@hypay/typescript-sdk 1.0.0

package/dist/index.js

@@ -0,0 +1,1227 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/helpers.ts
+var helpers_exports = {};
+__export(helpers_exports, {
+  buildItemsString: () => buildItemsString,
+  calculateItemsTotal: () => calculateItemsTotal,
+  isTestMasof: () => isTestMasof,
+  isValidEmail: () => isValidEmail,
+  isValidIsraeliId: () => isValidIsraeliId,
+  isValidMasof: () => isValidMasof,
+  isValidToken: () => isValidToken,
+  parsePaymentPageResponse: () => parsePaymentPageResponse,
+  parseQueryString: () => parseQueryString,
+  parseRedirectUrl: () => parseRedirectUrl,
+  parseTokef: () => parseTokef,
+  serializeParams: () => serializeParams,
+  toQueryString: () => toQueryString
+});
+function parseQueryString(qs) {
+  const result = {};
+  const trimmed = qs.trim();
+  if (!trimmed) return result;
+  for (const pair of trimmed.split("&")) {
+    const eqIndex = pair.indexOf("=");
+    if (eqIndex === -1) {
+      const key = decodeURIComponent(pair);
+      if (key) result[key] = "";
+    } else {
+      const key = decodeURIComponent(pair.slice(0, eqIndex));
+      const value = decodeURIComponent(pair.slice(eqIndex + 1));
+      if (key) result[key] = value;
+    }
+  }
+  return result;
+}
+function toQueryString(params) {
+  const parts = [];
+  for (const [key, value] of Object.entries(params)) {
+    if (value === void 0) continue;
+    parts.push(`${encodeURIComponent(key)}=${encodeURIComponent(String(value))}`);
+  }
+  return parts.join("&");
+}
+function serializeParams(params) {
+  const result = {};
+  for (const [key, value] of Object.entries(params)) {
+    if (value === void 0) continue;
+    if (typeof value === "boolean") {
+      result[key] = value ? "True" : "False";
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function parseRedirectUrl(url) {
+  const qsIndex = url.indexOf("?");
+  if (qsIndex === -1) return {};
+  return parseQueryString(url.slice(qsIndex + 1));
+}
+function parsePaymentPageResponse(url) {
+  const params = parseRedirectUrl(url);
+  return params;
+}
+function parseTokef(tokef) {
+  if (!tokef || tokef.length !== 4) {
+    throw new Error(`Invalid Tokef format: "${tokef}". Expected 4-digit YYMM string.`);
+  }
+  const yy = tokef.slice(0, 2);
+  const mm = tokef.slice(2, 4);
+  return {
+    Tmonth: mm,
+    Tyear: `20${yy}`
+  };
+}
+function buildItemsString(items) {
+  return items.map((item) => `[${item.code}~${item.description}~${item.quantity}~${item.price}]`).join("");
+}
+function calculateItemsTotal(items) {
+  return items.reduce((sum, item) => sum + item.quantity * item.price, 0);
+}
+function isValidMasof(masof) {
+  return /^\d{10}$/.test(masof);
+}
+function isTestMasof(masof) {
+  return isValidMasof(masof) && masof.startsWith("00100");
+}
+function isValidToken(token) {
+  return /^\d{19}$/.test(token);
+}
+function isValidEmail(email) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+}
+function isValidIsraeliId(id) {
+  if (!/^\d{9}$/.test(id)) return false;
+  if (id === "000000000") return true;
+  let sum = 0;
+  for (let i = 0; i < 9; i++) {
+    let digit = parseInt(id[i], 10) * (i % 2 + 1);
+    if (digit > 9) digit -= 9;
+    sum += digit;
+  }
+  return sum % 10 === 0;
+}
+var init_helpers = __esm({
+  "src/helpers.ts"() {
+    "use strict";
+  }
+});
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ALL_ERROR_CODES: () => ALL_ERROR_CODES,
+  Bank: () => Bank,
+  Brand: () => Brand,
+  Coin: () => Coin,
+  HKNewStatus: () => HKNewStatus,
+  HYPAY_ERROR_CODES: () => HYPAY_ERROR_CODES,
+  HypayClient: () => HypayClient,
+  HypayError: () => HypayError,
+  HypayNetworkError: () => HypayNetworkError,
+  HypayTimeoutError: () => HypayTimeoutError,
+  Issuer: () => Issuer,
+  PageLang: () => PageLang,
+  SHVA_ERROR_CODES: () => SHVA_ERROR_CODES,
+  SpecialCardType: () => SpecialCardType,
+  TashType: () => TashType,
+  buildItemsString: () => buildItemsString,
+  calculateItemsTotal: () => calculateItemsTotal,
+  getErrorMessage: () => getErrorMessage,
+  isHypayError: () => isHypayError,
+  isShvaError: () => isShvaError,
+  isSuccessCode: () => isSuccessCode,
+  isTestMasof: () => isTestMasof,
+  isValidEmail: () => isValidEmail,
+  isValidIsraeliId: () => isValidIsraeliId,
+  isValidMasof: () => isValidMasof,
+  isValidToken: () => isValidToken,
+  parsePaymentPageResponse: () => parsePaymentPageResponse,
+  parseQueryString: () => parseQueryString,
+  parseRedirectUrl: () => parseRedirectUrl,
+  parseTokef: () => parseTokef,
+  serializeParams: () => serializeParams,
+  toQueryString: () => toQueryString
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types.ts
+var Coin = /* @__PURE__ */ ((Coin2) => {
+  Coin2[Coin2["ILS"] = 1] = "ILS";
+  Coin2[Coin2["USD"] = 2] = "USD";
+  Coin2[Coin2["EUR"] = 3] = "EUR";
+  Coin2[Coin2["GBP"] = 4] = "GBP";
+  return Coin2;
+})(Coin || {});
+var PageLang = /* @__PURE__ */ ((PageLang2) => {
+  PageLang2["HEB"] = "HEB";
+  PageLang2["ENG"] = "ENG";
+  return PageLang2;
+})(PageLang || {});
+var TashType = /* @__PURE__ */ ((TashType2) => {
+  TashType2[TashType2["Regular"] = 1] = "Regular";
+  TashType2[TashType2["Credit"] = 6] = "Credit";
+  return TashType2;
+})(TashType || {});
+var Bank = /* @__PURE__ */ ((Bank2) => {
+  Bank2[Bank2["Isracard"] = 1] = "Isracard";
+  Bank2[Bank2["VisaCal"] = 2] = "VisaCal";
+  Bank2[Bank2["Diners"] = 3] = "Diners";
+  Bank2[Bank2["Amex"] = 4] = "Amex";
+  Bank2[Bank2["MAX"] = 6] = "MAX";
+  Bank2[Bank2["BIT"] = 99] = "BIT";
+  return Bank2;
+})(Bank || {});
+var Brand = /* @__PURE__ */ ((Brand2) => {
+  Brand2[Brand2["PL"] = 0] = "PL";
+  Brand2[Brand2["MasterCard"] = 1] = "MasterCard";
+  Brand2[Brand2["Visa"] = 2] = "Visa";
+  Brand2[Brand2["Diners"] = 3] = "Diners";
+  Brand2[Brand2["Amex"] = 4] = "Amex";
+  Brand2[Brand2["Isracard"] = 5] = "Isracard";
+  return Brand2;
+})(Brand || {});
+var Issuer = /* @__PURE__ */ ((Issuer2) => {
+  Issuer2[Issuer2["Foreign"] = 0] = "Foreign";
+  Issuer2[Issuer2["Isracard"] = 1] = "Isracard";
+  Issuer2[Issuer2["VisaCal"] = 2] = "VisaCal";
+  Issuer2[Issuer2["JCB"] = 5] = "JCB";
+  Issuer2[Issuer2["MAX"] = 6] = "MAX";
+  return Issuer2;
+})(Issuer || {});
+var HKNewStatus = /* @__PURE__ */ ((HKNewStatus2) => {
+  HKNewStatus2[HKNewStatus2["Terminate"] = 1] = "Terminate";
+  HKNewStatus2[HKNewStatus2["Activate"] = 2] = "Activate";
+  return HKNewStatus2;
+})(HKNewStatus || {});
+var SpecialCardType = /* @__PURE__ */ ((SpecialCardType2) => {
+  SpecialCardType2["Default"] = "00";
+  SpecialCardType2["Immediate"] = "01";
+  SpecialCardType2["Club"] = "70";
+  SpecialCardType2["PetrolCard"] = "03";
+  SpecialCardType2["DualCard"] = "04";
+  SpecialCardType2["DualClub"] = "74";
+  SpecialCardType2["PetrolClub"] = "75";
+  SpecialCardType2["Chargeable"] = "06";
+  SpecialCardType2["Petrol"] = "08";
+  SpecialCardType2["Tourist"] = "99";
+  return SpecialCardType2;
+})(SpecialCardType || {});
+var HypayError = class extends Error {
+  constructor(message, code, raw, params) {
+    super(message);
+    this.name = "HypayError";
+    this.code = code;
+    this.raw = raw;
+    this.params = params;
+  }
+};
+var HypayNetworkError = class extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.name = "HypayNetworkError";
+    this.cause = cause;
+  }
+};
+var HypayTimeoutError = class extends Error {
+  constructor(timeoutMs) {
+    super(`Request timed out after ${timeoutMs}ms`);
+    this.name = "HypayTimeoutError";
+    this.timeoutMs = timeoutMs;
+  }
+};
+
+// src/client.ts
+init_helpers();
+
+// src/errors.ts
+var HYPAY_ERROR_CODES = {
+  "33": "Refund amount is greater than the original transaction amount",
+  "250": "Deal does not exist or already committed",
+  "400": "Sum of items differs from transaction amount",
+  "401": "First or last name is required",
+  "402": "Transaction information (Info) is required",
+  "600": "Checking card number (J2)",
+  "700": "Approved without charge (J5 credit line reservation)",
+  "800": "Postpone transaction (delayed charge)",
+  "901": "Terminal is not permitted to work in this method",
+  "902": "Authentication error \u2014 reference differs from configured method",
+  "903": "Number of payments exceeds terminal configuration",
+  "905": "Wrong parameter value",
+  "906": "Agreement does not exist",
+  "910": "Token request from invalid transaction \u2014 add allowFalse=True",
+  "920": "Deal does not exist or already committed/cancelled",
+  "990": "Card details not fully readable",
+  "996": "Terminal is not permitted to use token",
+  "997": "Token is not valid",
+  "998": "Deal cancelled",
+  "999": "Communication error"
+};
+var SHVA_ERROR_CODES = {
+  "0": "Approved",
+  "000": "Approved",
+  "1": "Card blocked \u2014 confiscate card",
+  "001": "Card blocked",
+  "2": "Stolen card \u2014 confiscate card",
+  "002": "Stolen card \u2014 confiscate card",
+  "3": "Call credit card company",
+  "003": "Call credit card company",
+  "4": "Transaction not approved",
+  "004": "Transaction not approved",
+  "5": "Forged card \u2014 confiscate card",
+  "005": "Forged card \u2014 confiscate card",
+  "6": "Incorrect ID or CVV",
+  "006": "Rejected: incorrect CVV2",
+  "7": "Must call credit card company",
+  "007": "Rejected: incorrect CAVV/UCAF",
+  "8": "Error building encryption key for blocked file",
+  "008": "Rejected: incorrect AVS",
+  "9": "Could not connect \u2014 call credit card company",
+  "009": "Rejection \u2014 communication disconnect",
+  "010": "Partial approval",
+  "011": "Rejected: insufficient points/stars/miles/benefit",
+  "012": "Card not authorized at this terminal",
+  "013": "Rejected: incorrect balance code",
+  "014": "Rejected: card not associated with network",
+  "015": "Rejected: card not valid (expired)",
+  "016": "Rejected: currency not authorized",
+  "017": "Rejected: credit type not authorized for transaction",
+  "026": "Rejected: incorrect ID",
+  "033": "Invalid card",
+  "036": "Expired card",
+  "041": "Must query due to ceiling only for J2 transaction",
+  "042": "Must query (not ceiling-only) for J2 transaction",
+  "173": "Duplicate transaction"
+};
+var ALL_ERROR_CODES = {
+  ...SHVA_ERROR_CODES,
+  ...HYPAY_ERROR_CODES
+};
+function getErrorMessage(ccode) {
+  return ALL_ERROR_CODES[ccode] ?? `Unknown error (CCode=${ccode})`;
+}
+function isSuccessCode(ccode) {
+  return ccode === "0" || ccode === "600" || ccode === "700" || ccode === "800";
+}
+function isShvaError(ccode) {
+  const num = parseInt(ccode, 10);
+  return !isNaN(num) && num >= 1 && num <= 200;
+}
+function isHypayError(ccode) {
+  const num = parseInt(ccode, 10);
+  if (isNaN(num)) return false;
+  if (num === 600 || num === 700 || num === 800) return false;
+  return num >= 201 && num <= 999;
+}
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://pay.hyp.co.il/p/";
+var DEFAULT_TIMEOUT = 3e4;
+var HypayClient = class {
+  constructor(config) {
+    this.masof = config.masof;
+    this.apiKey = config.apiKey;
+    this.passP = config.passP;
+    this.baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/?$/, "/");
+    this.timeout = config.timeout ?? DEFAULT_TIMEOUT;
+    this.fetchFn = config.fetch ?? globalThis.fetch;
+    this.hooks = config.hooks ?? {};
+  }
+  // ─── Low-level HTTP ──────────────────────────────────────────────────────
+  /**
+   * Make a GET request to the Hypay API.
+   * All API calls use GET by default, which is the most common method for Hypay.
+   */
+  async requestGet(action, params) {
+    const serialized = serializeParams(params);
+    const qs = toQueryString(serialized);
+    const url = `${this.baseUrl}?${qs}`;
+    const context = {
+      action,
+      method: "GET",
+      url,
+      params: Object.fromEntries(
+        Object.entries(serialized).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )
+    };
+    await this.hooks.onRequest?.(context);
+    const start = Date.now();
+    let response;
+    try {
+      const controller = new AbortController();
+      const timer = setTimeout(() => controller.abort(), this.timeout);
+      try {
+        response = await this.fetchFn(url, { signal: controller.signal });
+      } finally {
+        clearTimeout(timer);
+      }
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new HypayTimeoutError(this.timeout);
+      }
+      throw new HypayNetworkError(
+        `Network error while calling Hypay API: ${err instanceof Error ? err.message : String(err)}`,
+        err
+      );
+    }
+    const text = await response.text();
+    const parsed = parseQueryString(text);
+    const durationMs = Date.now() - start;
+    await this.hooks.onResponse?.({
+      ...context,
+      statusCode: response.status,
+      raw: text,
+      parsedParams: parsed,
+      durationMs
+    });
+    return { raw: text, params: parsed };
+  }
+  /**
+   * Make a POST request to the Hypay API.
+   * Use for actions that send large payloads (e.g., WalletToken with Apple Pay).
+   */
+  async requestPost(action, params) {
+    const serialized = serializeParams(params);
+    const body = toQueryString(serialized);
+    const context = {
+      action,
+      method: "POST",
+      url: this.baseUrl,
+      params: Object.fromEntries(
+        Object.entries(serialized).filter(([, v]) => v !== void 0).map(([k, v]) => [k, String(v)])
+      )
+    };
+    await this.hooks.onRequest?.(context);
+    const start = Date.now();
+    let response;
+    try {
+      const controller = new AbortController();
+      const timer = setTimeout(() => controller.abort(), this.timeout);
+      try {
+        response = await this.fetchFn(this.baseUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body,
+          signal: controller.signal
+        });
+      } finally {
+        clearTimeout(timer);
+      }
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new HypayTimeoutError(this.timeout);
+      }
+      throw new HypayNetworkError(
+        `Network error while calling Hypay API: ${err instanceof Error ? err.message : String(err)}`,
+        err
+      );
+    }
+    const text = await response.text();
+    const parsed = parseQueryString(text);
+    const durationMs = Date.now() - start;
+    await this.hooks.onResponse?.({
+      ...context,
+      statusCode: response.status,
+      raw: text,
+      parsedParams: parsed,
+      durationMs
+    });
+    return { raw: text, params: parsed };
+  }
+  /**
+   * Unified request method. Defaults to GET, uses POST for wallet/large payloads.
+   */
+  async request(action, params, method = "GET") {
+    return method === "POST" ? this.requestPost(action, params) : this.requestGet(action, params);
+  }
+  authParams() {
+    return {
+      Masof: this.masof,
+      PassP: this.passP
+    };
+  }
+  throwIfError(parsed, raw, context) {
+    if (parsed.CCode && !isSuccessCode(parsed.CCode)) {
+      const error = new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+      if (context) {
+        this.hooks.onError?.(error, context);
+      }
+      throw error;
+    }
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  PAY PROTOCOL — Payment Page
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * **Step 1** — Sign payment page parameters (APISign + What=SIGN).
+   *
+   * This generates a `signature` that must be appended to the payment page URL.
+   * The signature prevents parameter tampering on the client side.
+   *
+   * Requires "Verify by signature in the payment page" enabled in terminal settings.
+   *
+   * @example
+   * ```ts
+   * const result = await client.sign({
+   *   Info: "Order #123",
+   *   Amount: 100,
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   Coin: Coin.ILS,
+   *   Sign: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   *   MoreData: true,
+   * });
+   * console.log(result.signature);
+   * ```
+   */
+  async sign(params) {
+    const allParams = {
+      action: "APISign",
+      What: "SIGN",
+      KEY: this.apiKey,
+      ...this.authParams(),
+      ...params
+    };
+    const { raw, params: parsed } = await this.request("APISign", allParams);
+    return {
+      raw,
+      signature: parsed.signature ?? "",
+      params: parsed
+    };
+  }
+  /**
+   * **Step 2** — Build the full payment page URL from a signed query string.
+   *
+   * @param signedQueryString - The raw result from `sign()`.
+   */
+  buildPaymentPageUrl(signedQueryString) {
+    return `${this.baseUrl}?${signedQueryString}`;
+  }
+  /**
+   * **Steps 1 + 2 combined** — Sign parameters and return the full payment page URL.
+   *
+   * @example
+   * ```ts
+   * const url = await client.createPaymentPageUrl({
+   *   Info: "Order #123",
+   *   Amount: 100,
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   Coin: Coin.ILS,
+   *   Sign: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * // Redirect the customer to `url`
+   * ```
+   */
+  async createPaymentPageUrl(params) {
+    const signResult = await this.sign(params);
+    return this.buildPaymentPageUrl(signResult.raw);
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  VERIFICATION — Verify transaction signature
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * **Step 4** — Verify a transaction using parameters from the success page.
+   *
+   * Takes the query parameters from the success/failure redirect URL and verifies
+   * them against the Hypay server. Returns `verified: true` when `CCode === "0"`,
+   * `CCode === "902"` means verification failed.
+   *
+   * Requires "Verify by signature in the payment page" enabled in terminal settings.
+   *
+   * @example
+   * ```ts
+   * import { parseRedirectUrl } from "@hypay/typescript-sdk";
+   *
+   * const successParams = parseRedirectUrl(req.url);
+   * const result = await client.verify(successParams);
+   *
+   * if (result.verified) {
+   *   // Transaction is legitimate — process the order
+   * } else {
+   *   // Verification failed — do not process
+   * }
+   * ```
+   */
+  async verify(params) {
+    const allParams = {
+      action: "APISign",
+      What: "VERIFY",
+      KEY: this.apiKey,
+      ...this.authParams(),
+      ...params
+    };
+    const { raw, params: parsed } = await this.request("APISign-VERIFY", allParams);
+    return {
+      verified: parsed.CCode === "0",
+      CCode: parsed.CCode ?? "",
+      raw,
+      params: parsed
+    };
+  }
+  /**
+   * Convenience method: parse a success page URL and verify it in one call.
+   *
+   * @example
+   * ```ts
+   * const result = await client.verifyRedirectUrl(
+   *   "https://yoursite.com/success?Id=123&CCode=0&Amount=10&..."
+   * );
+   * if (result.verified) { /* OK *\/ }
+   * ```
+   */
+  async verifyRedirectUrl(redirectUrl) {
+    const { parseRedirectUrl: parseRedirectUrl2 } = await Promise.resolve().then(() => (init_helpers(), helpers_exports));
+    const params = parseRedirectUrl2(redirectUrl);
+    return this.verify(params);
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  SOFT PROTOCOL — Server-side transactions
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Execute a server-side transaction using the Soft protocol.
+   *
+   * Used for:
+   * - Token-based charges (after obtaining a token via `getToken()`)
+   * - Apple Pay / Google Pay via WalletToken
+   * - Direct credit card charges (PCI-compliant environments)
+   *
+   * Automatically uses POST for WalletToken requests (large payload).
+   *
+   * @throws {HypayError} When CCode indicates an error
+   *
+   * @example
+   * ```ts
+   * // Token-based transaction
+   * const result = await client.soft({
+   *   CC: "1315872608557940000",
+   *   Tmonth: "04",
+   *   Tyear: "2025",
+   *   Amount: 50,
+   *   Info: "Subscription renewal",
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   Token: true,
+   *   MoreData: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * ```
+   *
+   * @example
+   * ```ts
+   * // Apple Pay / Google Pay
+   * const result = await client.soft({
+   *   WalletToken: walletTokenJson,
+   *   Amount: 100,
+   *   Info: "Purchase",
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   * });
+   * ```
+   */
+  async soft(params) {
+    const allParams = {
+      action: "soft",
+      ...this.authParams(),
+      ...params
+    };
+    const method = "WalletToken" in params && params.WalletToken ? "POST" : "GET";
+    const { raw, params: parsed } = await this.request("soft", allParams, method);
+    if (parsed.CCode && !isSuccessCode(parsed.CCode)) {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      Amount: parsed.Amount ?? "",
+      ACode: parsed.ACode ?? "",
+      Fild1: parsed.Fild1,
+      Fild2: parsed.Fild2,
+      Fild3: parsed.Fild3,
+      Hesh: parsed.Hesh,
+      UID: parsed.UID,
+      errMsg: parsed.errMsg,
+      raw,
+      params: parsed
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  TOKENS — Get and manage tokens
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Obtain a token for a previously completed transaction.
+   *
+   * The token (19 digits) replaces credit card information for future Soft transactions.
+   * The transaction must be in one of these statuses: Approved (0), 600, 700, 800, 998.
+   *
+   * **Important:** Save the Tokef (card validity) and customer details (UserId, etc.)
+   * as they are NOT stored in Hypay servers.
+   *
+   * The response includes convenience fields `Tmonth` and `Tyear` parsed from `Tokef`.
+   *
+   * @throws {HypayError} When CCode indicates an error (901, 902, 910, 990)
+   *
+   * @example
+   * ```ts
+   * const token = await client.getToken({ TransId: "12788261" });
+   *
+   * // Save for future charges:
+   * // token.Token  = "1315872608557940000"
+   * // token.Tmonth = "04"
+   * // token.Tyear  = "2025"
+   *
+   * // Use in a soft transaction:
+   * await client.soft({
+   *   CC: token.Token,
+   *   Tmonth: token.Tmonth,
+   *   Tyear: token.Tyear,
+   *   Token: true,
+   *   Amount: 50,
+   *   Info: "Charge via token",
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   * });
+   * ```
+   */
+  async getToken(params) {
+    const allParams = {
+      action: "getToken",
+      ...this.authParams(),
+      TransId: params.TransId,
+      Fild1: params.Fild1,
+      Fild2: params.Fild2,
+      Fild3: params.Fild3,
+      allowFalse: params.allowFalse
+    };
+    const { raw, params: parsed } = await this.request("getToken", allParams);
+    if (parsed.CCode && parsed.CCode !== "0") {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    let Tmonth = "";
+    let Tyear = "";
+    if (parsed.Tokef && parsed.Tokef.length === 4) {
+      const parsed_tokef = parseTokef(parsed.Tokef);
+      Tmonth = parsed_tokef.Tmonth;
+      Tyear = parsed_tokef.Tyear;
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      Token: parsed.Token ?? "",
+      Tokef: parsed.Tokef ?? "",
+      Tmonth,
+      Tyear,
+      Fild1: parsed.Fild1,
+      Fild2: parsed.Fild2,
+      Fild3: parsed.Fild3,
+      raw,
+      params: parsed
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  TRANSACTION J5 — Charge a J5 reservation
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Charge a J5 (credit line reservation) transaction.
+   *
+   * When a Pay/Soft request was made with `J5=True` and `MoreData=True`,
+   * you can later charge the reserved amount using the UID and ACode from the response.
+   *
+   * **If charge amount <= original J5 amount:** use this method (soft + additional params).
+   * **If charge amount > original J5 amount:** use the regular token flow instead.
+   *
+   * @param tokenParams - Standard Soft token parameters (CC, Tmonth, Tyear, etc.)
+   * @param j5Params - J5-specific parameters (originalUid, originalAmount, AuthNum)
+   *
+   * @throws {HypayError} When CCode indicates an error
+   *
+   * @example
+   * ```ts
+   * const result = await client.chargeJ5(
+   *   {
+   *     CC: token.Token,
+   *     Tmonth: token.Tmonth,
+   *     Tyear: token.Tyear,
+   *     Token: true,
+   *     Amount: 50,
+   *     Info: "J5 charge",
+   *     UserId: "203269535",
+   *     ClientName: "Israel",
+   *   },
+   *   {
+   *     "inputObj.originalUid": originalResponse.UID,
+   *     "inputObj.originalAmount": 5000, // 50 ILS in agorot
+   *     AuthNum: originalResponse.ACode,
+   *     "inputObj.authorizationCodeManpik": 7,
+   *   }
+   * );
+   * ```
+   */
+  async chargeJ5(tokenParams, j5Params) {
+    const allParams = {
+      action: "soft",
+      ...this.authParams(),
+      ...tokenParams,
+      ...j5Params
+    };
+    const { raw, params: parsed } = await this.request("soft-J5", allParams);
+    if (parsed.CCode && !isSuccessCode(parsed.CCode)) {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      Amount: parsed.Amount ?? "",
+      ACode: parsed.ACode ?? "",
+      Fild1: parsed.Fild1,
+      Fild2: parsed.Fild2,
+      Fild3: parsed.Fild3,
+      Hesh: parsed.Hesh,
+      UID: parsed.UID,
+      errMsg: parsed.errMsg,
+      raw,
+      params: parsed
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  POSTPONE — Commit delayed transactions
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Commit a postponed transaction (CCode 800).
+   *
+   * Postponed transactions should be committed within 72 hours.
+   * If not committed, leave at status 800 (do not cancel).
+   *
+   * @throws {HypayError} When CCode indicates an error (250 = doesn't exist / already committed)
+   *
+   * @example
+   * ```ts
+   * const result = await client.commitTransaction({
+   *   TransId: "5343635",
+   *   SendHesh: true,
+   *   heshDesc: "Payment for order 1234",
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * console.log(result.HeshASM); // Invoice number
+   * ```
+   */
+  async commitTransaction(params) {
+    const allParams = {
+      action: "commitTrans",
+      ...this.authParams(),
+      ...params
+    };
+    const { raw, params: parsed } = await this.request("commitTrans", allParams);
+    if (parsed.CCode && parsed.CCode !== "0") {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      HeshASM: parsed.HeshASM,
+      Fild1: parsed.Fild1,
+      Fild2: parsed.Fild2,
+      Fild3: parsed.Fild3,
+      raw,
+      params: parsed
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  CANCEL — Cancel a transaction
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Cancel a transaction.
+   *
+   * **Rules:**
+   * - Only on the same day, before 23:20 (before SHVA deposit)
+   * - Cancelled transactions CANNOT be restored
+   * - No cost to the business (transaction won't be presented to credit card companies)
+   * - If invoice module is active, a credit memo will be issued
+   *
+   * @throws {HypayError} When CCode indicates an error (920 = doesn't exist / already committed)
+   *
+   * @example
+   * ```ts
+   * const result = await client.cancelTransaction({ TransId: "5890796" });
+   * console.log(result.CCode); // "0" = success
+   * ```
+   */
+  async cancelTransaction(params) {
+    const allParams = {
+      action: "CancelTrans",
+      ...this.authParams(),
+      TransId: params.TransId
+    };
+    const { raw, params: parsed } = await this.request("CancelTrans", allParams);
+    if (parsed.CCode && parsed.CCode !== "0") {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      TransId: parsed.TransId ?? "",
+      CCode: parsed.CCode ?? "",
+      Hesh: parsed.Hesh,
+      raw,
+      params: parsed
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  REFUND — Refund transactions
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Refund a transaction by its original transaction ID (zikoyAPI).
+   *
+   * **Rules:**
+   * - Refund amount must not exceed the original transaction amount
+   * - Can be done at any stage, even after 23:00
+   * - A credit refund is like a new deal for the credit card company
+   * - Does NOT require a token or the secret refund password
+   *
+   * @throws {HypayError} When CCode indicates an error (33 = amount exceeds original)
+   *
+   * @example
+   * ```ts
+   * const result = await client.refund({
+   *   TransId: "12290620",
+   *   Amount: 10,
+   *   Tash: 1,
+   *   SendHesh: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * console.log(`Refund ID: ${result.Id}`);
+   * ```
+   */
+  async refund(params) {
+    const allParams = {
+      action: "zikoyAPI",
+      ...this.authParams(),
+      ...params
+    };
+    const { raw, params: parsed } = await this.request("zikoyAPI", allParams);
+    if (parsed.CCode && parsed.CCode !== "0") {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      ACode: parsed.ACode,
+      HeshASM: parsed.HeshASM,
+      raw,
+      params: parsed
+    };
+  }
+  /**
+   * Refund a transaction using a token and the secret refund password (PAYout).
+   *
+   * This uses the Soft protocol with the `zPass` parameter.
+   * The refund password is sent to the terminal owner's cell phone and is non-interchangeable.
+   *
+   * @throws {HypayError} When CCode indicates an error
+   *
+   * @example
+   * ```ts
+   * const result = await client.refundByToken({
+   *   CC: "6907500685494032346",
+   *   Tmonth: "04",
+   *   Tyear: "2023",
+   *   Amount: 2,
+   *   Info: "Refund for order 123",
+   *   zPass: "1234",
+   *   Token: true,
+   *   UserId: "000000000",
+   *   ClientName: "Israel",
+   *   SendHesh: true,
+   *   sendemail: true,
+   * });
+   * ```
+   */
+  async refundByToken(params) {
+    return this.soft(params);
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  HK MODULE — Standing Orders / Subscriptions
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Create a subscription (HK / standing order) payment page URL.
+   *
+   * This is a convenience wrapper around `createPaymentPageUrl` with HK-specific params.
+   *
+   * @example
+   * ```ts
+   * const url = await client.createSubscriptionUrl({
+   *   Info: "Monthly subscription",
+   *   Amount: 120,
+   *   HK: true,
+   *   Tash: 999,              // Unlimited payments
+   *   freq: 1,                 // Monthly
+   *   FirstDate: "2025-06-01",
+   *   OnlyOnApprove: true,
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   email: "customer@example.com",
+   *   Coin: Coin.ILS,
+   *   UTF8: true,
+   *   UTF8out: true,
+   *   Sign: true,
+   *   MoreData: true,
+   * });
+   * ```
+   */
+  async createSubscriptionUrl(params) {
+    return this.createPaymentPageUrl(params);
+  }
+  /**
+   * Create a subscription with an initial transaction of a different amount.
+   *
+   * @example
+   * ```ts
+   * const url = await client.createSubscriptionWithInitialPayment({
+   *   Info: "Plan with setup fee",
+   *   Amount: 120,               // Monthly amount
+   *   HK: true,
+   *   Tash: 999,
+   *   freq: 1,
+   *   TashFirstPayment: 50,      // Setup fee
+   *   FirstPaymentTash: 3,       // Charge setup fee for 3 months
+   *   FixTash: true,
+   *   OnlyOnApprove: true,
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   Coin: Coin.ILS,
+   *   UTF8: true,
+   *   UTF8out: true,
+   *   Sign: true,
+   *   MoreData: true,
+   * });
+   * ```
+   */
+  async createSubscriptionWithInitialPayment(params) {
+    return this.createPaymentPageUrl(params);
+  }
+  /**
+   * Change the status of a standing order (HK) agreement.
+   *
+   * @throws {HypayError} When CCode indicates an error (905 = wrong param, 906 = not found)
+   *
+   * @example
+   * ```ts
+   * // Terminate
+   * await client.updateHKStatus({
+   *   HKId: "64239",
+   *   NewStat: HKNewStatus.Terminate,
+   * });
+   *
+   * // Reactivate
+   * await client.updateHKStatus({
+   *   HKId: "64239",
+   *   NewStat: HKNewStatus.Activate,
+   * });
+   * ```
+   */
+  async updateHKStatus(params) {
+    const allParams = {
+      action: "HKStatus",
+      ...this.authParams(),
+      HKId: params.HKId,
+      NewStat: params.NewStat
+    };
+    const { raw, params: parsed } = await this.request("HKStatus", allParams);
+    if (parsed.CCode && parsed.CCode !== "0") {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      HKId: parsed.HKId ?? "",
+      CCode: parsed.CCode ?? "",
+      raw,
+      params: parsed
+    };
+  }
+  /**
+   * Terminate a standing order agreement. Shorthand for `updateHKStatus`.
+   */
+  async terminateSubscription(hkId) {
+    return this.updateHKStatus({ HKId: hkId, NewStat: 1 });
+  }
+  /**
+   * Activate a standing order agreement. Shorthand for `updateHKStatus`.
+   */
+  async activateSubscription(hkId) {
+    return this.updateHKStatus({ HKId: hkId, NewStat: 2 });
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  EZCOUNT INVOICES — Print and manage invoices
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Generate a signed URL for printing/viewing an EzCount invoice.
+   *
+   * Uses a two-step process:
+   * 1. Sign the request with APISign (What=SIGN, ACTION=PrintHesh)
+   * 2. Build the final URL from the signed response
+   *
+   * **Note:** `ACTION=PrintHesh` is uppercase, `action=APISign` is lowercase.
+   *
+   * @example
+   * ```ts
+   * const url = await client.getInvoiceUrl({
+   *   TransId: "55373520",
+   *   type: "EZCOUNT",
+   * });
+   * // Redirect user or fetch the invoice PDF
+   * ```
+   */
+  async getInvoiceUrl(params) {
+    const signParams = {
+      action: "APISign",
+      What: "SIGN",
+      Masof: this.masof,
+      KEY: this.apiKey,
+      PassP: this.passP,
+      ACTION: "PrintHesh",
+      type: params.type
+    };
+    if (params.TransId) signParams.TransId = params.TransId;
+    if (params.asm) signParams.asm = params.asm;
+    if (params.HeshORCopy !== void 0) signParams.HeshORCopy = params.HeshORCopy;
+    const { raw } = await this.request("PrintHesh-SIGN", signParams);
+    return `${this.baseUrl}?${raw}`;
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  //  OFFLINE INVOICES — Cash, Check, Multi
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Create an invoice for an offline transaction (Cash, Check, or Multi-check).
+   *
+   * Uses the Soft protocol with the `TransType` parameter.
+   *
+   * @throws {HypayError} When CCode indicates an error
+   *
+   * @example
+   * ```ts
+   * // Cash invoice
+   * const result = await client.createOfflineInvoice({
+   *   TransType: "Cash",
+   *   Info: "Cash payment",
+   *   Amount: 200,
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   email: "customer@example.com",
+   *   Pritim: true,
+   *   heshDesc: "[001~Product A~2~50][002~Product B~1~100]",
+   *   SendHesh: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * ```
+   *
+   * @example
+   * ```ts
+   * // Check invoice
+   * const result = await client.createOfflineInvoice({
+   *   TransType: "Check",
+   *   Info: "Check payment",
+   *   Amount: 200,
+   *   Bank: "10",
+   *   Snif: "912",
+   *   PAN: "1234456",
+   *   CheckNum: "11111111",
+   *   Date: "20250211",
+   *   UserId: "203269535",
+   *   ClientName: "Israel",
+   *   SendHesh: true,
+   *   UTF8: true,
+   *   UTF8out: true,
+   * });
+   * ```
+   */
+  async createOfflineInvoice(params) {
+    const allParams = {
+      action: "soft",
+      ...this.authParams(),
+      ...params
+    };
+    const { raw, params: parsed } = await this.request("soft-offline", allParams);
+    if (parsed.CCode && !isSuccessCode(parsed.CCode)) {
+      throw new HypayError(getErrorMessage(parsed.CCode), parsed.CCode, raw, parsed);
+    }
+    return {
+      Id: parsed.Id ?? "",
+      CCode: parsed.CCode ?? "",
+      Amount: parsed.Amount ?? "",
+      ACode: parsed.ACode ?? "",
+      Fild1: parsed.Fild1,
+      Fild2: parsed.Fild2,
+      Fild3: parsed.Fild3,
+      Hesh: parsed.Hesh,
+      UID: parsed.UID,
+      errMsg: parsed.errMsg,
+      raw,
+      params: parsed
+    };
+  }
+};
+
+// src/index.ts
+init_helpers();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ALL_ERROR_CODES,
+  Bank,
+  Brand,
+  Coin,
+  HKNewStatus,
+  HYPAY_ERROR_CODES,
+  HypayClient,
+  HypayError,
+  HypayNetworkError,
+  HypayTimeoutError,
+  Issuer,
+  PageLang,
+  SHVA_ERROR_CODES,
+  SpecialCardType,
+  TashType,
+  buildItemsString,
+  calculateItemsTotal,
+  getErrorMessage,
+  isHypayError,
+  isShvaError,
+  isSuccessCode,
+  isTestMasof,
+  isValidEmail,
+  isValidIsraeliId,
+  isValidMasof,
+  isValidToken,
+  parsePaymentPageResponse,
+  parseQueryString,
+  parseRedirectUrl,
+  parseTokef,
+  serializeParams,
+  toQueryString
+});