@nokinc-flur/sdk 2.0.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +864 -172
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +510 -11
- package/dist/index.d.ts +510 -11
- package/dist/index.js +814 -172
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -3427,13 +3427,25 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3427
3427
|
payerUserId: z.ZodString;
|
|
3428
3428
|
payeeUserId: z.ZodString;
|
|
3429
3429
|
payerDeviceId: z.ZodString;
|
|
3430
|
-
payerNonce: z.ZodString
|
|
3431
|
-
payeeNonce: z.ZodString
|
|
3430
|
+
payerNonce: z.ZodEffects<z.ZodString, string, string>;
|
|
3431
|
+
payeeNonce: z.ZodEffects<z.ZodString, string, string>;
|
|
3432
3432
|
amountKobo: z.ZodNumber;
|
|
3433
3433
|
currency: z.ZodDefault<z.ZodString>;
|
|
3434
3434
|
occurredAtMs: z.ZodNumber;
|
|
3435
3435
|
completedAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3436
3436
|
contextId: z.ZodOptional<z.ZodString>;
|
|
3437
|
+
requestId: z.ZodOptional<z.ZodString>;
|
|
3438
|
+
requestMode: z.ZodOptional<z.ZodEnum<["fixed", "editable"]>>;
|
|
3439
|
+
requestTakerUserId: z.ZodOptional<z.ZodString>;
|
|
3440
|
+
requestAmountKobo: z.ZodOptional<z.ZodNumber>;
|
|
3441
|
+
requestCurrency: z.ZodOptional<z.ZodString>;
|
|
3442
|
+
requestReference: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
3443
|
+
requestCreatedAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3444
|
+
requestExpiresAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3445
|
+
requestNonce: z.ZodOptional<z.ZodString>;
|
|
3446
|
+
requestTakerDeviceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
3447
|
+
requestTakerPubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
3448
|
+
requestTakerSignatureDerB64: z.ZodOptional<z.ZodString>;
|
|
3437
3449
|
payerPubkeySpkiB64: z.ZodString;
|
|
3438
3450
|
payerSignatureDerB64: z.ZodString;
|
|
3439
3451
|
payeePubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
@@ -3451,9 +3463,21 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3451
3463
|
payerDeviceId: string;
|
|
3452
3464
|
payerPubkeySpkiB64: string;
|
|
3453
3465
|
payerSignatureDerB64: string;
|
|
3466
|
+
requestId?: string | undefined;
|
|
3454
3467
|
encounterId?: string | undefined;
|
|
3455
3468
|
completedAtMs?: number | undefined;
|
|
3456
3469
|
contextId?: string | undefined;
|
|
3470
|
+
requestMode?: "fixed" | "editable" | undefined;
|
|
3471
|
+
requestTakerUserId?: string | undefined;
|
|
3472
|
+
requestAmountKobo?: number | undefined;
|
|
3473
|
+
requestCurrency?: string | undefined;
|
|
3474
|
+
requestReference?: string | null | undefined;
|
|
3475
|
+
requestCreatedAtMs?: number | undefined;
|
|
3476
|
+
requestExpiresAtMs?: number | undefined;
|
|
3477
|
+
requestNonce?: string | undefined;
|
|
3478
|
+
requestTakerDeviceId?: string | null | undefined;
|
|
3479
|
+
requestTakerPubkeySpkiB64?: string | undefined;
|
|
3480
|
+
requestTakerSignatureDerB64?: string | undefined;
|
|
3457
3481
|
payeePubkeySpkiB64?: string | undefined;
|
|
3458
3482
|
payeeSignatureDerB64?: string | undefined;
|
|
3459
3483
|
}, {
|
|
@@ -3467,11 +3491,23 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3467
3491
|
payerDeviceId: string;
|
|
3468
3492
|
payerPubkeySpkiB64: string;
|
|
3469
3493
|
payerSignatureDerB64: string;
|
|
3494
|
+
requestId?: string | undefined;
|
|
3470
3495
|
currency?: string | undefined;
|
|
3471
3496
|
encounterId?: string | undefined;
|
|
3472
3497
|
completedAtMs?: number | undefined;
|
|
3473
3498
|
contextId?: string | undefined;
|
|
3474
3499
|
alg?: "p256" | undefined;
|
|
3500
|
+
requestMode?: "fixed" | "editable" | undefined;
|
|
3501
|
+
requestTakerUserId?: string | undefined;
|
|
3502
|
+
requestAmountKobo?: number | undefined;
|
|
3503
|
+
requestCurrency?: string | undefined;
|
|
3504
|
+
requestReference?: string | null | undefined;
|
|
3505
|
+
requestCreatedAtMs?: number | undefined;
|
|
3506
|
+
requestExpiresAtMs?: number | undefined;
|
|
3507
|
+
requestNonce?: string | undefined;
|
|
3508
|
+
requestTakerDeviceId?: string | null | undefined;
|
|
3509
|
+
requestTakerPubkeySpkiB64?: string | undefined;
|
|
3510
|
+
requestTakerSignatureDerB64?: string | undefined;
|
|
3475
3511
|
payeePubkeySpkiB64?: string | undefined;
|
|
3476
3512
|
payeeSignatureDerB64?: string | undefined;
|
|
3477
3513
|
}>;
|
|
@@ -3490,35 +3526,40 @@ declare const ConsumerSettlementSchema: z.ZodObject<{
|
|
|
3490
3526
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
3491
3527
|
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3492
3528
|
issuerSig: z.ZodString;
|
|
3493
|
-
|
|
3529
|
+
/** Canonical millisecond timestamp signed into the settlement receipt. */
|
|
3530
|
+
issuedAtMs: z.ZodNumber;
|
|
3531
|
+
/** Compatibility alias for API consumers that predate issuedAtMs. */
|
|
3532
|
+
createdAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3494
3533
|
}, "strip", z.ZodTypeAny, {
|
|
3495
3534
|
status: "SETTLED" | "REVIEW";
|
|
3496
3535
|
currency: string;
|
|
3497
|
-
createdAtMs: number;
|
|
3498
3536
|
amountKobo: number;
|
|
3499
3537
|
payerUserId: string;
|
|
3500
3538
|
ledgerRef: string | null;
|
|
3501
3539
|
issuerSig: string;
|
|
3540
|
+
issuedAtMs: number;
|
|
3502
3541
|
encounterId: string;
|
|
3503
3542
|
payeeUserId: string;
|
|
3504
3543
|
settlementId: string;
|
|
3505
3544
|
settlementKey: string;
|
|
3506
3545
|
oacId: string;
|
|
3507
3546
|
reviewReason: string | null;
|
|
3547
|
+
createdAtMs?: number | undefined;
|
|
3508
3548
|
}, {
|
|
3509
3549
|
status: "SETTLED" | "REVIEW";
|
|
3510
3550
|
currency: string;
|
|
3511
|
-
createdAtMs: number;
|
|
3512
3551
|
amountKobo: number;
|
|
3513
3552
|
payerUserId: string;
|
|
3514
3553
|
ledgerRef: string | null;
|
|
3515
3554
|
issuerSig: string;
|
|
3555
|
+
issuedAtMs: number;
|
|
3516
3556
|
encounterId: string;
|
|
3517
3557
|
payeeUserId: string;
|
|
3518
3558
|
settlementId: string;
|
|
3519
3559
|
settlementKey: string;
|
|
3520
3560
|
oacId: string;
|
|
3521
3561
|
reviewReason: string | null;
|
|
3562
|
+
createdAtMs?: number | undefined;
|
|
3522
3563
|
}>;
|
|
3523
3564
|
type ConsumerSettlement = z.infer<typeof ConsumerSettlementSchema>;
|
|
3524
3565
|
declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
@@ -3536,35 +3577,40 @@ declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
|
3536
3577
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
3537
3578
|
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3538
3579
|
issuerSig: z.ZodString;
|
|
3539
|
-
|
|
3580
|
+
/** Canonical millisecond timestamp signed into the settlement receipt. */
|
|
3581
|
+
issuedAtMs: z.ZodNumber;
|
|
3582
|
+
/** Compatibility alias for API consumers that predate issuedAtMs. */
|
|
3583
|
+
createdAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3540
3584
|
}, "strip", z.ZodTypeAny, {
|
|
3541
3585
|
status: "SETTLED" | "REVIEW";
|
|
3542
3586
|
currency: string;
|
|
3543
|
-
createdAtMs: number;
|
|
3544
3587
|
amountKobo: number;
|
|
3545
3588
|
payerUserId: string;
|
|
3546
3589
|
ledgerRef: string | null;
|
|
3547
3590
|
issuerSig: string;
|
|
3591
|
+
issuedAtMs: number;
|
|
3548
3592
|
encounterId: string;
|
|
3549
3593
|
payeeUserId: string;
|
|
3550
3594
|
settlementId: string;
|
|
3551
3595
|
settlementKey: string;
|
|
3552
3596
|
oacId: string;
|
|
3553
3597
|
reviewReason: string | null;
|
|
3598
|
+
createdAtMs?: number | undefined;
|
|
3554
3599
|
}, {
|
|
3555
3600
|
status: "SETTLED" | "REVIEW";
|
|
3556
3601
|
currency: string;
|
|
3557
|
-
createdAtMs: number;
|
|
3558
3602
|
amountKobo: number;
|
|
3559
3603
|
payerUserId: string;
|
|
3560
3604
|
ledgerRef: string | null;
|
|
3561
3605
|
issuerSig: string;
|
|
3606
|
+
issuedAtMs: number;
|
|
3562
3607
|
encounterId: string;
|
|
3563
3608
|
payeeUserId: string;
|
|
3564
3609
|
settlementId: string;
|
|
3565
3610
|
settlementKey: string;
|
|
3566
3611
|
oacId: string;
|
|
3567
3612
|
reviewReason: string | null;
|
|
3613
|
+
createdAtMs?: number | undefined;
|
|
3568
3614
|
}>;
|
|
3569
3615
|
encounterId: z.ZodString;
|
|
3570
3616
|
replayed: z.ZodBoolean;
|
|
@@ -3574,17 +3620,18 @@ declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
|
3574
3620
|
settlement: {
|
|
3575
3621
|
status: "SETTLED" | "REVIEW";
|
|
3576
3622
|
currency: string;
|
|
3577
|
-
createdAtMs: number;
|
|
3578
3623
|
amountKobo: number;
|
|
3579
3624
|
payerUserId: string;
|
|
3580
3625
|
ledgerRef: string | null;
|
|
3581
3626
|
issuerSig: string;
|
|
3627
|
+
issuedAtMs: number;
|
|
3582
3628
|
encounterId: string;
|
|
3583
3629
|
payeeUserId: string;
|
|
3584
3630
|
settlementId: string;
|
|
3585
3631
|
settlementKey: string;
|
|
3586
3632
|
oacId: string;
|
|
3587
3633
|
reviewReason: string | null;
|
|
3634
|
+
createdAtMs?: number | undefined;
|
|
3588
3635
|
};
|
|
3589
3636
|
}, {
|
|
3590
3637
|
replayed: boolean;
|
|
@@ -3592,17 +3639,18 @@ declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
|
3592
3639
|
settlement: {
|
|
3593
3640
|
status: "SETTLED" | "REVIEW";
|
|
3594
3641
|
currency: string;
|
|
3595
|
-
createdAtMs: number;
|
|
3596
3642
|
amountKobo: number;
|
|
3597
3643
|
payerUserId: string;
|
|
3598
3644
|
ledgerRef: string | null;
|
|
3599
3645
|
issuerSig: string;
|
|
3646
|
+
issuedAtMs: number;
|
|
3600
3647
|
encounterId: string;
|
|
3601
3648
|
payeeUserId: string;
|
|
3602
3649
|
settlementId: string;
|
|
3603
3650
|
settlementKey: string;
|
|
3604
3651
|
oacId: string;
|
|
3605
3652
|
reviewReason: string | null;
|
|
3653
|
+
createdAtMs?: number | undefined;
|
|
3606
3654
|
};
|
|
3607
3655
|
}>;
|
|
3608
3656
|
type ConsumerSettleResult = z.infer<typeof ConsumerSettleResultSchema>;
|
|
@@ -3634,6 +3682,7 @@ type MeOfflineClient = {
|
|
|
3634
3682
|
issueAccountOac: (input: IssueAccountOacInput) => Promise<OACRecord>;
|
|
3635
3683
|
getStatus: (deviceId?: string) => Promise<OfflineStatusResult>;
|
|
3636
3684
|
submitClaim: (claim: ConsumerPaymentClaim) => Promise<ConsumerSettleResult>;
|
|
3685
|
+
getSettlement: (idOrKey: string) => Promise<ConsumerSettlement>;
|
|
3637
3686
|
};
|
|
3638
3687
|
declare function createMeOfflineClient(opts: MeOfflineClientOptions): MeOfflineClient;
|
|
3639
3688
|
|
|
@@ -3730,6 +3779,14 @@ declare function canonicalClaimSigningPayload(claim: CanonicalClaimInput): {
|
|
|
3730
3779
|
};
|
|
3731
3780
|
/** Bytes the signer must operate on. */
|
|
3732
3781
|
declare function canonicalClaimSigningBytes(claim: CanonicalClaimInput): Uint8Array;
|
|
3782
|
+
/** Deterministic encounter id used by backend settlement dedupe. */
|
|
3783
|
+
declare function computeConsumerClaimEncounterId(input: {
|
|
3784
|
+
oacId: string;
|
|
3785
|
+
payerUserId: string;
|
|
3786
|
+
payeeUserId: string;
|
|
3787
|
+
payerNonce: string;
|
|
3788
|
+
payeeNonce: string;
|
|
3789
|
+
}): string;
|
|
3733
3790
|
/**
|
|
3734
3791
|
* Software P-256 signer. Useful for:
|
|
3735
3792
|
* - test harnesses
|
|
@@ -3753,10 +3810,268 @@ interface VerifyClaimSignatureInput {
|
|
|
3753
3810
|
*/
|
|
3754
3811
|
declare function verifyClaimSignature(input: VerifyClaimSignatureInput): boolean;
|
|
3755
3812
|
|
|
3813
|
+
declare const CONSUMER_PAYMENT_REQUEST_DOMAIN: "flur:consumer-offline:v1:request";
|
|
3814
|
+
declare const ConsumerPaymentRequestEnvelopeSchema: z.ZodEffects<z.ZodObject<{
|
|
3815
|
+
requestId: z.ZodString;
|
|
3816
|
+
mode: z.ZodEnum<["fixed", "editable"]>;
|
|
3817
|
+
takerUserId: z.ZodString;
|
|
3818
|
+
amountKobo: z.ZodNumber;
|
|
3819
|
+
currency: z.ZodDefault<z.ZodString>;
|
|
3820
|
+
reference: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
3821
|
+
createdAtMs: z.ZodNumber;
|
|
3822
|
+
expiresAtMs: z.ZodNumber;
|
|
3823
|
+
nonce: z.ZodString;
|
|
3824
|
+
takerDeviceId: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
3825
|
+
takerPubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
3826
|
+
takerSignatureDerB64: z.ZodOptional<z.ZodString>;
|
|
3827
|
+
}, "strip", z.ZodTypeAny, {
|
|
3828
|
+
requestId: string;
|
|
3829
|
+
nonce: string;
|
|
3830
|
+
currency: string;
|
|
3831
|
+
createdAtMs: number;
|
|
3832
|
+
reference: string | null;
|
|
3833
|
+
amountKobo: number;
|
|
3834
|
+
expiresAtMs: number;
|
|
3835
|
+
mode: "fixed" | "editable";
|
|
3836
|
+
takerUserId: string;
|
|
3837
|
+
takerDeviceId: string | null;
|
|
3838
|
+
takerPubkeySpkiB64?: string | undefined;
|
|
3839
|
+
takerSignatureDerB64?: string | undefined;
|
|
3840
|
+
}, {
|
|
3841
|
+
requestId: string;
|
|
3842
|
+
nonce: string;
|
|
3843
|
+
createdAtMs: number;
|
|
3844
|
+
amountKobo: number;
|
|
3845
|
+
expiresAtMs: number;
|
|
3846
|
+
mode: "fixed" | "editable";
|
|
3847
|
+
takerUserId: string;
|
|
3848
|
+
currency?: string | undefined;
|
|
3849
|
+
reference?: string | null | undefined;
|
|
3850
|
+
takerDeviceId?: string | null | undefined;
|
|
3851
|
+
takerPubkeySpkiB64?: string | undefined;
|
|
3852
|
+
takerSignatureDerB64?: string | undefined;
|
|
3853
|
+
}>, {
|
|
3854
|
+
requestId: string;
|
|
3855
|
+
nonce: string;
|
|
3856
|
+
currency: string;
|
|
3857
|
+
createdAtMs: number;
|
|
3858
|
+
reference: string | null;
|
|
3859
|
+
amountKobo: number;
|
|
3860
|
+
expiresAtMs: number;
|
|
3861
|
+
mode: "fixed" | "editable";
|
|
3862
|
+
takerUserId: string;
|
|
3863
|
+
takerDeviceId: string | null;
|
|
3864
|
+
takerPubkeySpkiB64?: string | undefined;
|
|
3865
|
+
takerSignatureDerB64?: string | undefined;
|
|
3866
|
+
}, {
|
|
3867
|
+
requestId: string;
|
|
3868
|
+
nonce: string;
|
|
3869
|
+
createdAtMs: number;
|
|
3870
|
+
amountKobo: number;
|
|
3871
|
+
expiresAtMs: number;
|
|
3872
|
+
mode: "fixed" | "editable";
|
|
3873
|
+
takerUserId: string;
|
|
3874
|
+
currency?: string | undefined;
|
|
3875
|
+
reference?: string | null | undefined;
|
|
3876
|
+
takerDeviceId?: string | null | undefined;
|
|
3877
|
+
takerPubkeySpkiB64?: string | undefined;
|
|
3878
|
+
takerSignatureDerB64?: string | undefined;
|
|
3879
|
+
}>;
|
|
3880
|
+
type ConsumerPaymentRequestEnvelope = z.infer<typeof ConsumerPaymentRequestEnvelopeSchema>;
|
|
3881
|
+
type UnsignedConsumerPaymentRequest = Omit<ConsumerPaymentRequestEnvelope, 'takerPubkeySpkiB64' | 'takerSignatureDerB64'>;
|
|
3882
|
+
declare function buildConsumerPaymentRequest(input: {
|
|
3883
|
+
requestId: string;
|
|
3884
|
+
mode: 'fixed' | 'editable';
|
|
3885
|
+
takerUserId: string;
|
|
3886
|
+
amountKobo: number;
|
|
3887
|
+
currency?: string;
|
|
3888
|
+
reference?: string | null;
|
|
3889
|
+
createdAtMs: number;
|
|
3890
|
+
expiresAtMs: number;
|
|
3891
|
+
nonce: string;
|
|
3892
|
+
takerDeviceId?: string | null;
|
|
3893
|
+
}): UnsignedConsumerPaymentRequest;
|
|
3894
|
+
declare function consumerPaymentRequestSigningPayload(request: UnsignedConsumerPaymentRequest | ConsumerPaymentRequestEnvelope): {
|
|
3895
|
+
domain: "flur:consumer-offline:v1:request";
|
|
3896
|
+
version: number;
|
|
3897
|
+
requestId: string;
|
|
3898
|
+
mode: "fixed" | "editable";
|
|
3899
|
+
takerUserId: string;
|
|
3900
|
+
amountKobo: number;
|
|
3901
|
+
currency: string;
|
|
3902
|
+
reference: string | null;
|
|
3903
|
+
createdAtMs: number;
|
|
3904
|
+
expiresAtMs: number;
|
|
3905
|
+
nonce: string;
|
|
3906
|
+
takerDeviceId: string | null;
|
|
3907
|
+
};
|
|
3908
|
+
declare function consumerPaymentRequestSigningBytes(request: UnsignedConsumerPaymentRequest | ConsumerPaymentRequestEnvelope): Uint8Array;
|
|
3909
|
+
declare function signConsumerPaymentRequest(unsigned: UnsignedConsumerPaymentRequest, signer: OfflineClaimSigner): Promise<ConsumerPaymentRequestEnvelope>;
|
|
3910
|
+
declare function verifyConsumerPaymentRequest(request: ConsumerPaymentRequestEnvelope): boolean;
|
|
3911
|
+
declare function isConsumerPaymentRequestExpired(request: ConsumerPaymentRequestEnvelope, nowMs?: number): boolean;
|
|
3912
|
+
|
|
3913
|
+
declare const CONSUMER_SETTLEMENT_DOMAIN: "flur:consumer-offline:v1:settlement";
|
|
3914
|
+
declare const CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX: "FLURSR1.";
|
|
3915
|
+
declare function consumerSettlementSigningPayload(settlement: ConsumerSettlement): {
|
|
3916
|
+
domain: "flur:consumer-offline:v1:settlement";
|
|
3917
|
+
settlementId: string;
|
|
3918
|
+
settlementKey: string;
|
|
3919
|
+
encounterId: string;
|
|
3920
|
+
oacId: string;
|
|
3921
|
+
payerUserId: string;
|
|
3922
|
+
payeeUserId: string;
|
|
3923
|
+
amountKobo: number;
|
|
3924
|
+
currency: string;
|
|
3925
|
+
status: "SETTLED" | "REVIEW";
|
|
3926
|
+
reviewReason: string | null;
|
|
3927
|
+
ledgerRef: string | null;
|
|
3928
|
+
issuedAtMs: number;
|
|
3929
|
+
};
|
|
3930
|
+
declare function verifyConsumerSettlement(settlement: ConsumerSettlement, issuerPublicKeySpkiB64: string): boolean;
|
|
3931
|
+
declare function encodeConsumerSettlementReceiptQR(settlement: ConsumerSettlement): string;
|
|
3932
|
+
declare function decodeUnverifiedConsumerSettlementReceiptQR(value: string): ConsumerSettlement;
|
|
3933
|
+
declare function verifyConsumerSettlementReceiptQR(value: string, issuerPublicKeySpkiB64: string): ConsumerSettlement;
|
|
3934
|
+
/**
|
|
3935
|
+
* @deprecated One-argument decode is unverified and exists only for 2.x
|
|
3936
|
+
* source compatibility. Prefer `verifyConsumerSettlementReceiptQR(value,
|
|
3937
|
+
* issuerPublicKeySpkiB64)` or pass the issuer key as the second argument.
|
|
3938
|
+
*/
|
|
3939
|
+
declare function decodeConsumerSettlementReceiptQR(value: string): ConsumerSettlement;
|
|
3940
|
+
declare function decodeConsumerSettlementReceiptQR(value: string, issuerPublicKeySpkiB64: string): ConsumerSettlement;
|
|
3941
|
+
|
|
3942
|
+
/**
|
|
3943
|
+
* FLURA1 — single-SMS consumer-offline settle token.
|
|
3944
|
+
*
|
|
3945
|
+
* Why this exists:
|
|
3946
|
+
* - The legacy `FLURC1.` codec packed the entire dual-party-signed
|
|
3947
|
+
* `ConsumerPaymentClaim` JSON into a base64url SMS, which (a) overran
|
|
3948
|
+
* the 160-char GSM-7 single-SMS budget for any non-trivial claim and
|
|
3949
|
+
* (b) leaked enough state through the carrier to allow a hostile relay
|
|
3950
|
+
* to replay the claim out-of-band.
|
|
3951
|
+
* - Text-banking rails in the real world (737-SMS, M-Pesa STK applet)
|
|
3952
|
+
* settle from a much smaller payload, but they substitute MSISDN trust
|
|
3953
|
+
* + tiny daily limits for cryptographic auth. We can do strictly better
|
|
3954
|
+
* because we already have hardware-backed P-256 device keys.
|
|
3955
|
+
*
|
|
3956
|
+
* FLURA1 wire (112 bytes, signed by the payer's hardware key):
|
|
3957
|
+
*
|
|
3958
|
+
* off len field
|
|
3959
|
+
* 0 1 version 0x01
|
|
3960
|
+
* 1 1 flags reserved, must be 0x00
|
|
3961
|
+
* 2 16 encounterId prefix first 16 of sha256(encounterId)
|
|
3962
|
+
* 18 8 payer userId prefix first 8 bytes of UUID binary
|
|
3963
|
+
* 26 8 payee userId prefix first 8 bytes of UUID binary
|
|
3964
|
+
* 34 8 amountKobo uint64 big-endian
|
|
3965
|
+
* 42 6 occurredAtMs uint48 big-endian
|
|
3966
|
+
* 48 64 signature raw ECDSA-P256 r‖s (32 + 32)
|
|
3967
|
+
*
|
|
3968
|
+
* Signing input is `FLURA1_DOMAIN ‖ bytes[0..47]` (31 + 48 = 79 bytes),
|
|
3969
|
+
* SHA-256-prehashed inside `p256.sign`. Currency is the platform invariant
|
|
3970
|
+
* NGN and never travels on the wire. The backend resolves full UUIDs from
|
|
3971
|
+
* the 8-byte prefixes (collision probability < 1e-12 at our scale; the
|
|
3972
|
+
* backend rejects ambiguous matches).
|
|
3973
|
+
*
|
|
3974
|
+
* Wire encoding: `FLURA1.<base64url(112 bytes)>` = 7 + 150 = 157 chars,
|
|
3975
|
+
* fits one GSM-7 SMS with 3 chars to spare.
|
|
3976
|
+
*
|
|
3977
|
+
* This payload is enough to *settle* unilaterally — the payer's signature
|
|
3978
|
+
* is the authority, the OAC active at `occurredAtMs` is the limit. The
|
|
3979
|
+
* payee can dispute the amount in person; the ledger move is final once
|
|
3980
|
+
* verified, just like cash.
|
|
3981
|
+
*/
|
|
3982
|
+
|
|
3983
|
+
/**
|
|
3984
|
+
* Full-claim QR envelope used for authenticated app-to-app relay. This is
|
|
3985
|
+
* intentionally NOT the carrier-SMS settle rail: the JSON claim can exceed
|
|
3986
|
+
* a single SMS and must not be sent to the provider webhook. Mobile keeps
|
|
3987
|
+
* this for QR/paste flows that submit to `/v1/me/offline/claims`.
|
|
3988
|
+
*/
|
|
3756
3989
|
declare const OFFLINE_CLAIM_SMS_PREFIX: "FLURC1.";
|
|
3757
3990
|
declare function encodeOfflineClaimSmsMessage(claim: ConsumerPaymentClaim): string;
|
|
3758
3991
|
declare function decodeOfflineClaimSmsMessage(message: string): ConsumerPaymentClaim;
|
|
3759
3992
|
declare function extractOfflineClaimSmsToken(message: string): string | null;
|
|
3993
|
+
declare const OFFLINE_SMS_SETTLE_PREFIX: "FLURA1.";
|
|
3994
|
+
/** Domain string prepended to the 48-byte header before signing/verifying. */
|
|
3995
|
+
declare const OFFLINE_SMS_SETTLE_DOMAIN: "flur:consumer-offline:v1:attest";
|
|
3996
|
+
/** Fixed total binary length, in bytes. */
|
|
3997
|
+
declare const OFFLINE_SMS_SETTLE_TOKEN_BYTES: 112;
|
|
3998
|
+
/** Length of the signed prefix (everything except the 64-byte signature). */
|
|
3999
|
+
declare const OFFLINE_SMS_SETTLE_HEADER_BYTES: 48;
|
|
4000
|
+
/** Length of the raw P-256 r‖s signature appended after the header. */
|
|
4001
|
+
declare const OFFLINE_SMS_SETTLE_SIGNATURE_BYTES: 64;
|
|
4002
|
+
/** Wire version supported by this codec. */
|
|
4003
|
+
declare const OFFLINE_SMS_SETTLE_VERSION: 1;
|
|
4004
|
+
/**
|
|
4005
|
+
* Inputs the caller supplies when building a FLURA1 token. All identifier
|
|
4006
|
+
* fields are full hex/UUID strings; this codec computes prefixes.
|
|
4007
|
+
*/
|
|
4008
|
+
interface OfflineSmsSettleInput {
|
|
4009
|
+
/** Opaque encounter identifier — same value the claim uses. */
|
|
4010
|
+
encounterId: string;
|
|
4011
|
+
/** Full payer user UUID (string form, e.g. `8c...-...-...-...-...`). */
|
|
4012
|
+
payerUserId: string;
|
|
4013
|
+
/** Full payee user UUID (string form). */
|
|
4014
|
+
payeeUserId: string;
|
|
4015
|
+
amountKobo: number;
|
|
4016
|
+
occurredAtMs: number;
|
|
4017
|
+
}
|
|
4018
|
+
/**
|
|
4019
|
+
* Decoded view of a FLURA1 token. Field prefixes are returned as hex
|
|
4020
|
+
* strings; raw byte arrays are exposed for callers that need them
|
|
4021
|
+
* (signature verification, audit storage).
|
|
4022
|
+
*/
|
|
4023
|
+
interface DecodedOfflineSmsSettleToken {
|
|
4024
|
+
version: number;
|
|
4025
|
+
flags: number;
|
|
4026
|
+
encounterIdPrefixHex: string;
|
|
4027
|
+
payerUserIdPrefixHex: string;
|
|
4028
|
+
payeeUserIdPrefixHex: string;
|
|
4029
|
+
amountKobo: number;
|
|
4030
|
+
occurredAtMs: number;
|
|
4031
|
+
/** Raw 64-byte ECDSA-P256 r‖s signature. */
|
|
4032
|
+
signature: Uint8Array;
|
|
4033
|
+
/** 48-byte signed header (`bytes[0..47]`). */
|
|
4034
|
+
header: Uint8Array;
|
|
4035
|
+
/** 79-byte domain-tagged buffer that was actually fed into `p256.verify`. */
|
|
4036
|
+
signedBytes: Uint8Array;
|
|
4037
|
+
}
|
|
4038
|
+
/**
|
|
4039
|
+
* Minimal signer surface accepted by `encodeOfflineSmsSettleToken`. Returns
|
|
4040
|
+
* raw 64-byte r‖s ECDSA-P256. Hardware signers that natively emit DER must
|
|
4041
|
+
* convert before calling this codec — see `derToRawP256Signature`.
|
|
4042
|
+
*/
|
|
4043
|
+
interface OfflineSmsSettleSigner {
|
|
4044
|
+
signRaw(bytes: Uint8Array): Promise<Uint8Array>;
|
|
4045
|
+
}
|
|
4046
|
+
declare function encodeOfflineSmsSettleToken(input: OfflineSmsSettleInput, signer: OfflineSmsSettleSigner): Promise<string>;
|
|
4047
|
+
/**
|
|
4048
|
+
* Build the 48-byte signed header for the given input. Exposed so callers
|
|
4049
|
+
* that own the signing primitive directly (e.g. a native Secure Enclave
|
|
4050
|
+
* bridge that emits DER) can compute the bytes-to-sign without going
|
|
4051
|
+
* through `OfflineSmsSettleSigner`.
|
|
4052
|
+
*/
|
|
4053
|
+
declare function buildSmsSettleHeader(input: OfflineSmsSettleInput): Promise<Uint8Array>;
|
|
4054
|
+
/**
|
|
4055
|
+
* Bytes a signer must operate on: `OFFLINE_SMS_SETTLE_DOMAIN ‖ header`.
|
|
4056
|
+
* Exposed for hardware bridges that own the signing call themselves.
|
|
4057
|
+
*/
|
|
4058
|
+
declare function domainTag(header: Uint8Array): Uint8Array;
|
|
4059
|
+
declare function decodeOfflineSmsSettleToken(message: string): DecodedOfflineSmsSettleToken;
|
|
4060
|
+
declare function extractOfflineSmsSettleToken(message: string): string | null;
|
|
4061
|
+
/**
|
|
4062
|
+
* Verify a decoded FLURA1 token against a candidate payer SPKI public key.
|
|
4063
|
+
* Returns `false` (never throws) on any signature or key-decode failure so
|
|
4064
|
+
* callers can iterate a candidate set safely.
|
|
4065
|
+
*/
|
|
4066
|
+
declare function verifyOfflineSmsSettleToken(decoded: DecodedOfflineSmsSettleToken, payerPubkeySpkiB64: string): boolean;
|
|
4067
|
+
/**
|
|
4068
|
+
* Convert an ASN.1 DER ECDSA-P256 signature (the format every hardware
|
|
4069
|
+
* Secure-Enclave / Keystore bridge in this codebase emits) into the
|
|
4070
|
+
* 64-byte raw r‖s form that FLURA1 carries on the wire.
|
|
4071
|
+
*
|
|
4072
|
+
* Throws on any DER parse failure or out-of-range coordinate.
|
|
4073
|
+
*/
|
|
4074
|
+
declare function derToRawP256Signature(derBytes: Uint8Array): Uint8Array;
|
|
3760
4075
|
|
|
3761
4076
|
/**
|
|
3762
4077
|
* Partner-funded wallet rails SDK.
|
|
@@ -4633,6 +4948,7 @@ declare const ARTIFACT_TYPES: {
|
|
|
4633
4948
|
readonly STATEMENT: "statement";
|
|
4634
4949
|
readonly PASS: "pass";
|
|
4635
4950
|
readonly IDENTITY: "identity";
|
|
4951
|
+
readonly PAY_CARD: "pay_card";
|
|
4636
4952
|
};
|
|
4637
4953
|
type ArtifactType = (typeof ARTIFACT_TYPES)[keyof typeof ARTIFACT_TYPES];
|
|
4638
4954
|
declare const OfflinePaymentAuthorizationArtifactSchema: z.ZodObject<{
|
|
@@ -5276,6 +5592,23 @@ declare const IdentityArtifactSchema: z.ZodObject<{
|
|
|
5276
5592
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
5277
5593
|
claimValueHash: string;
|
|
5278
5594
|
}>;
|
|
5595
|
+
declare const PayCardArtifactSchema: z.ZodObject<{
|
|
5596
|
+
userId: z.ZodString;
|
|
5597
|
+
phoneE164: z.ZodString;
|
|
5598
|
+
displayName: z.ZodString;
|
|
5599
|
+
devicePubKeySpkiB64: z.ZodString;
|
|
5600
|
+
}, "strip", z.ZodTypeAny, {
|
|
5601
|
+
phoneE164: string;
|
|
5602
|
+
userId: string;
|
|
5603
|
+
displayName: string;
|
|
5604
|
+
devicePubKeySpkiB64: string;
|
|
5605
|
+
}, {
|
|
5606
|
+
phoneE164: string;
|
|
5607
|
+
userId: string;
|
|
5608
|
+
displayName: string;
|
|
5609
|
+
devicePubKeySpkiB64: string;
|
|
5610
|
+
}>;
|
|
5611
|
+
type PayCardArtifact = z.infer<typeof PayCardArtifactSchema>;
|
|
5279
5612
|
declare const ARTIFACT_BODY_SCHEMAS: {
|
|
5280
5613
|
readonly offline_payment_authorization: z.ZodObject<{
|
|
5281
5614
|
authorization: z.ZodObject<{
|
|
@@ -5916,6 +6249,22 @@ declare const ARTIFACT_BODY_SCHEMAS: {
|
|
|
5916
6249
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
5917
6250
|
claimValueHash: string;
|
|
5918
6251
|
}>;
|
|
6252
|
+
readonly pay_card: z.ZodObject<{
|
|
6253
|
+
userId: z.ZodString;
|
|
6254
|
+
phoneE164: z.ZodString;
|
|
6255
|
+
displayName: z.ZodString;
|
|
6256
|
+
devicePubKeySpkiB64: z.ZodString;
|
|
6257
|
+
}, "strip", z.ZodTypeAny, {
|
|
6258
|
+
phoneE164: string;
|
|
6259
|
+
userId: string;
|
|
6260
|
+
displayName: string;
|
|
6261
|
+
devicePubKeySpkiB64: string;
|
|
6262
|
+
}, {
|
|
6263
|
+
phoneE164: string;
|
|
6264
|
+
userId: string;
|
|
6265
|
+
displayName: string;
|
|
6266
|
+
devicePubKeySpkiB64: string;
|
|
6267
|
+
}>;
|
|
5919
6268
|
};
|
|
5920
6269
|
/** Artifact types whose body schema is fully specified and safe to dispatch. */
|
|
5921
6270
|
declare const HARDENED_ARTIFACT_TYPES: Set<ArtifactType>;
|
|
@@ -6034,4 +6383,154 @@ declare function createOfflinePaymentAuthorizationArtifactUri(input: {
|
|
|
6034
6383
|
}>;
|
|
6035
6384
|
};
|
|
6036
6385
|
|
|
6037
|
-
|
|
6386
|
+
/**
|
|
6387
|
+
* Pay Card — Tier B of the Flur recipient-trust ladder.
|
|
6388
|
+
*
|
|
6389
|
+
* A Pay Card is a holder-signed, expiring identity attestation rendered as a
|
|
6390
|
+
* QR. When a payer scans a Pay Card and verifies its signature against the
|
|
6391
|
+
* holder's registered device-key, they obtain a trusted (userId, phoneE164,
|
|
6392
|
+
* displayName, devicePubKey) tuple they can cache locally and reuse to pay
|
|
6393
|
+
* the holder fully offline thereafter.
|
|
6394
|
+
*
|
|
6395
|
+
* Transport: the standard Flur v1 signed-artifact envelope
|
|
6396
|
+
* `flur://v1/pay_card/<base64url(canonical-json(body))>.<base64url(sig)>`
|
|
6397
|
+
*
|
|
6398
|
+
* Trust model:
|
|
6399
|
+
* - Card is signed by the holder's device key (P-256, ECDSA-SHA256, DER).
|
|
6400
|
+
* - Verifier resolves (issuer=userId, kid) to a SubjectPublicKeyInfo via
|
|
6401
|
+
* Flur's device-key registry — typically online at scan time.
|
|
6402
|
+
* - On successful verify, the scanner upserts the card into its local
|
|
6403
|
+
* verified-contact cache (Tier A) so future pays are offline.
|
|
6404
|
+
*
|
|
6405
|
+
* This module is the canonical implementation. The backend and mobile MUST
|
|
6406
|
+
* use it for build, verify, and freshness checks — no parallel implementations.
|
|
6407
|
+
*
|
|
6408
|
+
* Industry-standard defaults (configurable per call):
|
|
6409
|
+
* - TTL: 90 days from issue.
|
|
6410
|
+
* - Refresh threshold: 30 days remaining triggers a 'refresh_recommended'
|
|
6411
|
+
* freshness state.
|
|
6412
|
+
*
|
|
6413
|
+
* Field policy (enforced by {@link PayCardArtifactSchema}):
|
|
6414
|
+
* - displayName \u2264 64 chars
|
|
6415
|
+
* - phoneE164 must match /^\+[1-9]\d{7,14}$/
|
|
6416
|
+
* - devicePubKeySpkiB64 must be standard base64 (no url-safe variants),
|
|
6417
|
+
* 64..256 chars (covers P-256 SPKI = 91 chars plus forward-compat).
|
|
6418
|
+
*/
|
|
6419
|
+
|
|
6420
|
+
/** Default Pay Card lifetime (ms): 90 days. */
|
|
6421
|
+
declare const PAY_CARD_DEFAULT_TTL_MS: number;
|
|
6422
|
+
/**
|
|
6423
|
+
* When the remaining lifetime drops below this threshold (ms),
|
|
6424
|
+
* {@link inspectPayCardFreshness} returns `'refresh_recommended'`.
|
|
6425
|
+
*
|
|
6426
|
+
* Holders should refresh in the background well before hard-expiry so
|
|
6427
|
+
* a stale-card scan never blocks a payment.
|
|
6428
|
+
*/
|
|
6429
|
+
declare const PAY_CARD_REFRESH_THRESHOLD_MS: number;
|
|
6430
|
+
/** URI prefix for Pay Card artifacts. */
|
|
6431
|
+
declare const PAY_CARD_URI_PREFIX: string;
|
|
6432
|
+
/**
|
|
6433
|
+
* Inputs for {@link createPayCardArtifactUri}. Mirrors the artifact codec
|
|
6434
|
+
* inputs but pins type to `pay_card`, validates the data shape, and applies
|
|
6435
|
+
* the default TTL when `expiresAtSeconds` is omitted.
|
|
6436
|
+
*/
|
|
6437
|
+
interface CreatePayCardArtifactInput {
|
|
6438
|
+
/** Holder Flur userId (also used as the envelope issuer). */
|
|
6439
|
+
issuer: string;
|
|
6440
|
+
/** Holder device key id. */
|
|
6441
|
+
keyId: string;
|
|
6442
|
+
/** Holder device private key (raw 32-byte P-256 scalar). */
|
|
6443
|
+
privateKey: Uint8Array;
|
|
6444
|
+
/** Pay Card business payload. */
|
|
6445
|
+
data: PayCardArtifact;
|
|
6446
|
+
/** URL-safe nonce, 8..64 chars. Required for envelope uniqueness. */
|
|
6447
|
+
nonce: string;
|
|
6448
|
+
/** Override the issued-at (seconds). Defaults to now. */
|
|
6449
|
+
issuedAtSeconds?: number;
|
|
6450
|
+
/**
|
|
6451
|
+
* Override the expiry (seconds). Defaults to `issuedAt + 90 days`.
|
|
6452
|
+
*
|
|
6453
|
+
* SECURITY: a Pay Card is a holder-signed identity attestation, so a
|
|
6454
|
+
* hard expiry is mandatory at the protocol level — there is no opt-out.
|
|
6455
|
+
* Callers may shorten the TTL but cannot remove it; backend verifiers
|
|
6456
|
+
* additionally reject envelopes without `exp` (`PAY_CARD_NO_EXPIRY`).
|
|
6457
|
+
*/
|
|
6458
|
+
expiresAtSeconds?: number;
|
|
6459
|
+
}
|
|
6460
|
+
/**
|
|
6461
|
+
* Build, sign, and encode a Pay Card as a `flur://v1/pay_card/...` URI.
|
|
6462
|
+
*
|
|
6463
|
+
* Defaults the envelope's `exp` to `iat + 90 days` so callers do not need
|
|
6464
|
+
* to compute lifetimes. Refuses to emit a card whose `userId` payload
|
|
6465
|
+
* field disagrees with the envelope `issuer` \u2014 the holder must sign their
|
|
6466
|
+
* own card.
|
|
6467
|
+
*/
|
|
6468
|
+
declare function createPayCardArtifactUri(input: CreatePayCardArtifactInput): {
|
|
6469
|
+
uri: string;
|
|
6470
|
+
signed: SignedArtifact<PayCardArtifact>;
|
|
6471
|
+
};
|
|
6472
|
+
/** True when the URI is shaped as a Pay Card artifact (prefix check only). */
|
|
6473
|
+
declare function isPayCardArtifactUri(uri: string): boolean;
|
|
6474
|
+
interface DecodedPayCard {
|
|
6475
|
+
/** Validated Pay Card body (data + envelope header). */
|
|
6476
|
+
body: ArtifactBody<PayCardArtifact>;
|
|
6477
|
+
/** ASN.1 DER ECDSA P-256 signature, base64 (standard). */
|
|
6478
|
+
sig: string;
|
|
6479
|
+
/** Raw decoded envelope \u2014 useful when re-emitting or relaying. */
|
|
6480
|
+
decoded: DecodedArtifactUri;
|
|
6481
|
+
}
|
|
6482
|
+
/**
|
|
6483
|
+
* Decode a Pay Card URI without verifying its signature. Validates the URI
|
|
6484
|
+
* shape, the envelope header, and the data schema. Use when the caller wants
|
|
6485
|
+
* to inspect the card before deciding whether/how to verify it.
|
|
6486
|
+
*/
|
|
6487
|
+
declare function decodePayCardArtifact(uri: string): DecodedPayCard;
|
|
6488
|
+
/**
|
|
6489
|
+
* Verify a Pay Card URI fully:
|
|
6490
|
+
* 1. URI + envelope + data schema (via {@link decodePayCardArtifact}).
|
|
6491
|
+
* 2. Envelope expiry (unless `options.enforceExpiry === false`).
|
|
6492
|
+
* 3. ECDSA P-256 signature against the supplied holder SPKI public key.
|
|
6493
|
+
*
|
|
6494
|
+
* The caller is responsible for resolving `(issuer, kid)` to the holder's
|
|
6495
|
+
* registered SPKI public key (typically via the backend device-key registry).
|
|
6496
|
+
*/
|
|
6497
|
+
declare function verifyPayCardArtifact(uri: string, publicKeySpkiB64: string, options?: VerifyArtifactOptions): DecodedPayCard;
|
|
6498
|
+
type PayCardFreshness = 'fresh' | 'refresh_recommended' | 'expired' | 'no_expiry';
|
|
6499
|
+
/**
|
|
6500
|
+
* Classify a Pay Card by remaining lifetime. Used by holders to decide when
|
|
6501
|
+
* to re-fetch a freshly-signed card from the backend, and by scanners to
|
|
6502
|
+
* decide whether to prompt the holder to refresh.
|
|
6503
|
+
*
|
|
6504
|
+
* - `'expired'` : envelope.exp \u2264 now
|
|
6505
|
+
* - `'refresh_recommended'` : 0 < remaining \u2264 PAY_CARD_REFRESH_THRESHOLD_MS
|
|
6506
|
+
* - `'fresh'` : remaining > PAY_CARD_REFRESH_THRESHOLD_MS
|
|
6507
|
+
* - `'no_expiry'` : envelope omits `exp` (non-production cards only)
|
|
6508
|
+
*/
|
|
6509
|
+
declare function inspectPayCardFreshness(decoded: DecodedPayCard, nowMs?: number): PayCardFreshness;
|
|
6510
|
+
/**
|
|
6511
|
+
* Compute the canonical body bytes a backend must sign when issuing a
|
|
6512
|
+
* Pay Card on behalf of the holder via a *server-side* signing path.
|
|
6513
|
+
*
|
|
6514
|
+
* This export exists so a backend (which holds neither the holder's private
|
|
6515
|
+
* key nor a parallel envelope implementation) can call into the SDK to
|
|
6516
|
+
* obtain the exact bytes to sign with a hardware-backed device key abstraction.
|
|
6517
|
+
* Mobile clients that sign locally should use {@link createPayCardArtifactUri}
|
|
6518
|
+
* instead.
|
|
6519
|
+
*
|
|
6520
|
+
* Returned bytes are the same input passed to ECDSA P-256(SHA-256). Callers
|
|
6521
|
+
* MUST keep this contract \u2014 changing the signing input is a protocol break.
|
|
6522
|
+
*/
|
|
6523
|
+
declare function buildPayCardSigningInput(input: {
|
|
6524
|
+
issuer: string;
|
|
6525
|
+
keyId: string;
|
|
6526
|
+
data: PayCardArtifact;
|
|
6527
|
+
nonce: string;
|
|
6528
|
+
issuedAtSeconds?: number;
|
|
6529
|
+
/** See {@link CreatePayCardArtifactInput.expiresAtSeconds}. */
|
|
6530
|
+
expiresAtSeconds?: number;
|
|
6531
|
+
}): {
|
|
6532
|
+
body: ArtifactBody<PayCardArtifact>;
|
|
6533
|
+
bodyBytes: Uint8Array;
|
|
6534
|
+
};
|
|
6535
|
+
|
|
6536
|
+
export { ACCOUNT_FUNDED_OAC_MAX_TTL_MS, ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS, CONSUMER_PAYMENT_REQUEST_DOMAIN, CONSUMER_SETTLEMENT_DOMAIN, CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerPaymentRequestEnvelope, ConsumerPaymentRequestEnvelopeSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayCardArtifactInput, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DecodedOfflineSmsSettleToken, type DecodedPayCard, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, FIELD, FLUR_ARTIFACT_URI_PREFIX, FLUR_ARTIFACT_URI_SCHEME, FLUR_ARTIFACT_VERSION, FlurApiError, FlurArtifactError, FlurCapExceededError, FlurClient, type FlurClientOptions, FlurError, type FlurErrorCode, FlurExpiredError, type FlurHandle, type FlurInitOptions, type FlurOfflineSettlementsClient, type FlurPartnerClient, type FlurPaymentEvent, FlurReplayError, HARDENED_ARTIFACT_TYPES, type HmacFetchOptions, IdentityArtifactSchema, type IngestFundingResult, IngestFundingResultSchema, type IssueAccountOacInput, IssueAccountOacInputSchema, type IssueOfflineTokenInput, type IssuePassInput, type IssueReceiptInput, LedgerJournalEntryArtifactSchema, type ListPassesInput, type ListPassesResponse, type ListPayoutDestinationsResult, ListPayoutDestinationsResultSchema, type ListReceiptsInput, type ListReceiptsResponse, type ListTransactionsOptions, MEMBERSHIP_ROLES, MERCHANT_PAYOUT_STATUSES, MERCHANT_PROFILE_STATUSES, type MeOfflineClient, type MeOfflineClientOptions, type MembershipRole, type MerchantAccountInfo, type MerchantPayout, MerchantPayoutSchema, type MerchantProfile, MerchantProfileSchema, type MintedApiCredential, MintedApiCredentialSchema, type Money, NGN_CURRENCY_CODE, NG_COUNTRY_CODE, NQRParseError, type NQRPayloadInput, NqrPaymentRequestArtifactSchema, type OAC, OACSchema, OAC_DEFAULT_CUMULATIVE_KOBO, OAC_DEFAULT_PER_TX_KOBO, OAC_DEFAULT_VALIDITY_MS, OFFLINE_CLAIM_SMS_PREFIX, OFFLINE_SMS_SETTLE_DOMAIN, OFFLINE_SMS_SETTLE_HEADER_BYTES, OFFLINE_SMS_SETTLE_PREFIX, OFFLINE_SMS_SETTLE_SIGNATURE_BYTES, OFFLINE_SMS_SETTLE_TOKEN_BYTES, OFFLINE_SMS_SETTLE_VERSION, type OfflineClaimAlgorithm, OfflineClaimArtifactSchema, type OfflineClaimSigner, type OfflinePaymentAuthorization, type OfflinePaymentAuthorizationArtifact, OfflinePaymentAuthorizationArtifactSchema, OfflinePaymentAuthorizationSchema, type OfflinePaymentRequest, OfflinePaymentRequestSchema, type OfflineSmsSettleInput, type OfflineSmsSettleSigner, type OfflineStatusResult, OfflineStatusResultSchema, type OfflineToken, OfflineTokenSchema, type OnboardingCompleteInput, type OnboardingCompleteResponse, type OnboardingFallback, type OnboardingRiskReason, type OnboardingStartInput, type OnboardingStartResponse, type P256EnrollmentChallengeInput, P256EnrollmentChallengeInputSchema, type P256EnrollmentChallengeResult, P256EnrollmentChallengeResultSchema, PARTNER_FUNDING_DIRECTIONS, PARTNER_FUNDING_STATUSES, PARTNER_KINDS, PARTNER_PROFILE_STATUSES, PARTNER_SCOPES, PASS_KINDS, PASS_STATES, PAYLOAD_FORMAT_INDICATOR_VALUE, PAYOUT_DESTINATION_STATUSES, PAY_CARD_DEFAULT_TTL_MS, PAY_CARD_REFRESH_THRESHOLD_MS, PAY_CARD_URI_PREFIX, POINT_OF_INITIATION, type ParsedNQR, type PartnerClientOptions, type PartnerCollectionsClient, type PartnerFunding, type PartnerFundingClient, type PartnerFundingDirection, type PartnerFundingEventInput, PartnerFundingEventInputSchema, PartnerFundingSchema, type PartnerFundingStatus, type PartnerKind, type PartnerProfile, type PartnerProfileAdminClient, type PartnerProfileAdminClientOptions, PartnerProfileSchema, type PartnerProfileStatus, type PartnerScope, type PartnerSignResult, type Pass, PassArtifactSchema, type PassKind, type PassMetadata, PassMetadataSchema, PassSchema, type PassState, type PassesClient, type PassesClientOptions, type PayCardArtifact, PayCardArtifactSchema, type PayCardFreshness, type PayCollectionInput, PayCollectionInputSchema, type PayCollectionOptions, type PayCollectionResponse, type PaymentClaim, PaymentClaimSchema, PaymentIntentArtifactSchema, type PayoutDestination, PayoutDestinationSchema, type PayoutDestinationStatus, type PayoutEventInput, PayoutEventInputSchema, type PinSetInput, type PinVerifyInput, type ProviderEventInput, ProviderEventInputSchema, type ProviderEventRecord, ProviderEventRecordSchema, type PublicCollectionIntent, PublicCollectionIntentSchema, type PushPlatform, type PushRegisterInput, RECEIPT_CHANNELS, RECEIPT_KINDS, REPLAY_WINDOW_MS, type Receipt, type ReceiptArtifact, ReceiptArtifactSchema, type ReceiptChannel, type ReceiptKind, type ReceiptPayload, ReceiptPayloadSchema, ReceiptSchema, type ReceiptsClient, type ReceiptsClientOptions, type RecipientResolveInput, type RecipientResolveResponse, type ReconciliationReport, ReconciliationReportSchema, type RecordPayoutEventResult, RecordPayoutEventResultSchema, type RedeemPassResponse, type Redemption, RedemptionSchema, type RegisterDeviceInput, type RegisterDeviceKeyP256Input, RegisterDeviceKeyP256InputSchema, type RegisterDeviceResponse, type RegisterSendDeviceKeyInput, type ResolveCollectionOptions, type ResolveCollectionResponse, type ResolvePayLinkResponse, ReversalRecordArtifactSchema, RevokeDeviceKeyInputSchema, type RevokePassInput, type RoutingHint, SETTLEMENT_SCHEDULES, type SendChallengeInput, type SendChallengeResponse, type SendMoneyInput, type SendMoneyOptions, type SendVerifyInput, type SendVerifyResponse, type SettleResponse, SettleResponseSchema, type Settlement, SettlementRecordArtifactSchema, SettlementSchema, type SignedArtifact, type SignedConsumerOAC, SignedConsumerOACSchema, type SignerPublicKey, StatementArtifactSchema, type SubscribeOptions, type TLVField, type TransactionDetailResponse, type TransactionDirection, type TransactionsListResponse, type TransferInput, type TransferResponse, type TransferStatus, type UnsignedConsumerPaymentRequest, type UnsignedOAC, type UnsignedOfflinePaymentAuthorization, type UnsignedOfflinePaymentRequest, type UnsignedPass, type UnsignedReceipt, type UnsignedRedemption, type UpsertMerchantProfileInput, UpsertMerchantProfileInputSchema, type UpsertPartnerProfileInput, UpsertPartnerProfileInputSchema, type VerifiedArtifact, type VerifyArtifactOptions, type VerifyClaimSignatureInput, WITHDRAWAL_STATES, type Withdrawal, WithdrawalSchema, type WithdrawalState, base64UrlDecode, base64UrlEncode, bodySha256Hex, buildArtifactBody, buildAuthorization, buildConsumerPaymentRequest, buildOAC, buildPass, buildPayCardSigningInput, buildPaymentRequest, buildReceipt, buildRedemption, buildSmsSettleHeader, domainTag as buildSmsSettleSignedBytes, canonicalClaimSigningBytes, canonicalClaimSigningPayload, canonicalJSONBytes, canonicalJSONStringify, canonicalRequestString, computeConsumerClaimEncounterId, computeEncounterId, constantTimeEqual, consumerPaymentRequestSigningBytes, consumerPaymentRequestSigningPayload, consumerSettlementSigningPayload, crc16ccitt, crc16ccittHex, createAccountsClient, createApiCredentialsAdminClient, createArtifactUri, createCollectionsClient, createConsumerCollectionsClient, createConsumerWithdrawalsClient, createFlurPartnerClient, createHmacFetch, createMeOfflineClient, createOfflinePaymentAuthorizationArtifactUri, createOfflineSettlementsClient, createPartnerCollectionsClient, createPartnerFundingClient, createPartnerProfileAdminClient, createPassesClient, createPayCardArtifactUri, createReceiptArtifactUri, createReceiptsClient, createSoftwareP256Signer, decodeArtifactUri, decodeAuthorizationQR, decodeBase45, decodeConsumerSettlementReceiptQR, decodeOfflineClaimSmsMessage, decodeOfflineSmsSettleToken, decodePayCardArtifact, decodePaymentRequestQR, decodeUnverifiedConsumerSettlementReceiptQR, derToRawP256Signature, encodeArtifactUri, encodeAuthorizationQR, encodeBase45, encodeConsumerSettlementReceiptQR, encodeNQR, encodeOfflineClaimSmsMessage, encodeOfflineSmsSettleToken, encodePaymentRequestQR, extractOfflineClaimSmsToken, extractOfflineSmsSettleToken, formatAmount, generateDynamicQR, generateStaticQR, init, inspectPayCardFreshness, isConsumerPaymentRequestExpired, isHardenedArtifactType, isKnownArtifactType, isPassWithinValidity, isPayCardArtifactUri, moneyMinorToNumber, normalizeE164, parseAmountInput, parseNQR, parseQR, readTLV, routingHint, signArtifact, signAuthorization, signConsumerPaymentRequest, signOAC, signPartnerRequest, signPass, signPaymentRequest, signReceipt, signRedemption, signRequestHMAC, verifyArtifactSignature, verifyArtifactUri, verifyAuthorization, verifyClaimSignature, verifyConsumerPaymentRequest, verifyConsumerSettlement, verifyConsumerSettlementReceiptQR, verifyOAC, verifyOfflineSmsSettleToken, verifyPass, verifyPayCardArtifact, verifyPaymentRequest, verifyReceipt, verifyRedemption, verifyRequestHMAC, writeTLV };
|