@proveanything/smartlinks 1.13.12 → 1.13.13

package/dist/api/authKit.d.ts

@@ -1,4 +1,4 @@
-import type { AuthLoginResponse, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, AuthKitConfig, MagicLinkSendResponse, MagicLinkVerifyResponse, UserProfile, ProfileUpdateData, SuccessResponse, SendWhatsAppRequest, SendWhatsAppResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse } from "../types/authKit";
+import type { AuthLoginResponse, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, AuthKitConfig, MagicLinkSendResponse, MagicLinkVerifyResponse, UserProfile, ProfileUpdateData, SuccessResponse, SendWhatsAppRequest, SendWhatsAppResponse, ExchangeWhatsAppSessionResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse } from "../types/authKit";
 /**
  * Namespace containing helper functions for the new AuthKit API.
  * Legacy collection-based authKit helpers retained (marked as *Legacy*).
@@ -33,6 +33,8 @@ export declare namespace authKit {
     function verifyWhatsApp(clientId: string, token: string, phoneNumber: string): Promise<VerifyWhatsAppResponse>;
     /** Poll WhatsApp verification status for a token (public). */
     function getWhatsAppStatus(clientId: string, token: string): Promise<WhatsAppStatusResponse>;
+    /** Exchange a verified WhatsApp token for an Auth Kit session (public). */
+    function exchangeWhatsAppSession(clientId: string, token: string, sessionKey: string): Promise<ExchangeWhatsAppSessionResponse>;
     /** Send an SMS click-to-verify link (public). */
     function sendSmsVerify(clientId: string, body: SendSmsVerifyRequest): Promise<SendSmsVerifyResponse>;
     /** Verify an SMS click-to-verify token via API (public). */

package/dist/api/authKit.js

@@ -62,6 +62,11 @@ export var authKit;
         return request(`/authkit/${encodeURIComponent(clientId)}/auth/whatsapp/status?token=${encodedToken}`);
     }
     authKit.getWhatsAppStatus = getWhatsAppStatus;
+    /** Exchange a verified WhatsApp token for an Auth Kit session (public). */
+    async function exchangeWhatsAppSession(clientId, token, sessionKey) {
+        return post(`/authkit/${encodeURIComponent(clientId)}/auth/whatsapp/exchange-session`, { token, sessionKey });
+    }
+    authKit.exchangeWhatsAppSession = exchangeWhatsAppSession;
     /** Send an SMS click-to-verify link (public). */
     async function sendSmsVerify(clientId, body) {
         return post(`/authkit/${encodeURIComponent(clientId)}/auth/sms/send`, body);

package/dist/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.13.12  |  Generated: 2026-05-14T16:00:33.063Z
+Version: 1.13.13  |  Generated: 2026-05-15T11:06:27.909Z
 
 This is a concise summary of all available API functions and types.
 
@@ -3046,8 +3046,8 @@ interface WhatsAppReplyOptions {
 **SendWhatsAppRequest** (interface)
 ```typescript
 interface SendWhatsAppRequest {
-  phoneNumber?: string
   redirectUrl?: string
+  prefillMessage?: string
   reply?: WhatsAppReplyOptions
 }
 ```
@@ -3058,10 +3058,21 @@ interface SendWhatsAppResponse {
   waLink: string
   code: string
   token: string
+  sessionKey?: string
   expiresAt: string
 }
 ```
 
+**ExchangeWhatsAppSessionResponse** (interface)
+```typescript
+interface ExchangeWhatsAppSessionResponse {
+  success: boolean
+  token: string
+  user: AuthKitUser
+  accountData?: Record<string, any>
+}
+```
+
 **VerifyWhatsAppResponse** (interface)
 ```typescript
 interface VerifyWhatsAppResponse {
@@ -8221,6 +8232,9 @@ Manually verify WhatsApp token if inbound webhook path is unavailable (public).
 **getWhatsAppStatus**(clientId: string, token: string) → `Promise<WhatsAppStatusResponse>`
 Poll WhatsApp verification status for a token (public).
 
+**exchangeWhatsAppSession**(clientId: string, token: string, sessionKey: string) → `Promise<ExchangeWhatsAppSessionResponse>`
+Exchange a verified WhatsApp token for an Auth Kit session (public).
+
 **sendSmsVerify**(clientId: string, body: SendSmsVerifyRequest) → `Promise<SendSmsVerifyResponse>`
 Send an SMS click-to-verify link (public).
 

package/dist/docs/auth-kit.md

@@ -91,6 +91,7 @@ const wa = await authKit.sendWhatsApp(clientId);
 // Optional: pass redirect context and/or a post-verification reply
 // const wa = await authKit.sendWhatsApp(clientId, {
 //   redirectUrl: 'https://app.example.com/checkout/continue',
+//   prefillMessage: 'Please let me bid in this auction. Code: {{token}}',
 //   reply: {
 //     cta: {
 //       body: "You're verified and ready to bid.",
@@ -105,6 +106,12 @@ const wa = await authKit.sendWhatsApp(clientId);
 // Poll status while user switches to WhatsApp and back
 const status = await authKit.getWhatsAppStatus(clientId, wa.token);
 
+// Optional: exchange verified WhatsApp proof for an Auth Kit session
+if (status.status === 'verified' && wa.sessionKey) {
+  const session = await authKit.exchangeWhatsAppSession(clientId, wa.token, wa.sessionKey);
+  // session.token can be used as the authenticated bearer token
+}
+
 // Optional fallback path if webhook confirmation is unavailable
 await authKit.verifyWhatsApp(clientId, wa.token, '+447911123456');
 
@@ -162,6 +169,19 @@ The following template placeholders are available in `reply.text`, `reply.cta` f
 | `{{clientId}}` | The Auth Kit client ID |
 | `{{token}}` | The verification token |
 
+You can also set `prefillMessage` on `sendWhatsApp` to customize the text pre-filled in the `wa.me` deep link. If `{{token}}` is not present, the token is appended to the message.
+
+#### Session exchange after verification
+
+After polling returns `status === 'verified'`, exchange the verification proof for an Auth Kit login session:
+
+```ts
+const session = await authKit.exchangeWhatsAppSession(clientId, wa.token, wa.sessionKey!);
+// session: { success, token, user, accountData? }
+```
+
+`sessionKey` is returned by `sendWhatsApp` and is used to mitigate token replay from contexts that did not initiate the browser flow.
+
 > **Note:** `redirectUrl` is optional. WhatsApp tokens are short hex strings (16 chars) for better UX.
 
 ### Google OAuth

package/dist/openapi.yaml

@@ -8501,6 +8501,32 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/whatsapp/exchange-session:
+    post:
+      tags:
+        - authKit
+      summary: Exchange a verified WhatsApp token for an Auth Kit session (public).
+      operationId: authKit_exchangeWhatsAppSession
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExchangeWhatsAppSessionResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
   /authkit/{clientId}/auth/whatsapp/send:
     post:
       tags:
@@ -17892,10 +17918,10 @@ components:
     SendWhatsAppRequest:
       type: object
       properties:
-        phoneNumber:
-          type: string
         redirectUrl:
           type: string
+        prefillMessage:
+          type: string
         reply:
           $ref: "#/components/schemas/WhatsAppReplyOptions"
     SendWhatsAppResponse:
@@ -17907,6 +17933,8 @@ components:
           type: string
         token:
           type: string
+        sessionKey:
+          type: string
         expiresAt:
           type: string
       required:
@@ -17914,6 +17942,22 @@ components:
         - code
         - token
         - expiresAt
+    ExchangeWhatsAppSessionResponse:
+      type: object
+      properties:
+        success:
+          type: boolean
+        token:
+          type: string
+        user:
+          $ref: "#/components/schemas/AuthKitUser"
+        accountData:
+          type: object
+          additionalProperties: true
+      required:
+        - success
+        - token
+        - user
     VerifyWhatsAppResponse:
       type: object
       properties:

package/dist/types/authKit.d.ts

@@ -91,16 +91,23 @@ export interface WhatsAppReplyOptions {
     text?: string;
 }
 export interface SendWhatsAppRequest {
-    phoneNumber?: string;
     redirectUrl?: string;
+    prefillMessage?: string;
     reply?: WhatsAppReplyOptions;
 }
 export interface SendWhatsAppResponse {
     waLink: string;
     code: string;
     token: string;
+    sessionKey?: string;
     expiresAt: string;
 }
+export interface ExchangeWhatsAppSessionResponse {
+    success: boolean;
+    token: string;
+    user: AuthKitUser;
+    accountData?: Record<string, any>;
+}
 export interface VerifyWhatsAppResponse {
     success: boolean;
     verified: boolean;

package/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.13.12  |  Generated: 2026-05-14T16:00:33.063Z
+Version: 1.13.13  |  Generated: 2026-05-15T11:06:27.909Z
 
 This is a concise summary of all available API functions and types.
 
@@ -3046,8 +3046,8 @@ interface WhatsAppReplyOptions {
 **SendWhatsAppRequest** (interface)
 ```typescript
 interface SendWhatsAppRequest {
-  phoneNumber?: string
   redirectUrl?: string
+  prefillMessage?: string
   reply?: WhatsAppReplyOptions
 }
 ```
@@ -3058,10 +3058,21 @@ interface SendWhatsAppResponse {
   waLink: string
   code: string
   token: string
+  sessionKey?: string
   expiresAt: string
 }
 ```
 
+**ExchangeWhatsAppSessionResponse** (interface)
+```typescript
+interface ExchangeWhatsAppSessionResponse {
+  success: boolean
+  token: string
+  user: AuthKitUser
+  accountData?: Record<string, any>
+}
+```
+
 **VerifyWhatsAppResponse** (interface)
 ```typescript
 interface VerifyWhatsAppResponse {
@@ -8221,6 +8232,9 @@ Manually verify WhatsApp token if inbound webhook path is unavailable (public).
 **getWhatsAppStatus**(clientId: string, token: string) → `Promise<WhatsAppStatusResponse>`
 Poll WhatsApp verification status for a token (public).
 
+**exchangeWhatsAppSession**(clientId: string, token: string, sessionKey: string) → `Promise<ExchangeWhatsAppSessionResponse>`
+Exchange a verified WhatsApp token for an Auth Kit session (public).
+
 **sendSmsVerify**(clientId: string, body: SendSmsVerifyRequest) → `Promise<SendSmsVerifyResponse>`
 Send an SMS click-to-verify link (public).
 

package/docs/auth-kit.md

@@ -91,6 +91,7 @@ const wa = await authKit.sendWhatsApp(clientId);
 // Optional: pass redirect context and/or a post-verification reply
 // const wa = await authKit.sendWhatsApp(clientId, {
 //   redirectUrl: 'https://app.example.com/checkout/continue',
+//   prefillMessage: 'Please let me bid in this auction. Code: {{token}}',
 //   reply: {
 //     cta: {
 //       body: "You're verified and ready to bid.",
@@ -105,6 +106,12 @@ const wa = await authKit.sendWhatsApp(clientId);
 // Poll status while user switches to WhatsApp and back
 const status = await authKit.getWhatsAppStatus(clientId, wa.token);
 
+// Optional: exchange verified WhatsApp proof for an Auth Kit session
+if (status.status === 'verified' && wa.sessionKey) {
+  const session = await authKit.exchangeWhatsAppSession(clientId, wa.token, wa.sessionKey);
+  // session.token can be used as the authenticated bearer token
+}
+
 // Optional fallback path if webhook confirmation is unavailable
 await authKit.verifyWhatsApp(clientId, wa.token, '+447911123456');
 
@@ -162,6 +169,19 @@ The following template placeholders are available in `reply.text`, `reply.cta` f
 | `{{clientId}}` | The Auth Kit client ID |
 | `{{token}}` | The verification token |
 
+You can also set `prefillMessage` on `sendWhatsApp` to customize the text pre-filled in the `wa.me` deep link. If `{{token}}` is not present, the token is appended to the message.
+
+#### Session exchange after verification
+
+After polling returns `status === 'verified'`, exchange the verification proof for an Auth Kit login session:
+
+```ts
+const session = await authKit.exchangeWhatsAppSession(clientId, wa.token, wa.sessionKey!);
+// session: { success, token, user, accountData? }
+```
+
+`sessionKey` is returned by `sendWhatsApp` and is used to mitigate token replay from contexts that did not initiate the browser flow.
+
 > **Note:** `redirectUrl` is optional. WhatsApp tokens are short hex strings (16 chars) for better UX.
 
 ### Google OAuth

package/openapi.yaml

@@ -8501,6 +8501,32 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/whatsapp/exchange-session:
+    post:
+      tags:
+        - authKit
+      summary: Exchange a verified WhatsApp token for an Auth Kit session (public).
+      operationId: authKit_exchangeWhatsAppSession
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExchangeWhatsAppSessionResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
   /authkit/{clientId}/auth/whatsapp/send:
     post:
       tags:
@@ -17892,10 +17918,10 @@ components:
     SendWhatsAppRequest:
       type: object
       properties:
-        phoneNumber:
-          type: string
         redirectUrl:
           type: string
+        prefillMessage:
+          type: string
         reply:
           $ref: "#/components/schemas/WhatsAppReplyOptions"
     SendWhatsAppResponse:
@@ -17907,6 +17933,8 @@ components:
           type: string
         token:
           type: string
+        sessionKey:
+          type: string
         expiresAt:
           type: string
       required:
@@ -17914,6 +17942,22 @@ components:
         - code
         - token
         - expiresAt
+    ExchangeWhatsAppSessionResponse:
+      type: object
+      properties:
+        success:
+          type: boolean
+        token:
+          type: string
+        user:
+          $ref: "#/components/schemas/AuthKitUser"
+        accountData:
+          type: object
+          additionalProperties: true
+      required:
+        - success
+        - token
+        - user
     VerifyWhatsAppResponse:
       type: object
       properties:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@proveanything/smartlinks",
-  "version": "1.13.12",
+  "version": "1.13.13",
   "description": "Official JavaScript/TypeScript SDK for the Smartlinks API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",