@healthcloudai/hc-safe-cdx 0.1.1 → 0.1.2

package/README.md

@@ -2,23 +2,28 @@
 
 Safe CDX connector provides a thin TypeScript wrapper around Safe CDX API routes.
 
-The connector is designed to work with the shared `HttpClient` from `@healthcloudai/hc-http`, the same way as other Health Cloud connector modules. It does not implement its own transport layer for standard API calls.
+The connector follows the same shared-client pattern used by other Health Cloud connector modules:
 
-Standard Safe CDX API calls are executed through the injected `HttpClient`.
+- `HttpClient` handles HTTP transport.
+- `HCLoginClient` provides the authenticated request headers.
+- `HCSafeCDXClient` builds Safe CDX URLs, wraps request payloads, and exposes one method per Safe CDX route.
+
+Safe CDX has its own API host. The connector uses `HCLoginClient` for authentication only; it does not use `loginClient.getBaseUrl()` for Safe CDX routes.
 
 Image upload is handled separately because the upload target is a pre-signed S3 URL, not a Safe CDX API route.
 
 ## Installation
 
 ```sh
-npm install @healthcloudai/hc-safe-cdx @healthcloudai/hc-http
+npm install @healthcloudai/hc-safe-cdx @healthcloudai/hc-http @healthcloudai/hc-login-connector
 ```
 
 ## Import
 
 ```ts
 import { FetchClient } from "@healthcloudai/hc-http";
-import { SafeCDXClient } from "@healthcloudai/hc-safe-cdx";
+import { HCLoginClient } from "@healthcloudai/hc-login-connector";
+import { HCSafeCDXClient } from "@healthcloudai/hc-safe-cdx";
 ```
 
 ## Basic Setup
@@ -26,47 +31,85 @@ import { SafeCDXClient } from "@healthcloudai/hc-safe-cdx";
 ```ts
 const http = new FetchClient();
 
-const safeCdx = new SafeCDXClient(http, {
+const loginClient = new HCLoginClient(http);
+
+// Configure and authenticate the login client first.
+// Exact login/configuration calls depend on the login connector setup used by the app.
+
+const safeCdx = new HCSafeCDXClient(http, loginClient, {
   environment: "dev",
   defaultLanguage: "en",
   defaultImageType: "jpg",
 });
+```
+
+The connector does not perform login. The consuming application should authenticate through the Health Cloud login connector first. Safe CDX then reuses the authenticated headers from `loginClient.getAuthHeader()`.
+
+There is no `setAccessToken()` step in this version of the client.
+
+## Dependency Notes
+
+Because `HCSafeCDXClient` accepts `HCLoginClient` in the constructor, `@healthcloudai/hc-login-connector` should be included as a package dependency.
 
-safeCdx.setAccessToken(patientAccessToken);
+Example package configuration:
+
+```json
+{
+  "dependencies": {
+    "@healthcloudai/hc-http": "^0.x.x",
+    "@healthcloudai/hc-login-connector": "^0.x.x"
+  }
+}
 ```
 
-The connector requires a logged-in patient token.
+In a workspace setup, use the same dependency versioning strategy already used by the other connector packages.
 
-The connector does not perform login. Login should be handled through the patient authentication flow first. After login, the patient token should be passed to Safe CDX by calling `setAccessToken()`.
+Example:
+
+```json
+{
+  "dependencies": {
+    "@healthcloudai/hc-http": "workspace:*",
+    "@healthcloudai/hc-login-connector": "workspace:*"
+  }
+}
+```
 
 ## How the Client Works
 
-The client follows the same structure as the other Health Cloud connector modules:
+The client receives both the HTTP client and the login client:
 
 ```ts
 const http = new FetchClient();
-const safeCdx = new SafeCDXClient(http, config);
+const loginClient = new HCLoginClient(http);
+
+const safeCdx = new HCSafeCDXClient(http, loginClient, {
+  environment: "dev",
+});
 ```
 
 The shared `HttpClient` is responsible for executing HTTP requests.
 
+The `HCLoginClient` is responsible for the authenticated request headers.
+
 The Safe CDX client is responsible for:
 
+- resolving the Safe CDX environment host
 - building Safe CDX URLs
-- resolving the environment host
-- adding the authorization header
+- adding auth headers from `HCLoginClient`
+- adding optional API key headers when configured
 - wrapping POST request payloads into `{ Data: payload }`
 - validating `ApiResponse` results where the backend returns `{ IsOK, Data, ErrorMessage }`
-- exposing one SDK method per API route
+- exposing one SDK method per Safe CDX route
 
-The Safe CDX client does not create its own internal `fetch` helpers for standard API routes.
+The Safe CDX client does not create its own internal `fetch` helpers for standard Safe CDX API routes.
 
 ## Environment Configuration
 
 The connector supports the following environments:
 
 ```ts
-const safeCdx = new SafeCDXClient(http, {
+const safeCdx = new HCSafeCDXClient(http, loginClient, {
   environment: "dev",
 });
 ```
@@ -77,35 +120,54 @@ Available environments:
 "dev" | "uat" | "prod"
 ```
 
-Environment host mapping is handled internally by the client.
+Safe CDX environment host mapping is handled internally by the connector:
 
-## Authorization
+```txt
+dev  -> dev-api-hcs.healthcloud-services.com
+uat  -> uat-api-hcs.healthcloud-services.com
+prod -> api-hcs.healthcloud-services.com
+```
 
-Safe CDX API calls require a Bearer token.
+These hosts are separate from the login connector base URL.
 
-```ts
-safeCdx.setAccessToken(patientAccessToken);
-```
+## Authentication
 
-The token may be passed with or without the `Bearer` prefix.
+Safe CDX API calls require authenticated Health Cloud headers.
 
-Both examples are valid:
+The connector gets those headers from:
 
 ```ts
-safeCdx.setAccessToken("eyJ...");
+loginClient.getAuthHeader()
 ```
 
+This means the login connector must be configured and authenticated before Safe CDX methods are called.
+
+Example flow:
+
 ```ts
-safeCdx.setAccessToken("Bearer eyJ...");
+const http = new FetchClient();
+
+const loginClient = new HCLoginClient(http);
+
+// loginClient.configure(...)
+// await loginClient.loginPatient(...)
+
+const safeCdx = new HCSafeCDXClient(http, loginClient, {
+  environment: "dev",
+});
 ```
 
-The client normalizes the value internally and sends it as:
+Safe CDX does not manually receive a token. It does not expose `setAccessToken()`. Auth is inherited from the configured login client.
+
+## Optional API Key Header
+
+If an API key header is required by the environment, it can be set on the Safe CDX client:
 
 ```ts
-Authorization: Bearer <token>
+safeCdx.setApiKey("x-api-key", apiKeyValue);
 ```
 
-If no token is set before calling an API method, the client throws a `SafeCDXError`.
+When configured, the API key header is added to Safe CDX API calls together with the login auth headers.
 
 ## Request Payload Wrapping
 
@@ -115,29 +177,38 @@ The SDK wraps the payload internally as:
 
 ```ts
 {
-  "Data": payload
+  Data: payload
 }
 ```
 
 Correct:
 
 ```ts
-await safeCdx.scan2Ddm({
-  // scan payload
+await safeCdx.submitAnswers({
+  UserTestResultId: userTestResultId,
+  Result: [
+    {
+      Analyte: "Purchase",
+      ReportedValue: "drug store",
+      StoredValue: "drug store",
+      Score: "0",
+    },
+  ],
 });
 ```
 
 Incorrect:
 
 ```ts
-await safeCdx.scan2Ddm({
+await safeCdx.submitAnswers({
   Data: {
-    // scan payload
-  }
+    UserTestResultId: userTestResultId,
+    Result: [],
+  },
 });
 ```
 
-The caller should not manually add the `Data` wrapper unless a specific method type explicitly requires it.
+The caller should not manually add the `Data` wrapper.
 
 ## API Response Handling
 
@@ -155,6 +226,8 @@ For these endpoints, the client validates `IsOK`.
 
 If `IsOK` is `false`, the client throws `SafeCDXError`.
 
+This validation exists because an HTTP `200` response does not always mean the backend operation succeeded. The HTTP client validates the transport layer, while the Safe CDX client validates the API response envelope.
+
 Some endpoints return a raw service result instead of the standard `ApiResponse` envelope. Those methods return the raw result directly.
 
 Raw result methods include:
@@ -189,13 +262,15 @@ A typical flow looks like this:
 ```ts
 const http = new FetchClient();
 
-const safeCdx = new SafeCDXClient(http, {
+const loginClient = new HCLoginClient(http);
+
+// Configure and authenticate loginClient first.
+
+const safeCdx = new HCSafeCDXClient(http, loginClient, {
   environment: "dev",
   defaultLanguage: "en",
   defaultImageType: "jpg",
 });
-
-safeCdx.setAccessToken(patientAccessToken);
 ```
 
 ### 1. Get available test profiles
@@ -344,6 +419,8 @@ const scan = await safeCdx.scan2Ddm(payload);
 
 Scans a 2D data matrix barcode and resolves the related test data.
 
+This method requires a real 2D DataMatrix payload. A plain GTIN should not be used as the DataMatrix payload.
+
 ### getTestProfile
 
 ```ts
@@ -513,6 +590,8 @@ const result = await safeCdx.submitAnswers(payload);
 
 Submits analyte answers for a test attempt.
 
+`Result` should contain at least one answer item. The connector does not generate analyte answers automatically.
+
 ### finalizeTest
 
 ```ts
@@ -521,38 +600,20 @@ const result = await safeCdx.finalizeTest(payload);
 
 Finalizes a test attempt with CTA, indication, and decision results.
 
-## Error Handling
-
-The connector throws `SafeCDXError` for connector-level errors.
-
-Examples:
-
-- invalid environment
-- missing access token
-- failed `ApiResponse` validation
-- failed image upload
-
-```ts
-try {
-  const profile = await safeCdx.getTestProfileByGTIN("850024942325");
-} catch (error) {
-  if (error instanceof SafeCDXError) {
-    console.error(error.message);
-    console.error(error.response);
-  }
-
-  throw error;
-}
-```
+The payload should include:
 
-HTTP-level errors from the shared `HttpClient` may also be thrown depending on the `HttpClient` implementation.
+- `UserTestResultId`
+- `ctaResult`
+- `indicationResult`
+- `decisionResult`
 
-For example, `FetchClient` from `@healthcloudai/hc-http` throws an HTTP error when the response status is not successful.
 
 ## Notes
 
 - The connector does not perform login.
-- The connector expects a valid patient token to be set before API calls.
+- The connector uses `HCLoginClient` for authenticated request headers.
+- The connector does not use `loginClient.getBaseUrl()` for Safe CDX API routes.
+- Safe CDX routes use the Safe CDX environment host from `SafeCDXConfig`.
 - Standard Safe CDX API methods use the shared `HttpClient`.
 - POST payloads are wrapped internally as `{ Data: payload }`.
 - The caller should pass only the inner payload to SDK methods.

package/dist/index.cjs

@@ -67,46 +67,52 @@ function assertApiResponse(envelope, route) {
   return envelope;
 }
 var HCSafeCDXClient = class {
-  constructor(httpClient, config) {
+  constructor(httpClient, authClient, config) {
     var _a;
     if (!ENV_HOST[config.environment]) {
       throw new SafeCDXError(`Invalid environment: ${config.environment}`);
     }
     this.http = httpClient;
+    this.auth = authClient;
     this.host = ENV_HOST[config.environment];
     this.defaultLanguage = config.defaultLanguage;
     this.defaultImageType = (_a = config.defaultImageType) != null ? _a : "jpg";
   }
-  setAccessToken(token) {
-    const trimmedToken = token == null ? void 0 : token.trim();
-    if (!trimmedToken) {
-      throw new SafeCDXError("Access token is required.");
+  setApiKey(headerName, value) {
+    const trimmedHeaderName = headerName == null ? void 0 : headerName.trim();
+    const trimmedValue = value == null ? void 0 : value.trim();
+    if (!trimmedHeaderName) {
+      throw new SafeCDXError("API key header name is required.");
     }
-    this.accessToken = trimmedToken;
+    if (!trimmedValue) {
+      throw new SafeCDXError("API key value is required.");
+    }
+    this.apiKeyHeaderName = trimmedHeaderName;
+    this.apiKeyValue = trimmedValue;
   }
   // ---------------------------------------------------------------------------
   // Private helpers
   // ---------------------------------------------------------------------------
-  getAuthorizationHeader() {
-    if (!this.accessToken) {
-      throw new SafeCDXError(
-        "SafeCDX requires an access token. Call setAccessToken() first."
-      );
-    }
-    const token = this.accessToken.replace(/^Bearer\s+/i, "").trim();
-    return `Bearer ${token}`;
-  }
   getAuthHeaders() {
     return {
-      Authorization: this.getAuthorizationHeader()
+      ...this.auth.getAuthHeader(),
+      ...this.getApiKeyHeader()
     };
   }
-  getJsonAuthHeaders() {
+  getJsonHeaders() {
     return {
-      Authorization: this.getAuthorizationHeader(),
+      ...this.getAuthHeaders(),
       "Content-Type": "application/json"
     };
   }
+  getApiKeyHeader() {
+    if (!this.apiKeyHeaderName || !this.apiKeyValue) {
+      return {};
+    }
+    return {
+      [this.apiKeyHeaderName]: this.apiKeyValue
+    };
+  }
   url(route, query) {
     return buildUrl(this.host, route, query);
   }
@@ -134,7 +140,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("scan/2ddm"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "scan/2ddm");
   }
@@ -149,7 +155,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/profile"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/profile");
   }
@@ -163,7 +169,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/profiles/by-account"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/profiles/by-account");
   }
@@ -186,14 +192,16 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("upload/url"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "upload/url");
   }
   /**
    * PUT preSignedURL — direct S3 upload, not a SafeCDX API route.
    * preSignedURL comes from createUploadUrl() response: Data.preSignedURL.
-   
+   *
+   * This intentionally does not use the shared HttpClient because the existing
+   * HttpClient.put() is JSON-oriented and stringifies the request body.
    */
   async uploadImage(preSignedURL, image, contentType = "image/jpeg") {
     const response = await fetch(preSignedURL, {
@@ -234,7 +242,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("cvml/status"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -263,7 +271,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/pending"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/pending");
   }
@@ -275,7 +283,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/last"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/last");
   }
@@ -287,7 +295,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/history"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/history");
   }
@@ -303,7 +311,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("test/result/details"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -314,7 +322,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/pdf"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/pdf");
   }
@@ -330,7 +338,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("test/result/image/capture"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -341,7 +349,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/analytics"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/analytics");
   }
@@ -360,7 +368,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/resume"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/resume");
   }
@@ -372,7 +380,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/answers"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/answers");
   }
@@ -384,7 +392,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/finalize"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/finalize");
   }

package/dist/index.d.cts

@@ -1,3 +1,4 @@
+import { HCLoginClient } from '@healthcloudai/hc-login-connector';
 import { HttpClient } from '@healthcloudai/hc-http';
 
 type Environment = "dev" | "uat" | "prod";
@@ -256,15 +257,17 @@ interface FinalizeTestRequest {
 
 declare class HCSafeCDXClient {
     private readonly http;
+    private readonly auth;
     private readonly host;
-    private accessToken;
-    private defaultLanguage;
-    private defaultImageType;
-    constructor(httpClient: HttpClient, config: SafeCDXConfig);
-    setAccessToken(token: string): void;
-    private getAuthorizationHeader;
+    private readonly defaultLanguage;
+    private readonly defaultImageType;
+    private apiKeyHeaderName?;
+    private apiKeyValue?;
+    constructor(httpClient: HttpClient, authClient: HCLoginClient, config: SafeCDXConfig);
+    setApiKey(headerName: string, value: string): void;
     private getAuthHeaders;
-    private getJsonAuthHeaders;
+    private getJsonHeaders;
+    private getApiKeyHeader;
     private url;
     /**
      * GET gs1/:gtin
@@ -295,7 +298,9 @@ declare class HCSafeCDXClient {
     /**
      * PUT preSignedURL — direct S3 upload, not a SafeCDX API route.
      * preSignedURL comes from createUploadUrl() response: Data.preSignedURL.
-     
+     *
+     * This intentionally does not use the shared HttpClient because the existing
+     * HttpClient.put() is JSON-oriented and stringifies the request body.
      */
     uploadImage(preSignedURL: string, image: BodyInit, contentType?: string): Promise<void>;
     /**

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+import { HCLoginClient } from '@healthcloudai/hc-login-connector';
 import { HttpClient } from '@healthcloudai/hc-http';
 
 type Environment = "dev" | "uat" | "prod";
@@ -256,15 +257,17 @@ interface FinalizeTestRequest {
 
 declare class HCSafeCDXClient {
     private readonly http;
+    private readonly auth;
     private readonly host;
-    private accessToken;
-    private defaultLanguage;
-    private defaultImageType;
-    constructor(httpClient: HttpClient, config: SafeCDXConfig);
-    setAccessToken(token: string): void;
-    private getAuthorizationHeader;
+    private readonly defaultLanguage;
+    private readonly defaultImageType;
+    private apiKeyHeaderName?;
+    private apiKeyValue?;
+    constructor(httpClient: HttpClient, authClient: HCLoginClient, config: SafeCDXConfig);
+    setApiKey(headerName: string, value: string): void;
     private getAuthHeaders;
-    private getJsonAuthHeaders;
+    private getJsonHeaders;
+    private getApiKeyHeader;
     private url;
     /**
      * GET gs1/:gtin
@@ -295,7 +298,9 @@ declare class HCSafeCDXClient {
     /**
      * PUT preSignedURL — direct S3 upload, not a SafeCDX API route.
      * preSignedURL comes from createUploadUrl() response: Data.preSignedURL.
-     
+     *
+     * This intentionally does not use the shared HttpClient because the existing
+     * HttpClient.put() is JSON-oriented and stringifies the request body.
      */
     uploadImage(preSignedURL: string, image: BodyInit, contentType?: string): Promise<void>;
     /**

package/dist/index.js

@@ -40,46 +40,52 @@ function assertApiResponse(envelope, route) {
   return envelope;
 }
 var HCSafeCDXClient = class {
-  constructor(httpClient, config) {
+  constructor(httpClient, authClient, config) {
     var _a;
     if (!ENV_HOST[config.environment]) {
       throw new SafeCDXError(`Invalid environment: ${config.environment}`);
     }
     this.http = httpClient;
+    this.auth = authClient;
     this.host = ENV_HOST[config.environment];
     this.defaultLanguage = config.defaultLanguage;
     this.defaultImageType = (_a = config.defaultImageType) != null ? _a : "jpg";
   }
-  setAccessToken(token) {
-    const trimmedToken = token == null ? void 0 : token.trim();
-    if (!trimmedToken) {
-      throw new SafeCDXError("Access token is required.");
+  setApiKey(headerName, value) {
+    const trimmedHeaderName = headerName == null ? void 0 : headerName.trim();
+    const trimmedValue = value == null ? void 0 : value.trim();
+    if (!trimmedHeaderName) {
+      throw new SafeCDXError("API key header name is required.");
     }
-    this.accessToken = trimmedToken;
+    if (!trimmedValue) {
+      throw new SafeCDXError("API key value is required.");
+    }
+    this.apiKeyHeaderName = trimmedHeaderName;
+    this.apiKeyValue = trimmedValue;
   }
   // ---------------------------------------------------------------------------
   // Private helpers
   // ---------------------------------------------------------------------------
-  getAuthorizationHeader() {
-    if (!this.accessToken) {
-      throw new SafeCDXError(
-        "SafeCDX requires an access token. Call setAccessToken() first."
-      );
-    }
-    const token = this.accessToken.replace(/^Bearer\s+/i, "").trim();
-    return `Bearer ${token}`;
-  }
   getAuthHeaders() {
     return {
-      Authorization: this.getAuthorizationHeader()
+      ...this.auth.getAuthHeader(),
+      ...this.getApiKeyHeader()
     };
   }
-  getJsonAuthHeaders() {
+  getJsonHeaders() {
     return {
-      Authorization: this.getAuthorizationHeader(),
+      ...this.getAuthHeaders(),
       "Content-Type": "application/json"
     };
   }
+  getApiKeyHeader() {
+    if (!this.apiKeyHeaderName || !this.apiKeyValue) {
+      return {};
+    }
+    return {
+      [this.apiKeyHeaderName]: this.apiKeyValue
+    };
+  }
   url(route, query) {
     return buildUrl(this.host, route, query);
   }
@@ -107,7 +113,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("scan/2ddm"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "scan/2ddm");
   }
@@ -122,7 +128,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/profile"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/profile");
   }
@@ -136,7 +142,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/profiles/by-account"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/profiles/by-account");
   }
@@ -159,14 +165,16 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("upload/url"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "upload/url");
   }
   /**
    * PUT preSignedURL — direct S3 upload, not a SafeCDX API route.
    * preSignedURL comes from createUploadUrl() response: Data.preSignedURL.
-   
+   *
+   * This intentionally does not use the shared HttpClient because the existing
+   * HttpClient.put() is JSON-oriented and stringifies the request body.
    */
   async uploadImage(preSignedURL, image, contentType = "image/jpeg") {
     const response = await fetch(preSignedURL, {
@@ -207,7 +215,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("cvml/status"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -236,7 +244,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/pending"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/pending");
   }
@@ -248,7 +256,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/last"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/last");
   }
@@ -260,7 +268,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/history"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/history");
   }
@@ -276,7 +284,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("test/result/details"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -287,7 +295,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/pdf"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/pdf");
   }
@@ -303,7 +311,7 @@ var HCSafeCDXClient = class {
     return this.http.post(
       this.url("test/result/image/capture"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
   }
   /**
@@ -314,7 +322,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/result/analytics"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/result/analytics");
   }
@@ -333,7 +341,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/resume"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/resume");
   }
@@ -345,7 +353,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/answers"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/answers");
   }
@@ -357,7 +365,7 @@ var HCSafeCDXClient = class {
     const envelope = await this.http.post(
       this.url("test/finalize"),
       wrapData(payload),
-      this.getJsonAuthHeaders()
+      this.getJsonHeaders()
     );
     return assertApiResponse(envelope, "test/finalize");
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@healthcloudai/hc-safe-cdx",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Healthcheck Safe CDX connector.",
   "author": "Healthcheck Systems Inc",
   "license": "MIT",
@@ -33,7 +33,8 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "@healthcloudai/hc-http": "^0.0.6"
+    "@healthcloudai/hc-http": "^0.0.6",
+    "@healthcloudai/hc-login-connector": "^0.0.15"
   },
   "peerDependencies": {
     "react-native": ">=0.70.0"