@freemius/sdk 0.0.6 → 0.2.0

package/dist/index.mjs

@@ -21,6 +21,14 @@ let CURRENCY = /* @__PURE__ */ function(CURRENCY$1) {
 	return CURRENCY$1;
 }({});
 
+//#endregion
+//#region src/contracts/webhook.ts
+let WebhookAuthenticationMethod = /* @__PURE__ */ function(WebhookAuthenticationMethod$1) {
+	WebhookAuthenticationMethod$1["SignatureHeader"] = "SignatureHeader";
+	WebhookAuthenticationMethod$1["Api"] = "Api";
+	return WebhookAuthenticationMethod$1;
+}({});
+
 //#endregion
 //#region src/api/parser.ts
 function idToNumber(id) {
@@ -86,9 +94,60 @@ function parsePaymentMethod(gateway) {
 	return gateway?.startsWith("stripe") ? "card" : gateway?.startsWith("paypal") ? "paypal" : null;
 }
 
+//#endregion
+//#region src/errors/ActionError.ts
+var ActionError = class ActionError extends Error {
+	statusCode;
+	validationIssues;
+	constructor(message, statusCode = 400, validationIssues) {
+		super(message);
+		this.name = "ActionError";
+		this.statusCode = statusCode;
+		this.validationIssues = validationIssues;
+	}
+	toResponse() {
+		const errorResponse = { message: this.message };
+		if (this.validationIssues) errorResponse.issues = this.validationIssues;
+		return Response.json(errorResponse, { status: this.statusCode });
+	}
+	static badRequest(message) {
+		return new ActionError(message, 400);
+	}
+	static unauthorized(message = "Unauthorized") {
+		return new ActionError(message, 401);
+	}
+	static notFound(message = "Not found") {
+		return new ActionError(message, 404);
+	}
+	static validationFailed(message, validationIssues) {
+		return new ActionError(message, 400, validationIssues);
+	}
+	static internalError(message = "Internal server error") {
+		return new ActionError(message, 500);
+	}
+};
+
+//#endregion
+//#region src/errors/WebhookError.ts
+var WebhookError = class extends Error {
+	statusCode;
+	constructor(message, statusCode = 400) {
+		super(message);
+		this.name = "WebhookError";
+		this.statusCode = statusCode;
+	}
+	toResponse() {
+		return {
+			status: this.statusCode,
+			success: false,
+			error: this.message
+		};
+	}
+};
+
 //#endregion
 //#region package.json
-var version = "0.0.6";
+var version = "0.2.0";
 
 //#endregion
 //#region src/api/client.ts
@@ -399,6 +458,22 @@ var User = class extends ApiBase {
 		if (!this.isGoodResponse(response.response) || !response.data || !response.data) return null;
 		return response.data;
 	}
+	async retrieveHostedCustomerPortal(userId) {
+		const response = await this.client.POST(`/products/{product_id}/portal/login.json`, {
+			params: { path: { product_id: this.productId } },
+			body: { id: idToString(userId) }
+		});
+		if (!this.isGoodResponse(response.response) || !response.data) return null;
+		return response.data;
+	}
+	async retrieveHostedCustomerPortalByEmail(email) {
+		const response = await this.client.POST(`/products/{product_id}/portal/login.json`, {
+			params: { path: { product_id: this.productId } },
+			body: { email }
+		});
+		if (!this.isGoodResponse(response.response) || !response.data) return null;
+		return response.data;
+	}
 };
 
 //#endregion
@@ -436,6 +511,30 @@ var Payment = class extends ApiBase {
 	}
 };
 
+//#endregion
+//#region src/api/WebhookEvent.ts
+var WebhookEvent = class extends ApiBase {
+	async retrieve(eventId) {
+		const result = await this.client.GET(`/products/{product_id}/events/{event_id}.json`, { params: { path: {
+			product_id: this.productId,
+			event_id: this.getIdForPath(eventId)
+		} } });
+		if (!this.isGoodResponse(result.response) || !result.data || !result.data.id) return null;
+		return result.data;
+	}
+	async retrieveMany(filter, pagination) {
+		const result = await this.client.GET(`/products/{product_id}/events.json`, { params: {
+			path: { product_id: this.productId },
+			query: {
+				...this.getPagingParams(pagination),
+				...filter ?? {}
+			}
+		} });
+		if (!this.isGoodResponse(result.response) || !result.data || !Array.isArray(result.data.events)) return [];
+		return result.data.events;
+	}
+};
+
 //#endregion
 //#region src/utils/ops.ts
 function splitName(name) {
@@ -464,6 +563,7 @@ var ApiService = class {
 	product;
 	subscription;
 	payment;
+	event;
 	baseUrl;
 	constructor(productId, apiKey, secretKey, publicKey) {
 		this.secretKey = secretKey;
@@ -476,6 +576,7 @@ var ApiService = class {
 		this.product = new Product(this.productId, this.client);
 		this.subscription = new Subscription(this.productId, this.client);
 		this.payment = new Payment(this.productId, this.client);
+		this.event = new WebhookEvent(this.productId, this.client);
 	}
 	/**
 	* Low level API client for direct access to the Freemius API.
@@ -556,15 +657,7 @@ var ApiService = class {
 * Every method returns the existing instance of the builder for chainability,
 * The final `getOptions()` method returns the constructed `CheckoutOptions` object.
 */
-var Checkout = class Checkout {
-	static createSandboxToken(productId, secretKey, publicKey) {
-		const timestamp = Math.floor(Date.now() / 1e3).toString();
-		const token = `${timestamp}${productId}${secretKey}${publicKey}checkout`;
-		return {
-			ctx: timestamp,
-			token: createHash("md5").update(token).digest("hex")
-		};
-	}
+var Checkout = class {
 	options;
 	constructor(productId, publicKey, secretKey) {
 		this.productId = productId;
@@ -575,12 +668,11 @@ var Checkout = class Checkout {
 	/**
 	* Enables sandbox mode for testing purposes.
 	*
-	* @returns A new builder instance with sandbox configuration
 	*/
-	setSandbox() {
+	setSandbox(sandbox) {
 		this.options = {
 			...this.options,
-			sandbox: Checkout.createSandboxToken(this.productId, this.secretKey, this.publicKey)
+			sandbox
 		};
 		return this;
 	}
@@ -590,7 +682,6 @@ var Checkout = class Checkout {
 	* @param user User object with email and optional name fields. The shape matches the session from `better-auth` or next-auth packages. Also handles `null` or `undefined` gracefully.
 	* @param readonly If true, the user information will be read-only in the checkout session.
 	*
-	* @returns A new builder instance with user configuration
 	*/
 	setUser(user, readonly = true) {
 		if (!user) return this;
@@ -614,7 +705,6 @@ var Checkout = class Checkout {
 	* Applies recommended UI settings for better user experience.
 	* This includes fullscreen mode, upsells, refund badge, and reviews display.
 	*
-	* @returns A new builder instance with recommended UI settings
 	*/
 	setRecommendations() {
 		this.options = {
@@ -631,7 +721,6 @@ var Checkout = class Checkout {
 	* Sets the plan ID for the checkout.
 	*
 	* @param planId The plan ID to purchase
-	* @returns A new builder instance with plan ID set
 	*/
 	setPlan(planId) {
 		this.options = {
@@ -644,7 +733,6 @@ var Checkout = class Checkout {
 	* Sets the number of licenses to purchase.
 	*
 	* @param count Number of licenses
-	* @returns A new builder instance with license count set
 	*/
 	setQuota(count) {
 		this.options = {
@@ -672,7 +760,6 @@ var Checkout = class Checkout {
 	*
 	* @param coupon The coupon code to apply
 	* @param hideUI Whether to hide the coupon input field from users
-	* @returns A new builder instance with coupon configuration
 	*/
 	setCoupon(options) {
 		const { code: coupon, hideUI = false } = options;
@@ -687,7 +774,6 @@ var Checkout = class Checkout {
 	* Enables trial mode for the checkout.
 	*
 	* @param mode Trial type - true/false for plan default, or specific 'free'/'paid' mode
-	* @returns A new builder instance with trial configuration
 	*/
 	setTrial(mode = true) {
 		this.options = {
@@ -700,7 +786,6 @@ var Checkout = class Checkout {
 	* Configures the visual layout and appearance of the checkout.
 	*
 	* @param options Appearance configuration options
-	* @returns A new builder instance with appearance configuration
 	*/
 	setAppearance(options) {
 		this.options = { ...this.options };
@@ -715,7 +800,6 @@ var Checkout = class Checkout {
 	* Configures discount display settings.
 	*
 	* @param options Discount configuration options
-	* @returns A new builder instance with discount configuration
 	*/
 	setDiscounts(options) {
 		this.options = { ...this.options };
@@ -730,7 +814,6 @@ var Checkout = class Checkout {
 	*
 	* @param selector Type of billing cycle selector to show
 	* @param defaultCycle Default billing cycle to select
-	* @returns A new builder instance with billing cycle configuration
 	*/
 	setBillingCycle(defaultCycle, selector) {
 		this.options = { ...this.options };
@@ -742,7 +825,6 @@ var Checkout = class Checkout {
 	* Sets the language/locale for the checkout.
 	*
 	* @param locale Language setting - 'auto', 'auto-beta', or specific locale like 'en_US'
-	* @returns A new builder instance with locale configuration
 	*/
 	setLanguage(locale = "auto") {
 		this.options = {
@@ -755,7 +837,6 @@ var Checkout = class Checkout {
 	* Configures review and badge display settings.
 	*
 	* @param options Review and badge configuration
-	* @returns A new builder instance with reviews and badges configuration
 	*/
 	setSocialProofing(options) {
 		this.options = { ...this.options };
@@ -771,7 +852,6 @@ var Checkout = class Checkout {
 	* @param currency Primary currency or 'auto' for automatic detection
 	* @param defaultCurrency Default currency when using 'auto'
 	* @param showInlineSelector Whether to show inline currency selector
-	* @returns A new builder instance with currency configuration
 	*/
 	setCurrency(currency, defaultCurrency = "usd", showInlineSelector = true) {
 		this.options = {
@@ -787,7 +867,6 @@ var Checkout = class Checkout {
 	*
 	* @param cancelUrl URL for back button when in page mode
 	* @param cancelIcon Custom cancel icon URL
-	* @returns A new builder instance with navigation configuration
 	*/
 	setCancelButton(cancelUrl, cancelIcon) {
 		this.options = { ...this.options };
@@ -799,7 +878,6 @@ var Checkout = class Checkout {
 	* Associates purchases with an affiliate account.
 	*
 	* @param userId Affiliate user ID
-	* @returns A new builder instance with affiliate configuration
 	*/
 	setAffiliate(userId) {
 		this.options = {
@@ -812,7 +890,6 @@ var Checkout = class Checkout {
 	* Sets a custom image/icon for the checkout.
 	*
 	* @param imageUrl Secure HTTPS URL to the image
-	* @returns A new builder instance with custom image
 	*/
 	setImage(imageUrl) {
 		this.options = {
@@ -822,12 +899,13 @@ var Checkout = class Checkout {
 		return this;
 	}
 	/**
-	* Configures the checkout for license renewal.
+	* Configures the checkout for license renewal or upgrade by the license key.
+	*
+	* @note - This is less secure since it exposes the license key to the client. Use only in authenticated contexts.
 	*
 	* @param licenseKey The license key to renew
-	* @returns A new builder instance configured for renewal
 	*/
-	setLicenseRenewal(licenseKey) {
+	setLicenseUpgradeByKey(licenseKey) {
 		this.options = {
 			...this.options,
 			license_key: licenseKey
@@ -835,9 +913,20 @@ var Checkout = class Checkout {
 		return this;
 	}
 	/**
-	* Builds and returns the final checkout options to be used with the `@freemius/checkout` package.
+	* Configures the checkout for license upgrade using an authorization token.
 	*
-	* @note - This is async by purpose so that we can allow for future enhancements that might require async operations.
+	* @param params The license upgrade authorization parameters
+	*/
+	setLicenseUpgradeByAuth(params) {
+		this.options = {
+			...this.options,
+			license_id: params.licenseId,
+			authorization: params.authorization
+		};
+		return this;
+	}
+	/**
+	* Builds and returns the final checkout options to be used with the `@freemius/checkout` package.
 	*
 	* @returns The constructed CheckoutOptions object
 	*/
@@ -846,8 +935,6 @@ var Checkout = class Checkout {
 	}
 	/**
 	* Generates a checkout link based on the current builder state.
-	*
-	* @note - This is async by purpose so that we can allow for future enhancements that might require async operations.
 	*/
 	getLink() {
 		const checkoutOptions = convertCheckoutOptionsToQueryParams(this.options);
@@ -868,39 +955,6 @@ var Checkout = class Checkout {
 	}
 };
 
-//#endregion
-//#region src/errors/ActionError.ts
-var ActionError = class ActionError extends Error {
-	statusCode;
-	validationIssues;
-	constructor(message, statusCode = 400, validationIssues) {
-		super(message);
-		this.name = "ActionError";
-		this.statusCode = statusCode;
-		this.validationIssues = validationIssues;
-	}
-	toResponse() {
-		const errorResponse = { message: this.message };
-		if (this.validationIssues) errorResponse.issues = this.validationIssues;
-		return Response.json(errorResponse, { status: this.statusCode });
-	}
-	static badRequest(message) {
-		return new ActionError(message, 400);
-	}
-	static unauthorized(message = "Unauthorized") {
-		return new ActionError(message, 401);
-	}
-	static notFound(message = "Not found") {
-		return new ActionError(message, 404);
-	}
-	static validationFailed(message, validationIssues) {
-		return new ActionError(message, 400, validationIssues);
-	}
-	static internalError(message = "Internal server error") {
-		return new ActionError(message, 500);
-	}
-};
-
 //#endregion
 //#region src/checkout/PricingRetriever.ts
 var PricingRetriever = class {
@@ -933,7 +987,10 @@ var PurchaseProcessor = class {
 		return request.method === "POST" && action === "process_purchase";
 	}
 	async processAction(request) {
-		const purchaseSchema = zod.object({ purchase: zod.object({ license_id: zod.string() }) });
+		const purchaseSchema = zod.object({
+			purchase: zod.object({ license_id: zod.string() }).optional(),
+			trial: zod.object({ license_id: zod.string() }).optional()
+		});
 		const contentType = request.headers.get("content-type");
 		if (!contentType || !contentType.includes("application/json")) throw ActionError.badRequest("Invalid content type. Expected application/json");
 		let requestBody;
@@ -944,7 +1001,8 @@ var PurchaseProcessor = class {
 		}
 		const parseResult = purchaseSchema.safeParse(requestBody);
 		if (!parseResult.success) throw ActionError.validationFailed("Invalid request body format", parseResult.error.issues);
-		const { purchase: { license_id: licenseId } } = parseResult.data;
+		const licenseId = parseResult.data.purchase?.license_id ?? parseResult.data.trial?.license_id;
+		if (!licenseId) throw ActionError.badRequest("License ID is required in the request body, either from purchase or from trial.");
 		const purchase = await this.purchase.retrievePurchase(licenseId);
 		if (!purchase) throw ActionError.notFound("No purchase data found for the provided license ID");
 		if (this.callback) {
@@ -962,11 +1020,13 @@ var CheckoutRedirectInfo = class {
 	plan_id;
 	email;
 	pricing_id;
-	currency;
+	action;
 	license_id;
 	expiration;
 	quota;
-	action;
+	trial;
+	trial_ends_at;
+	currency;
 	amount;
 	tax;
 	type;
@@ -978,17 +1038,19 @@ var CheckoutRedirectInfo = class {
 		this.plan_id = idToString(data.plan_id);
 		this.email = data.email;
 		this.pricing_id = idToString(data.pricing_id);
-		this.currency = data.currency ? parseCurrency(data.currency) : CURRENCY.USD;
+		this.action = data.action ? data.action : "purchase";
 		this.license_id = idToString(data.license_id);
 		this.expiration = data.expiration ? parseDateTime(data.expiration) : null;
 		this.quota = data.quota ? parseNumber(data.quota) : null;
-		this.action = data.action ? data.action : null;
+		this.trial = data.trial ? data.trial : null;
+		this.trial_ends_at = data.trial_ends_at ? parseDateTime(data.trial_ends_at) : null;
+		this.currency = data.currency ? parseCurrency(data.currency) : CURRENCY.USD;
 		this.amount = parseNumber(data.amount);
 		this.tax = parseNumber(data.tax);
 		this.subscription_id = data.subscription_id ? idToString(data.subscription_id) : null;
 		this.billing_cycle = data.billing_cycle ? parseBillingCycle(data.billing_cycle) : null;
 		this.payment_id = data.payment_id ? idToString(data.payment_id) : null;
-		this.type = this.subscription_id ? "subscription" : "one-off";
+		this.type = this.subscription_id ? "subscription" : this.payment_id ? "one-off" : null;
 	}
 	isSubscription() {
 		return this.type === "subscription";
@@ -999,17 +1061,19 @@ var CheckoutRedirectInfo = class {
 			plan_id: this.plan_id,
 			email: this.email,
 			pricing_id: this.pricing_id,
-			currency: this.currency,
 			license_id: this.license_id,
 			expiration: this.expiration,
 			quota: this.quota,
+			trial: this.trial,
+			trial_ends_at: this.trial_ends_at,
+			currency: this.currency,
 			action: this.action,
 			amount: this.amount,
 			tax: this.tax,
-			type: this.type,
 			subscription_id: this.subscription_id,
 			billing_cycle: this.billing_cycle,
-			payment_id: this.payment_id
+			payment_id: this.payment_id,
+			type: this.type
 		};
 	}
 };
@@ -1053,11 +1117,16 @@ var RedirectProcessor = class {
 		}
 		const cleanUrl = this.getCleanUrl(url.href);
 		const calculatedSignature = createHmac("sha256", this.secretKey).update(cleanUrl).digest("hex");
-		const result = timingSafeEqual(Buffer.from(calculatedSignature), Buffer.from(signature));
-		if (!result) return null;
-		const params = Object.fromEntries(url.searchParams.entries());
-		if (!params.user_id || !params.plan_id || !params.pricing_id || !params.email) return null;
-		return new CheckoutRedirectInfo(params);
+		try {
+			const result = timingSafeEqual(Buffer.from(calculatedSignature), Buffer.from(signature));
+			if (!result) return null;
+			const params = Object.fromEntries(url.searchParams.entries());
+			if (!params.user_id || !params.plan_id || !params.pricing_id || !params.email) return null;
+			return new CheckoutRedirectInfo(params);
+		} catch (e) {
+			console.error("Error getting redirection information:", e);
+			return null;
+		}
 	}
 	getCleanUrl(url) {
 		const signatureParam = "&signature=";
@@ -1081,9 +1150,6 @@ var CheckoutRequestProcessor = class {
 		return (request) => this.process(config, request);
 	}
 	async process(config, request) {
-		const url = new URL(request.url);
-		const action = url.searchParams.get("action");
-		if (!action) return Response.json({ error: "Action parameter is required" }, { status: 400 });
 		const actionHandlers = [
 			this.getPricingRetriever(),
 			this.getRedirectProcessor({
@@ -1145,7 +1211,8 @@ var CheckoutRequestProcessor = class {
 //#region src/services/CheckoutService.ts
 var CheckoutService = class {
 	request;
-	constructor(productId, publicKey, secretKey, purchase, pricing) {
+	constructor(api, productId, publicKey, secretKey, purchase, pricing) {
+		this.api = api;
 		this.productId = productId;
 		this.publicKey = publicKey;
 		this.secretKey = secretKey;
@@ -1186,16 +1253,20 @@ var CheckoutService = class {
 	* @example
 	*/
 	async create(options = {}) {
-		const { user, isSandbox = false, withRecommendation = true, title, image, planId, quota, trial } = options;
+		const { user, isSandbox = false, withRecommendation = true, title, image, planId, quota, trial, licenseId } = options;
 		const builder = new Checkout(idToString(this.productId), this.publicKey, this.secretKey);
 		if (user) builder.setUser(user, true);
 		if (withRecommendation) builder.setRecommendations();
-		if (isSandbox) builder.setSandbox();
+		if (isSandbox) builder.setSandbox(await this.getSandboxParams());
 		if (title) builder.setTitle(title);
 		if (image) builder.setImage(image);
 		if (planId) builder.setPlan(planId);
 		if (quota) builder.setQuota(quota);
 		if (trial) builder.setTrial(trial);
+		if (licenseId) {
+			const authorization = await this.getLicenseUpgradeAuth(licenseId);
+			builder.setLicenseUpgradeByAuth(authorization);
+		}
 		return builder;
 	}
 	/**
@@ -1204,12 +1275,28 @@ var CheckoutService = class {
 	* This shouldn't be used in production, but is useful for testing purposes.
 	*
 	* @note This is intentionally set as `async` because we would use the API in the future to generate more fine grained sandbox params (for example for a specific email address only).
-	*
-	* @todo - This has a duplication with the `inSandbox` method in the builder. Consider refactoring to avoid this duplication.
-	*         Also think about whether we should make the builder's `inSandbox` method async as well.
 	*/
 	async getSandboxParams() {
-		return Checkout.createSandboxToken(idToString(this.productId), this.secretKey, this.publicKey);
+		const productId = idToString(this.productId);
+		const timestamp = Math.floor(Date.now() / 1e3).toString();
+		const token = `${timestamp}${productId}${this.secretKey}${this.publicKey}checkout`;
+		return {
+			ctx: timestamp,
+			token: createHash("md5").update(token).digest("hex")
+		};
+	}
+	/**
+	* Retrieves the license upgrade authorization for a given license ID.
+	*
+	* This is used to authorize a license upgrade during the checkout process. Useful when creating upgrade links for existing users.
+	*/
+	async getLicenseUpgradeAuth(licenseId) {
+		const auth = await this.api.license.retrieveCheckoutUpgradeAuthorization(licenseId);
+		if (!auth) throw new Error("Failed to retrieve license upgrade authorization");
+		return {
+			licenseId,
+			authorization: auth
+		};
 	}
 	/**
 	* Processes a redirect URL and returns the checkout redirect information if valid.
@@ -1841,11 +1928,16 @@ var CustomerPortalService = class {
 //#endregion
 //#region src/webhook/WebhookListener.ts
 const SIGNATURE_HEADER = "x-signature";
+const DEFAULT_ERROR_HANDLER = async (error) => {
+	console.error("Webhook processing error:", error);
+};
 var WebhookListener = class {
 	eventHandlers = /* @__PURE__ */ new Map();
-	constructor(secretKey, onError = console.error) {
+	constructor(api, secretKey, onError = DEFAULT_ERROR_HANDLER, authenticationMethod = WebhookAuthenticationMethod.SignatureHeader) {
+		this.api = api;
 		this.secretKey = secretKey;
 		this.onError = onError;
+		this.authenticationMethod = authenticationMethod;
 	}
 	on(typeOrTypes, handler) {
 		const types = Array.isArray(typeOrTypes) ? typeOrTypes : [typeOrTypes];
@@ -1913,40 +2005,52 @@ var WebhookListener = class {
 	* Returns an object you can map to your framework's response easily.
 	*/
 	async process(input) {
-		const sig = this.getHeader(SIGNATURE_HEADER, input.headers);
-		if (!this.verifySignature(input.rawBody, sig)) return {
-			status: 401,
-			success: false,
-			error: "Invalid signature"
-		};
-		let evt;
 		try {
-			const parsed = JSON.parse(typeof input.rawBody === "string" ? input.rawBody : input.rawBody.toString("utf8"));
-			if (!parsed || typeof parsed.type !== "string") return {
-				status: 400,
-				success: false,
-				error: "Invalid payload"
-			};
-			evt = parsed;
-		} catch {
+			const event = this.authenticationMethod === WebhookAuthenticationMethod.SignatureHeader ? await this.authenticateAndGetEventFromInput(input) : await this.authenticateAndGetEventFromApi(input);
+			return this.processEvent(event);
+		} catch (error) {
+			if (error instanceof WebhookError) return error.toResponse();
 			return {
-				status: 400,
+				status: 500,
 				success: false,
-				error: "Malformed JSON"
+				error: "Internal Server Error"
 			};
 		}
-		const eventType = evt.type;
+	}
+	async authenticateAndGetEventFromInput(input) {
+		const sig = this.getHeader(SIGNATURE_HEADER, input.headers);
+		if (!this.verifySignature(input.rawBody, sig)) throw new WebhookError("Invalid signature", 401);
+		return this.parseEventFromInput(input);
+	}
+	async authenticateAndGetEventFromApi(input) {
+		const jsonPayload = this.parseEventFromInput(input);
+		if (!jsonPayload.id) throw new WebhookError("Invalid payload");
+		const event = await this.api.event.retrieve(jsonPayload.id);
+		if (!event) throw new WebhookError("Event not found", 404);
+		return event;
+	}
+	parseEventFromInput(input) {
+		try {
+			const parsed = JSON.parse(typeof input.rawBody === "string" ? input.rawBody : input.rawBody.toString("utf8"));
+			if (!parsed || typeof parsed.type !== "string") throw new WebhookError("Invalid payload");
+			return parsed;
+		} catch {
+			throw new WebhookError("Malformed JSON");
+		}
+	}
+	async processEvent(event) {
+		const eventType = event.type;
 		const eventHandlers = this.eventHandlers.get(eventType);
 		if (!eventHandlers || eventHandlers.size === 0) console.warn(`No handlers registered for event type: ${eventType}`);
 		try {
 			const promises = Array.from(eventHandlers || []).map((handler) => {
 				const typedHandler = handler;
-				const typedEvent = evt;
+				const typedEvent = event;
 				return typedHandler(typedEvent);
 			});
 			await Promise.all(promises);
 		} catch (error) {
-			this.onError?.(error);
+			await this.onError?.(error);
 			return {
 				status: 500,
 				success: false,
@@ -1970,11 +2074,13 @@ var WebhookListener = class {
 //#endregion
 //#region src/services/WebhookService.ts
 var WebhookService = class {
-	constructor(secretKey) {
+	constructor(api, secretKey) {
+		this.api = api;
 		this.secretKey = secretKey;
 	}
-	createListener(onError) {
-		return new WebhookListener(this.secretKey, onError);
+	createListener(config = {}) {
+		const { onError, authenticationMethod } = config;
+		return new WebhookListener(this.api, this.secretKey, onError, authenticationMethod);
 	}
 	createRequestProcessor(listener) {
 		return (request) => this.processFetch(listener, request);
@@ -2476,12 +2582,12 @@ var Freemius = class {
 		this.auth = new AuthService(productId, secretKey);
 		this.pricing = new PricingService(this.api);
 		this.purchase = new PurchaseService(this.api);
-		this.checkout = new CheckoutService(productId, publicKey, secretKey, this.purchase, this.pricing);
+		this.checkout = new CheckoutService(this.api, productId, publicKey, secretKey, this.purchase, this.pricing);
 		this.customerPortal = new CustomerPortalService(this.api, this.checkout, this.auth, this.purchase);
-		this.webhook = new WebhookService(secretKey);
+		this.webhook = new WebhookService(this.api, secretKey);
 	}
 };
 
 //#endregion
-export { BILLING_CYCLE, CURRENCY, Freemius, idToNumber, idToString, isIdsEqual, parseBillingCycle, parseCurrency, parseDate, parseDateTime, parseNumber, parsePaymentMethod };
+export { ActionError, BILLING_CYCLE, CURRENCY, Freemius, WebhookAuthenticationMethod, WebhookError, idToNumber, idToString, isIdsEqual, parseBillingCycle, parseCurrency, parseDate, parseDateTime, parseNumber, parsePaymentMethod };
 //# sourceMappingURL=index.mjs.map