@explorins/pers-sdk 1.6.15 → 1.6.17

package/dist/analytics.cjs

@@ -11,4 +11,8 @@ Object.defineProperty(exports, "AccountOwnerType", {
 	enumerable: true,
 	get: function () { return persShared.AccountOwnerType; }
 });
+Object.defineProperty(exports, "ApiKeyType", {
+	enumerable: true,
+	get: function () { return persShared.ApiKeyType; }
+});
 //# sourceMappingURL=analytics.cjs.map

package/dist/analytics.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"analytics.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;"}
+{"version":3,"file":"analytics.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;"}

package/dist/analytics.js

@@ -1,3 +1,3 @@
 export { A as AnalyticsApi, a as AnalyticsService } from './chunks/analytics-service-CxyrOwel.js';
-export { AccountOwnerType } from '@explorins/pers-shared';
+export { AccountOwnerType, ApiKeyType } from '@explorins/pers-shared';
 //# sourceMappingURL=analytics.js.map

package/dist/api-key/api/api-key-api.d.ts

@@ -0,0 +1,37 @@
+import { PersApiClient } from '../../core/pers-api-client';
+import { ApiKeyDTO, ApiKeyCreatedDTO, ApiKeyRequestDTO, ApiKeyVerificationDTO, IntegrationApiKeyType } from '../../shared/interfaces/pers-shared-lib.interfaces';
+/**
+ * Platform-Agnostic API Key API Client
+ *
+ * Handles API key management operations for tenant admins.
+ * All operations require admin authentication and operate within tenant context.
+ */
+export declare class ApiKeyApi {
+    private apiClient;
+    private readonly basePath;
+    constructor(apiClient: PersApiClient);
+    /**
+     * ADMIN: Get all tenant API keys
+     *
+     * @param type Optional filter by integration API key type (database-stored tokens that can be revoked)
+     * @param includeRevoked Include revoked API keys in results (default: false)
+     * @returns Array of API keys for the current tenant
+     */
+    getTenantApiKeys(type?: IntegrationApiKeyType, includeRevoked?: boolean): Promise<ApiKeyDTO[]>;
+    /**
+     * ADMIN: Create new API key
+     *
+     * @param type Type of API key to create
+     * @param name Name for the API key
+     * @returns Created API key with the actual key (store securely - only returned once)
+     */
+    createApiKey(req: ApiKeyRequestDTO): Promise<ApiKeyCreatedDTO>;
+    /**
+     * ADMIN: Revoke API key
+     *
+     * @param apiKeyId Unique identifier of the API key to revoke
+     * @returns API key verification details with revocation status
+     */
+    revokeApiKey(apiKeyId: string): Promise<ApiKeyVerificationDTO>;
+}
+//# sourceMappingURL=api-key-api.d.ts.map

package/dist/api-key/api/api-key-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-api.d.ts","sourceRoot":"","sources":["../../../src/api-key/api/api-key-api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,oDAAoD,CAAC;AAE5D;;;;;GAKG;AACH,qBAAa,SAAS;IAGR,OAAO,CAAC,SAAS;IAF7B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAe;gBAEpB,SAAS,EAAE,aAAa;IAE5C;;;;;;OAMG;IACG,gBAAgB,CAAC,IAAI,CAAC,EAAE,qBAAqB,EAAE,cAAc,GAAE,OAAe,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAW3G;;;;;;OAMG;IACG,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAIpE;;;;;OAKG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAGrE"}

package/dist/api-key/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * API Key Domain Exports
+ *
+ * Re-exports all API key related functionality for easy importing
+ */
+export * from './api/api-key-api';
+//# sourceMappingURL=index.d.ts.map

package/dist/api-key/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api-key/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,cAAc,mBAAmB,CAAC"}

package/dist/business.cjs

@@ -11,4 +11,8 @@ Object.defineProperty(exports, "AccountOwnerType", {
 	enumerable: true,
 	get: function () { return persShared.AccountOwnerType; }
 });
+Object.defineProperty(exports, "ApiKeyType", {
+	enumerable: true,
+	get: function () { return persShared.ApiKeyType; }
+});
 //# sourceMappingURL=business.cjs.map

package/dist/business.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"business.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;"}
+{"version":3,"file":"business.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;"}

package/dist/business.js

@@ -1,3 +1,3 @@
 export { B as BusinessApi, a as BusinessService } from './chunks/business-service-DrC-TNGa.js';
-export { AccountOwnerType } from '@explorins/pers-shared';
+export { AccountOwnerType, ApiKeyType } from '@explorins/pers-shared';
 //# sourceMappingURL=business.js.map

package/dist/campaign.cjs

@@ -11,4 +11,8 @@ Object.defineProperty(exports, "AccountOwnerType", {
 	enumerable: true,
 	get: function () { return persShared.AccountOwnerType; }
 });
+Object.defineProperty(exports, "ApiKeyType", {
+	enumerable: true,
+	get: function () { return persShared.ApiKeyType; }
+});
 //# sourceMappingURL=campaign.cjs.map

package/dist/campaign.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"campaign.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;"}
+{"version":3,"file":"campaign.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;"}

package/dist/campaign.js

@@ -1,3 +1,3 @@
 export { C as CampaignApi, a as CampaignService } from './chunks/campaign-service-Dd7gMjC9.js';
-export { AccountOwnerType } from '@explorins/pers-shared';
+export { AccountOwnerType, ApiKeyType } from '@explorins/pers-shared';
 //# sourceMappingURL=campaign.js.map

package/dist/chunks/{pers-sdk-tfJJbxVi.cjs → pers-sdk-CCegy2bB.cjs}

@@ -1,7 +1,7 @@
 'use strict';
 
 var persShared = require('@explorins/pers-shared');
-var web3ChainService = require('./web3-chain-service-BUKWdi0r.cjs');
+var web3ChainService = require('./web3-chain-service-oMqWfd61.cjs');
 var userService = require('./user-service-D1Rn4U8u.cjs');
 var userStatus = require('../user-status.cjs');
 var tokenService = require('./token-service-BWScn8Qa.cjs');
@@ -10,7 +10,7 @@ var campaignService = require('./campaign-service-CWK9I388.cjs');
 var redemptionService = require('./redemption-service-7qbeQxEM.cjs');
 var transaction = require('../transaction.cjs');
 var paymentService = require('./payment-service-B4qx0qiE.cjs');
-var tenantService = require('./tenant-service-Ba7xrWED.cjs');
+var tenantService = require('./tenant-service-DME24vr1.cjs');
 var analyticsService = require('./analytics-service-CitlimKJ.cjs');
 var donationService = require('./donation-service-D-xFrONi.cjs');
 var explorer_utils = require('./explorer.utils-Bj4uQw83.cjs');
@@ -102,10 +102,28 @@ class AuthApi {
      * Refresh access token
      */
     async refreshAccessToken(refreshToken) {
-        return this.apiClient.post(`${this.basePath}/refresh`, { refreshToken }, { bypassAuth: true });
+        return this.apiClient.post(`${this.basePath}/refresh`, { refreshToken }, { bypassAuth: true, isRefreshRequest: true });
     }
 }
 
+/**
+ * Authentication status enumeration
+ * Represents the current state of the authentication system
+ */
+exports.AuthStatus = void 0;
+(function (AuthStatus) {
+    /** User is authenticated with valid tokens */
+    AuthStatus["AUTHENTICATED"] = "authenticated";
+    /** Access token has expired, refresh may be possible */
+    AuthStatus["TOKEN_EXPIRED"] = "token_expired";
+    /** Authentication system has failed, manual re-authentication required */
+    AuthStatus["AUTH_FAILED"] = "auth_failed";
+    /** Currently attempting to refresh tokens */
+    AuthStatus["REFRESHING"] = "refreshing";
+    /** No authentication present */
+    AuthStatus["UNAUTHENTICATED"] = "unauthenticated";
+})(exports.AuthStatus || (exports.AuthStatus = {}));
+
 /**
  * Platform-agnostic authentication service
  * Handles login, token refresh, and storage operations
@@ -115,6 +133,23 @@ class AuthService {
         this.authApi = authApi;
         this.authProvider = authProvider;
         this.activeRefreshPromise = null;
+        this.currentAuthStatus = exports.AuthStatus.UNAUTHENTICATED;
+    }
+    /**
+     * Emit auth status change to the app
+     */
+    async emitAuthStatus(status) {
+        if (this.currentAuthStatus === status)
+            return; // No change
+        this.currentAuthStatus = status;
+        if (this.authProvider && typeof this.authProvider.onAuthStatusChange === 'function') {
+            try {
+                await this.authProvider.onAuthStatusChange(status);
+            }
+            catch (error) {
+                console.warn('[AuthService] Auth status change callback failed:', error);
+            }
+        }
     }
     // ==========================================
     // AUTHENTICATION OPERATIONS
@@ -153,15 +188,13 @@ class AuthService {
      * Refresh access token with race condition protection
      */
     async refreshAccessToken(refreshToken) {
+        if (this.currentAuthStatus === exports.AuthStatus.AUTH_FAILED) {
+            throw new Error('Auth failure has occurred, cannot refresh token');
+        }
         if (this.activeRefreshPromise) {
-            try {
-                return await this.activeRefreshPromise;
-            }
-            catch (error) {
-                console.warn('[AuthService] Active refresh failed, attempting new refresh:', error);
-                this.activeRefreshPromise = null;
-            }
+            return await this.activeRefreshPromise;
         }
+        // Create the refresh promise
         this.activeRefreshPromise = this.performRefresh(refreshToken);
         try {
             return await this.activeRefreshPromise;
@@ -197,9 +230,16 @@ class AuthService {
      * Handle authentication failure with proper cleanup
      * Centralized method to avoid redundant token cleanup logic
      */
-    async handleAuthFailure(reason) {
-        console.warn(`[AuthService] ${reason}, clearing all tokens`);
+    async handleAuthFailure() {
+        if (this.currentAuthStatus === exports.AuthStatus.AUTH_FAILED) {
+            return;
+        }
+        // Clear active refresh operations to prevent hanging promises
+        this.activeRefreshPromise = null;
+        // Clear all stored tokens
         await this.clearTokens();
+        // Emit auth failure status to notify the app
+        await this.emitAuthStatus(exports.AuthStatus.AUTH_FAILED);
     }
     /**
      * Check if we have valid authentication tokens
@@ -232,6 +272,8 @@ class AuthService {
             if (authType && extendedProvider.setAuthType) {
                 await extendedProvider.setAuthType(authType);
             }
+            // Emit authenticated status on successful token storage
+            await this.emitAuthStatus(exports.AuthStatus.AUTHENTICATED);
         }
         catch (error) {
             console.warn('[AuthService] Failed to store tokens:', error);
@@ -259,13 +301,13 @@ class TokenRefreshManager {
                 const refreshSuccess = await this.attemptInternalRefresh();
                 if (!refreshSuccess) {
                     // Failed to refresh - delegate cleanup to AuthService  
-                    await this.authService.handleAuthFailure('Failed to refresh expired token');
+                    await this.authService.handleAuthFailure();
                 }
             }
         }
         catch (error) {
             // Delegate token cleanup to AuthService for consistency
-            await this.authService.handleAuthFailure('Token validation failed');
+            await this.authService.handleAuthFailure();
         }
     }
     async attemptInternalRefresh() {
@@ -274,7 +316,11 @@ class TokenRefreshManager {
             return true;
         }
         catch (error) {
-            console.warn('[TokenRefreshManager] Internal refresh failed:', error);
+            // Check if this is a 401 error and set auth failure flag
+            const isAuthError = error && typeof error === 'object' && 'status' in error && error.status === 401;
+            if (isAuthError) {
+                await this.authService.handleAuthFailure();
+            }
             return false;
         }
     }
@@ -412,26 +458,23 @@ class DefaultAuthProvider {
     async getProjectKey() {
         return this.config.projectKey || null;
     }
-    async onTokenExpired() {
+    async onAuthStatusChange(status) {
         try {
-            if (this.config.onTokenExpired) {
-                await this.config.onTokenExpired();
-                // No need to clear tokens here - caller (PersApiClient) will handle cleanup if this fails
-                return;
-            }
-            if (this.config.tokenProvider) {
+            // Handle provider-level responsibilities first
+            if (status === exports.AuthStatus.TOKEN_EXPIRED && this.config.tokenProvider) {
                 const newToken = await this.config.tokenProvider();
                 if (newToken) {
                     await this.tokenManager.setAccessToken(newToken);
-                    this.config.onTokenRefreshed?.(newToken);
-                    return;
+                    // Don't return - still notify the app about the status
                 }
             }
-            // No recovery mechanism available - throw error to let caller handle cleanup
-            throw new Error('No token recovery mechanism available');
+            // Then delegate to config callback if available
+            if (this.config.onAuthStatusChange) {
+                await this.config.onAuthStatusChange(status);
+            }
         }
         catch (error) {
-            // Re-throw error to let caller (PersApiClient/AuthService) handle cleanup
+            // Re-throw error to let caller (AuthService) handle cleanup
             throw error;
         }
     }
@@ -561,32 +604,30 @@ class PersApiClient {
             // Error handling - proactive token refresh should prevent most 401s
             const status = web3ChainService.ErrorUtils.getStatus(error);
             const errorMessage = web3ChainService.ErrorUtils.getMessage(error);
-            // Fallback: reactive token refresh only if proactive check missed something
-            // Only retry once (retryCount === 0) and only for 401 errors
-            if (retryCount === 0 && this.mergedConfig.authProvider && status === 401) {
-                try {
-                    // First attempt: try internal refresh token before external callback
-                    const refreshSuccessful = await this.attemptInternalRefresh();
-                    if (!refreshSuccessful) {
-                        // Second attempt: call external onTokenExpired callback
-                        if (this.mergedConfig.authProvider.onTokenExpired) {
-                            await this.mergedConfig.authProvider.onTokenExpired();
-                        }
-                        else {
-                            console.warn('[PersApiClient] No refresh token or onTokenExpired callback available');
-                            throw new Error('No token refresh mechanism available');
+            // Handle 401 errors centrally through AuthService
+            if (status === 401) {
+                // Extract backend error details for better error reporting
+                const backendError = web3ChainService.ErrorUtils.extractBackendErrorDetails(error);
+                // If this IS a refresh request that failed with 401, don't retry to avoid infinite loop
+                if (options?.isRefreshRequest) {
+                    throw new web3ChainService.AuthenticationError(backendError.userMessage || backendError.message || 'Refresh token expired', endpoint, method, backendError.code, backendError.userMessage, backendError.title);
+                }
+                // For regular requests: try refresh once, then fail
+                if (retryCount === 0 && this.mergedConfig.authProvider) {
+                    try {
+                        const refreshSuccessful = await this.refreshManager.attemptInternalRefresh();
+                        if (refreshSuccessful) {
+                            // Retry the request with retryCount = 1 to prevent further retries
+                            return await this.request(method, endpoint, body, { ...options, retryCount: 1 });
                         }
                     }
-                    // Retry the request with retryCount = 1 to prevent further retries
-                    return await this.request(method, endpoint, body, { ...options, retryCount: 1 });
-                }
-                catch (refreshError) {
-                    // Delegate token cleanup to AuthService for consistency
-                    if (this.authService) {
-                        await this.authService.handleAuthFailure('Auth refresh failed in API client');
+                    catch (refreshError) {
+                        // Refresh failed - let auth service handle it
                     }
-                    throw new web3ChainService.PersApiError(`Auth refresh failed: ${refreshError.message || refreshError}`, endpoint, method, 401);
                 }
+                // Auth failure - let AuthService handle cleanup and notify app
+                await this.authService.handleAuthFailure();
+                throw new web3ChainService.AuthenticationError(backendError.userMessage || backendError.message || 'Authentication required', endpoint, method, backendError.code, backendError.userMessage, backendError.title);
             }
             throw new web3ChainService.PersApiError(errorMessage, endpoint, method, status || undefined, web3ChainService.ErrorUtils.isRetryable(error));
         }
@@ -4782,6 +4823,182 @@ class TenantManager {
     }
 }
 
+/**
+ * Platform-Agnostic API Key API Client
+ *
+ * Handles API key management operations for tenant admins.
+ * All operations require admin authentication and operate within tenant context.
+ */
+class ApiKeyApi {
+    constructor(apiClient) {
+        this.apiClient = apiClient;
+        this.basePath = '/api-keys';
+    }
+    /**
+     * ADMIN: Get all tenant API keys
+     *
+     * @param type Optional filter by integration API key type (database-stored tokens that can be revoked)
+     * @param includeRevoked Include revoked API keys in results (default: false)
+     * @returns Array of API keys for the current tenant
+     */
+    async getTenantApiKeys(type, includeRevoked = false) {
+        const params = new URLSearchParams();
+        if (type)
+            params.append('type', type);
+        if (includeRevoked)
+            params.append('includeRevoked', 'true');
+        const queryString = params.toString();
+        const url = queryString ? `${this.basePath}?${queryString}` : this.basePath;
+        return this.apiClient.get(url);
+    }
+    /**
+     * ADMIN: Create new API key
+     *
+     * @param type Type of API key to create
+     * @param name Name for the API key
+     * @returns Created API key with the actual key (store securely - only returned once)
+     */
+    async createApiKey(req) {
+        return this.apiClient.post(this.basePath, req);
+    }
+    /**
+     * ADMIN: Revoke API key
+     *
+     * @param apiKeyId Unique identifier of the API key to revoke
+     * @returns API key verification details with revocation status
+     */
+    async revokeApiKey(apiKeyId) {
+        return this.apiClient.delete(`${this.basePath}/${apiKeyId}`);
+    }
+}
+
+/**
+ * API Key Manager
+ *
+ * Provides high-level API key management operations for tenant admins.
+ * Handles JWT token creation, API key listing, and revocation with proper error handling.
+ *
+ * **Admin Access Required**: All operations require tenant admin authentication
+ *
+ * @example
+ * ```typescript
+ * // Create JWT token for tenant
+ * const jwtToken = await sdk.apiKeys.createJwtToken('Frontend App');
+ * console.log('Store this JWT securely:', jwtToken.key);
+ *
+ * // List all tenant API keys
+ * const apiKeys = await sdk.apiKeys.listApiKeys();
+ * apiKeys.forEach(key => {
+ *   console.log(`${key.name} (${key.type}) - Active: ${key.isActive}`);
+ * });
+ *
+ * // Revoke an API key
+ * await sdk.apiKeys.revokeApiKey('key-id-to-revoke');
+ * ```
+ */
+class ApiKeyManager {
+    constructor(apiClient) {
+        this.apiKeyApi = new ApiKeyApi(apiClient);
+    }
+    // ==========================================
+    // TENANT API KEY OPERATIONS (Admin Only)
+    // ==========================================
+    /**
+     * Get all API keys for the current tenant
+     *
+     * **Admin Only**: Requires tenant admin authentication
+     *
+     * @param type Optional filter by integration API key type (database-stored tokens)
+     * @param includeRevoked Include revoked API keys in results (default: false)
+     * @returns Array of API keys with metadata (excludes actual key values)
+     *
+     * @example
+     * ```typescript
+     * // Get all active API keys
+     * const allKeys = await sdk.apiKeys.listApiKeys();
+     *
+     * // Get only active JWT tokens
+     * const jwtKeys = await sdk.apiKeys.listApiKeys('TENANT_SYSTEM_JWT');
+     *
+     * // Get all JWT tokens including revoked ones
+     * const allJwtKeys = await sdk.apiKeys.listApiKeys('TENANT_SYSTEM_JWT', true);
+     * ```
+     */
+    async listApiKeys(type, includeRevoked = false) {
+        try {
+            return await this.apiKeyApi.getTenantApiKeys(type, includeRevoked);
+        }
+        catch (error) {
+            console.error('[ApiKeyManager] Failed to list API keys:', error);
+            throw error;
+        }
+    }
+    /**
+     * Create a new API key with specified type
+     *
+     * **Admin Only**: Requires tenant admin authentication
+     * **Security Warning**: The returned API key is only shown once - store it securely
+     *
+     * @param type Type of API key to create
+     * @param name Human-readable name for the API key
+     * @returns Created API key with the actual key value
+     *
+     * @example
+     * ```typescript
+     * // Create a JWT token
+     * const jwtKey = await sdk.apiKeys.createApiKey('TENANT_SYSTEM_JWT', 'Frontend App');
+     * console.log('Store this JWT securely:', jwtKey.privateKey);
+     * ```
+     */
+    async createApiKey(req) {
+        try {
+            return await this.apiKeyApi.createApiKey(req);
+        }
+        catch (error) {
+            console.error('[ApiKeyManager] Failed to create API key:', error);
+            throw error;
+        }
+    }
+    /**
+     * Permanently revoke an API key
+     *
+     * **Admin Only**: Requires tenant admin authentication
+     * **Warning**: This operation cannot be undone. The API key will be permanently disabled.
+     *
+     * @param apiKeyId Unique identifier of the API key to revoke
+     * @returns API key verification details with revocation status
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   // List keys to find the one to revoke
+     *   const apiKeys = await sdk.apiKeys.listApiKeys();
+     *   const oldKey = apiKeys.find(key => key.name === 'Old Frontend App');
+     *
+     *   if (oldKey) {
+     *     const result = await sdk.apiKeys.revokeApiKey(oldKey.id);
+     *     console.log('Revocation successful:', result.success);
+     *     if (result.apiKey) {
+     *       console.log('Revoked key:', result.apiKey.name);
+     *     }
+     *   }
+     * } catch (error) {
+     *   console.error('Failed to revoke API key:', error.message);
+     * }
+     * ```
+     */
+    async revokeApiKey(apiKeyId) {
+        try {
+            const result = await this.apiKeyApi.revokeApiKey(apiKeyId);
+            return result;
+        }
+        catch (error) {
+            console.error('[ApiKeyManager] Failed to revoke API key:', error);
+            throw error;
+        }
+    }
+}
+
 /**
  * Analytics Manager - Clean, high-level interface for analytics operations
  *
@@ -5339,6 +5556,7 @@ class PersSDK {
         this._purchases = new PurchaseManager(this.apiClient);
         this._files = new FileManager(this.apiClient);
         this._tenants = new TenantManager(this.apiClient);
+        this._apiKeys = new ApiKeyManager(this.apiClient);
         this._analytics = new AnalyticsManager(this.apiClient);
         this._donations = new DonationManager(this.apiClient);
         this._web3 = new Web3Manager(this.apiClient);
@@ -5512,6 +5730,30 @@ class PersSDK {
     get tenants() {
         return this._tenants;
     }
+    /**
+     * API Key manager - High-level API key management operations (Admin Only)
+     *
+     * Provides methods for creating, listing, and revoking API keys for the tenant.
+     * All operations require tenant admin authentication.
+     *
+     * @returns ApiKeyManager instance
+     *
+     * @example API Key Operations
+     * ```typescript
+     * // Create a JWT token for frontend authentication
+     * const jwtToken = await sdk.apiKeys.createJwtToken('Frontend App');
+     * console.log('Store this JWT securely:', jwtToken.key);
+     *
+     * // List all API keys
+     * const apiKeys = await sdk.apiKeys.listApiKeys();
+     *
+     * // Revoke an old API key
+     * await sdk.apiKeys.revokeApiKey('old-key-id');
+     * ```
+     */
+    get apiKeys() {
+        return this._apiKeys;
+    }
     /**
      * Analytics manager - High-level analytics operations
      *
@@ -5597,6 +5839,8 @@ function createPersSDK(httpClient, config) {
 }
 
 exports.AnalyticsManager = AnalyticsManager;
+exports.ApiKeyApi = ApiKeyApi;
+exports.ApiKeyManager = ApiKeyManager;
 exports.AuthApi = AuthApi;
 exports.AuthManager = AuthManager;
 exports.AuthService = AuthService;
@@ -5627,4 +5871,4 @@ exports.detectEnvironment = detectEnvironment;
 exports.environment = environment;
 exports.mergeWithDefaults = mergeWithDefaults;
 exports.warnIfProblematicEnvironment = warnIfProblematicEnvironment;
-//# sourceMappingURL=pers-sdk-tfJJbxVi.cjs.map
+//# sourceMappingURL=pers-sdk-CCegy2bB.cjs.map