npm - @notifykit/sdk - Versions diffs - 1.0.5 → 1.2.0 - Mend

@notifykit/sdk 1.0.5 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -74,6 +74,41 @@ await client.sendEmail({
 });
 ```
+### Per-Message Provider Routing (Paid Plans)
+By default, NotifyKit picks the email provider based on your configured priority order and falls back through all of them on failure. To pin a specific provider per message, pass `provider`. To narrow the failover to one alternative, pass `fallback`.
+```typescript
+// Force this email through SendGrid; if it fails, the job fails.
+await client.sendEmail({
+  to: "user@example.com",
+  subject: "Receipt",
+  body: "<h1>Thanks</h1>",
+  provider: "SENDGRID",
+});
+// Force SendGrid first, then Resend if SendGrid fails. No other providers tried.
+await client.sendEmail({
+  to: "user@example.com",
+  subject: "Receipt",
+  body: "<h1>Thanks</h1>",
+  provider: "SENDGRID",
+  fallback: "RESEND",
+});
+```
+**Validation:**
+| Case                                                               | Outcome           |
+| ------------------------------------------------------------------ | ----------------- |
+| `fallback` set without `provider`                                  | `400 Bad Request` |
+| `provider` equals `fallback`                                       | `400 Bad Request` |
+| Requested `provider` or `fallback` not configured for your account | `400 Bad Request` |
+Forced routing is a contract: NotifyKit does **not** retry through providers you didn't authorize. The routing fields persist with the job, so manual or automatic retries replay the same attempt set.
+To inspect which provider actually delivered (or which one was last attempted on failure), see [Tracking Jobs](#tracking-jobs) — `getJob(id)` returns a `deliveryLogs[]` array with a `usedProvider` field on each entry.
 ### Prevent Duplicate Sends
 ```typescript
@@ -114,7 +149,7 @@ await client.sendWebhook({
 ```typescript
 await client.sendWebhook({
   url: "https://yourapp.com/webhooks/order",
-  method: "POST", // GET, POST, PUT, PATCH, DELETE — default is POST
+  method: "POST",
   payload: { orderId: "12345" },
   headers: {
     "X-Webhook-Secret": process.env.WEBHOOK_SECRET!,
@@ -159,13 +194,30 @@ if (status.status === "completed") {
 }
 ```
+### Inspect Delivery Attempts
+`getJob(id)` returns a `deliveryLogs[]` array — one entry per delivery attempt — with the provider that was used:
+```typescript
+const status = await client.getJob(job.jobId);
+for (const log of status.deliveryLogs) {
+  console.log(
+    `attempt ${log.attempt} via ${log.usedProvider ?? "unknown"}: ${log.status}`,
+  );
+  if (log.errorMessage) console.log(`  error: ${log.errorMessage}`);
+}
+```
+For successful sends, the last entry's `usedProvider` is the provider that delivered. For failures, it's the last provider attempted. Webhook jobs return an empty array.
 ### List Jobs with Filters
 ```typescript
 const result = await client.listJobs({
   page: 1,
   limit: 20,
-  type: "email",   // Filter by type: 'email' or 'webhook'
+  type: "email", // Filter by type: 'email' or 'webhook'
   status: "failed", // Filter by status
 });
@@ -210,11 +262,12 @@ try {
   await client.sendEmail({ to: "bad-email", subject: "Test", body: "Hello" });
 } catch (error) {
   if (error instanceof NotifyKitError) {
-    console.error(error.getFullMessage()); // "[400] to must be an email"
+    console.error(error.getFullMessage());
     if (error.isStatus(400)) console.error("Bad request:", error.message);
     if (error.isStatus(401)) console.error("Invalid API key");
-    if (error.isStatus(403)) console.error("Quota or permission error:", error.message);
+    if (error.isStatus(403))
+      console.error("Quota or permission error:", error.message);
     if (error.isStatus(409)) console.error("Duplicate idempotency key");
     if (error.isStatus(429)) console.error("Rate limit exceeded");
   }
@@ -225,15 +278,15 @@ try {
 ## API Reference
-| Method                 | Description                         | Returns                        |
-| ---------------------- | ----------------------------------- | ------------------------------ |
-| `sendEmail(options)`   | Send an email notification          | `Promise<JobResponse>`         |
-| `sendWebhook(options)` | Send a webhook notification         | `Promise<JobResponse>`         |
-| `getJob(jobId)`        | Get job status and details          | `Promise<JobStatus>`           |
-| `listJobs(options?)`   | List jobs with optional filters     | `Promise<{ data, pagination }>` |
-| `retryJob(jobId)`      | Retry a failed job                  | `Promise<RetryJobResponse>`    |
-| `ping()`               | Test API connection                 | `Promise<string>`              |
-| `getApiInfo()`         | Get API version info                | `Promise<ApiInfo>`             |
+| Method                 | Description                     | Returns                         |
+| ---------------------- | ------------------------------- | ------------------------------- |
+| `sendEmail(options)`   | Send an email notification      | `Promise<JobResponse>`          |
+| `sendWebhook(options)` | Send a webhook notification     | `Promise<JobResponse>`          |
+| `getJob(jobId)`        | Get job status and details      | `Promise<JobStatus>`            |
+| `listJobs(options?)`   | List jobs with optional filters | `Promise<{ data, pagination }>` |
+| `retryJob(jobId)`      | Retry a failed job              | `Promise<RetryJobResponse>`     |
+| `ping()`               | Test API connection             | `Promise<string>`               |
+| `getApiInfo()`         | Get API version info            | `Promise<ApiInfo>`              |
 ### TypeScript Types
@@ -251,11 +304,11 @@ import type {
 ## Plans
-| Plan    | Price     | Webhooks/month | Emails/month                          |
-| ------- | --------- | -------------- | ------------------------------------- |
-| Free    | $0        | 100 (shared)   | 100 (shared with webhooks)            |
-| Indie   | $9/mo     | 4,000          | Unlimited (via your SendGrid key)     |
-| Startup | $30/mo    | 15,000         | Unlimited (via your SendGrid key)     |
+| Plan    | Price  | Webhooks/month | Emails/month                      |
+| ------- | ------ | -------------- | --------------------------------- |
+| Free    | $0     | 100 (shared)   | 100 (shared with webhooks)        |
+| Indie   | $9/mo  | 4,000          | Unlimited (via your SendGrid key) |
+| Startup | $30/mo | 15,000         | Unlimited (via your SendGrid key) |
 ---

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { NotifyKitConfig, SendEmailOptions, SendWebhookOptions, JobResponse, JobStatus, ApiInfo, PaginationMeta, RetryJobResponse } from './types';
+import { NotifyKitConfig, SendEmailOptions, SendWebhookOptions, JobResponse, JobStatus, JobSummary, ApiInfo, PaginationMeta, RetryJobResponse } from './types';
 export declare class NotifyKitClient {
     private client;
     constructor(config: NotifyKitConfig);
@@ -19,7 +19,7 @@ export declare class NotifyKitClient {
         type?: 'email' | 'webhook';
         status?: 'pending' | 'processing' | 'completed' | 'failed';
     }): Promise<{
-        data: JobStatus[];
+        data: JobSummary[];
         pagination: PaginationMeta;
     }>;
     /** Retry a failed job */

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,5 @@
 export { NotifyKitClient } from "./client";
 export * from "./types";
 export * from "./errors";
+export { verifyWebhookSignature } from "./webhooks";
+export type { VerifyWebhookSignatureOptions } from "./webhooks";

package/dist/index.js CHANGED Viewed

@@ -14,8 +14,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.NotifyKitClient = void 0;
+exports.verifyWebhookSignature = exports.NotifyKitClient = void 0;
 var client_1 = require("./client");
 Object.defineProperty(exports, "NotifyKitClient", { enumerable: true, get: function () { return client_1.NotifyKitClient; } });
 __exportStar(require("./types"), exports);
 __exportStar(require("./errors"), exports);
+var webhooks_1 = require("./webhooks");
+Object.defineProperty(exports, "verifyWebhookSignature", { enumerable: true, get: function () { return webhooks_1.verifyWebhookSignature; } });

package/dist/types.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@ export interface PaginationMeta {
     limit: number;
     totalPages: number;
 }
+export type EmailProvider = "SENDGRID" | "RESEND" | "POSTMARK";
 export interface SendEmailOptions {
     to: string;
     subject: string;
@@ -15,6 +16,8 @@ export interface SendEmailOptions {
     from?: string;
     priority?: 1 | 5 | 10;
     idempotencyKey?: string;
+    provider?: EmailProvider;
+    fallback?: EmailProvider;
 }
 export interface SendWebhookOptions {
     url: string;
@@ -30,6 +33,14 @@ export interface JobResponse {
     type: string;
     createdAt: string;
 }
+export interface DeliveryLog {
+    id: string;
+    attempt: number;
+    status: string;
+    usedProvider: EmailProvider | null;
+    errorMessage: string | null;
+    createdAt: string;
+}
 export interface JobStatus {
     id: string;
     type: string;
@@ -42,6 +53,17 @@ export interface JobStatus {
     createdAt: string;
     startedAt?: string;
     completedAt?: string;
+    deliveryLogs: DeliveryLog[];
+}
+export interface JobSummary {
+    id: string;
+    type: string;
+    status: "pending" | "processing" | "completed" | "failed";
+    priority: number;
+    attempts: number;
+    errorMessage?: string;
+    createdAt: string;
+    completedAt?: string;
 }
 export interface RetryJobResponse {
     jobId: string;

package/dist/webhooks.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+export interface VerifyWebhookSignatureOptions {
+    /** Raw request body as a string — do NOT pass a parsed object. */
+    payload: string;
+    /** Value of the X-Webhook-Timestamp header. */
+    timestamp: string;
+    /** Value of the X-Webhook-Signature header (format: t=<ts>,v1=<hex>). */
+    signature: string;
+    /** Plaintext webhook signing secret from your NotifyKit dashboard. */
+    secret: string;
+    /**
+     * Maximum age of the request in seconds before it is rejected as a replay.
+     * Defaults to 300 (5 minutes).
+     */
+    tolerance?: number;
+}
+/**
+ * Verify an incoming webhook signature from NotifyKit.
+ *
+ * NotifyKit signs outgoing webhook requests with HMAC-SHA256 when a signing
+ * secret is configured. Call this on your receiving endpoint to confirm the
+ * request is genuine and has not been replayed.
+ *
+ * @returns `true` if the signature is valid and the request is within the
+ *   tolerance window, `false` otherwise.
+ *
+ * @example
+ * ```ts
+ * app.post('/webhook', (req, res) => {
+ *   const valid = verifyWebhookSignature({
+ *     payload: req.rawBody,           // raw string, not parsed JSON
+ *     timestamp: req.headers['x-webhook-timestamp'],
+ *     signature: req.headers['x-webhook-signature'],
+ *     secret: process.env.NOTIFYKIT_WEBHOOK_SECRET,
+ *   });
+ *   if (!valid) return res.status(401).send('Invalid signature');
+ *   // ...
+ * });
+ * ```
+ */
+export declare function verifyWebhookSignature(options: VerifyWebhookSignatureOptions): boolean;

package/dist/webhooks.js ADDED Viewed

@@ -0,0 +1,102 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyWebhookSignature = verifyWebhookSignature;
+const crypto = __importStar(require("crypto"));
+/**
+ * Verify an incoming webhook signature from NotifyKit.
+ *
+ * NotifyKit signs outgoing webhook requests with HMAC-SHA256 when a signing
+ * secret is configured. Call this on your receiving endpoint to confirm the
+ * request is genuine and has not been replayed.
+ *
+ * @returns `true` if the signature is valid and the request is within the
+ *   tolerance window, `false` otherwise.
+ *
+ * @example
+ * ```ts
+ * app.post('/webhook', (req, res) => {
+ *   const valid = verifyWebhookSignature({
+ *     payload: req.rawBody,           // raw string, not parsed JSON
+ *     timestamp: req.headers['x-webhook-timestamp'],
+ *     signature: req.headers['x-webhook-signature'],
+ *     secret: process.env.NOTIFYKIT_WEBHOOK_SECRET,
+ *   });
+ *   if (!valid) return res.status(401).send('Invalid signature');
+ *   // ...
+ * });
+ * ```
+ */
+function verifyWebhookSignature(options) {
+    const { payload, timestamp, signature, secret, tolerance = 300 } = options;
+    let v1;
+    let headerTs;
+    for (const part of signature.split(",")) {
+        const eq = part.indexOf("=");
+        if (eq === -1)
+            continue;
+        const key = part.slice(0, eq).trim();
+        const val = part.slice(eq + 1).trim();
+        if (key === "v1")
+            v1 = val;
+        if (key === "t")
+            headerTs = val;
+    }
+    if (!v1 || !headerTs)
+        return false;
+    if (headerTs !== timestamp)
+        return false;
+    const ts = parseInt(timestamp, 10);
+    if (!Number.isFinite(ts))
+        return false;
+    const age = Math.floor(Date.now() / 1000) - ts;
+    if (age < 0 || age > tolerance)
+        return false;
+    const signed = `${timestamp}.${payload}`;
+    const expected = crypto
+        .createHmac("sha256", secret)
+        .update(signed)
+        .digest("hex");
+    try {
+        const expectedBuf = Buffer.from(expected, "hex");
+        const actualBuf = Buffer.from(v1, "hex");
+        if (expectedBuf.length !== actualBuf.length)
+            return false;
+        return crypto.timingSafeEqual(expectedBuf, actualBuf);
+    }
+    catch {
+        return false;
+    }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@notifykit/sdk",
-  "version": "1.0.5",
+  "version": "1.2.0",
   "description": "Official NotifyKit SDK for Node.js",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",