@markwharton/pwa-core 3.5.0 → 4.0.1

package/dist/client.d.ts

@@ -2,9 +2,17 @@
  * pwa-core/client - Browser-side API client utilities
  *
  * This module has NO Node.js dependencies and is designed for browser use.
+ *
+ * Supports two auth strategies via a single API surface:
+ * - Token (Bearer): initApiClient() — sends Authorization header
+ * - Session (Cookie): initSessionApiClient() — sends credentials: 'include'
+ *
+ * All api* functions (apiCall, apiGet, apiPost, etc.) work with whichever
+ * strategy was initialized. The sessionApi* names are deprecated aliases.
  */
 /**
- * API response wrapper for safe calls
+ * API response wrapper for safe calls.
+ * @deprecated Use ApiResponse — will be removed in next major version.
  */
 export interface ApiResponse<T> {
     ok: boolean;
@@ -13,7 +21,7 @@ export interface ApiResponse<T> {
     error?: string;
 }
 /**
- * Configuration for initApiClient
+ * Configuration for initApiClient (Bearer token auth)
  */
 export interface ApiClientConfig {
     /** Function that returns the current auth token (or null) */
@@ -24,7 +32,7 @@ export interface ApiClientConfig {
     timeout?: number;
 }
 /**
- * Configuration for initSessionApiClient
+ * Configuration for initSessionApiClient (cookie auth)
  */
 export interface SessionApiClientConfig {
     /** Optional callback for 401 responses (e.g., redirect to login) */
@@ -81,7 +89,7 @@ export declare class ApiError extends Error {
     isServerError(): boolean;
 }
 /**
- * Initializes the API client with token retrieval and optional configuration.
+ * Initializes the API client with Bearer token authentication.
  * Call once at application startup.
  * @param config - Client configuration
  * @example
@@ -92,6 +100,18 @@ export declare class ApiError extends Error {
  * });
  */
 export declare function initApiClient(config: ApiClientConfig): void;
+/**
+ * Initializes the session-based API client.
+ * Uses cookies (credentials: 'include') instead of Bearer tokens.
+ * After calling this, use apiCall/apiGet/apiPost etc. (same functions as token auth).
+ * @param config - Client configuration
+ * @example
+ * initSessionApiClient({
+ *   onUnauthenticated: () => window.location.href = '/login',
+ *   timeout: 60000
+ * });
+ */
+export declare function initSessionApiClient(config: SessionApiClientConfig): void;
 /**
  * Extract a user-friendly error message from an API error.
  * Use in catch blocks to convert errors to displayable strings.
@@ -108,6 +128,7 @@ export declare function initApiClient(config: ApiClientConfig): void;
 export declare function getApiErrorMessage(error: unknown, fallback: string): string;
 /**
  * Makes an authenticated API call. Throws ApiError on non-2xx responses.
+ * Works with both token (Bearer) and session (cookie) auth strategies.
  * @typeParam T - The expected response data type
  * @param url - The API endpoint URL
  * @param options - Optional fetch options (method, body, headers)
@@ -198,88 +219,6 @@ export declare function apiCallVoid(url: string, options?: RequestInit): Promise
  * }
  */
 export declare function apiCallSafe<T>(url: string, options?: RequestInit): Promise<ApiResponse<T>>;
-/**
- * Initializes the session-based API client.
- * Uses cookies (credentials: 'include') instead of Bearer tokens.
- * @param config - Client configuration
- * @example
- * initSessionApiClient({
- *   onUnauthenticated: () => window.location.href = '/login',
- *   timeout: 60000
- * });
- */
-export declare function initSessionApiClient(config: SessionApiClientConfig): void;
-/**
- * Makes a cookie-authenticated API call. Throws ApiError on non-2xx responses.
- * Uses credentials: 'include' to send session cookies.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status or timeout
- * @example
- * const user = await sessionApiCall<User>('/api/auth/me');
- */
-export declare function sessionApiCall<T>(url: string, options?: RequestInit): Promise<T>;
-/**
- * Makes a cookie-authenticated GET request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-export declare function sessionApiGet<T>(url: string): Promise<T>;
-/**
- * Makes a cookie-authenticated POST request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-export declare function sessionApiPost<T>(url: string, body?: unknown): Promise<T>;
-/**
- * Makes a cookie-authenticated PUT request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-export declare function sessionApiPut<T>(url: string, body?: unknown): Promise<T>;
-/**
- * Makes a cookie-authenticated PATCH request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-export declare function sessionApiPatch<T>(url: string, body?: unknown): Promise<T>;
-/**
- * Makes a cookie-authenticated DELETE request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-export declare function sessionApiDelete<T>(url: string): Promise<T>;
-/**
- * Makes a cookie-authenticated API call with Result-style error handling.
- * Unlike sessionApiCall, this never throws - errors are returned in the response.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @returns ApiResponse with ok, status, data (on success), or error (on failure)
- */
-export declare function sessionApiCallSafe<T>(url: string, options?: RequestInit): Promise<ApiResponse<T>>;
-/**
- * Makes a cookie-authenticated API call expecting no response body.
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @throws ApiError on non-2xx HTTP status or timeout
- */
-export declare function sessionApiCallVoid(url: string, options?: RequestInit): Promise<void>;
 /**
  * Checks if an HTTP status code indicates a retryable error.
  * @param status - The HTTP status code (or undefined for network errors)
@@ -289,8 +228,9 @@ export declare function sessionApiCallVoid(url: string, options?: RequestInit):
  */
 export declare function isRetryableStatus(status: number | undefined): boolean;
 /**
- * Makes a cookie-authenticated API call with exponential backoff retry.
+ * Makes an authenticated API call with exponential backoff retry.
  * Retries on retryable status codes (408, 425, 429, 5xx, network errors).
+ * Works with both token and session auth strategies.
  * @typeParam T - The expected response data type
  * @param url - The API endpoint URL
  * @param options - Optional fetch options
@@ -299,9 +239,27 @@ export declare function isRetryableStatus(status: number | undefined): boolean;
  * @returns The parsed JSON response
  * @throws ApiError if all retries fail
  * @example
- * const result = await sessionApiCallWithRetry<AuthResponse>('/api/auth/verify', {
+ * const result = await apiCallWithRetry<AuthResponse>('/api/auth/verify', {
  *   method: 'POST',
  *   body: JSON.stringify({ token })
  * });
  */
-export declare function sessionApiCallWithRetry<T>(url: string, options?: RequestInit, maxRetries?: number, initialDelayMs?: number): Promise<T>;
+export declare function apiCallWithRetry<T>(url: string, options?: RequestInit, maxRetries?: number, initialDelayMs?: number): Promise<T>;
+/** @deprecated Use apiCall after initSessionApiClient */
+export declare const sessionApiCall: typeof apiCall;
+/** @deprecated Use apiGet after initSessionApiClient */
+export declare const sessionApiGet: typeof apiGet;
+/** @deprecated Use apiPost after initSessionApiClient */
+export declare const sessionApiPost: typeof apiPost;
+/** @deprecated Use apiPut after initSessionApiClient */
+export declare const sessionApiPut: typeof apiPut;
+/** @deprecated Use apiPatch after initSessionApiClient */
+export declare const sessionApiPatch: typeof apiPatch;
+/** @deprecated Use apiDelete after initSessionApiClient */
+export declare const sessionApiDelete: typeof apiDelete;
+/** @deprecated Use apiCallSafe after initSessionApiClient */
+export declare const sessionApiCallSafe: typeof apiCallSafe;
+/** @deprecated Use apiCallVoid after initSessionApiClient */
+export declare const sessionApiCallVoid: typeof apiCallVoid;
+/** @deprecated Use apiCallWithRetry after initSessionApiClient */
+export declare const sessionApiCallWithRetry: typeof apiCallWithRetry;

package/dist/client.js

@@ -3,10 +3,18 @@
  * pwa-core/client - Browser-side API client utilities
  *
  * This module has NO Node.js dependencies and is designed for browser use.
+ *
+ * Supports two auth strategies via a single API surface:
+ * - Token (Bearer): initApiClient() — sends Authorization header
+ * - Session (Cookie): initSessionApiClient() — sends credentials: 'include'
+ *
+ * All api* functions (apiCall, apiGet, apiPost, etc.) work with whichever
+ * strategy was initialized. The sessionApi* names are deprecated aliases.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ApiError = void 0;
+exports.sessionApiCallWithRetry = exports.sessionApiCallVoid = exports.sessionApiCallSafe = exports.sessionApiDelete = exports.sessionApiPatch = exports.sessionApiPut = exports.sessionApiPost = exports.sessionApiGet = exports.sessionApiCall = exports.ApiError = void 0;
 exports.initApiClient = initApiClient;
+exports.initSessionApiClient = initSessionApiClient;
 exports.getApiErrorMessage = getApiErrorMessage;
 exports.apiCall = apiCall;
 exports.apiGet = apiGet;
@@ -16,17 +24,8 @@ exports.apiPatch = apiPatch;
 exports.apiDelete = apiDelete;
 exports.apiCallVoid = apiCallVoid;
 exports.apiCallSafe = apiCallSafe;
-exports.initSessionApiClient = initSessionApiClient;
-exports.sessionApiCall = sessionApiCall;
-exports.sessionApiGet = sessionApiGet;
-exports.sessionApiPost = sessionApiPost;
-exports.sessionApiPut = sessionApiPut;
-exports.sessionApiPatch = sessionApiPatch;
-exports.sessionApiDelete = sessionApiDelete;
-exports.sessionApiCallSafe = sessionApiCallSafe;
-exports.sessionApiCallVoid = sessionApiCallVoid;
 exports.isRetryableStatus = isRetryableStatus;
-exports.sessionApiCallWithRetry = sessionApiCallWithRetry;
+exports.apiCallWithRetry = apiCallWithRetry;
 // =============================================================================
 // ApiError Class
 // =============================================================================
@@ -92,29 +91,35 @@ class ApiError extends Error {
     }
 }
 exports.ApiError = ApiError;
-// =============================================================================
-// Module State
-// =============================================================================
-// Token getter function - set by consuming app
-let getToken = null;
-// Callback for 401 responses (e.g., redirect to login)
-let onUnauthorized = null;
-// Request timeout in milliseconds (default: 30 seconds)
-let requestTimeout = 30000;
+let clientState = null;
 // =============================================================================
 // Internal Helpers
 // =============================================================================
-/** Prepare headers with optional auth token */
-function prepareHeaders(options) {
-    const token = getToken?.();
+/** Get the active client state or throw */
+function getState() {
+    if (!clientState) {
+        throw new Error('API client not initialized. Call initApiClient() or initSessionApiClient() first.');
+    }
+    return clientState;
+}
+/** Prepare headers and fetch options based on auth strategy */
+function prepareFetchOptions(options) {
+    const state = getState();
     const headers = {
         'Content-Type': 'application/json',
         ...options.headers
     };
-    if (token) {
-        headers['Authorization'] = `Bearer ${token}`;
+    const fetchOptions = { ...options };
+    if (state.strategy === 'token') {
+        const token = state.getToken?.();
+        if (token) {
+            headers['Authorization'] = `Bearer ${token}`;
+        }
     }
-    return headers;
+    else {
+        fetchOptions.credentials = 'include';
+    }
+    return { headers, fetchOptions };
 }
 /** Extract error message from failed response */
 async function extractErrorMessage(response) {
@@ -126,10 +131,10 @@ async function extractErrorMessage(response) {
         return 'Request failed';
     }
 }
-/** Handle 401 unauthorized callback */
+/** Handle 401 unauthorized/unauthenticated callback */
 function handleUnauthorized(status) {
-    if (status === 401 && onUnauthorized) {
-        onUnauthorized();
+    if (status === 401 && clientState?.onUnauthorized) {
+        clientState.onUnauthorized();
     }
 }
 /** Handle catch block for throwing API functions */
@@ -143,10 +148,10 @@ function handleApiError(error) {
     throw error;
 }
 // =============================================================================
-// Public API
+// Initialization
 // =============================================================================
 /**
- * Initializes the API client with token retrieval and optional configuration.
+ * Initializes the API client with Bearer token authentication.
  * Call once at application startup.
  * @param config - Client configuration
  * @example
@@ -157,10 +162,34 @@ function handleApiError(error) {
  * });
  */
 function initApiClient(config) {
-    getToken = config.getToken;
-    onUnauthorized = config.onUnauthorized ?? null;
-    requestTimeout = config.timeout ?? 30000;
+    clientState = {
+        strategy: 'token',
+        getToken: config.getToken,
+        onUnauthorized: config.onUnauthorized,
+        timeout: config.timeout ?? 30000,
+    };
 }
+/**
+ * Initializes the session-based API client.
+ * Uses cookies (credentials: 'include') instead of Bearer tokens.
+ * After calling this, use apiCall/apiGet/apiPost etc. (same functions as token auth).
+ * @param config - Client configuration
+ * @example
+ * initSessionApiClient({
+ *   onUnauthenticated: () => window.location.href = '/login',
+ *   timeout: 60000
+ * });
+ */
+function initSessionApiClient(config) {
+    clientState = {
+        strategy: 'session',
+        onUnauthorized: config.onUnauthenticated,
+        timeout: config.timeout ?? 30000,
+    };
+}
+// =============================================================================
+// Public API — Works with both token and session strategies
+// =============================================================================
 /**
  * Extract a user-friendly error message from an API error.
  * Use in catch blocks to convert errors to displayable strings.
@@ -185,6 +214,7 @@ function getApiErrorMessage(error, fallback) {
 }
 /**
  * Makes an authenticated API call. Throws ApiError on non-2xx responses.
+ * Works with both token (Bearer) and session (cookie) auth strategies.
  * @typeParam T - The expected response data type
  * @param url - The API endpoint URL
  * @param options - Optional fetch options (method, body, headers)
@@ -194,12 +224,13 @@ function getApiErrorMessage(error, fallback) {
  * const user = await apiCall<User>('/api/users/123');
  */
 async function apiCall(url, options = {}) {
-    const headers = prepareHeaders(options);
+    const state = getState();
+    const { headers, fetchOptions } = prepareFetchOptions(options);
     const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), requestTimeout);
+    const timeoutId = setTimeout(() => controller.abort(), state.timeout);
     try {
         const response = await fetch(url, {
-            ...options,
+            ...fetchOptions,
             headers,
             signal: controller.signal
         });
@@ -304,12 +335,13 @@ async function apiDelete(url) {
  * await apiCallVoid('/api/action', { method: 'POST' });
  */
 async function apiCallVoid(url, options = {}) {
-    const headers = prepareHeaders(options);
+    const state = getState();
+    const { headers, fetchOptions } = prepareFetchOptions(options);
     const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), requestTimeout);
+    const timeoutId = setTimeout(() => controller.abort(), state.timeout);
     try {
         const response = await fetch(url, {
-            ...options,
+            ...fetchOptions,
             headers,
             signal: controller.signal
         });
@@ -343,12 +375,13 @@ async function apiCallVoid(url, options = {}) {
  * }
  */
 async function apiCallSafe(url, options = {}) {
-    const headers = prepareHeaders(options);
+    const state = getState();
+    const { headers, fetchOptions } = prepareFetchOptions(options);
     const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), requestTimeout);
+    const timeoutId = setTimeout(() => controller.abort(), state.timeout);
     try {
         const response = await fetch(url, {
-            ...options,
+            ...fetchOptions,
             headers,
             signal: controller.signal
         });
@@ -372,211 +405,6 @@ async function apiCallSafe(url, options = {}) {
     }
 }
 // =============================================================================
-// Session API Client (cookie-based auth)
-// =============================================================================
-// Session API client state
-let sessionOnUnauthenticated = null;
-let sessionRequestTimeout = 30000;
-/**
- * Initializes the session-based API client.
- * Uses cookies (credentials: 'include') instead of Bearer tokens.
- * @param config - Client configuration
- * @example
- * initSessionApiClient({
- *   onUnauthenticated: () => window.location.href = '/login',
- *   timeout: 60000
- * });
- */
-function initSessionApiClient(config) {
-    sessionOnUnauthenticated = config.onUnauthenticated ?? null;
-    sessionRequestTimeout = config.timeout ?? 30000;
-}
-/** Handle 401 unauthenticated callback for session API */
-function handleUnauthenticated(status) {
-    if (status === 401 && sessionOnUnauthenticated) {
-        sessionOnUnauthenticated();
-    }
-}
-/**
- * Makes a cookie-authenticated API call. Throws ApiError on non-2xx responses.
- * Uses credentials: 'include' to send session cookies.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status or timeout
- * @example
- * const user = await sessionApiCall<User>('/api/auth/me');
- */
-async function sessionApiCall(url, options = {}) {
-    const headers = {
-        'Content-Type': 'application/json',
-        ...options.headers
-    };
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), sessionRequestTimeout);
-    try {
-        const response = await fetch(url, {
-            ...options,
-            headers,
-            credentials: 'include',
-            signal: controller.signal
-        });
-        if (!response.ok) {
-            handleUnauthenticated(response.status);
-            const errorMessage = await extractErrorMessage(response);
-            throw new ApiError(response.status, errorMessage);
-        }
-        const text = await response.text();
-        if (!text) {
-            throw new ApiError(response.status, 'Empty response body');
-        }
-        return JSON.parse(text);
-    }
-    catch (error) {
-        handleApiError(error);
-    }
-    finally {
-        clearTimeout(timeoutId);
-    }
-}
-/**
- * Makes a cookie-authenticated GET request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-async function sessionApiGet(url) {
-    return sessionApiCall(url, { method: 'GET' });
-}
-/**
- * Makes a cookie-authenticated POST request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-async function sessionApiPost(url, body) {
-    return sessionApiCall(url, {
-        method: 'POST',
-        body: body ? JSON.stringify(body) : undefined
-    });
-}
-/**
- * Makes a cookie-authenticated PUT request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-async function sessionApiPut(url, body) {
-    return sessionApiCall(url, {
-        method: 'PUT',
-        body: body ? JSON.stringify(body) : undefined
-    });
-}
-/**
- * Makes a cookie-authenticated PATCH request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param body - Optional request body (will be JSON stringified)
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-async function sessionApiPatch(url, body) {
-    return sessionApiCall(url, {
-        method: 'PATCH',
-        body: body ? JSON.stringify(body) : undefined
-    });
-}
-/**
- * Makes a cookie-authenticated DELETE request.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @returns The parsed JSON response
- * @throws ApiError on non-2xx HTTP status
- */
-async function sessionApiDelete(url) {
-    return sessionApiCall(url, { method: 'DELETE' });
-}
-/**
- * Makes a cookie-authenticated API call with Result-style error handling.
- * Unlike sessionApiCall, this never throws - errors are returned in the response.
- * @typeParam T - The expected response data type
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @returns ApiResponse with ok, status, data (on success), or error (on failure)
- */
-async function sessionApiCallSafe(url, options = {}) {
-    const headers = {
-        'Content-Type': 'application/json',
-        ...options.headers
-    };
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), sessionRequestTimeout);
-    try {
-        const response = await fetch(url, {
-            ...options,
-            headers,
-            credentials: 'include',
-            signal: controller.signal
-        });
-        if (!response.ok) {
-            handleUnauthenticated(response.status);
-            const errorMessage = await extractErrorMessage(response);
-            return { ok: false, status: response.status, error: errorMessage };
-        }
-        const text = await response.text();
-        const data = text ? JSON.parse(text) : undefined;
-        return { ok: true, status: response.status, data };
-    }
-    catch (error) {
-        if (error instanceof Error && error.name === 'AbortError') {
-            return { ok: false, status: 0, error: 'Request timeout' };
-        }
-        return { ok: false, status: 0, error: 'Network error' };
-    }
-    finally {
-        clearTimeout(timeoutId);
-    }
-}
-/**
- * Makes a cookie-authenticated API call expecting no response body.
- * @param url - The API endpoint URL
- * @param options - Optional fetch options (method, body, headers)
- * @throws ApiError on non-2xx HTTP status or timeout
- */
-async function sessionApiCallVoid(url, options = {}) {
-    const headers = {
-        'Content-Type': 'application/json',
-        ...options.headers
-    };
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), sessionRequestTimeout);
-    try {
-        const response = await fetch(url, {
-            ...options,
-            headers,
-            credentials: 'include',
-            signal: controller.signal
-        });
-        if (!response.ok) {
-            handleUnauthenticated(response.status);
-            const errorMessage = await extractErrorMessage(response);
-            throw new ApiError(response.status, errorMessage);
-        }
-    }
-    catch (error) {
-        handleApiError(error);
-    }
-    finally {
-        clearTimeout(timeoutId);
-    }
-}
-// =============================================================================
 // Retryable Request Helper
 // =============================================================================
 /**
@@ -596,8 +424,9 @@ function isRetryableStatus(status) {
     return false;
 }
 /**
- * Makes a cookie-authenticated API call with exponential backoff retry.
+ * Makes an authenticated API call with exponential backoff retry.
  * Retries on retryable status codes (408, 425, 429, 5xx, network errors).
+ * Works with both token and session auth strategies.
  * @typeParam T - The expected response data type
  * @param url - The API endpoint URL
  * @param options - Optional fetch options
@@ -606,16 +435,16 @@ function isRetryableStatus(status) {
  * @returns The parsed JSON response
  * @throws ApiError if all retries fail
  * @example
- * const result = await sessionApiCallWithRetry<AuthResponse>('/api/auth/verify', {
+ * const result = await apiCallWithRetry<AuthResponse>('/api/auth/verify', {
  *   method: 'POST',
  *   body: JSON.stringify({ token })
  * });
  */
-async function sessionApiCallWithRetry(url, options, maxRetries = 3, initialDelayMs = 1000) {
+async function apiCallWithRetry(url, options, maxRetries = 3, initialDelayMs = 1000) {
     let lastError;
     for (let attempt = 0; attempt <= maxRetries; attempt++) {
         try {
-            return await sessionApiCall(url, options);
+            return await apiCall(url, options);
         }
         catch (error) {
             lastError = error;
@@ -630,3 +459,24 @@ async function sessionApiCallWithRetry(url, options, maxRetries = 3, initialDela
     }
     throw lastError;
 }
+// =============================================================================
+// Deprecated Aliases — Use apiCall/apiGet/apiPost etc. after initSessionApiClient
+// =============================================================================
+/** @deprecated Use apiCall after initSessionApiClient */
+exports.sessionApiCall = apiCall;
+/** @deprecated Use apiGet after initSessionApiClient */
+exports.sessionApiGet = apiGet;
+/** @deprecated Use apiPost after initSessionApiClient */
+exports.sessionApiPost = apiPost;
+/** @deprecated Use apiPut after initSessionApiClient */
+exports.sessionApiPut = apiPut;
+/** @deprecated Use apiPatch after initSessionApiClient */
+exports.sessionApiPatch = apiPatch;
+/** @deprecated Use apiDelete after initSessionApiClient */
+exports.sessionApiDelete = apiDelete;
+/** @deprecated Use apiCallSafe after initSessionApiClient */
+exports.sessionApiCallSafe = apiCallSafe;
+/** @deprecated Use apiCallVoid after initSessionApiClient */
+exports.sessionApiCallVoid = apiCallVoid;
+/** @deprecated Use apiCallWithRetry after initSessionApiClient */
+exports.sessionApiCallWithRetry = apiCallWithRetry;