@edge-markets/connect 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -24,6 +24,7 @@ import type {
24
24
  Balance,
25
25
  Transfer,
26
26
  EdgeTokens,
27
+ EdgeWebhookEvent,
27
28
  } from '@edge-markets/connect'
28
29
 
29
30
  // Types are generated from the OpenAPI spec
@@ -36,6 +37,49 @@ const user: User = {
36
37
  }
37
38
  ```
38
39
 
40
+ ### Webhook events
41
+
42
+ `EdgeWebhookEvent` is a discriminated union over `event.type` covering every
43
+ event the producer emits. Switching narrows `event.data` to the matching
44
+ variant — no casts:
45
+
46
+ ```typescript
47
+ import type { EdgeWebhookEvent } from '@edge-markets/connect'
48
+
49
+ function handle(event: EdgeWebhookEvent) {
50
+ switch (event.type) {
51
+ case 'transfer.completed':
52
+ // event.data is { transferId, status: 'completed', type, amount }
53
+ console.log(`completed: ${event.data.transferId} for ${event.data.amount}`)
54
+ break
55
+ case 'transfer.failed':
56
+ // event.data.reason is `string | undefined`
57
+ console.log(`failed: ${event.data.reason ?? 'unknown'}`)
58
+ break
59
+ case 'transfer.expired':
60
+ console.log(`expired: ${event.data.transferId}`)
61
+ break
62
+ case 'transfer.processing':
63
+ // @experimental — reserved for ledger dual-write hand-off
64
+ break
65
+ case 'consent.revoked':
66
+ console.log(`consent revoked: ${event.data.userId}`)
67
+ break
68
+ default: {
69
+ const _exhaustive: never = event
70
+ return _exhaustive
71
+ }
72
+ }
73
+ }
74
+ ```
75
+
76
+ > `event.data.amount` is intentionally typed as `string` (e.g. `'100.00'`) to
77
+ > preserve decimal precision. Parse with a decimal-aware library on your side.
78
+
79
+ For HMAC signature verification on the live HTTP delivery channel, use
80
+ `verifyWebhookSignature` from `@edge-markets/connect-node`. For
81
+ reconciliation polling, use `EdgeConnectServer.syncWebhookEvents`.
82
+
39
83
  ### Configuration
40
84
 
41
85
  Get environment-specific URLs:
@@ -93,6 +137,12 @@ try {
93
137
  | `EdgeTokens` | OAuth tokens |
94
138
  | `EdgeLinkSuccess` | Successful link result |
95
139
  | `EdgeLinkExit` | Link exit metadata |
140
+ | `EdgeWebhookEvent` | Discriminated union over webhook event types |
141
+ | `TransferCompletedEventData` | Payload for `transfer.completed` |
142
+ | `TransferFailedEventData` | Payload for `transfer.failed` (includes optional `reason`) |
143
+ | `TransferExpiredEventData` | Payload for `transfer.expired` |
144
+ | `ConsentRevokedEventData` | Payload for `consent.revoked` |
145
+ | `EDGE_WEBHOOK_EVENT_TYPES` | Runtime tuple of all known event type strings |
96
146
 
97
147
  ### Configuration
98
148
 
package/dist/index.d.mts CHANGED
@@ -54,8 +54,8 @@ declare const EDGE_SCOPES: {
54
54
  */
55
55
  readonly BALANCE_READ: "balance.read";
56
56
  /**
57
- * Initiate and verify fund transfers.
58
- * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verify`, `GET /v1/transfers`
57
+ * Initiate fund transfers and create EDGE-hosted verification sessions.
58
+ * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verification-session`, `GET /v1/transfers`
59
59
  */
60
60
  readonly TRANSFER_WRITE: "transfer.write";
61
61
  };
@@ -696,7 +696,7 @@ interface paths {
696
696
  * Use the `idempotencyKey` to safely retry requests. If a transfer with the same key exists, its current status will be returned.
697
697
  *
698
698
  * **OTP Verification:**
699
- * After initiating, the transfer will be in `pending_verification` status. Call `POST /transfer/{transferId}/verify` with the OTP to complete.
699
+ * After initiating, the transfer will be in `pending_verification` status. Call `POST /transfer/{transferId}/verification-session` to create an EDGE-hosted verification session and embed the returned `verificationUrl` in your frontend.
700
700
  */
701
701
  post: operations['initiateTransfer'];
702
702
  delete?: never;
@@ -745,32 +745,6 @@ interface paths {
745
745
  patch?: never;
746
746
  trace?: never;
747
747
  };
748
- '/v1/transfer/{transferId}/verify': {
749
- parameters: {
750
- query?: never;
751
- header?: never;
752
- path?: never;
753
- cookie?: never;
754
- };
755
- get?: never;
756
- put?: never;
757
- /**
758
- * Verify transfer with OTP
759
- * @description Completes a pending transfer by verifying the one-time password.
760
- *
761
- * **OTP Methods:**
762
- * - `sms`: User receives OTP via SMS
763
- * - `totp`: User generates OTP from authenticator app
764
- *
765
- * The OTP method is indicated in the `otpMethod` field of the transfer response.
766
- */
767
- post: operations['verifyTransfer'];
768
- delete?: never;
769
- options?: never;
770
- head?: never;
771
- patch?: never;
772
- trace?: never;
773
- };
774
748
  '/v1/consent': {
775
749
  parameters: {
776
750
  query?: never;
@@ -1154,13 +1128,6 @@ interface components {
1154
1128
  */
1155
1129
  total: number;
1156
1130
  };
1157
- VerifyTransferRequestDto: {
1158
- /**
1159
- * @description One-time password for verification
1160
- * @example 123456
1161
- */
1162
- otp: string;
1163
- };
1164
1131
  RevokeConsentResponseDto: {
1165
1132
  /**
1166
1133
  * @description Whether consent was successfully revoked
@@ -2035,69 +2002,6 @@ interface operations {
2035
2002
  };
2036
2003
  };
2037
2004
  };
2038
- verifyTransfer: {
2039
- parameters: {
2040
- query?: never;
2041
- header?: never;
2042
- path: {
2043
- /** @description The unique transfer identifier */
2044
- transferId: string;
2045
- };
2046
- cookie?: never;
2047
- };
2048
- requestBody: {
2049
- content: {
2050
- 'application/json': components['schemas']['VerifyTransferRequestDto'];
2051
- };
2052
- };
2053
- responses: {
2054
- /** @description Transfer verified and completed (or failed) */
2055
- 200: {
2056
- headers: {
2057
- [name: string]: unknown;
2058
- };
2059
- content: {
2060
- 'application/json': components['schemas']['TransferResponseDto'];
2061
- };
2062
- };
2063
- /** @description Invalid OTP or transfer expired */
2064
- 400: {
2065
- headers: {
2066
- [name: string]: unknown;
2067
- };
2068
- content: {
2069
- 'application/json': components['schemas']['ErrorResponseDto'];
2070
- };
2071
- };
2072
- /** @description Invalid or expired access token */
2073
- 401: {
2074
- headers: {
2075
- [name: string]: unknown;
2076
- };
2077
- content: {
2078
- 'application/json': components['schemas']['ErrorResponseDto'];
2079
- };
2080
- };
2081
- /** @description User consent required or insufficient scope */
2082
- 403: {
2083
- headers: {
2084
- [name: string]: unknown;
2085
- };
2086
- content: {
2087
- 'application/json': components['schemas']['ConsentRequiredErrorDto'];
2088
- };
2089
- };
2090
- /** @description Transfer not found */
2091
- 404: {
2092
- headers: {
2093
- [name: string]: unknown;
2094
- };
2095
- content: {
2096
- 'application/json': components['schemas']['ErrorResponseDto'];
2097
- };
2098
- };
2099
- };
2100
- };
2101
2005
  revokeConsent: {
2102
2006
  parameters: {
2103
2007
  query?: never;
@@ -2432,10 +2336,6 @@ type TransferListItem = components['schemas']['TransferListItemDto'];
2432
2336
  * Paginated list of transfers.
2433
2337
  */
2434
2338
  type TransferList = components['schemas']['ListTransfersResponseDto'];
2435
- /**
2436
- * Request payload for verifying a transfer with OTP.
2437
- */
2438
- type VerifyTransferRequest = components['schemas']['VerifyTransferRequestDto'];
2439
2339
  /**
2440
2340
  * Response from revoking user consent.
2441
2341
  */
@@ -2636,6 +2536,179 @@ declare const OTP_METHODS: readonly ["sms", "totp", "email"];
2636
2536
  */
2637
2537
  declare const TRANSFER_CATEGORIES: readonly ["sportsbook", "casino", "dfs", "sweepstakes"];
2638
2538
 
2539
+ /**
2540
+ * EDGE Connect Webhook Event Types (SDK-002)
2541
+ *
2542
+ * Discriminated union over `event.type` so partners get full type narrowing
2543
+ * inside `switch` blocks. Field shapes mirror the producer's enqueue calls
2544
+ * 1:1; see `edgeboost-api/src/nest/services/connect/`:
2545
+ * - `transfer-execution.service.ts:273` (transfer.completed)
2546
+ * - `verification-session.service.ts:468` (transfer.failed)
2547
+ * - `connect.service.ts:184` (transfer.expired)
2548
+ * - `oauth/consent.service.ts:125` (consent.revoked)
2549
+ *
2550
+ * **Decimal precision:** `data.amount` is intentionally a `string`, not a
2551
+ * `number`. The producer sends `String(transfer.amount)` so partner systems
2552
+ * can parse with arbitrary-precision libraries (e.g., decimal.js, big.js)
2553
+ * without losing the trailing cent.
2554
+ *
2555
+ * **Timestamps:** `created_at` is an ISO 8601 string, not a `Date` — webhook
2556
+ * payloads are JSON, parsing into `Date` is the partner's choice.
2557
+ */
2558
+
2559
+ /**
2560
+ * All EDGE Connect webhook event type strings.
2561
+ *
2562
+ * Use this with {@link EDGE_WEBHOOK_EVENT_TYPES} for runtime checks
2563
+ * and as the discriminator on {@link EdgeWebhookEvent}.
2564
+ */
2565
+ type EdgeWebhookEventType = 'transfer.completed' | 'transfer.failed' | 'transfer.expired' | 'transfer.processing' | 'consent.revoked';
2566
+ /**
2567
+ * Runtime tuple of every known event type.
2568
+ *
2569
+ * Use this when you need an array of strings (e.g., to filter incoming
2570
+ * events, validate config, or render a UI dropdown). Kept in sync with
2571
+ * {@link EdgeWebhookEventType} via `satisfies`.
2572
+ */
2573
+ declare const EDGE_WEBHOOK_EVENT_TYPES: readonly ["transfer.completed", "transfer.failed", "transfer.expired", "transfer.processing", "consent.revoked"];
2574
+ /**
2575
+ * Common envelope shared by every webhook event.
2576
+ *
2577
+ * @template T - The discriminator literal (event type)
2578
+ * @template D - The shape of the `data` payload for this event type
2579
+ */
2580
+ interface BaseWebhookEvent<T extends EdgeWebhookEventType, D> {
2581
+ /**
2582
+ * Globally unique event identifier (`evt_<base36-time><random>`).
2583
+ *
2584
+ * Use this for idempotency — webhook delivery is at-least-once.
2585
+ */
2586
+ id: string;
2587
+ /** Event discriminator. */
2588
+ type: T;
2589
+ /**
2590
+ * ISO 8601 timestamp of when EDGE created the event.
2591
+ *
2592
+ * Snake-case key matches the wire format — JSON payloads are not transformed.
2593
+ */
2594
+ created_at: string;
2595
+ /** Event-specific payload. Type narrows when you `switch` on `type`. */
2596
+ data: D;
2597
+ }
2598
+ /**
2599
+ * Payload for `transfer.completed`.
2600
+ *
2601
+ * Emitted when a transfer is verified and the user balance has been settled.
2602
+ */
2603
+ interface TransferCompletedEventData {
2604
+ /** UUID v4 of the transfer. */
2605
+ transferId: string;
2606
+ /** Always `'completed'` for this event. */
2607
+ status: 'completed';
2608
+ /** Direction of the transfer (debit = user → partner, credit = partner → user). */
2609
+ type: TransferType;
2610
+ /** Decimal amount as a string (e.g. `'100.00'`). NOT a number. */
2611
+ amount: string;
2612
+ }
2613
+ /**
2614
+ * Payload for `transfer.failed`.
2615
+ *
2616
+ * Emitted when OTP attempts are exhausted, the ledger rejects the transfer,
2617
+ * or a hard failure occurs after authorization.
2618
+ */
2619
+ interface TransferFailedEventData {
2620
+ transferId: string;
2621
+ status: 'failed';
2622
+ type: TransferType;
2623
+ amount: string;
2624
+ /**
2625
+ * Human-readable failure reason.
2626
+ *
2627
+ * Optional — older failures may not include this field. Always default-safe
2628
+ * with `event.data.reason ?? 'unknown'` rather than asserting.
2629
+ */
2630
+ reason?: string;
2631
+ }
2632
+ /**
2633
+ * Payload for `transfer.expired`.
2634
+ *
2635
+ * Emitted when the user did not verify their OTP within the 15-minute
2636
+ * verification window.
2637
+ */
2638
+ interface TransferExpiredEventData {
2639
+ transferId: string;
2640
+ status: 'expired';
2641
+ type: TransferType;
2642
+ amount: string;
2643
+ }
2644
+ /**
2645
+ * Payload for `transfer.processing`.
2646
+ *
2647
+ * @experimental Reserved for the EDGE-360 ledger dual-write hand-off and not
2648
+ * currently emitted by the production producer. The shape may change before
2649
+ * GA — do not rely on it in production code paths yet.
2650
+ */
2651
+ interface TransferProcessingEventData {
2652
+ transferId: string;
2653
+ status: 'processing';
2654
+ type: TransferType;
2655
+ amount: string;
2656
+ }
2657
+ /**
2658
+ * Payload for `consent.revoked`.
2659
+ *
2660
+ * Emitted when a user revokes the partner's access to their EDGE account.
2661
+ * The partner should mark the corresponding linked account as inactive and
2662
+ * stop calling user-scoped endpoints with the now-invalid access token.
2663
+ */
2664
+ interface ConsentRevokedEventData {
2665
+ /** EDGE user ID whose consent was revoked. */
2666
+ userId: string;
2667
+ /** OAuth client ID that lost consent (your partner client ID). */
2668
+ clientId: string;
2669
+ /** ISO 8601 timestamp of the revocation. */
2670
+ revokedAt: string;
2671
+ }
2672
+ /**
2673
+ * A fully-typed EDGE Connect webhook event.
2674
+ *
2675
+ * Switching on `event.type` narrows `event.data` to the matching variant —
2676
+ * no casts needed:
2677
+ *
2678
+ * @example
2679
+ * ```typescript
2680
+ * import type { EdgeWebhookEvent } from '@edge-markets/connect'
2681
+ *
2682
+ * function handle(event: EdgeWebhookEvent) {
2683
+ * switch (event.type) {
2684
+ * case 'transfer.completed':
2685
+ * // event.data is TransferCompletedEventData
2686
+ * creditWallet(event.data.transferId, event.data.amount)
2687
+ * break
2688
+ * case 'transfer.failed':
2689
+ * // event.data.reason is `string | undefined`
2690
+ * logFailure(event.data.transferId, event.data.reason)
2691
+ * break
2692
+ * case 'transfer.expired':
2693
+ * cancelPending(event.data.transferId)
2694
+ * break
2695
+ * case 'transfer.processing':
2696
+ * // experimental — no-op for now
2697
+ * break
2698
+ * case 'consent.revoked':
2699
+ * deactivateLink(event.data.userId, event.data.clientId)
2700
+ * break
2701
+ * default: {
2702
+ * // Compile error if a new event type is added without a handler
2703
+ * const _exhaustive: never = event
2704
+ * return _exhaustive
2705
+ * }
2706
+ * }
2707
+ * }
2708
+ * ```
2709
+ */
2710
+ type EdgeWebhookEvent = BaseWebhookEvent<'transfer.completed', TransferCompletedEventData> | BaseWebhookEvent<'transfer.failed', TransferFailedEventData> | BaseWebhookEvent<'transfer.expired', TransferExpiredEventData> | BaseWebhookEvent<'transfer.processing', TransferProcessingEventData> | BaseWebhookEvent<'consent.revoked', ConsentRevokedEventData>;
2711
+
2639
2712
  /**
2640
2713
  * EDGE Connect SDK Types
2641
2714
  *
@@ -3139,4 +3212,4 @@ declare const SDK_VERSION = "1.0.0";
3139
3212
  */
3140
3213
  declare const SDK_NAME = "@edge-markets/connect";
3141
3214
 
3142
- export { ALL_EDGE_SCOPES, type ApiError, type Balance, type ConsentRequiredError, type CreateVerificationSessionRequest, EDGE_ENVIRONMENTS, EDGE_SCOPES, EdgeApiError, EdgeAuthenticationError, EdgeConsentRequiredError, type EdgeEnvironment, type EdgeEnvironmentConfig, EdgeError, EdgeIdentityVerificationError, EdgeInsufficientScopeError, type EdgeLinkConfigBase, type EdgeLinkEvent, type EdgeLinkEventName, type EdgeLinkExit, type EdgeLinkSuccess, EdgeNetworkError, EdgeNotFoundError, EdgePopupBlockedError, EdgePopupClosedError, type EdgeScope, EdgeStateMismatchError, EdgeTokenExchangeError, type EdgeTokens, EdgeValidationError, type InitiateTransferRequest, type ListTransfersParams, OTP_METHODS, type OtpMethod, type PKCEPair, type RevokeConsentResponse, SCOPE_DESCRIPTIONS, SCOPE_ICONS, SDK_NAME, SDK_VERSION, type SdkGeolocation, TRANSFER_CATEGORIES, TRANSFER_STATUSES, TRANSFER_TYPES, type Transfer, type TransferCategory, type TransferList, type TransferListItem, type TransferStatus, type TransferType, type User, type UserAddress, type VerificationSession, type VerificationSessionStatus, type VerificationSessionStatusResponse, type VerifyIdentityAddress, type VerifyIdentityOptions, type VerifyIdentityResult, type VerifyIdentityScores, type VerifyTransferRequest, type components, formatScopeForEnvironment, formatScopesForEnvironment, getAvailableEnvironments, getEnvironmentConfig, isApiError, isAuthenticationError, isConsentRequiredError, isEdgeError, isIdentityVerificationError, isNetworkError, isProductionEnvironment, isValidScope, type operations, parseScope, type paths };
3215
+ export { ALL_EDGE_SCOPES, type ApiError, type Balance, type BaseWebhookEvent, type ConsentRequiredError, type ConsentRevokedEventData, type CreateVerificationSessionRequest, EDGE_ENVIRONMENTS, EDGE_SCOPES, EDGE_WEBHOOK_EVENT_TYPES, EdgeApiError, EdgeAuthenticationError, EdgeConsentRequiredError, type EdgeEnvironment, type EdgeEnvironmentConfig, EdgeError, EdgeIdentityVerificationError, EdgeInsufficientScopeError, type EdgeLinkConfigBase, type EdgeLinkEvent, type EdgeLinkEventName, type EdgeLinkExit, type EdgeLinkSuccess, EdgeNetworkError, EdgeNotFoundError, EdgePopupBlockedError, EdgePopupClosedError, type EdgeScope, EdgeStateMismatchError, EdgeTokenExchangeError, type EdgeTokens, EdgeValidationError, type EdgeWebhookEvent, type EdgeWebhookEventType, type InitiateTransferRequest, type ListTransfersParams, OTP_METHODS, type OtpMethod, type PKCEPair, type RevokeConsentResponse, SCOPE_DESCRIPTIONS, SCOPE_ICONS, SDK_NAME, SDK_VERSION, type SdkGeolocation, TRANSFER_CATEGORIES, TRANSFER_STATUSES, TRANSFER_TYPES, type Transfer, type TransferCategory, type TransferCompletedEventData, type TransferExpiredEventData, type TransferFailedEventData, type TransferList, type TransferListItem, type TransferProcessingEventData, type TransferStatus, type TransferType, type User, type UserAddress, type VerificationSession, type VerificationSessionStatus, type VerificationSessionStatusResponse, type VerifyIdentityAddress, type VerifyIdentityOptions, type VerifyIdentityResult, type VerifyIdentityScores, type components, formatScopeForEnvironment, formatScopesForEnvironment, getAvailableEnvironments, getEnvironmentConfig, isApiError, isAuthenticationError, isConsentRequiredError, isEdgeError, isIdentityVerificationError, isNetworkError, isProductionEnvironment, isValidScope, type operations, parseScope, type paths };
package/dist/index.d.ts CHANGED
@@ -54,8 +54,8 @@ declare const EDGE_SCOPES: {
54
54
  */
55
55
  readonly BALANCE_READ: "balance.read";
56
56
  /**
57
- * Initiate and verify fund transfers.
58
- * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verify`, `GET /v1/transfers`
57
+ * Initiate fund transfers and create EDGE-hosted verification sessions.
58
+ * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verification-session`, `GET /v1/transfers`
59
59
  */
60
60
  readonly TRANSFER_WRITE: "transfer.write";
61
61
  };
@@ -696,7 +696,7 @@ interface paths {
696
696
  * Use the `idempotencyKey` to safely retry requests. If a transfer with the same key exists, its current status will be returned.
697
697
  *
698
698
  * **OTP Verification:**
699
- * After initiating, the transfer will be in `pending_verification` status. Call `POST /transfer/{transferId}/verify` with the OTP to complete.
699
+ * After initiating, the transfer will be in `pending_verification` status. Call `POST /transfer/{transferId}/verification-session` to create an EDGE-hosted verification session and embed the returned `verificationUrl` in your frontend.
700
700
  */
701
701
  post: operations['initiateTransfer'];
702
702
  delete?: never;
@@ -745,32 +745,6 @@ interface paths {
745
745
  patch?: never;
746
746
  trace?: never;
747
747
  };
748
- '/v1/transfer/{transferId}/verify': {
749
- parameters: {
750
- query?: never;
751
- header?: never;
752
- path?: never;
753
- cookie?: never;
754
- };
755
- get?: never;
756
- put?: never;
757
- /**
758
- * Verify transfer with OTP
759
- * @description Completes a pending transfer by verifying the one-time password.
760
- *
761
- * **OTP Methods:**
762
- * - `sms`: User receives OTP via SMS
763
- * - `totp`: User generates OTP from authenticator app
764
- *
765
- * The OTP method is indicated in the `otpMethod` field of the transfer response.
766
- */
767
- post: operations['verifyTransfer'];
768
- delete?: never;
769
- options?: never;
770
- head?: never;
771
- patch?: never;
772
- trace?: never;
773
- };
774
748
  '/v1/consent': {
775
749
  parameters: {
776
750
  query?: never;
@@ -1154,13 +1128,6 @@ interface components {
1154
1128
  */
1155
1129
  total: number;
1156
1130
  };
1157
- VerifyTransferRequestDto: {
1158
- /**
1159
- * @description One-time password for verification
1160
- * @example 123456
1161
- */
1162
- otp: string;
1163
- };
1164
1131
  RevokeConsentResponseDto: {
1165
1132
  /**
1166
1133
  * @description Whether consent was successfully revoked
@@ -2035,69 +2002,6 @@ interface operations {
2035
2002
  };
2036
2003
  };
2037
2004
  };
2038
- verifyTransfer: {
2039
- parameters: {
2040
- query?: never;
2041
- header?: never;
2042
- path: {
2043
- /** @description The unique transfer identifier */
2044
- transferId: string;
2045
- };
2046
- cookie?: never;
2047
- };
2048
- requestBody: {
2049
- content: {
2050
- 'application/json': components['schemas']['VerifyTransferRequestDto'];
2051
- };
2052
- };
2053
- responses: {
2054
- /** @description Transfer verified and completed (or failed) */
2055
- 200: {
2056
- headers: {
2057
- [name: string]: unknown;
2058
- };
2059
- content: {
2060
- 'application/json': components['schemas']['TransferResponseDto'];
2061
- };
2062
- };
2063
- /** @description Invalid OTP or transfer expired */
2064
- 400: {
2065
- headers: {
2066
- [name: string]: unknown;
2067
- };
2068
- content: {
2069
- 'application/json': components['schemas']['ErrorResponseDto'];
2070
- };
2071
- };
2072
- /** @description Invalid or expired access token */
2073
- 401: {
2074
- headers: {
2075
- [name: string]: unknown;
2076
- };
2077
- content: {
2078
- 'application/json': components['schemas']['ErrorResponseDto'];
2079
- };
2080
- };
2081
- /** @description User consent required or insufficient scope */
2082
- 403: {
2083
- headers: {
2084
- [name: string]: unknown;
2085
- };
2086
- content: {
2087
- 'application/json': components['schemas']['ConsentRequiredErrorDto'];
2088
- };
2089
- };
2090
- /** @description Transfer not found */
2091
- 404: {
2092
- headers: {
2093
- [name: string]: unknown;
2094
- };
2095
- content: {
2096
- 'application/json': components['schemas']['ErrorResponseDto'];
2097
- };
2098
- };
2099
- };
2100
- };
2101
2005
  revokeConsent: {
2102
2006
  parameters: {
2103
2007
  query?: never;
@@ -2432,10 +2336,6 @@ type TransferListItem = components['schemas']['TransferListItemDto'];
2432
2336
  * Paginated list of transfers.
2433
2337
  */
2434
2338
  type TransferList = components['schemas']['ListTransfersResponseDto'];
2435
- /**
2436
- * Request payload for verifying a transfer with OTP.
2437
- */
2438
- type VerifyTransferRequest = components['schemas']['VerifyTransferRequestDto'];
2439
2339
  /**
2440
2340
  * Response from revoking user consent.
2441
2341
  */
@@ -2636,6 +2536,179 @@ declare const OTP_METHODS: readonly ["sms", "totp", "email"];
2636
2536
  */
2637
2537
  declare const TRANSFER_CATEGORIES: readonly ["sportsbook", "casino", "dfs", "sweepstakes"];
2638
2538
 
2539
+ /**
2540
+ * EDGE Connect Webhook Event Types (SDK-002)
2541
+ *
2542
+ * Discriminated union over `event.type` so partners get full type narrowing
2543
+ * inside `switch` blocks. Field shapes mirror the producer's enqueue calls
2544
+ * 1:1; see `edgeboost-api/src/nest/services/connect/`:
2545
+ * - `transfer-execution.service.ts:273` (transfer.completed)
2546
+ * - `verification-session.service.ts:468` (transfer.failed)
2547
+ * - `connect.service.ts:184` (transfer.expired)
2548
+ * - `oauth/consent.service.ts:125` (consent.revoked)
2549
+ *
2550
+ * **Decimal precision:** `data.amount` is intentionally a `string`, not a
2551
+ * `number`. The producer sends `String(transfer.amount)` so partner systems
2552
+ * can parse with arbitrary-precision libraries (e.g., decimal.js, big.js)
2553
+ * without losing the trailing cent.
2554
+ *
2555
+ * **Timestamps:** `created_at` is an ISO 8601 string, not a `Date` — webhook
2556
+ * payloads are JSON, parsing into `Date` is the partner's choice.
2557
+ */
2558
+
2559
+ /**
2560
+ * All EDGE Connect webhook event type strings.
2561
+ *
2562
+ * Use this with {@link EDGE_WEBHOOK_EVENT_TYPES} for runtime checks
2563
+ * and as the discriminator on {@link EdgeWebhookEvent}.
2564
+ */
2565
+ type EdgeWebhookEventType = 'transfer.completed' | 'transfer.failed' | 'transfer.expired' | 'transfer.processing' | 'consent.revoked';
2566
+ /**
2567
+ * Runtime tuple of every known event type.
2568
+ *
2569
+ * Use this when you need an array of strings (e.g., to filter incoming
2570
+ * events, validate config, or render a UI dropdown). Kept in sync with
2571
+ * {@link EdgeWebhookEventType} via `satisfies`.
2572
+ */
2573
+ declare const EDGE_WEBHOOK_EVENT_TYPES: readonly ["transfer.completed", "transfer.failed", "transfer.expired", "transfer.processing", "consent.revoked"];
2574
+ /**
2575
+ * Common envelope shared by every webhook event.
2576
+ *
2577
+ * @template T - The discriminator literal (event type)
2578
+ * @template D - The shape of the `data` payload for this event type
2579
+ */
2580
+ interface BaseWebhookEvent<T extends EdgeWebhookEventType, D> {
2581
+ /**
2582
+ * Globally unique event identifier (`evt_<base36-time><random>`).
2583
+ *
2584
+ * Use this for idempotency — webhook delivery is at-least-once.
2585
+ */
2586
+ id: string;
2587
+ /** Event discriminator. */
2588
+ type: T;
2589
+ /**
2590
+ * ISO 8601 timestamp of when EDGE created the event.
2591
+ *
2592
+ * Snake-case key matches the wire format — JSON payloads are not transformed.
2593
+ */
2594
+ created_at: string;
2595
+ /** Event-specific payload. Type narrows when you `switch` on `type`. */
2596
+ data: D;
2597
+ }
2598
+ /**
2599
+ * Payload for `transfer.completed`.
2600
+ *
2601
+ * Emitted when a transfer is verified and the user balance has been settled.
2602
+ */
2603
+ interface TransferCompletedEventData {
2604
+ /** UUID v4 of the transfer. */
2605
+ transferId: string;
2606
+ /** Always `'completed'` for this event. */
2607
+ status: 'completed';
2608
+ /** Direction of the transfer (debit = user → partner, credit = partner → user). */
2609
+ type: TransferType;
2610
+ /** Decimal amount as a string (e.g. `'100.00'`). NOT a number. */
2611
+ amount: string;
2612
+ }
2613
+ /**
2614
+ * Payload for `transfer.failed`.
2615
+ *
2616
+ * Emitted when OTP attempts are exhausted, the ledger rejects the transfer,
2617
+ * or a hard failure occurs after authorization.
2618
+ */
2619
+ interface TransferFailedEventData {
2620
+ transferId: string;
2621
+ status: 'failed';
2622
+ type: TransferType;
2623
+ amount: string;
2624
+ /**
2625
+ * Human-readable failure reason.
2626
+ *
2627
+ * Optional — older failures may not include this field. Always default-safe
2628
+ * with `event.data.reason ?? 'unknown'` rather than asserting.
2629
+ */
2630
+ reason?: string;
2631
+ }
2632
+ /**
2633
+ * Payload for `transfer.expired`.
2634
+ *
2635
+ * Emitted when the user did not verify their OTP within the 15-minute
2636
+ * verification window.
2637
+ */
2638
+ interface TransferExpiredEventData {
2639
+ transferId: string;
2640
+ status: 'expired';
2641
+ type: TransferType;
2642
+ amount: string;
2643
+ }
2644
+ /**
2645
+ * Payload for `transfer.processing`.
2646
+ *
2647
+ * @experimental Reserved for the EDGE-360 ledger dual-write hand-off and not
2648
+ * currently emitted by the production producer. The shape may change before
2649
+ * GA — do not rely on it in production code paths yet.
2650
+ */
2651
+ interface TransferProcessingEventData {
2652
+ transferId: string;
2653
+ status: 'processing';
2654
+ type: TransferType;
2655
+ amount: string;
2656
+ }
2657
+ /**
2658
+ * Payload for `consent.revoked`.
2659
+ *
2660
+ * Emitted when a user revokes the partner's access to their EDGE account.
2661
+ * The partner should mark the corresponding linked account as inactive and
2662
+ * stop calling user-scoped endpoints with the now-invalid access token.
2663
+ */
2664
+ interface ConsentRevokedEventData {
2665
+ /** EDGE user ID whose consent was revoked. */
2666
+ userId: string;
2667
+ /** OAuth client ID that lost consent (your partner client ID). */
2668
+ clientId: string;
2669
+ /** ISO 8601 timestamp of the revocation. */
2670
+ revokedAt: string;
2671
+ }
2672
+ /**
2673
+ * A fully-typed EDGE Connect webhook event.
2674
+ *
2675
+ * Switching on `event.type` narrows `event.data` to the matching variant —
2676
+ * no casts needed:
2677
+ *
2678
+ * @example
2679
+ * ```typescript
2680
+ * import type { EdgeWebhookEvent } from '@edge-markets/connect'
2681
+ *
2682
+ * function handle(event: EdgeWebhookEvent) {
2683
+ * switch (event.type) {
2684
+ * case 'transfer.completed':
2685
+ * // event.data is TransferCompletedEventData
2686
+ * creditWallet(event.data.transferId, event.data.amount)
2687
+ * break
2688
+ * case 'transfer.failed':
2689
+ * // event.data.reason is `string | undefined`
2690
+ * logFailure(event.data.transferId, event.data.reason)
2691
+ * break
2692
+ * case 'transfer.expired':
2693
+ * cancelPending(event.data.transferId)
2694
+ * break
2695
+ * case 'transfer.processing':
2696
+ * // experimental — no-op for now
2697
+ * break
2698
+ * case 'consent.revoked':
2699
+ * deactivateLink(event.data.userId, event.data.clientId)
2700
+ * break
2701
+ * default: {
2702
+ * // Compile error if a new event type is added without a handler
2703
+ * const _exhaustive: never = event
2704
+ * return _exhaustive
2705
+ * }
2706
+ * }
2707
+ * }
2708
+ * ```
2709
+ */
2710
+ type EdgeWebhookEvent = BaseWebhookEvent<'transfer.completed', TransferCompletedEventData> | BaseWebhookEvent<'transfer.failed', TransferFailedEventData> | BaseWebhookEvent<'transfer.expired', TransferExpiredEventData> | BaseWebhookEvent<'transfer.processing', TransferProcessingEventData> | BaseWebhookEvent<'consent.revoked', ConsentRevokedEventData>;
2711
+
2639
2712
  /**
2640
2713
  * EDGE Connect SDK Types
2641
2714
  *
@@ -3139,4 +3212,4 @@ declare const SDK_VERSION = "1.0.0";
3139
3212
  */
3140
3213
  declare const SDK_NAME = "@edge-markets/connect";
3141
3214
 
3142
- export { ALL_EDGE_SCOPES, type ApiError, type Balance, type ConsentRequiredError, type CreateVerificationSessionRequest, EDGE_ENVIRONMENTS, EDGE_SCOPES, EdgeApiError, EdgeAuthenticationError, EdgeConsentRequiredError, type EdgeEnvironment, type EdgeEnvironmentConfig, EdgeError, EdgeIdentityVerificationError, EdgeInsufficientScopeError, type EdgeLinkConfigBase, type EdgeLinkEvent, type EdgeLinkEventName, type EdgeLinkExit, type EdgeLinkSuccess, EdgeNetworkError, EdgeNotFoundError, EdgePopupBlockedError, EdgePopupClosedError, type EdgeScope, EdgeStateMismatchError, EdgeTokenExchangeError, type EdgeTokens, EdgeValidationError, type InitiateTransferRequest, type ListTransfersParams, OTP_METHODS, type OtpMethod, type PKCEPair, type RevokeConsentResponse, SCOPE_DESCRIPTIONS, SCOPE_ICONS, SDK_NAME, SDK_VERSION, type SdkGeolocation, TRANSFER_CATEGORIES, TRANSFER_STATUSES, TRANSFER_TYPES, type Transfer, type TransferCategory, type TransferList, type TransferListItem, type TransferStatus, type TransferType, type User, type UserAddress, type VerificationSession, type VerificationSessionStatus, type VerificationSessionStatusResponse, type VerifyIdentityAddress, type VerifyIdentityOptions, type VerifyIdentityResult, type VerifyIdentityScores, type VerifyTransferRequest, type components, formatScopeForEnvironment, formatScopesForEnvironment, getAvailableEnvironments, getEnvironmentConfig, isApiError, isAuthenticationError, isConsentRequiredError, isEdgeError, isIdentityVerificationError, isNetworkError, isProductionEnvironment, isValidScope, type operations, parseScope, type paths };
3215
+ export { ALL_EDGE_SCOPES, type ApiError, type Balance, type BaseWebhookEvent, type ConsentRequiredError, type ConsentRevokedEventData, type CreateVerificationSessionRequest, EDGE_ENVIRONMENTS, EDGE_SCOPES, EDGE_WEBHOOK_EVENT_TYPES, EdgeApiError, EdgeAuthenticationError, EdgeConsentRequiredError, type EdgeEnvironment, type EdgeEnvironmentConfig, EdgeError, EdgeIdentityVerificationError, EdgeInsufficientScopeError, type EdgeLinkConfigBase, type EdgeLinkEvent, type EdgeLinkEventName, type EdgeLinkExit, type EdgeLinkSuccess, EdgeNetworkError, EdgeNotFoundError, EdgePopupBlockedError, EdgePopupClosedError, type EdgeScope, EdgeStateMismatchError, EdgeTokenExchangeError, type EdgeTokens, EdgeValidationError, type EdgeWebhookEvent, type EdgeWebhookEventType, type InitiateTransferRequest, type ListTransfersParams, OTP_METHODS, type OtpMethod, type PKCEPair, type RevokeConsentResponse, SCOPE_DESCRIPTIONS, SCOPE_ICONS, SDK_NAME, SDK_VERSION, type SdkGeolocation, TRANSFER_CATEGORIES, TRANSFER_STATUSES, TRANSFER_TYPES, type Transfer, type TransferCategory, type TransferCompletedEventData, type TransferExpiredEventData, type TransferFailedEventData, type TransferList, type TransferListItem, type TransferProcessingEventData, type TransferStatus, type TransferType, type User, type UserAddress, type VerificationSession, type VerificationSessionStatus, type VerificationSessionStatusResponse, type VerifyIdentityAddress, type VerifyIdentityOptions, type VerifyIdentityResult, type VerifyIdentityScores, type components, formatScopeForEnvironment, formatScopesForEnvironment, getAvailableEnvironments, getEnvironmentConfig, isApiError, isAuthenticationError, isConsentRequiredError, isEdgeError, isIdentityVerificationError, isNetworkError, isProductionEnvironment, isValidScope, type operations, parseScope, type paths };
package/dist/index.js CHANGED
@@ -23,6 +23,7 @@ __export(index_exports, {
23
23
  ALL_EDGE_SCOPES: () => ALL_EDGE_SCOPES,
24
24
  EDGE_ENVIRONMENTS: () => EDGE_ENVIRONMENTS,
25
25
  EDGE_SCOPES: () => EDGE_SCOPES,
26
+ EDGE_WEBHOOK_EVENT_TYPES: () => EDGE_WEBHOOK_EVENT_TYPES,
26
27
  EdgeApiError: () => EdgeApiError,
27
28
  EdgeAuthenticationError: () => EdgeAuthenticationError,
28
29
  EdgeConsentRequiredError: () => EdgeConsentRequiredError,
@@ -77,6 +78,15 @@ var TRANSFER_CATEGORIES = [
77
78
  "sweepstakes"
78
79
  ];
79
80
 
81
+ // src/types/webhooks.ts
82
+ var EDGE_WEBHOOK_EVENT_TYPES = [
83
+ "transfer.completed",
84
+ "transfer.failed",
85
+ "transfer.expired",
86
+ "transfer.processing",
87
+ "consent.revoked"
88
+ ];
89
+
80
90
  // src/config/environments.ts
81
91
  var EDGE_ENVIRONMENTS = {
82
92
  production: {
@@ -89,9 +99,17 @@ var EDGE_ENVIRONMENTS = {
89
99
  },
90
100
  staging: {
91
101
  cognitoDomain: "https://edge-connect-staging.auth.us-east-1.amazoncognito.com",
92
- apiBaseUrl: "https://staging-api.edgeboost.io/connect/v1",
93
- oauthBaseUrl: "https://staging-api.edgeboost.io/api/v3/oauth",
94
- userClientUrl: "https://connect-staging.edgeboost.io",
102
+ // Staging partner API — mTLS-enforced. Requires a partner client
103
+ // certificate on every request. Routed through API Gateway → VPC Link →
104
+ // internal ALB → ECS. Direct routes to the backend (e.g.
105
+ // backend.connect-staging.edgeboost.io) no longer exist.
106
+ apiBaseUrl: "https://connect-staging.edgeboost.io/connect/v1",
107
+ // OAuth token exchange — partner-facing, also mTLS-enforced.
108
+ oauthBaseUrl: "https://connect-staging.edgeboost.io/connect/oauth",
109
+ // User-facing captive frame for the Link SDK enrollment and transfer
110
+ // verification flows. Served from the edge-connect-oauth Vite app
111
+ // deployed on Amplify. No mTLS — browser traffic.
112
+ userClientUrl: "https://oauth.staging-app.edgeboost.bet",
95
113
  displayName: "Staging",
96
114
  isProduction: false
97
115
  },
@@ -145,8 +163,8 @@ var EDGE_SCOPES = {
145
163
  */
146
164
  BALANCE_READ: "balance.read",
147
165
  /**
148
- * Initiate and verify fund transfers.
149
- * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verify`, `GET /v1/transfers`
166
+ * Initiate fund transfers and create EDGE-hosted verification sessions.
167
+ * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verification-session`, `GET /v1/transfers`
150
168
  */
151
169
  TRANSFER_WRITE: "transfer.write"
152
170
  };
@@ -325,6 +343,7 @@ var SDK_NAME = "@edge-markets/connect";
325
343
  ALL_EDGE_SCOPES,
326
344
  EDGE_ENVIRONMENTS,
327
345
  EDGE_SCOPES,
346
+ EDGE_WEBHOOK_EVENT_TYPES,
328
347
  EdgeApiError,
329
348
  EdgeAuthenticationError,
330
349
  EdgeConsentRequiredError,
package/dist/index.mjs CHANGED
@@ -15,6 +15,15 @@ var TRANSFER_CATEGORIES = [
15
15
  "sweepstakes"
16
16
  ];
17
17
 
18
+ // src/types/webhooks.ts
19
+ var EDGE_WEBHOOK_EVENT_TYPES = [
20
+ "transfer.completed",
21
+ "transfer.failed",
22
+ "transfer.expired",
23
+ "transfer.processing",
24
+ "consent.revoked"
25
+ ];
26
+
18
27
  // src/config/environments.ts
19
28
  var EDGE_ENVIRONMENTS = {
20
29
  production: {
@@ -27,9 +36,17 @@ var EDGE_ENVIRONMENTS = {
27
36
  },
28
37
  staging: {
29
38
  cognitoDomain: "https://edge-connect-staging.auth.us-east-1.amazoncognito.com",
30
- apiBaseUrl: "https://staging-api.edgeboost.io/connect/v1",
31
- oauthBaseUrl: "https://staging-api.edgeboost.io/api/v3/oauth",
32
- userClientUrl: "https://connect-staging.edgeboost.io",
39
+ // Staging partner API — mTLS-enforced. Requires a partner client
40
+ // certificate on every request. Routed through API Gateway → VPC Link →
41
+ // internal ALB → ECS. Direct routes to the backend (e.g.
42
+ // backend.connect-staging.edgeboost.io) no longer exist.
43
+ apiBaseUrl: "https://connect-staging.edgeboost.io/connect/v1",
44
+ // OAuth token exchange — partner-facing, also mTLS-enforced.
45
+ oauthBaseUrl: "https://connect-staging.edgeboost.io/connect/oauth",
46
+ // User-facing captive frame for the Link SDK enrollment and transfer
47
+ // verification flows. Served from the edge-connect-oauth Vite app
48
+ // deployed on Amplify. No mTLS — browser traffic.
49
+ userClientUrl: "https://oauth.staging-app.edgeboost.bet",
33
50
  displayName: "Staging",
34
51
  isProduction: false
35
52
  },
@@ -83,8 +100,8 @@ var EDGE_SCOPES = {
83
100
  */
84
101
  BALANCE_READ: "balance.read",
85
102
  /**
86
- * Initiate and verify fund transfers.
87
- * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verify`, `GET /v1/transfers`
103
+ * Initiate fund transfers and create EDGE-hosted verification sessions.
104
+ * Required for: `POST /v1/transfer`, `POST /v1/transfer/:id/verification-session`, `GET /v1/transfers`
88
105
  */
89
106
  TRANSFER_WRITE: "transfer.write"
90
107
  };
@@ -262,6 +279,7 @@ export {
262
279
  ALL_EDGE_SCOPES,
263
280
  EDGE_ENVIRONMENTS,
264
281
  EDGE_SCOPES,
282
+ EDGE_WEBHOOK_EVENT_TYPES,
265
283
  EdgeApiError,
266
284
  EdgeAuthenticationError,
267
285
  EdgeConsentRequiredError,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@edge-markets/connect",
3
- "version": "1.5.0",
3
+ "version": "1.6.0",
4
4
  "description": "Core types, configuration, and utilities for EDGE Connect SDK",
5
5
  "author": "EdgeBoost",
6
6
  "license": "MIT",