@omnikit-ai/sdk 2.2.4 → 2.2.5

package/dist/index.d.mts

@@ -7,7 +7,7 @@ export { cleanTokenFromUrl, getAccessToken, isTokenInUrl, removeAccessToken, sav
  * Like Base44's connectors module - allows backend functions to get access tokens
  * for making direct API calls to external services.
  *
- * SECURITY: getAccessToken requires service token authentication.
+ * SECURITY: getAccessToken requires API key (X-API-Key) authentication.
  * Only available to backend functions, not frontend code.
  */
 type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'google_sheets' | 'notion' | 'salesforce';
@@ -32,7 +32,7 @@ interface ConnectorsModule$1 {
     /**
      * Get access token for a connector.
      *
-     * SECURITY: Requires service token authentication.
+     * SECURITY: Requires API key (X-API-Key) authentication.
      * Only available in backend functions, not frontend code.
      *
      * @example
@@ -98,17 +98,16 @@ interface OmnikitConfig {
      * If not provided, will auto-detect from URL or localStorage
      */
     token?: string;
-    /**
-     * Service role token for elevated admin operations (optional)
-     * When provided, enables asServiceRole operations
-     */
-    serviceToken?: string;
     /**
      * API key for server-to-server authentication (optional)
-     * Used in backend functions (Deno Edge Functions) where user auth isn't needed.
-     * Takes precedence over serviceToken if both are provided.
+     * Used in backend functions (Deno Edge Functions) for privileged operations.
+     * When provided, enables service role operations via omnikit.service
      */
     apiKey?: string;
+    /**
+     * @deprecated Use apiKey instead. serviceToken is an alias for backwards compatibility.
+     */
+    serviceToken?: string;
     /**
      * Auto-detect and load token from URL params or localStorage
      * @default true
@@ -1239,7 +1238,7 @@ interface ConnectorsModule {
 }
 /**
  * Service role client interface (elevated admin operations)
- * Available when serviceToken is provided in config
+ * Available when apiKey is provided in config
  */
 interface ServiceRoleClient {
     /** Collection operations with service role privileges */
@@ -1321,8 +1320,8 @@ interface OmnikitClient {
     auth: AuthModule;
     /**
      * Service-level operations (elevated privileges).
-     * Only available when serviceToken is provided (e.g., via createServerClient).
-     * Throws error if accessed without serviceToken.
+     * Only available when apiKey is provided (e.g., via createServerClient).
+     * Throws error if accessed without apiKey.
      *
      * @example
      * ```typescript
@@ -1803,7 +1802,6 @@ declare class APIClient implements OmnikitClient {
     appId: string;
     baseUrl: string;
     private userToken;
-    private _serviceToken;
     private _apiKey;
     private initialized;
     private initPromise;
@@ -1900,7 +1898,7 @@ declare class APIClient implements OmnikitClient {
     get auth(): AuthModule;
     /**
      * Service-level operations (elevated privileges).
-     * Only available when serviceToken is provided (e.g., via createServerClient).
+     * Only available when apiKey is provided (e.g., via createServerClient).
      */
     get service(): ServiceRoleClient;
     /**
@@ -2181,7 +2179,7 @@ declare class APIClient implements OmnikitClient {
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or service token is invalid
+     * @throws Error if the secret is not found or API key is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }
@@ -2235,7 +2233,7 @@ interface ServerRequest {
  *   // Access user data (user JWT auth)
  *   const currentUser = await omnikit.auth.me();
  *
- *   // Access connectors (requires service token)
+ *   // Access connectors (requires API key)
  *   const { access_token } = await omnikit.service.connectors.getAccessToken('slack');
  *
  *   // Make direct Slack API call

package/dist/index.d.ts

@@ -7,7 +7,7 @@ export { cleanTokenFromUrl, getAccessToken, isTokenInUrl, removeAccessToken, sav
  * Like Base44's connectors module - allows backend functions to get access tokens
  * for making direct API calls to external services.
  *
- * SECURITY: getAccessToken requires service token authentication.
+ * SECURITY: getAccessToken requires API key (X-API-Key) authentication.
  * Only available to backend functions, not frontend code.
  */
 type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'google_sheets' | 'notion' | 'salesforce';
@@ -32,7 +32,7 @@ interface ConnectorsModule$1 {
     /**
      * Get access token for a connector.
      *
-     * SECURITY: Requires service token authentication.
+     * SECURITY: Requires API key (X-API-Key) authentication.
      * Only available in backend functions, not frontend code.
      *
      * @example
@@ -98,17 +98,16 @@ interface OmnikitConfig {
      * If not provided, will auto-detect from URL or localStorage
      */
     token?: string;
-    /**
-     * Service role token for elevated admin operations (optional)
-     * When provided, enables asServiceRole operations
-     */
-    serviceToken?: string;
     /**
      * API key for server-to-server authentication (optional)
-     * Used in backend functions (Deno Edge Functions) where user auth isn't needed.
-     * Takes precedence over serviceToken if both are provided.
+     * Used in backend functions (Deno Edge Functions) for privileged operations.
+     * When provided, enables service role operations via omnikit.service
      */
     apiKey?: string;
+    /**
+     * @deprecated Use apiKey instead. serviceToken is an alias for backwards compatibility.
+     */
+    serviceToken?: string;
     /**
      * Auto-detect and load token from URL params or localStorage
      * @default true
@@ -1239,7 +1238,7 @@ interface ConnectorsModule {
 }
 /**
  * Service role client interface (elevated admin operations)
- * Available when serviceToken is provided in config
+ * Available when apiKey is provided in config
  */
 interface ServiceRoleClient {
     /** Collection operations with service role privileges */
@@ -1321,8 +1320,8 @@ interface OmnikitClient {
     auth: AuthModule;
     /**
      * Service-level operations (elevated privileges).
-     * Only available when serviceToken is provided (e.g., via createServerClient).
-     * Throws error if accessed without serviceToken.
+     * Only available when apiKey is provided (e.g., via createServerClient).
+     * Throws error if accessed without apiKey.
      *
      * @example
      * ```typescript
@@ -1803,7 +1802,6 @@ declare class APIClient implements OmnikitClient {
     appId: string;
     baseUrl: string;
     private userToken;
-    private _serviceToken;
     private _apiKey;
     private initialized;
     private initPromise;
@@ -1900,7 +1898,7 @@ declare class APIClient implements OmnikitClient {
     get auth(): AuthModule;
     /**
      * Service-level operations (elevated privileges).
-     * Only available when serviceToken is provided (e.g., via createServerClient).
+     * Only available when apiKey is provided (e.g., via createServerClient).
      */
     get service(): ServiceRoleClient;
     /**
@@ -2181,7 +2179,7 @@ declare class APIClient implements OmnikitClient {
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or service token is invalid
+     * @throws Error if the secret is not found or API key is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }
@@ -2235,7 +2233,7 @@ interface ServerRequest {
  *   // Access user data (user JWT auth)
  *   const currentUser = await omnikit.auth.me();
  *
- *   // Access connectors (requires service token)
+ *   // Access connectors (requires API key)
  *   const { access_token } = await omnikit.service.connectors.getAccessToken('slack');
  *
  *   // Make direct Slack API call

package/dist/index.js

@@ -436,13 +436,13 @@ var LiveVoiceSessionImpl = class {
 };
 
 // src/connectors.ts
-function createConnectorsModule(makeRequest, appId, baseUrl, getServiceToken) {
+function createConnectorsModule(makeRequest, appId, baseUrl, getApiKey) {
   return {
     async getAccessToken(connectorType) {
-      const serviceToken = getServiceToken();
-      if (!serviceToken) {
+      const apiKey = getApiKey();
+      if (!apiKey) {
         throw new Error(
-          "Service token is required to get connector access token. This method is only available in backend functions. Make sure you created the client with a serviceToken."
+          "API key is required to get connector access token. This method is only available in backend functions. Use createServerClient(req) to get an authenticated client."
         );
       }
       return makeRequest(
@@ -450,6 +450,7 @@ function createConnectorsModule(makeRequest, appId, baseUrl, getServiceToken) {
         "GET",
         null,
         { useServiceToken: true }
+        // Still uses this flag internally to trigger API key usage
       );
     },
     async isConnected(connectorType) {
@@ -543,7 +544,6 @@ var getMetadataCacheKey = (appId) => `omnikit_metadata_${appId}`;
 var APIClient = class {
   constructor(config) {
     this.userToken = null;
-    this._serviceToken = null;
     this._apiKey = null;
     this.initialized = false;
     this.initPromise = null;
@@ -557,8 +557,7 @@ var APIClient = class {
     this._userListeners = /* @__PURE__ */ new Set();
     this.appId = config.appId;
     this.baseUrl = config.serverUrl || config.baseUrl || "http://localhost:8001/api";
-    this._serviceToken = config.serviceToken || null;
-    this._apiKey = config.apiKey || null;
+    this._apiKey = config.apiKey || config.serviceToken || null;
     const isBrowser2 = typeof window !== "undefined" && typeof localStorage !== "undefined";
     this._metadata = this.loadCachedMetadata(config.initialMetadata);
     if (isBrowser2) {
@@ -820,14 +819,14 @@ var APIClient = class {
   }
   /**
    * Service-level operations (elevated privileges).
-   * Only available when serviceToken is provided (e.g., via createServerClient).
+   * Only available when apiKey is provided (e.g., via createServerClient).
    */
   get service() {
-    if (!this._serviceToken) {
+    if (!this._apiKey) {
       throw new OmnikitError(
-        "Service token is required. Use createServerClient(req) in backend functions.",
+        "API key is required. Use createServerClient(req) in backend functions.",
         403,
-        "SERVICE_TOKEN_REQUIRED"
+        "API_KEY_REQUIRED"
       );
     }
     if (this._asServiceRole) {
@@ -878,7 +877,7 @@ var APIClient = class {
         this.makeRequest.bind(this),
         this.appId,
         this.baseUrl,
-        () => this._serviceToken
+        () => this._apiKey
       );
     }
     return this._connectors;
@@ -1162,7 +1161,7 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
                   }
                   if (useServiceToken) {
                     const originalGetToken = client.getAuthToken.bind(client);
-                    client.getAuthToken = () => client._serviceToken;
+                    client.getAuthToken = () => client._apiKey;
                     try {
                       const result = await collection[method](...args);
                       client.getAuthToken = originalGetToken;
@@ -1246,9 +1245,6 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
     if (token) {
       headers["Authorization"] = `Bearer ${token}`;
     }
-    if (this._serviceToken) {
-      headers["X-Service-Token"] = this._serviceToken;
-    }
     if (this._apiKey) {
       headers["X-API-Key"] = this._apiKey;
     }
@@ -2252,9 +2248,6 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
     if (userToken) {
       fetchOptions.headers.Authorization = `Bearer ${userToken}`;
     }
-    if (this._serviceToken) {
-      fetchOptions.headers["X-Service-Token"] = this._serviceToken;
-    }
     if (this._apiKey) {
       fetchOptions.headers["X-API-Key"] = this._apiKey;
     }
@@ -2301,9 +2294,6 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
     if (userToken) {
       fetchOptions.headers.Authorization = `Bearer ${userToken}`;
     }
-    if (this._serviceToken) {
-      fetchOptions.headers["X-Service-Token"] = this._serviceToken;
-    }
     if (this._apiKey) {
       fetchOptions.headers["X-API-Key"] = this._apiKey;
     }
@@ -2424,9 +2414,6 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
     if (token) {
       headers["Authorization"] = `Bearer ${token}`;
     }
-    if (this._serviceToken) {
-      headers["X-Service-Token"] = this._serviceToken;
-    }
     if (this._apiKey) {
       headers["X-API-Key"] = this._apiKey;
     }
@@ -2711,25 +2698,20 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
    *
    * @param secretName - Name of the secret to retrieve
    * @returns The decrypted secret value
-   * @throws Error if the secret is not found or service token is invalid
+   * @throws Error if the secret is not found or API key is invalid
    */
   async getSecret(secretName) {
-    const authToken = this._serviceToken || this._apiKey;
-    if (!authToken) {
+    if (!this._apiKey) {
       throw new OmnikitError(
-        "Service token required. Use createServerClient(req) in backend functions.",
+        "API key required. Use createServerClient(req) in backend functions.",
         403,
         "AUTH_REQUIRED"
       );
     }
     const headers = {
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      "X-API-Key": this._apiKey
     };
-    if (this._serviceToken) {
-      headers["X-Service-Token"] = this._serviceToken;
-    } else if (this._apiKey) {
-      headers["X-API-Key"] = this._apiKey;
-    }
     const response = await fetch(
       `${this.baseUrl}/apps/${this.appId}/secrets/${secretName}/value`,
       {
@@ -2761,12 +2743,12 @@ function createServerClient(request) {
   };
   const authHeader = getHeader("Authorization") || getHeader("authorization");
   const userToken = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
-  const serviceToken = getHeader("X-Omnikit-Service-Authorization") || getHeader("x-omnikit-service-authorization");
-  const appId = getHeader("X-Omnikit-App-Id") || getHeader("x-omnikit-app-id");
-  const serverUrl = getHeader("X-Omnikit-Server-Url") || getHeader("x-omnikit-server-url") || "https://omnikit.ai/api";
+  const apiKey = getHeader("X-API-Key") || getHeader("x-api-key");
+  const appId = (typeof __OMNIKIT_APP_ID__ !== "undefined" ? __OMNIKIT_APP_ID__ : null) || getHeader("X-Omnikit-App-Id") || getHeader("x-omnikit-app-id");
+  const serverUrl = (typeof __OMNIKIT_API_URL__ !== "undefined" ? __OMNIKIT_API_URL__ : null) || getHeader("X-Omnikit-Server-Url") || getHeader("x-omnikit-server-url") || "https://omnikit.ai/api";
   if (!appId) {
     throw new OmnikitError(
-      "X-Omnikit-App-Id header is required. This function should be invoked through the Omnikit platform.",
+      "App ID not found. Ensure function is deployed through Omnikit platform (or X-Omnikit-App-Id header is set).",
       400,
       "MISSING_APP_ID"
     );
@@ -2775,7 +2757,7 @@ function createServerClient(request) {
     appId,
     serverUrl,
     token: userToken || void 0,
-    serviceToken: serviceToken || void 0,
+    apiKey: apiKey || void 0,
     autoInitAuth: false
     // Don't auto-detect from localStorage in backend
   });