@picahq/authkit-token 1.0.0

package/README.MD

@@ -0,0 +1,77 @@
+# authkit-token
+
+[![npm version](https://img.shields.io/npm/v/%40picahq%2Fauthkit-token)](https://npmjs.com/package/@picahq/authkit-token)
+
+Secure token generation for [Pica's AuthKit](https://docs.picaos.com/authkit) using Node.js.
+
+## Install
+
+With npm:
+
+```jsx
+npm i @picahq/authkit-token
+```
+
+With yarn:
+
+```jsx
+yarn add @picahq/authkit-token
+```
+
+## Creating a token endpoint
+
+You'll want to create an internal endpoint that's used to generate secure tokens for your frontend. You can do so by adding code that looks like the below snippet.
+
+```jsx
+import { AuthKitToken } from "@picahq/authkit-token";
+
+app.post("/authkit-token", async (request, response) => {
+  const authKitToken = new AuthKitToken("sk_live_1234");
+  const token = await authKitToken.create();
+
+  response.send(token);
+});
+```
+
+You can get your API key from the [Pica dashboard](https://dashboard.picaos.com/settings/api-keys).
+
+If you pass an `identity` or `identityType` (`user`, `team`, `organization`, or `project`), you'll be able to query for all connections scoped to that identity. The identity is used to generate the unique Connection Key for the user once they successfully connect an account.
+
+## Frontend Implementation
+
+To implement the AuthKit component in your frontend, you'll need to use the `@picahq/authkit` package. It's fully compatible with popular frameworks such as React, Next.js, Vue, Svelte, and more.
+
+- **NPM package**: https://www.npmjs.com/package/@picahq/authkit
+- **Documentation**: https://docs.picaos.com/authkit
+- **Setup guide**: https://docs.picaos.com/authkit/setup
+
+## Diagram
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant YourApp as Your Application
+    participant YourBackend as Your Backend
+    participant Pica as Pica AuthKit
+    participant Integration as Third-party Integration
+
+    User->>YourApp: Clicks "Connect Integration"
+    YourApp->>Pica: Open AuthKit modal
+    Pica->>YourBackend: Request AuthKit token
+    YourBackend->>Pica: Generate token with user identity
+    Pica->>Pica: Display integrations list
+    User->>Pica: Select integration & authenticate
+    Pica->>Integration: OAuth handshake
+    Integration->>Pica: Access token
+    Pica->>Pica: Store encrypted credentials
+    Pica->>YourApp: Return connection details
+    YourApp->>User: Connection successful!
+```
+
+## Full Documentation
+
+Please refer to the official [Pica AuthKit](https://docs.picaos.com/authkit) docs for a more holistic understanding of AuthKit.
+
+## License
+
+GPL-3.0

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './src/client';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./src/client"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B"}

package/dist/src/apis/index.d.ts

@@ -0,0 +1,2 @@
+export * from './link.api';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/apis/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/apis/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/dist/src/apis/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./link.api"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/apis/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/apis/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B"}

package/dist/src/apis/link.api.d.ts

@@ -0,0 +1,3 @@
+import { CreateEventLinkPayload } from '../types';
+export declare const createEventLinkTokenApi: (headers: Record<string, string>, url: string, payload?: CreateEventLinkPayload) => Promise<any>;
+//# sourceMappingURL=link.api.d.ts.map

package/dist/src/apis/link.api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"link.api.d.ts","sourceRoot":"","sources":["../../../src/apis/link.api.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAGvB,MAAM,UAAU,CAAC;AAgGlB,eAAO,MAAM,uBAAuB,YACzB,OAAO,MAAM,EAAE,MAAM,CAAC,OAC1B,MAAM,YACD,sBAAsB,iBAkBjC,CAAC"}

package/dist/src/apis/link.api.js

@@ -0,0 +1,71 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createEventLinkTokenApi = void 0;
+const axios_1 = __importDefault(require("axios"));
+async function paginateAuthkitConnections(url, headers, payload, options = {}) {
+    const { limit = 100, maxConcurrentRequests = 3, maxRetries = 3 } = options;
+    const fetchAuthkitPage = async (page, pageLimit) => {
+        const response = await axios_1.default.post(`${url}/v1/authkit?limit=${pageLimit}&page=${page}`, payload || {}, { headers });
+        return response.data;
+    };
+    const firstResponse = await fetchAuthkitPage(1, limit);
+    const { pages, total } = firstResponse;
+    if (pages <= 1) {
+        return firstResponse;
+    }
+    const remainingPages = Array.from({ length: pages - 1 }, (_, i) => i + 2);
+    const fetchPageWithRetry = async (page) => {
+        let lastError;
+        for (let attempt = 1; attempt <= maxRetries; attempt++) {
+            try {
+                const response = await fetchAuthkitPage(page, limit);
+                return response;
+            }
+            catch (error) {
+                lastError = error;
+                if (attempt < maxRetries) {
+                    await new Promise((resolve) => setTimeout(resolve, 1000 * Math.pow(2, attempt - 1)));
+                }
+            }
+        }
+        throw lastError;
+    };
+    const responses = [firstResponse];
+    for (let i = 0; i < remainingPages.length; i += maxConcurrentRequests) {
+        const batch = remainingPages.slice(i, i + maxConcurrentRequests);
+        const batchPromises = batch.map((page) => fetchPageWithRetry(page));
+        try {
+            const batchResults = await Promise.all(batchPromises);
+            responses.push(...batchResults);
+        }
+        catch (error) {
+            console.error(`Failed to fetch authkit batch starting at page ${batch[0]}:`, error);
+            throw error;
+        }
+    }
+    const allRows = responses.flatMap((response) => response.rows);
+    const latestResponse = responses[responses.length - 1];
+    return {
+        rows: allRows,
+        page: 1,
+        pages: 1,
+        total,
+        requestId: latestResponse.requestId,
+    };
+}
+const createEventLinkTokenApi = async (headers, url, payload) => {
+    try {
+        const authkitResponse = await paginateAuthkitConnections(url, headers, payload, { limit: 100, maxConcurrentRequests: 3, maxRetries: 3 });
+        return authkitResponse;
+    }
+    catch (error) {
+        if (axios_1.default.isAxiosError(error)) {
+            return error.response?.data;
+        }
+    }
+};
+exports.createEventLinkTokenApi = createEventLinkTokenApi;
+//# sourceMappingURL=link.api.js.map

package/dist/src/apis/link.api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"link.api.js","sourceRoot":"","sources":["../../../src/apis/link.api.ts"],"names":[],"mappings":";;;;;;AAAA,kDAA0B;AAe1B,KAAK,UAAU,0BAA0B,CACvC,GAAW,EACX,OAA+B,EAC/B,OAAgC,EAChC,UAAsC,EAAE;IAExC,MAAM,EAAE,KAAK,GAAG,GAAG,EAAE,qBAAqB,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,EAAE,GAAG,OAAO,CAAC;IAG3E,MAAM,gBAAgB,GAAG,KAAK,EAAE,IAAY,EAAE,SAAiB,EAA4B,EAAE;QAC3F,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAC/B,GAAG,GAAG,qBAAqB,SAAS,SAAS,IAAI,EAAE,EACnD,OAAO,IAAI,EAAE,EACb,EAAE,OAAO,EAAE,CACZ,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC,CAAC;IAGF,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;IAGvC,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,aAAa,CAAC;KACtB;IAGD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAG1E,MAAM,kBAAkB,GAAG,KAAK,EAAE,IAAY,EAA4B,EAAE;QAC1E,IAAI,SAAc,CAAC;QAEnB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE;YACtD,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACrD,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,KAAK,EAAE;gBACd,SAAS,GAAG,KAAK,CAAC;gBAClB,IAAI,OAAO,GAAG,UAAU,EAAE;oBAExB,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAC5B,UAAU,CAAC,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CACrD,CAAC;iBACH;aACF;SACF;QAED,MAAM,SAAS,CAAC;IAClB,CAAC,CAAC;IAGF,MAAM,SAAS,GAAsB,CAAC,aAAa,CAAC,CAAC;IAErD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,IAAI,qBAAqB,EAAE;QACrE,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,qBAAqB,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;QAEpE,IAAI;YACF,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACtD,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;SACjC;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,KAAK,CACX,kDAAkD,KAAK,CAAC,CAAC,CAAC,GAAG,EAC7D,KAAK,CACN,CAAC;YACF,MAAM,KAAK,CAAC;SACb;KACF;IAGD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAG/D,MAAM,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEvD,OAAO;QACL,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,CAAC;QACP,KAAK,EAAE,CAAC;QACR,KAAK;QACL,SAAS,EAAE,cAAc,CAAC,SAAS;KACpC,CAAC;AACJ,CAAC;AAEM,MAAM,uBAAuB,GAAG,KAAK,EAC1C,OAA+B,EAC/B,GAAW,EACX,OAAgC,EAChC,EAAE;IACF,IAAI;QAGF,MAAM,eAAe,GAAG,MAAM,0BAA0B,CACtD,GAAG,EACH,OAAO,EACP,OAAO,EACP,EAAE,KAAK,EAAE,GAAG,EAAE,qBAAqB,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CACxD,CAAC;QAEF,OAAO,eAAe,CAAC;KACxB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,eAAK,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE;YAC7B,OAAO,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC;SAC7B;KACF;AACH,CAAC,CAAC;AArBW,QAAA,uBAAuB,2BAqBlC"}

package/dist/src/client/index.d.ts

@@ -0,0 +1,21 @@
+interface ClientConfig {
+    baseUrl?: string;
+}
+export declare class AuthKitToken {
+    private secret;
+    private configs;
+    constructor(secret: string, configs?: ClientConfig);
+    get _clientInfo(): {
+        secret: string;
+        configs: ClientConfig;
+    };
+    get _url(): string;
+    create(payload?: {
+        identity?: string;
+        identityType?: "user" | "team" | "organization" | "project";
+        group?: string;
+        label?: string;
+    }): Promise<any>;
+}
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/src/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAGA,UAAU,YAAY;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAe;gBAElB,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,YAAiB;IAQtD,IAAI,WAAW;;;MAKd;IAED,IAAI,IAAI,WAMP;IAEK,MAAM,CAAC,OAAO,CAAC,EAAE;QAKrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,cAAc,GAAG,SAAS,CAAC;QAE5D,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB;CAQF"}

package/dist/src/client/index.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthKitToken = void 0;
+const getHeaders_1 = require("../logic/getHeaders");
+const apis_1 = require("../apis");
+class AuthKitToken {
+    constructor(secret, configs = {}) {
+        this.secret = secret;
+        this.configs = configs;
+    }
+    get _clientInfo() {
+        return {
+            secret: this.secret,
+            configs: this.configs,
+        };
+    }
+    get _url() {
+        if (this.configs.baseUrl) {
+            return this.configs.baseUrl;
+        }
+        return 'https://api.picaos.com';
+    }
+    async create(payload) {
+        const secret = this._clientInfo.secret;
+        const url = this._url;
+        const headers = (0, getHeaders_1.getHeaders)(secret);
+        const result = await (0, apis_1.createEventLinkTokenApi)(headers, url, payload);
+        return result;
+    }
+}
+exports.AuthKitToken = AuthKitToken;
+//# sourceMappingURL=index.js.map

package/dist/src/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":";;;AAAA,oDAAiD;AACjD,kCAAkD;AAMlD,MAAa,YAAY;IAIvB,YAAY,MAAc,EAAE,UAAwB,EAAE;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAKD,IAAI,WAAW;QACb,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,IAAI,IAAI;QACN,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YACxB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;SAC7B;QAED,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAWZ;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,MAAM,OAAO,GAAG,IAAA,uBAAU,EAAC,MAAM,CAAC,CAAC;QAEnC,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAuB,EAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QACpE,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AA9CD,oCA8CC"}

package/dist/src/logic/getHeaders.d.ts

@@ -0,0 +1,5 @@
+export declare const getHeaders: (secret: string) => {
+    'X-Pica-Secret': string;
+    'Content-Type': string;
+};
+//# sourceMappingURL=getHeaders.d.ts.map

package/dist/src/logic/getHeaders.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getHeaders.d.ts","sourceRoot":"","sources":["../../../src/logic/getHeaders.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,UAAU,WAAY,MAAM;;;CAKxC,CAAC"}

package/dist/src/logic/getHeaders.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getHeaders = void 0;
+const getHeaders = (secret) => {
+    return {
+        'X-Pica-Secret': secret,
+        'Content-Type': 'application/json',
+    };
+};
+exports.getHeaders = getHeaders;
+//# sourceMappingURL=getHeaders.js.map

package/dist/src/logic/getHeaders.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getHeaders.js","sourceRoot":"","sources":["../../../src/logic/getHeaders.ts"],"names":[],"mappings":";;;AAAO,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE;IAC3C,OAAO;QACL,eAAe,EAAE,MAAM;QACvB,cAAc,EAAE,kBAAkB;KACnC,CAAC;AACJ,CAAC,CAAC;AALW,QAAA,UAAU,cAKrB"}

package/index.ts

@@ -0,0 +1 @@
+export * from './src/client';

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@picahq/authkit-token",
+  "version": "1.0.0",
+  "description": "Secure token generation for Pica AuthKit using Node.js",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc --build tsconfig.json",
+    "test": "jest --coverage"
+  },
+  "repository": {
+    "type": "git"
+  },
+  "keywords": [
+    "pica",
+    "integrations",
+    "authkit"
+  ],
+  "author": "@picahq",
+  "license": "GPL-3.0",
+  "dependencies": {
+    "@types/ramda": "^0.28.22",
+    "axios": "^1.6.7",
+    "jsonwebtoken": "^9.0.1",
+    "jwt-decode": "^3.1.2",
+    "lodash.ismatch": "^4.4.0",
+    "lodash.memoize": "^4.1.2",
+    "ramda": "^0.28.0",
+    "tslib": "^2.4.1"
+  },
+  "devDependencies": {
+    "@babel/core": "^7.17.9",
+    "@babel/preset-env": "^7.16.11",
+    "@babel/preset-typescript": "^7.16.7",
+    "@types/jsonwebtoken": "^9.0.2",
+    "@types/lodash.ismatch": "^4.4.7",
+    "@types/lodash.memoize": "^4.1.7",
+    "@types/uuid": "^8.3.4",
+    "babel-jest": "^27.5.1",
+    "jest": "^27.5.1",
+    "jsonwebtoken": "^9.0.1",
+    "ts-jest": "^27.1.4",
+    "typescript": "^4.6.4",
+    "uuid": "^9.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "35ff51f0afc618c5413ef9bab778f4dcf582b8ab",
+  "homepage": "https://picaos.com",
+  "documentation": "https://docs.picaos.com/authkit"
+}

package/src/apis/index.ts

@@ -0,0 +1 @@
+export * from './link.api';

package/src/apis/link.api.ts

@@ -0,0 +1,123 @@
+import axios from 'axios';
+import {
+  CreateEventLinkPayload,
+  AuthkitResponse,
+  ConnectorPaginationOptions,
+} from '../types';
+
+/**
+ * Pagination helper function for authkit API that fetches all pages
+ * @param url - Base URL for the API
+ * @param headers - Request headers
+ * @param payload - Request payload
+ * @param options - Pagination options
+ * @returns Promise with all combined results
+ */
+async function paginateAuthkitConnections(
+  url: string,
+  headers: Record<string, string>,
+  payload?: CreateEventLinkPayload,
+  options: ConnectorPaginationOptions = {},
+): Promise<AuthkitResponse> {
+  const { limit = 100, maxConcurrentRequests = 3, maxRetries = 3 } = options;
+
+  // Function to fetch a specific page
+  const fetchAuthkitPage = async (page: number, pageLimit: number): Promise<AuthkitResponse> => {
+    const response = await axios.post<AuthkitResponse>(
+      `${url}/v1/authkit?limit=${pageLimit}&page=${page}`,
+      payload || {},
+      { headers }
+    );
+    return response.data;
+  };
+
+  // First request to get total pages count
+  const firstResponse = await fetchAuthkitPage(1, limit);
+  const { pages, total } = firstResponse;
+
+  // If we got all data in first request, return it
+  if (pages <= 1) {
+    return firstResponse;
+  }
+
+  // Create array of remaining page numbers to fetch
+  const remainingPages = Array.from({ length: pages - 1 }, (_, i) => i + 2);
+
+  // Function to fetch a page with retry logic
+  const fetchPageWithRetry = async (page: number): Promise<AuthkitResponse> => {
+    let lastError: any;
+
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+      try {
+        const response = await fetchAuthkitPage(page, limit);
+        return response;
+      } catch (error) {
+        lastError = error;
+        if (attempt < maxRetries) {
+          // Exponential backoff: wait 1s, 2s, 4s...
+          await new Promise((resolve) =>
+            setTimeout(resolve, 1000 * Math.pow(2, attempt - 1)),
+          );
+        }
+      }
+    }
+
+    throw lastError;
+  };
+
+  // Execute requests in batches to avoid overwhelming the API
+  const responses: AuthkitResponse[] = [firstResponse];
+
+  for (let i = 0; i < remainingPages.length; i += maxConcurrentRequests) {
+    const batch = remainingPages.slice(i, i + maxConcurrentRequests);
+    const batchPromises = batch.map((page) => fetchPageWithRetry(page));
+
+    try {
+      const batchResults = await Promise.all(batchPromises);
+      responses.push(...batchResults);
+    } catch (error) {
+      console.error(
+        `Failed to fetch authkit batch starting at page ${batch[0]}:`,
+        error,
+      );
+      throw error;
+    }
+  }
+
+  // Combine all results
+  const allRows = responses.flatMap((response) => response.rows);
+  
+  // Get the latest requestId from the most recent response
+  const latestResponse = responses[responses.length - 1];
+
+  return {
+    rows: allRows,
+    page: 1, // Since we're returning all data, we're effectively on "page 1"
+    pages: 1,
+    total,
+    requestId: latestResponse.requestId, // Use the requestId from the latest response
+  };
+}
+
+export const createEventLinkTokenApi = async (
+  headers: Record<string, string>,
+  url: string,
+  payload?: CreateEventLinkPayload,
+) => {
+  try {
+
+    // Fetch all authkit connections with pagination support
+    const authkitResponse = await paginateAuthkitConnections(
+      url,
+      headers,
+      payload,
+      { limit: 100, maxConcurrentRequests: 3, maxRetries: 3 }
+    );
+
+    return authkitResponse;
+  } catch (error) {
+    if (axios.isAxiosError(error)) {
+      return error.response?.data;
+    }
+  }
+};

package/src/client/index.ts

@@ -0,0 +1,54 @@
+import { getHeaders } from '../logic/getHeaders';
+import { createEventLinkTokenApi } from '../apis';
+
+interface ClientConfig {
+  baseUrl?: string;
+}
+
+export class AuthKitToken {
+  private secret: string;
+  private configs: ClientConfig;
+
+  constructor(secret: string, configs: ClientConfig = {}) {
+    this.secret = secret;
+    this.configs = configs;
+  }
+
+  /**
+   * Not for use outside the SDK lib
+   */
+  get _clientInfo() {
+    return {
+      secret: this.secret,
+      configs: this.configs,
+    };
+  }
+
+  get _url() {
+    if (this.configs.baseUrl) {
+      return this.configs.baseUrl;
+    }
+
+    return 'https://api.picaos.com';
+  }
+
+  async create(payload?: {
+    /**
+     * Unique identifier for the token.
+     * @remarks It is recommended to avoid using spaces and colons in this field as it may lead to unexpected behavior in some systems.
+     */
+    identity?: string;
+    identityType?: "user" | "team" | "organization" | "project";
+    /** @deprecated Use 'identity' instead */
+    group?: string;
+    /** @deprecated */
+    label?: string;
+  }) {
+    const secret = this._clientInfo.secret;
+    const url = this._url;
+    const headers = getHeaders(secret);
+
+    const result = await createEventLinkTokenApi(headers, url, payload);
+    return result;
+  }
+}

package/src/logic/getHeaders.ts

@@ -0,0 +1,6 @@
+export const getHeaders = (secret: string) => {
+  return {
+    'X-Pica-Secret': secret,
+    'Content-Type': 'application/json',
+  };
+};