@proveanything/smartlinks 1.13.6 → 1.13.8

package/dist/docs/auth-kit.md

@@ -78,6 +78,61 @@ await authKit.sendPhoneCode(clientId, '+61400000000');
 const session = await authKit.verifyPhoneCode(clientId, '+61400000000', '123456');
 ```
 
+### Lightweight verification (WhatsApp + SMS)
+
+Use these flows when you want low-friction verification before or without full account sign-in.
+
+```ts
+import { authKit } from '@proveanything/smartlinks';
+
+// 1) Send WhatsApp verification deep link
+const wa = await authKit.sendWhatsApp(clientId, {
+  phoneNumber: '+447911123456',
+  redirectUrl: 'https://app.example.com/checkout/continue',
+});
+
+// wa.waLink can be opened directly by the app/browser
+// Poll status while user switches to WhatsApp and back
+const status = await authKit.getWhatsAppStatus(clientId, wa.token);
+
+// Optional fallback path if webhook confirmation is unavailable
+await authKit.verifyWhatsApp(clientId, wa.token, '+447911123456');
+
+// 2) Or send SMS click-to-verify link
+await authKit.sendSmsVerify(clientId, {
+  phoneNumber: '+447911123456',
+  redirectUrl: 'https://app.example.com/raffle/checkout',
+  ctaText: 'Tap to continue',
+});
+
+// Optional API verification path
+await authKit.verifySms(clientId, '<token>', '+447911123456');
+```
+
+### Contact bootstrap / durable identity
+
+After verification, upsert contact identity and store `contactId` on downstream records (raffle ticket, bid, claim intent).
+
+```ts
+const contact = await authKit.upsertContact(clientId, {
+  phone: '+447911123456',
+  name: 'Jane Doe',
+  source: 'raffle-checkout',
+  customFields: { channelVerified: 'whatsapp' },
+  externalIds: { raffleSessionId: 'rfl_123' },
+});
+
+// Persist these on your business record
+// contact.contactId, contact.collectionId, verified channel, verifiedAt
+```
+
+Verification status values returned by `authKit.getWhatsAppStatus` are:
+- `pending`
+- `verified`
+- `failed`
+- `expired`
+- `unknown`
+
 ### Google OAuth
 
 ```ts

package/dist/docs/comms.md

@@ -19,7 +19,7 @@ This guide covers the full communications surface of the SDK: transactional send
 
 Sends a single message to one contact using a template. No broadcast record is created. The send is logged to the contact's communication history with `sourceType: 'transactional'`.
 
-**Endpoint:** `POST /admin/collection/:collectionId/comm.send`
+**Endpoint:** `POST /admin/collection/:collectionId/comm/send`
 
 ```typescript
 import { comms } from '@proveanything/smartlinks'
@@ -28,7 +28,7 @@ import type { TransactionalSendRequest } from '@proveanything/smartlinks'
 const result = await comms.sendTransactional('collectionId', {
   contactId:  'e4f2a1b0-...',
   templateId: 'warranty-update',
-  channel:    'preferred',          // 'email' | 'sms' | 'push' | 'wallet' | 'preferred' (default)
+  channel:    'preferred',          // 'email' | 'sms' | 'whatsapp' | 'push' | 'wallet' | 'preferred' (default)
   props:      { claimRef: 'CLM-0042', decision: 'approved' },
   include: {
     productId: 'prod-abc123',       // hydrate product context into template
@@ -51,7 +51,7 @@ if (result.ok) {
 |-------|------|-------------|
 | `contactId` | `string` | **Required.** Contact to send to. |
 | `templateId` | `string` | **Required.** Template to render. |
-| `channel` | `'email' \| 'sms' \| 'push' \| 'wallet' \| 'preferred'` | Channel to send on. `'preferred'` (default) picks the contact's best available channel. |
+| `channel` | `'email' \| 'sms' \| 'whatsapp' \| 'push' \| 'wallet' \| 'preferred'` | Channel to send on. `'preferred'` (default) picks the contact's best available channel. |
 | `props` | `Record<string, unknown>` | Extra variables merged into template rendering. |
 | `include` | object | Hydration flags — see table below. |
 | `ref` | `string` | Arbitrary reference string stored with the event. |
@@ -73,7 +73,7 @@ if (result.ok) {
 
 ```typescript
 // Success
-{ ok: true; channel: 'email' | 'sms' | 'push' | 'wallet'; messageId?: string }
+{ ok: true; channel: 'email' | 'sms' | 'whatsapp' | 'push' | 'wallet'; messageId?: string }
 
 // Failure
 { ok: false; error: string }

package/dist/docs/overview.md

@@ -43,6 +43,8 @@ Widgets and containers run in the parent's React tree (not iframes). Mobile Admi
 
 The SmartLinks SDK (`@proveanything/smartlinks`) includes comprehensive documentation in `node_modules/@proveanything/smartlinks/docs/`. **Always read these files for detailed implementation guidance.**
 
+> Product endpoints: use `products` (plural) for new integrations. The older `product` (singular) namespace remains for backward compatibility and is deprecated.
+
 > **Minimum SDK version: `1.4.1`** — Ensure `@proveanything/smartlinks` is at least this version. If not, update with `npm install @proveanything/smartlinks@latest`.
 
 | Topic | File | When to Use |

package/dist/openapi.yaml

@@ -2198,39 +2198,6 @@ paths:
           application/json:
             schema:
               $ref: "#/components/schemas/BroadcastSendTestRequest"
-  /admin/collection/{collectionId}/comm.send:
-    post:
-      tags:
-        - comms
-      summary: Send a single transactional message to one contact using a template.
-      operationId: comms_sendTransactional
-      security:
-        - bearerAuth: []
-      parameters:
-        - name: collectionId
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        200:
-          description: Success
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/TransactionalSendResult"
-        400:
-          description: Bad request
-        401:
-          description: Unauthorized
-        404:
-          description: Not found
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: "#/components/schemas/TransactionalSendRequest"
   /admin/collection/{collectionId}/comm.settings:
     get:
       tags:
@@ -7856,6 +7823,39 @@ paths:
           application/json:
             schema:
               $ref: "#/components/schemas/TranslationUpdateRequest"
+  /admin/collection/{encodedCollectionId}/comm/send:
+    post:
+      tags:
+        - comms
+      summary: Send a single transactional message to one contact using a template.
+      operationId: comms_sendTransactional
+      security:
+        - bearerAuth: []
+      parameters:
+        - name: encodedCollectionId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/TransactionalSendResult"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/TransactionalSendRequest"
   /authKit/{authKitId}/config:
     get:
       tags:
@@ -8329,7 +8329,7 @@ paths:
     post:
       tags:
         - authKit
-      summary: Verify phone verification code (public).
+      summary: Upsert contact identity after lightweight verification (public).
       operationId: authKit_requestPasswordReset
       security: []
       parameters:
@@ -8391,6 +8391,64 @@ paths:
             schema:
               type: object
               additionalProperties: true
+  /authkit/{clientId}/auth/sms/send:
+    post:
+      tags:
+        - authKit
+      summary: Send an SMS click-to-verify link (public).
+      operationId: authKit_sendSmsVerify
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SendSmsVerifyResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SendSmsVerifyRequest"
+  /authkit/{clientId}/auth/sms/verify:
+    post:
+      tags:
+        - authKit
+      summary: Verify an SMS click-to-verify token via API (public).
+      operationId: authKit_verifySms
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/VerifySmsResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
   /authkit/{clientId}/auth/verify-email:
     post:
       tags:
@@ -8443,6 +8501,122 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/whatsapp/send:
+    post:
+      tags:
+        - authKit
+      summary: Send a WhatsApp verification deep-link (public).
+      operationId: authKit_sendWhatsApp
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SendWhatsAppResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SendWhatsAppRequest"
+  /authkit/{clientId}/auth/whatsapp/status:
+    get:
+      tags:
+        - authKit
+      summary: Poll WhatsApp verification status for a token (public).
+      operationId: authKit_getWhatsAppStatus
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/WhatsAppStatusResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+  /authkit/{clientId}/auth/whatsapp/verify:
+    post:
+      tags:
+        - authKit
+      summary: Manually verify WhatsApp token if inbound webhook path is unavailable (public).
+      operationId: authKit_verifyWhatsApp
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/VerifyWhatsAppResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+  /authkit/{clientId}/contact/upsert:
+    post:
+      tags:
+        - authKit
+      summary: Upsert contact identity after lightweight verification (public).
+      operationId: authKit_upsertContact
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/UpsertContactResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/UpsertContactRequest"
   /platform/location:
     post:
       tags:
@@ -12328,7 +12502,7 @@ paths:
     get:
       tags:
         - records
-      summary: List records with optional query parameters GET /records
+      summary: "List records with optional query parameters GET /records Public/owner callers only receive records with `status: \"active\"`."
       operationId: records_list
       security: []
       parameters:
@@ -12347,6 +12521,11 @@ paths:
           required: true
           schema:
             type: string
+        - name: status
+          in: query
+          required: false
+          schema:
+            type: string
         - name: recordType
           in: query
           required: false
@@ -16266,6 +16445,8 @@ components:
     RecordListQueryParams:
       type: object
       properties:
+        status:
+          type: string
         recordType:
           type: string
         ref:
@@ -17683,6 +17864,139 @@ components:
       required:
         - success
         - message
+    SendWhatsAppRequest:
+      type: object
+      properties:
+        phoneNumber:
+          type: string
+        redirectUrl:
+          type: string
+      required:
+        - phoneNumber
+        - redirectUrl
+    SendWhatsAppResponse:
+      type: object
+      properties:
+        waLink:
+          type: string
+        code:
+          type: string
+        token:
+          type: string
+        expiresAt:
+          type: string
+      required:
+        - waLink
+        - code
+        - token
+        - expiresAt
+    VerifyWhatsAppResponse:
+      type: object
+      properties:
+        success:
+          type: boolean
+        verified:
+          type: boolean
+        redirectUrl:
+          type: string
+      required:
+        - success
+        - verified
+    WhatsAppStatusResponse:
+      type: object
+      properties:
+        ok:
+          type: boolean
+        status:
+          $ref: "#/components/schemas/VerifyStatus"
+        verified:
+          type: boolean
+        redirectUrl:
+          type: string
+        phoneNumber:
+          type: string
+        updatedAt: {}
+      required:
+        - ok
+        - status
+        - verified
+    SendSmsVerifyRequest:
+      type: object
+      properties:
+        phoneNumber:
+          type: string
+        redirectUrl:
+          type: string
+        ctaText:
+          type: string
+      required:
+        - phoneNumber
+        - redirectUrl
+    SendSmsVerifyResponse:
+      type: object
+      properties:
+        success:
+          type: boolean
+        expiresAt:
+          type: string
+      required:
+        - success
+        - expiresAt
+    VerifySmsResponse:
+      type: object
+      properties:
+        verified:
+          type: boolean
+        redirectUrl:
+          type: string
+        phoneNumber:
+          type: string
+      required:
+        - verified
+    UpsertContactRequest:
+      type: object
+      properties:
+        collectionId:
+          type: string
+        phone:
+          type: string
+        email:
+          type: string
+        name:
+          type: string
+        firstName:
+          type: string
+        lastName:
+          type: string
+        displayName:
+          type: string
+        source:
+          type: string
+        customFields:
+          type: object
+          additionalProperties: true
+        externalIds:
+          type: object
+          additionalProperties: true
+    UpsertContactResponse:
+      type: object
+      properties:
+        ok:
+          type: boolean
+        collectionId:
+          type: string
+        contactId:
+          type: string
+        userId:
+          type: string
+        created:
+          type: boolean
+      required:
+        - ok
+        - collectionId
+        - contactId
+        - userId
+        - created
     AuthKitBrandingConfig:
       type: object
       properties:
@@ -18865,6 +19179,7 @@ components:
           enum:
             - email
             - sms
+            - whatsapp
             - push
             - wallet
             - preferred
@@ -18906,6 +19221,7 @@ components:
           enum:
             - email
             - sms
+            - whatsapp
             - push
             - wallet
         messageId:

package/dist/types/appObjects.d.ts

@@ -590,6 +590,11 @@ export interface UpdateRecordInput {
  * Query parameters for listing records
  */
 export interface RecordListQueryParams extends ListQueryParams {
+    /**
+     * Admin: any status or `in:a,b,c` filter is allowed.
+     * Public/owner: results are restricted to active records.
+     */
+    status?: string;
     recordType?: string;
     ref?: string;
     /** Filter records whose ref starts with this value */

package/dist/types/authKit.d.ts

@@ -75,6 +75,63 @@ export interface EmailVerifyTokenResponse {
     accountData?: Record<string, any>;
     emailVerificationMode?: 'immediate' | 'verify-auto-login' | 'verify-manual-login';
 }
+export type VerifyStatus = 'pending' | 'verified' | 'failed' | 'expired' | 'unknown';
+export interface SendWhatsAppRequest {
+    phoneNumber: string;
+    redirectUrl: string;
+}
+export interface SendWhatsAppResponse {
+    waLink: string;
+    code: string;
+    token: string;
+    expiresAt: string;
+}
+export interface VerifyWhatsAppResponse {
+    success: boolean;
+    verified: boolean;
+    redirectUrl?: string | null;
+}
+export interface WhatsAppStatusResponse {
+    ok: boolean;
+    status: VerifyStatus;
+    verified: boolean;
+    redirectUrl?: string | null;
+    phoneNumber?: string | null;
+    updatedAt?: unknown;
+}
+export interface SendSmsVerifyRequest {
+    phoneNumber: string;
+    redirectUrl: string;
+    ctaText?: string;
+}
+export interface SendSmsVerifyResponse {
+    success: boolean;
+    expiresAt: string;
+}
+export interface VerifySmsResponse {
+    verified: boolean;
+    redirectUrl?: string | null;
+    phoneNumber?: string | null;
+}
+export interface UpsertContactRequest {
+    collectionId?: string;
+    phone?: string;
+    email?: string;
+    name?: string;
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    source?: string;
+    customFields?: Record<string, unknown>;
+    externalIds?: Record<string, unknown>;
+}
+export interface UpsertContactResponse {
+    ok: boolean;
+    collectionId: string;
+    contactId: string;
+    userId: string | null;
+    created: boolean;
+}
 export interface AuthKitBrandingConfig {
     logoUrl?: string;
     title?: string;

package/dist/types/comms.d.ts

@@ -280,7 +280,7 @@ export interface SubscriptionsResolveResponse {
  * No broadcast record is created; the send is logged directly to the
  * contact's communication history with sourceType: 'transactional'.
  *
- * POST /admin/collection/:collectionId/comm.send
+ * POST /admin/collection/:collectionId/comm/send
  */
 export interface TransactionalSendRequest {
     /** CRM contact UUID */
@@ -290,9 +290,9 @@ export interface TransactionalSendRequest {
     /**
      * Channel to send on. Defaults to 'preferred', which auto-selects the
      * contact's best available channel respecting consent, suppression, and
-     * template availability (priority: email → push → sms → wallet).
+      * template availability.
      */
-    channel?: 'email' | 'sms' | 'push' | 'wallet' | 'preferred';
+    channel?: 'email' | 'sms' | 'whatsapp' | 'push' | 'wallet' | 'preferred';
     /** Extra Liquid variables merged into the top-level render context */
     props?: Record<string, unknown>;
     /** Context objects to hydrate into the Liquid template */
@@ -320,8 +320,8 @@ export interface TransactionalSendRequest {
 export interface TransactionalSendResponse {
     ok: true;
     /** The channel the message was actually sent on */
-    channel: 'email' | 'sms' | 'push' | 'wallet';
-    /** Provider message ID (email/SMS); absent for push/wallet */
+    channel: 'email' | 'sms' | 'whatsapp' | 'push' | 'wallet';
+    /** Provider message ID (email/SMS/WhatsApp); absent for push/wallet */
     messageId?: string;
 }
 export interface TransactionalSendError {
@@ -333,6 +333,7 @@ export interface TransactionalSendError {
      * - `transactional.no_channel_available`
      * - `transactional.email_missing`
      * - `transactional.phone_missing`
+     * - `transactional.whatsapp_missing`
      * - `transactional.no_push_methods`
      * - `transactional.no_wallet_methods`
      */

package/dist/types/index.d.ts

@@ -28,6 +28,7 @@ export * from "./tags";
 export * from "./navigation";
 export * from "./order";
 export * from "./crate";
+export * from "./authKit";
 export * from "./iframeResponder";
 export * from "./ai";
 export * from "./appManifest";

package/dist/types/index.js

@@ -30,6 +30,7 @@ export * from "./tags";
 export * from "./navigation";
 export * from "./order";
 export * from "./crate";
+export * from "./authKit";
 export * from "./iframeResponder";
 export * from "./ai";
 export * from "./appManifest";