@riseworks/riseworks-sdk 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +240 -0
- package/ai-skills/README.md +28 -0
- package/ai-skills/STANDARDS.md +66 -0
- package/ai-skills/references/API_WORKFLOWS.md +200 -0
- package/ai-skills/references/TYPES.md +190 -0
- package/ai-skills/rise-auth-and-setup/README.md +14 -0
- package/ai-skills/rise-auth-and-setup/SKILL.md +57 -0
- package/ai-skills/rise-auth-and-setup/metadata.json +12 -0
- package/ai-skills/rise-auth-and-setup/references/SETUP_PATTERNS.md +26 -0
- package/ai-skills/rise-debugging-and-errors/SKILL.md +51 -0
- package/ai-skills/rise-payments-workflows/README.md +19 -0
- package/ai-skills/rise-payments-workflows/SKILL.md +109 -0
- package/ai-skills/rise-payments-workflows/metadata.json +12 -0
- package/ai-skills/rise-payments-workflows/references/PAYMENT_PATTERNS.md +36 -0
- package/ai-skills/rise-sdk-integration/README.md +25 -0
- package/ai-skills/rise-sdk-integration/SKILL.md +130 -0
- package/ai-skills/rise-sdk-integration/metadata.json +12 -0
- package/ai-skills/rise-sdk-integration/references/PATTERNS.md +28 -0
- package/ai-skills/rise-security-and-approvals/SKILL.md +33 -0
- package/ai-skills/rise-teams-and-invites/README.md +13 -0
- package/ai-skills/rise-teams-and-invites/SKILL.md +66 -0
- package/ai-skills/rise-teams-and-invites/metadata.json +12 -0
- package/ai-skills/rise-teams-and-invites/references/TEAM_PATTERNS.md +25 -0
- package/ai-skills/rise-v1-migration/README.md +22 -0
- package/ai-skills/rise-v1-migration/SKILL.md +184 -0
- package/ai-skills/rise-v1-migration/metadata.json +13 -0
- package/ai-skills/rise-v1-migration/references/ENDPOINT_MAPPINGS.md +72 -0
- package/ai-skills/rise-v1-migration/references/MIGRATION_PATTERNS.md +66 -0
- package/ai-skills/rise-webhooks/README.md +41 -0
- package/ai-skills/rise-webhooks/SKILL.md +143 -0
- package/ai-skills/rise-webhooks/metadata.json +13 -0
- package/ai-skills/rise-webhooks/references/HANDLER.md +60 -0
- package/ai-skills/rise-webhooks/references/REGISTRATION.md +113 -0
- package/dist/index.cjs +1406 -0
- package/dist/index.d.cts +6865 -0
- package/dist/index.d.cts.map +1 -0
- package/dist/index.d.mts +6865 -0
- package/dist/index.d.mts.map +1 -0
- package/dist/index.mjs +1383 -0
- package/package.json +87 -0
- package/scripts/add-skills.mjs +158 -0
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
# V1 migration patterns
|
|
2
|
+
|
|
3
|
+
Use this reference when the user is actively rewriting legacy Rise V1 code.
|
|
4
|
+
|
|
5
|
+
## Default recommendation
|
|
6
|
+
|
|
7
|
+
- Prefer `riseworks-sdk` over raw `/v2/...` HTTP when the project is Node.js,
|
|
8
|
+
TypeScript, or JavaScript.
|
|
9
|
+
- Preserve existing behavior first.
|
|
10
|
+
- Only introduce new B2B-only capabilities after parity is reached.
|
|
11
|
+
|
|
12
|
+
## Recommended migration order
|
|
13
|
+
|
|
14
|
+
1. Inventory the V1 endpoints and wrappers still in use.
|
|
15
|
+
2. Rebuild authentication and client initialization.
|
|
16
|
+
3. Replace numeric IDs with nanoids and add discovery calls.
|
|
17
|
+
4. Swap endpoint logic for SDK methods.
|
|
18
|
+
5. Update response/error handling.
|
|
19
|
+
6. Re-test side-effectful flows and signing paths.
|
|
20
|
+
|
|
21
|
+
## ID migration defaults
|
|
22
|
+
|
|
23
|
+
- `teamId` -> `team_nanoid`
|
|
24
|
+
- `talentId` -> `user_nanoid`
|
|
25
|
+
- company-scoped operations often need `company_nanoid`
|
|
26
|
+
- do not invent numeric-to-nanoid conversion rules; fetch or provide the real
|
|
27
|
+
nanoids
|
|
28
|
+
|
|
29
|
+
## Auth migration defaults
|
|
30
|
+
|
|
31
|
+
- If the new code can keep a private key server-side, prefer
|
|
32
|
+
`new RiseApiClient({ riseIdAuth: { riseId, privateKey } })`.
|
|
33
|
+
- If the application already issues valid JWTs, use
|
|
34
|
+
`new RiseApiClient({ jwtToken })`.
|
|
35
|
+
- If JWT is available but automatic signing is not, use typed-data methods and
|
|
36
|
+
execute with a signature.
|
|
37
|
+
|
|
38
|
+
## Flow selection rules
|
|
39
|
+
|
|
40
|
+
### Read-heavy migrations
|
|
41
|
+
|
|
42
|
+
- `client.me.get()`
|
|
43
|
+
- `client.user.getTeams()`
|
|
44
|
+
- `client.user.getOrganizations()`
|
|
45
|
+
- `client.teams.getUsers()`
|
|
46
|
+
- `client.entityBalance.get()`
|
|
47
|
+
- `client.payments.get()`
|
|
48
|
+
|
|
49
|
+
### Side-effectful migrations
|
|
50
|
+
|
|
51
|
+
- payments -> `sendPayment()` or typed-data flow
|
|
52
|
+
- manager invites -> `sendManagerInvite()` or typed-data flow
|
|
53
|
+
- withdrawals -> Withdrawals are not available via the SDK: the withdraw endpoints require reCAPTCHA verification headers only a browser session can produce. Point users to the Rise dashboard for withdrawals.
|
|
54
|
+
|
|
55
|
+
### Webhook migrations
|
|
56
|
+
|
|
57
|
+
- split webhook migration into:
|
|
58
|
+
- event payload and event-name migration
|
|
59
|
+
- signature verification migration
|
|
60
|
+
- endpoint rollout / cutover strategy
|
|
61
|
+
|
|
62
|
+
## Output bar
|
|
63
|
+
|
|
64
|
+
- Show the old V1 surface and the new B2B surface.
|
|
65
|
+
- Mention missing inputs such as nanoids or auth material.
|
|
66
|
+
- Prefer complete migration-ready examples over abstract summaries.
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Rise Webhooks Skill
|
|
2
|
+
|
|
3
|
+
Human-facing notes for the `rise-webhooks` skill.
|
|
4
|
+
|
|
5
|
+
## Purpose
|
|
6
|
+
|
|
7
|
+
This skill helps agents implement two related webhook surfaces:
|
|
8
|
+
|
|
9
|
+
- **registration/management** of webhook endpoints using `riseworks-sdk`
|
|
10
|
+
- **receiving/validation** of incoming webhook events using `WebhookValidator`
|
|
11
|
+
|
|
12
|
+
## Why this skill has extra files
|
|
13
|
+
|
|
14
|
+
`SKILL.md` is the concise agent-facing document.
|
|
15
|
+
|
|
16
|
+
The files in `references/` provide deeper, task-specific guidance so agents can
|
|
17
|
+
load extra detail only when needed:
|
|
18
|
+
|
|
19
|
+
- `references/REGISTRATION.md` — admin/settings UI and server-side registration
|
|
20
|
+
- `references/HANDLER.md` — receiving endpoint, validation, idempotent handling
|
|
21
|
+
|
|
22
|
+
## Scope
|
|
23
|
+
|
|
24
|
+
Use this skill when users ask for:
|
|
25
|
+
|
|
26
|
+
- webhook setup
|
|
27
|
+
- webhook registration UI
|
|
28
|
+
- webhook endpoint management
|
|
29
|
+
- signature validation
|
|
30
|
+
- delivery history
|
|
31
|
+
- typed webhook event handlers
|
|
32
|
+
|
|
33
|
+
## Main SDK surfaces
|
|
34
|
+
|
|
35
|
+
- `client.webhooks.list()`
|
|
36
|
+
- `client.webhooks.register()`
|
|
37
|
+
- `client.webhooks.update()`
|
|
38
|
+
- `client.webhooks.delete()`
|
|
39
|
+
- `client.webhooks.test()`
|
|
40
|
+
- `client.webhooks.getDeliveryHistory()`
|
|
41
|
+
- `WebhookValidator`
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: rise-webhooks
|
|
3
|
+
description: Implements Rise webhook registration, validation, and event handlers. Use when the user mentions webhooks, event delivery, webhook secrets, webhook signatures, delivery history, or validating Rise events.
|
|
4
|
+
compatibility: Server-side (Node.js, etc.). Works with Claude Code, Cursor, Windsurf, Codex.
|
|
5
|
+
metadata:
|
|
6
|
+
author: Rise Works
|
|
7
|
+
version: "1.0"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Rise Webhooks
|
|
11
|
+
|
|
12
|
+
**Note:** Always read the installed `riseworks-sdk` source when implementing—the SDK may have new functions or types not yet reflected in this skill.
|
|
13
|
+
|
|
14
|
+
## Default approach
|
|
15
|
+
|
|
16
|
+
- Use `WebhookValidator` from `riseworks-sdk` for signature validation.
|
|
17
|
+
- Keep the webhook secret server-side.
|
|
18
|
+
- Preserve the raw request body when validating signatures.
|
|
19
|
+
- Return a `2xx` quickly, then hand off heavier processing asynchronously when possible.
|
|
20
|
+
|
|
21
|
+
## Think in two surfaces
|
|
22
|
+
|
|
23
|
+
- **Registration and management**: Default to the Rise UI / dashboard for webhook creation and event selection. Use SDK registration only when the user explicitly wants programmatic admin automation. If SDK registration is used, the actual call must stay server-side because it includes the secret.
|
|
24
|
+
- **Receiving and processing**: The webhook endpoint that validates signatures and handles `RiseWebhookEvent` payloads.
|
|
25
|
+
- If the user asks to "set up webhooks", ask whether they need:
|
|
26
|
+
- guidance for registering the webhook in the Rise UI,
|
|
27
|
+
- a settings/admin flow to programmatically create and manage webhook endpoints,
|
|
28
|
+
- a receiving endpoint to validate and process events,
|
|
29
|
+
- or both.
|
|
30
|
+
|
|
31
|
+
## TypeScript types
|
|
32
|
+
|
|
33
|
+
Import event and management types from the SDK so handlers and API calls are correctly typed:
|
|
34
|
+
|
|
35
|
+
- **Validated event**: `validator.validateEvent()` / `validateEventSafe().event` returns `RiseWebhookEvent`. Narrow by `event.event_type` to get typed payloads (e.g. `PaymentSentV2`, `DepositReceivedV2`).
|
|
36
|
+
- **Register/list/update**: Use `RegisterWebhookRequest`, `ListWebhooksResponse`, `WebhookListItem`, `DeliveryHistoryItem`, `WebhookEndpointNanoid` for params and responses.
|
|
37
|
+
- **Event type strings**: Use literal strings for `events` when registering (e.g. `'payment.sent'`, `'deposit.received'`). Same values appear as `event.event_type` on payloads.
|
|
38
|
+
|
|
39
|
+
For the full type list and imports, see [references/TYPES.md](../references/TYPES.md).
|
|
40
|
+
|
|
41
|
+
## Management surface
|
|
42
|
+
|
|
43
|
+
- List webhooks with `client.webhooks.list()`.
|
|
44
|
+
- Register endpoints with `client.webhooks.register()` — payload shape: `RegisterWebhookRequest` (company_nanoid, url, events, secret, optional team_nanoid, name, description).
|
|
45
|
+
- Delete or inspect delivery history with the extended webhook helpers when needed.
|
|
46
|
+
- For most apps, prefer guiding the user to:
|
|
47
|
+
- create the webhook in the Rise UI,
|
|
48
|
+
- select only the events they need,
|
|
49
|
+
- store the secret server-side,
|
|
50
|
+
- then implement the receiver endpoint in code.
|
|
51
|
+
- Only when the user explicitly wants programmatic webhook management, prefer generating:
|
|
52
|
+
- a UI form or settings screen for webhook configuration,
|
|
53
|
+
- a server action / backend route that builds `RegisterWebhookRequest`,
|
|
54
|
+
- and a secure server-side call to `client.webhooks.register()`.
|
|
55
|
+
|
|
56
|
+
## Handler expectations
|
|
57
|
+
|
|
58
|
+
- Validate the incoming signature before trusting payload contents.
|
|
59
|
+
- Log the event type and relevant identifiers for support and debugging.
|
|
60
|
+
- Fail closed on signature errors.
|
|
61
|
+
|
|
62
|
+
## Common edge cases
|
|
63
|
+
|
|
64
|
+
- **Raw body**: Signature validation requires the exact raw request body. If the framework parses JSON automatically, the agent must use the raw body (e.g. `req.rawBody` or read the stream before parsing).
|
|
65
|
+
- **Secret**: The webhook secret must match the one used when registering the endpoint; keep it server-side and never log it.
|
|
66
|
+
- **Idempotency**: Handlers may receive the same event more than once; design for idempotency where possible.
|
|
67
|
+
- **UI vs browser**: `RegisterWebhookRequest` often comes from UI form state, but the browser should not call `client.webhooks.register()` with the secret directly. Put the SDK call in a server action, route handler, or backend service.
|
|
68
|
+
- **Event selection**: Start with a minimal set of events (`payment.sent`, `payment.group.created`, `deposit.received`) instead of subscribing to everything by default.
|
|
69
|
+
- **Default registration path**: Unless the user explicitly asks for admin automation, assume webhook creation happens in the Rise UI rather than through the SDK.
|
|
70
|
+
|
|
71
|
+
## When not to use this skill
|
|
72
|
+
|
|
73
|
+
- User is asking about outbound HTTP calls from their app (e.g. calling Rise API), not receiving webhooks. Use rise-sdk-integration for API usage.
|
|
74
|
+
- User mentions webhooks for a different product (e.g. Stripe). Do not assume Rise.
|
|
75
|
+
|
|
76
|
+
## Example (validation and typed handler)
|
|
77
|
+
|
|
78
|
+
```ts
|
|
79
|
+
import { WebhookValidator } from 'riseworks-sdk'
|
|
80
|
+
import type { RiseWebhookEvent, PaymentSentV2, DepositReceivedV2 } from 'riseworks-sdk'
|
|
81
|
+
|
|
82
|
+
const validator = new WebhookValidator(process.env.WEBHOOK_SECRET!)
|
|
83
|
+
const rawBody = getRawBodyFromRequest(req) // framework-specific: use raw body
|
|
84
|
+
const signature = req.headers['x-rise-signature'] ?? req.headers['x-signature']
|
|
85
|
+
|
|
86
|
+
const event = validator.validateEvent(rawBody, signature) as RiseWebhookEvent
|
|
87
|
+
// Narrow by event_type for typed payload access
|
|
88
|
+
if (event.event_type === 'payment.sent') {
|
|
89
|
+
const ev = event as PaymentSentV2
|
|
90
|
+
console.log(ev.payment.nanoid, ev.payment.amount_cents)
|
|
91
|
+
}
|
|
92
|
+
if (event.event_type === 'deposit.received') {
|
|
93
|
+
const ev = event as DepositReceivedV2
|
|
94
|
+
console.log(ev.deposit.nanoid, ev.deposit.entity_nanoid)
|
|
95
|
+
}
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
For a non-throwing check, use `validator.validateEventSafe(rawBody, signature)` and read `result.isValid` (and `result.code` for the failure reason). `validateEvent` throws `WebhookValidationError` on failure.
|
|
99
|
+
|
|
100
|
+
## Example (register with types)
|
|
101
|
+
|
|
102
|
+
```ts
|
|
103
|
+
import { RiseApiClient } from 'riseworks-sdk'
|
|
104
|
+
import type { RegisterWebhookRequest } from 'riseworks-sdk'
|
|
105
|
+
|
|
106
|
+
const client = new RiseApiClient({ environment: 'stg', jwtToken })
|
|
107
|
+
const body: RegisterWebhookRequest = {
|
|
108
|
+
company_nanoid: 'co-xxx',
|
|
109
|
+
url: 'https://api.example.com/webhooks/rise',
|
|
110
|
+
events: ['payment.sent', 'deposit.received'],
|
|
111
|
+
secret: process.env.WEBHOOK_SECRET!,
|
|
112
|
+
}
|
|
113
|
+
const { data } = await client.webhooks.register(body)
|
|
114
|
+
// data.webhook_nanoid is WebhookEndpointNanoid
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
## Preferred implementation shape
|
|
118
|
+
|
|
119
|
+
- If the user wants webhook setup generally, prefer:
|
|
120
|
+
- Rise UI for webhook registration,
|
|
121
|
+
- then code for the receiver endpoint.
|
|
122
|
+
- If the user names a UI framework and explicitly wants programmatic webhook management, prefer:
|
|
123
|
+
- typed form state in the UI,
|
|
124
|
+
- validation on submit,
|
|
125
|
+
- a server action or backend handler that maps form values to `RegisterWebhookRequest`,
|
|
126
|
+
- and then `client.webhooks.register(body)` on the server.
|
|
127
|
+
- For non-UI backend tasks, generate a plain typed function that receives validated inputs and registers the webhook.
|
|
128
|
+
|
|
129
|
+
## Additional references
|
|
130
|
+
|
|
131
|
+
- **Registration flow**: [references/REGISTRATION.md](references/REGISTRATION.md) — admin/settings UI flow, server-action pattern, `RegisterWebhookRequest`, list/test/update patterns.
|
|
132
|
+
- **Receiver flow**: [references/HANDLER.md](references/HANDLER.md) — signature validation, typed handlers, idempotency.
|
|
133
|
+
|
|
134
|
+
## Documentation
|
|
135
|
+
|
|
136
|
+
- **Rise B2B API**: [https://v2-docs.riseworks.io/](https://v2-docs.riseworks.io/) — Webhook Overview, Quick Setup, Security & Validation, Event Types, Management, Testing & Debugging. Suggest when the user needs event schemas or delivery details.
|
|
137
|
+
- **SDK types**: [references/TYPES.md](../references/TYPES.md) — Webhook event types, request/response types, nanoids.
|
|
138
|
+
|
|
139
|
+
## Output quality bar
|
|
140
|
+
|
|
141
|
+
- Show framework-specific code only when the user names the framework.
|
|
142
|
+
- Prefer concrete server examples over browser examples.
|
|
143
|
+
- When troubleshooting, suggest delivery history inspection and signature verification first.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "1.1.0",
|
|
3
|
+
"domain": "webhooks",
|
|
4
|
+
"package": "riseworks-sdk",
|
|
5
|
+
"primarySurfaces": ["registration-management", "receiver-validation"],
|
|
6
|
+
"preferredLanguage": "TypeScript",
|
|
7
|
+
"references": [
|
|
8
|
+
"../references/TYPES.md",
|
|
9
|
+
"references/REGISTRATION.md",
|
|
10
|
+
"references/HANDLER.md",
|
|
11
|
+
"https://v2-docs.riseworks.io/"
|
|
12
|
+
]
|
|
13
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
# Webhook receiver and handler implementation
|
|
2
|
+
|
|
3
|
+
Use this reference when the user needs the **incoming webhook endpoint**.
|
|
4
|
+
|
|
5
|
+
## Default server shape
|
|
6
|
+
|
|
7
|
+
1. Read the **raw request body**
|
|
8
|
+
2. Read `X-Rise-Signature`
|
|
9
|
+
3. Validate with `WebhookValidator`
|
|
10
|
+
4. Return `2xx` quickly
|
|
11
|
+
5. Process the event asynchronously or idempotently
|
|
12
|
+
|
|
13
|
+
## Types to use
|
|
14
|
+
|
|
15
|
+
```ts
|
|
16
|
+
import { WebhookValidator } from 'riseworks-sdk'
|
|
17
|
+
import type {
|
|
18
|
+
RiseWebhookEvent,
|
|
19
|
+
PaymentSentV2,
|
|
20
|
+
PaymentGroupCreatedV2,
|
|
21
|
+
DepositReceivedV2,
|
|
22
|
+
InviteAcceptedV2,
|
|
23
|
+
WithdrawAccountDuplicatedDetectedV2,
|
|
24
|
+
} from 'riseworks-sdk'
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
## Example
|
|
28
|
+
|
|
29
|
+
```ts
|
|
30
|
+
const validator = new WebhookValidator(process.env.WEBHOOK_SECRET!)
|
|
31
|
+
|
|
32
|
+
const event = validator.validateEvent(rawBody, signature)
|
|
33
|
+
|
|
34
|
+
switch (event.event_type) {
|
|
35
|
+
case 'payment.sent': {
|
|
36
|
+
const e = event as PaymentSentV2
|
|
37
|
+
console.log(e.payment.nanoid)
|
|
38
|
+
break
|
|
39
|
+
}
|
|
40
|
+
case 'deposit.received': {
|
|
41
|
+
const e = event as DepositReceivedV2
|
|
42
|
+
console.log(e.deposit.nanoid)
|
|
43
|
+
break
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
## Important constraints
|
|
49
|
+
|
|
50
|
+
- Signature verification requires the **exact raw body**
|
|
51
|
+
- The secret used here must match the secret used during registration
|
|
52
|
+
- Do not block the HTTP response on slow downstream work
|
|
53
|
+
- Handle duplicate deliveries with idempotency checks when side effects exist
|
|
54
|
+
|
|
55
|
+
## Good default behaviors
|
|
56
|
+
|
|
57
|
+
- Log `event_type`, `event_version`, and `idempotency_key`
|
|
58
|
+
- Reject invalid signatures with `400` or `401`
|
|
59
|
+
- Treat unknown event types as non-fatal and log them
|
|
60
|
+
- Keep framework-specific code minimal unless the user asked for a framework
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
# Webhook registration and management
|
|
2
|
+
|
|
3
|
+
Use this reference when the user needs to **create, edit, test, or list** Rise
|
|
4
|
+
webhook endpoints programmatically.
|
|
5
|
+
|
|
6
|
+
## Default recommendation
|
|
7
|
+
|
|
8
|
+
For most customers, webhook registration should be done in the **Rise UI**:
|
|
9
|
+
|
|
10
|
+
1. Create the endpoint in the Rise app/dashboard
|
|
11
|
+
2. Select the event types there
|
|
12
|
+
3. Store the secret server-side
|
|
13
|
+
4. Implement the receiving endpoint in code
|
|
14
|
+
|
|
15
|
+
Only use the SDK registration flow when the user explicitly wants:
|
|
16
|
+
|
|
17
|
+
- backend-managed webhook provisioning
|
|
18
|
+
- an admin/settings UI inside their own app
|
|
19
|
+
- automated setup across environments or tenants
|
|
20
|
+
|
|
21
|
+
## Default architecture
|
|
22
|
+
|
|
23
|
+
Programmatic registration is usually part of an **admin UI**, **settings page**, or
|
|
24
|
+
**internal platform flow**:
|
|
25
|
+
|
|
26
|
+
1. The UI collects the endpoint URL, selected events, optional team/company
|
|
27
|
+
scope, description, and activation state.
|
|
28
|
+
2. A server action, route handler, or backend service validates those values.
|
|
29
|
+
3. The server builds a `RegisterWebhookRequest` (or `UpdateWebhookRequest`) and
|
|
30
|
+
calls `client.webhooks.register()` / `client.webhooks.update()`.
|
|
31
|
+
|
|
32
|
+
Do **not** put the webhook secret directly in browser-only code.
|
|
33
|
+
|
|
34
|
+
## Types to use
|
|
35
|
+
|
|
36
|
+
```ts
|
|
37
|
+
import { RiseApiClient } from 'riseworks-sdk'
|
|
38
|
+
import type {
|
|
39
|
+
RegisterWebhookRequest,
|
|
40
|
+
UpdateWebhookRequest,
|
|
41
|
+
ListWebhooksRequest,
|
|
42
|
+
ListWebhooksResponse,
|
|
43
|
+
TestWebhookRequest,
|
|
44
|
+
TestWebhookResponse,
|
|
45
|
+
WebhookListItem,
|
|
46
|
+
WebhookEndpointNanoid,
|
|
47
|
+
} from 'riseworks-sdk'
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Methods to prefer
|
|
51
|
+
|
|
52
|
+
- `client.webhooks.list(params)` — list existing webhook endpoints
|
|
53
|
+
- `client.webhooks.register(body)` — create a new endpoint
|
|
54
|
+
- `client.webhooks.update(webhookNanoid, body)` — update an endpoint
|
|
55
|
+
- `client.webhooks.delete(webhookNanoid)` — delete an endpoint
|
|
56
|
+
- `client.webhooks.test(webhookNanoid, body)` — send a test delivery
|
|
57
|
+
- `client.webhooks.getDeliveryHistory(webhookNanoid, params)` — inspect results
|
|
58
|
+
|
|
59
|
+
## Registration example
|
|
60
|
+
|
|
61
|
+
```ts
|
|
62
|
+
import { RiseApiClient } from 'riseworks-sdk'
|
|
63
|
+
import type { RegisterWebhookRequest } from 'riseworks-sdk'
|
|
64
|
+
|
|
65
|
+
export async function registerRiseWebhook(input: RegisterWebhookRequest) {
|
|
66
|
+
const client = new RiseApiClient({
|
|
67
|
+
environment: 'stg',
|
|
68
|
+
jwtToken: process.env.RISE_JWT!,
|
|
69
|
+
})
|
|
70
|
+
|
|
71
|
+
const { data } = await client.webhooks.register(input)
|
|
72
|
+
return data
|
|
73
|
+
}
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## UI-oriented pattern
|
|
77
|
+
|
|
78
|
+
If the user is building a UI, prefer code shaped like this:
|
|
79
|
+
|
|
80
|
+
- **client/UI**: typed form values
|
|
81
|
+
- **server action / route handler**: validation + `RegisterWebhookRequest`
|
|
82
|
+
- **SDK call**: `client.webhooks.register(body)`
|
|
83
|
+
|
|
84
|
+
Example fields to expose in the UI:
|
|
85
|
+
|
|
86
|
+
- `url`
|
|
87
|
+
- `events`
|
|
88
|
+
- `company_nanoid`
|
|
89
|
+
- `team_nanoid` (optional)
|
|
90
|
+
- `name`
|
|
91
|
+
- `description`
|
|
92
|
+
- `is_active`
|
|
93
|
+
|
|
94
|
+
Only collect `secret` in a server-safe flow. If the UI must accept the secret,
|
|
95
|
+
submit it to a server action immediately and do not reuse it in browser logic.
|
|
96
|
+
|
|
97
|
+
## Event selection guidance
|
|
98
|
+
|
|
99
|
+
Recommend starting with a small event set:
|
|
100
|
+
|
|
101
|
+
- `payment.sent`
|
|
102
|
+
- `payment.group.created`
|
|
103
|
+
- `deposit.received`
|
|
104
|
+
- `invite.accepted`
|
|
105
|
+
|
|
106
|
+
Avoid subscribing to every event unless the user explicitly needs that breadth.
|
|
107
|
+
|
|
108
|
+
## Output quality bar
|
|
109
|
+
|
|
110
|
+
- If the user mentions a UI, generate both the form model and the server-side
|
|
111
|
+
registration path.
|
|
112
|
+
- Use real exported SDK types instead of anonymous object shapes.
|
|
113
|
+
- Mention role/permission expectations for admin settings screens.
|