantIdRequest, type SignUpWithMerchantRequest, type StripeConnectAccountRequest, type StripeConnectAccountResponse, type StripeConnectLinkRequest, type StripeConnectLinkResponse, type SubscriptionCreateRequest, type SubscriptionListParams, type SubscriptionListResponse, type SubscriptionResponse, type SubscriptionUpdateRequest, Subscriptions, type SwitchMerchantRequest, type SwitchProfileRequest, type Terminate2faQueryParams, type ThreeDSDecision, type ThreeDsRuleExecuteRequest, type ThreeDsRuleResponse, type TierSummary, type TokenPurpose, type TokenResponse, type TopupRequest, type TopupResponse, type TotpResponse, type TransactionType, type UpdateUserDetailsRequest, type UserResponse, type VerifyTotpRequest, type WebhookDeliveryAttempt, type WebhookEvent, Webhooks };

package/dist/index.js

@@ -12,7 +12,7 @@ import {
   Regions,
   Subscriptions,
   Webhooks
-} from "./chunk-WTVISXEY.js";
+} from "./chunk-VQPHGGNQ.js";
 export {
   Analytics,
   AnalyticsDashboard,