@temple-digital-group/temple-canton-js 1.0.39-beta.5 → 2.0.0-beta.1

package/README.md

@@ -12,73 +12,6 @@ npm install @temple-digital-group/temple-canton-js
 
 Call `initialize()` before using any SDK functions. It sets up the config and optionally authenticates with the Temple REST API.
 
-### Custom Validator
-
-For apps connecting to your own validator (browser or server-side):
-
-```javascript
-import { initialize } from "@temple-digital-group/temple-canton-js";
-
-await initialize({
-	NETWORK: "mainnet",
-	VALIDATOR_API_URL: "https://your-validator-url",
-	VALIDATOR_SCAN_API_URL: "https://your-scan-api-url",
-	VALIDATOR_USER_PARTY_ID: "your-user-party-id",
-	AUTH0_TOKEN_URL: "https://your-auth0-domain/oauth/token",
-	AUTH0_USER_ID: "your-auth0-user-id",
-	AUTH0_CLIENT_ID: "your-client-id",
-	AUTH0_CLIENT_SECRET: "your-client-secret",
-	AUTH0_AUDIENCE: "your-audience",
-});
-```
-
-### Custom Validator + REST API
-
-To also authenticate with the Temple REST API at init time, pass `API_EMAIL`/`API_PASSWORD`:
-
-```javascript
-import { initialize } from "@temple-digital-group/temple-canton-js";
-
-await initialize({
-	NETWORK: "mainnet",
-	VALIDATOR_API_URL: "https://your-validator-url",
-	VALIDATOR_SCAN_API_URL: "https://your-scan-api-url",
-	VALIDATOR_USER_PARTY_ID: "your-user-party-id",
-	AUTH0_TOKEN_URL: "https://your-auth0-domain/oauth/token",
-	AUTH0_USER_ID: "your-auth0-user-id",
-	AUTH0_CLIENT_ID: "your-client-id",
-	AUTH0_CLIENT_SECRET: "your-client-secret",
-	AUTH0_AUDIENCE: "your-audience",
-	API_EMAIL: "user@example.com",
-	API_PASSWORD: "password",
-});
-```
-
-| Key                       | Required | Description                                          |
-| ------------------------- | -------- | ---------------------------------------------------- |
-| `NETWORK`                 | Yes      | `mainnet`, `testnet`, or `localhost`                 |
-| `VALIDATOR_API_URL`       | No       | Base URL of the Canton validator ledger API          |
-| `VALIDATOR_SCAN_API_URL`  | No       | Base URL of the Canton Scan API                      |
-| `VALIDATOR_USER_PARTY_ID` | No       | The user's party ID on the network                   |
-| `JWT_TOKEN`               | No\*     | Pre-authenticated JWT token for ledger API calls     |
-| `AUTH0_TOKEN_URL`         | No\*     | Auth0 OAuth token endpoint                           |
-| `AUTH0_CLIENT_ID`         | No\*     | Auth0 application client ID                          |
-| `AUTH0_CLIENT_SECRET`     | No\*     | Auth0 application client secret                      |
-| `AUTH0_AUDIENCE`          | No\*     | Auth0 API audience identifier                        |
-| `AUTH0_USER_ID`           | No\*     | Auth0 user ID for the service account                |
-| `API_EMAIL`               | No       | Temple REST API email (triggers login at init)       |
-| `API_PASSWORD`            | No       | Temple REST API password (required with `API_EMAIL`) |
-
-\* Provide either `JWT_TOKEN` (browser) or the `AUTH0_*` fields (server-side). The SDK fetches and caches JWT tokens automatically when Auth0 credentials are provided. Only needed when using a custom validator.
-
-To update the JWT token later without re-initializing:
-
-```javascript
-import { setJWTToken } from "@temple-digital-group/temple-canton-js";
-
-setJWTToken(newToken);
-```
-
 ### Wallet Adapter
 
 For apps using Loop Wallet. Pass the Loop SDK instance as `WALLET_ADAPTER` — the SDK auto-detects server vs client mode.
@@ -106,11 +39,8 @@ setWalletAdapter(loop);
 | Key              | Required | Description                                                     |
 | ---------------- | -------- | --------------------------------------------------------------- |
 | `NETWORK`        | Yes      | `mainnet`, `testnet`, or `localhost`                            |
-| `WALLET_ADAPTER` | No       | Loop SDK instance — auto-detects server/client mode for signing |
-
-> You can optionally pass `API_EMAIL`/`API_PASSWORD` to any `initialize()` call to also authenticate with the REST API at init time.
-
-> **Legacy:** `initializeConfig()` is still available as a sync-only alternative (no REST API auth). `initialize()` is the recommended approach.
+| `WALLET_ADAPTER` | Yes      | Loop SDK instance — auto-detects server/client mode for signing |
+| `API_KEY`        | No       | Temple REST API key for authenticated endpoints                 |
 
 ## Supported Instruments
 
@@ -189,9 +119,9 @@ const result = await depositFunds(depositOpts);
 | `allocateBefore` | No       | ISO timestamp; allocation deadline (default: +1h)             |
 | `settleBefore`   | No       | ISO timestamp; settlement deadline (default: +2h)             |
 | `disclosures`    | No       | Pre-fetched Amulet disclosures (for FE without API access)    |
-| `userId`         | No       | Ledger API user ID (falls back to wallet adapter / config)    |
+| `userId`         | No       | User ID (falls back to wallet adapter / config)               |
 
-For Amulet deposits without direct ledger or Scan API access, the SDK fetches disclosures from `/api/amulet/disclosures` automatically. You can also pass them manually via `opts.disclosures`.
+For Amulet deposits, the SDK fetches disclosures automatically. You can also pass them manually via `opts.disclosures`.
 
 ### 3. Trading Balance
 
@@ -298,7 +228,7 @@ Each entry in the returned array contains:
 ```javascript
 import { mergeAmuletHoldingsForParty, mergeUtilityHoldingsForParty, getAmuletDisclosures, getUtxoCount } from "@temple-digital-group/temple-canton-js";
 
-// Custom Validator (server-side)
+// Merge all Amulet or utility holdings
 await mergeAmuletHoldingsForParty(partyId);
 await mergeUtilityHoldingsForParty(partyId, "USDCx");
 
@@ -324,7 +254,6 @@ const counts = await getUtxoCount(partyId, "USDCx", walletProvider);
 | Function                    | Description                                                                   |
 | --------------------------- | ----------------------------------------------------------------------------- |
 | `initialize(config)`        | Initialize the SDK, set config, and optionally authenticate with the REST API |
-| `setJWTToken(token)`        | Update the JWT token without re-initializing the config                       |
 | `setWalletAdapter(adapter)` | Set or update the Loop SDK instance for all wallet-aware functions            |
 
 ### Instrument Catalog
@@ -367,21 +296,17 @@ const counts = await getUtxoCount(partyId, "USDCx", walletProvider);
 | ------------------------------------------------------------------------------------------ | -------- | ------------------------------ |
 | `mergeAmuletHoldingsForParty(party, returnCommand, provider, maxUtxos, amuletDisclosures)` | **W**    | Merge Amulet holdings into one |
 | `mergeUtilityHoldingsForParty(party, utilityAsset, returnCommand, provider, maxUtxos)`     | **W**    | Merge utility holdings into one |
-| `splitAmuletHoldingForParty(party, outputQuantity)`                                        |          | Split an Amulet holding        |
-| `unlockLockedAmulets(party)`                                                               |          | Unlock locked Amulet holdings  |
 
 ### Temple REST API
 
-> These functions call the Temple REST API. Pass `API_EMAIL`/`API_PASSWORD` in `initialize()`, or call `login()` directly — tokens are stored and auto-refreshed.
+> These functions call the Temple REST API. Pass `API_KEY` in `initialize()` or call `setApiKey()` to authenticate.
 
 #### Auth
 
 | Function                            | Description                                         |
 | ----------------------------------- | --------------------------------------------------- |
-| `login(email, password)`            | Login and store access/refresh tokens and user profile |
-| `refreshAccessToken(refreshToken?)` | Refresh the access token (auto-called when expired)    |
-| `logout()`                          | Clear stored tokens                                    |
-| `getUserId()`                       | Get the stored user ID from login                      |
+| `setApiKey(key)`                    | Set the API key for REST API authentication         |
+| `getUserId()`                       | Get the stored user ID                              |
 
 #### Market Data
 

package/dist/api/index.d.ts

@@ -1,32 +1,13 @@
-import type { ApiError, LoginUser, LoginResponse, RefreshResponse, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestOpts, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse } from "./types.js";
-export type { ApiError, LoginUser, LoginResponse, RefreshResponse, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse, };
+import type { ApiError, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestOpts, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse } from "./types.js";
+export type { ApiError, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse, };
 export { setApiKey, getUserId } from "./tokenStore.js";
 export { setWalletAdapter } from "../../src/config/index.js";
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
-export declare function initialize(cfg: Record<string, unknown>): Promise<LoginResponse | ApiError | null>;
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export declare function login(email: string, password: string): Promise<LoginResponse | ApiError>;
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export declare function refreshAccessToken(refreshTokenOverride?: string): Promise<RefreshResponse | ApiError>;
-/**
- * Logout: clear all stored REST API tokens.
- */
-export declare function logout(): void;
+export declare function initialize(cfg: Record<string, unknown>): Promise<null>;
 /**
  * Get ticker data for one or all trading pairs.
  * @param symbol - Optional symbol filter (e.g., "Amulet/USDCx")
@@ -77,7 +58,6 @@ export declare function cancelAllOrders(options?: CancelAllOrdersOptions): Promi
 export declare function getDisclosures(partyId: string): Promise<DisclosuresResponse | ApiError>;
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export declare function getDelegation(): Promise<DelegationResponse | ApiError>;
 /**

package/dist/api/index.js

@@ -1,15 +1,13 @@
 import axios from "axios";
 import config, { initializeConfig, setWalletAdapter } from "../../src/config/index.js";
-import { setTokens, getAccessToken, getRefreshToken, getApiKey, setApiKey as setApiKeyFromConfig, isTokenExpired, clearTokens, getAuthHeader, } from "./tokenStore.js";
+import { getApiKey, setApiKey as setApiKeyFromConfig, getAuthHeader, setUserId, } from "./tokenStore.js";
 export { setApiKey, getUserId } from "./tokenStore.js";
 export { setWalletAdapter } from "../../src/config/index.js";
 // ── Initialization ──
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
 export async function initialize(cfg) {
     initializeConfig(cfg);
@@ -19,18 +17,14 @@ export async function initialize(cfg) {
     const apiKey = cfg.API_KEY;
     if (apiKey) {
         setApiKeyFromConfig(apiKey);
-        return null;
     }
-    const email = cfg.API_EMAIL;
-    const password = cfg.API_PASSWORD;
-    if (email && password) {
-        return login(email, password);
+    const userIdValue = cfg.USER_ID;
+    if (userIdValue) {
+        setUserId(userIdValue);
     }
     return null;
 }
 // ── Internal helpers ──
-/** Pending auto-login promise for dedup. */
-let autoLoginPromise = null;
 function handleApiError(error, context) {
     const err = error;
     const status = err.response?.status ?? null;
@@ -42,49 +36,18 @@ function handleApiError(error, context) {
     console.error(`[Temple API] ${context}: ${message}${status ? ` (HTTP ${status})` : ""}`);
     return { error: true, status, code, message };
 }
-/** Pending refresh promise for dedup. */
-let refreshPromise = null;
-async function ensureAuthenticated() {
-    // API key takes priority — no login needed
+function ensureAuthenticated() {
+    // API key from config if not already set
     const configApiKey = config.API_KEY;
     if (!getApiKey() && configApiKey) {
         setApiKeyFromConfig(configApiKey);
     }
     if (getApiKey())
         return null;
-    // Auto-login from config if no token exists
-    if (!getAccessToken()) {
-        const email = config.API_EMAIL;
-        const password = config.API_PASSWORD;
-        if (email && password) {
-            if (!autoLoginPromise) {
-                autoLoginPromise = login(email, password).finally(() => {
-                    autoLoginPromise = null;
-                });
-            }
-            const result = await autoLoginPromise;
-            if ("error" in result && result.error)
-                return result;
-        }
-        else {
-            return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "Not logged in. Call login() or provide API_EMAIL/API_PASSWORD in config." };
-        }
-    }
-    // Auto-refresh if expired
-    if (isTokenExpired()) {
-        if (!refreshPromise) {
-            refreshPromise = refreshAccessToken().finally(() => {
-                refreshPromise = null;
-            });
-        }
-        const result = await refreshPromise;
-        if ("error" in result && result.error)
-            return result;
-    }
-    return null;
+    return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "API key required. Pass API_KEY in initialize() or call setApiKey()." };
 }
 async function authenticatedGet(path, params) {
-    const authError = await ensureAuthenticated();
+    const authError = ensureAuthenticated();
     if (authError)
         return authError;
     const headers = {
@@ -111,7 +74,7 @@ async function authenticatedGet(path, params) {
     }
 }
 async function authenticatedPost(path, body) {
-    const authError = await ensureAuthenticated();
+    const authError = ensureAuthenticated();
     if (authError)
         return authError;
     const headers = {
@@ -126,56 +89,6 @@ async function authenticatedPost(path, body) {
         return handleApiError(error, `POST ${path}`);
     }
 }
-// ── Auth ──
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export async function login(email, password) {
-    if (!email || !password) {
-        return { error: true, status: null, code: "INVALID_PARAMS", message: "Email and password are required." };
-    }
-    try {
-        const response = await axios.post(`${config.API_BASE_URL}/auth/login`, {
-            email,
-            password,
-        });
-        setTokens(response.data);
-        return response.data;
-    }
-    catch (error) {
-        return handleApiError(error, "login");
-    }
-}
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export async function refreshAccessToken(refreshTokenOverride) {
-    const token = refreshTokenOverride ?? getRefreshToken();
-    if (!token) {
-        return { error: true, status: null, code: "NO_REFRESH_TOKEN", message: "No refresh token available. Call login() first." };
-    }
-    try {
-        const response = await axios.post(`${config.API_BASE_URL}/auth/refresh`, {
-            refresh_token: token,
-        });
-        setTokens(response.data);
-        return response.data;
-    }
-    catch (error) {
-        return handleApiError(error, "refreshAccessToken");
-    }
-}
-/**
- * Logout: clear all stored REST API tokens.
- */
-export function logout() {
-    clearTokens();
-}
 // ── Helpers ──
 /** Normalize CC → Amulet in symbol strings (e.g. "CC/SBC" → "Amulet/SBC", "CC" → "Amulet") */
 function normalizeSymbol(symbol) {
@@ -281,7 +194,6 @@ export async function getDisclosures(partyId) {
 // ── Delegation ──
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export async function getDelegation() {
     return authenticatedGet("/api/trading/delegation");

package/dist/api/tokenStore.d.ts

@@ -1,30 +1,14 @@
-import type { TokenData, AuthHeaders } from "./types.js";
+import type { AuthHeaders } from "./types.js";
 /**
- * Store tokens received from login or refresh.
- */
-export declare function setTokens(data: TokenData): void;
-/**
- * Get the current access token, or null if not logged in.
- */
-export declare function getAccessToken(): string | null;
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export declare function getRefreshToken(): string | null;
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export declare function isTokenExpired(): boolean;
-/**
- * Get the stored user ID from login, or null if not logged in.
+ * Get the stored user ID, or null if not set.
  */
 export declare function getUserId(): string | null;
 /**
- * Clear all stored tokens (logout).
+ * Set the user ID directly (e.g. from config at init time).
  */
-export declare function clearTokens(): void;
+export declare function setUserId(id: string): void;
 /**
- * Set an API key for authentication (future: replaces email/password login).
+ * Set an API key for authentication.
  */
 export declare function setApiKey(key: string): void;
 /**
@@ -32,7 +16,7 @@ export declare function setApiKey(key: string): void;
  */
 export declare function getApiKey(): string | null;
 /**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
+ * Get the authorization header using the API key.
+ * Returns null if no API key is set.
  */
 export declare function getAuthHeader(): AuthHeaders | null;

package/dist/api/tokenStore.js

@@ -1,56 +1,19 @@
-let accessToken = null;
-let refreshToken = null;
-let tokenExpiryTime = null;
 let apiKey = null;
 let userId = null;
 /**
- * Store tokens received from login or refresh.
- */
-export function setTokens(data) {
-    accessToken = data.access_token;
-    refreshToken = data.refresh_token;
-    tokenExpiryTime = Date.now() + data.expires_in * 1000;
-    if (data.user?.user_id != null) {
-        userId = String(data.user.user_id);
-    }
-}
-/**
- * Get the current access token, or null if not logged in.
- */
-export function getAccessToken() {
-    return accessToken;
-}
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export function getRefreshToken() {
-    return refreshToken;
-}
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export function isTokenExpired() {
-    if (!tokenExpiryTime)
-        return true;
-    return Date.now() >= tokenExpiryTime - 60000;
-}
-/**
- * Get the stored user ID from login, or null if not logged in.
+ * Get the stored user ID, or null if not set.
  */
 export function getUserId() {
     return userId;
 }
 /**
- * Clear all stored tokens (logout).
+ * Set the user ID directly (e.g. from config at init time).
  */
-export function clearTokens() {
-    accessToken = null;
-    refreshToken = null;
-    tokenExpiryTime = null;
-    userId = null;
+export function setUserId(id) {
+    userId = id;
 }
 /**
- * Set an API key for authentication (future: replaces email/password login).
+ * Set an API key for authentication.
  */
 export function setApiKey(key) {
     apiKey = key;
@@ -62,15 +25,12 @@ export function getApiKey() {
     return apiKey;
 }
 /**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
+ * Get the authorization header using the API key.
+ * Returns null if no API key is set.
  */
 export function getAuthHeader() {
     if (apiKey) {
         return { Authorization: `Bearer ${apiKey}` };
     }
-    if (accessToken) {
-        return { Authorization: `Bearer ${accessToken}` };
-    }
     return null;
 }

package/dist/api/types.d.ts

@@ -1,20 +1,3 @@
-export interface LoginUser {
-    user_id: number;
-    max_limit_orders: number;
-    max_market_orders: number;
-}
-export interface LoginResponse {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-    token_type: string;
-    user: LoginUser;
-}
-export interface RefreshResponse {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-}
 export interface Ticker {
     symbol: string;
     last_price: string;
@@ -161,12 +144,6 @@ export interface ApiError {
     code: string | null;
     message: string;
 }
-export interface TokenData {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-    user?: LoginUser;
-}
 export interface AuthHeaders {
     Authorization: string;
 }

package/dist/api/types.js

@@ -1,2 +1,2 @@
-// ── Auth ──
+// ── Market Data ──
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@temple-digital-group/temple-canton-js",
-  "version": "1.0.39-beta.5",
+  "version": "2.0.0-beta.1",
   "description": "JavaScript library for interacting with Temple Canton blockchain",
   "type": "module",
   "main": "index.js",

package/src/api/index.ts

@@ -1,20 +1,13 @@
 import axios, { type AxiosRequestConfig } from "axios";
 import config, { initializeConfig, setWalletAdapter } from "../../src/config/index.js";
 import {
-	setTokens,
-	getAccessToken,
-	getRefreshToken,
 	getApiKey,
 	setApiKey as setApiKeyFromConfig,
-	isTokenExpired,
-	clearTokens,
 	getAuthHeader,
+	setUserId,
 } from "./tokenStore.js";
 import type {
 	ApiError,
-	LoginUser,
-	LoginResponse,
-	RefreshResponse,
 	Ticker,
 	OrderBook,
 	OrderBookOptions,
@@ -40,9 +33,6 @@ import type {
 // Re-export types and token utilities consumers may need
 export type {
 	ApiError,
-	LoginUser,
-	LoginResponse,
-	RefreshResponse,
 	Ticker,
 	OrderBook,
 	OrderBookOptions,
@@ -69,13 +59,11 @@ export { setWalletAdapter } from "../../src/config/index.js";
 // ── Initialization ──
 
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
-export async function initialize(cfg: Record<string, unknown>): Promise<LoginResponse | ApiError | null> {
+export async function initialize(cfg: Record<string, unknown>): Promise<null> {
 	initializeConfig(cfg);
 
 	if (cfg.WALLET_ADAPTER) {
@@ -85,13 +73,11 @@ export async function initialize(cfg: Record<string, unknown>): Promise<LoginRes
 	const apiKey = cfg.API_KEY as string | undefined;
 	if (apiKey) {
 		setApiKeyFromConfig(apiKey);
-		return null;
 	}
 
-	const email = cfg.API_EMAIL as string | undefined;
-	const password = cfg.API_PASSWORD as string | undefined;
-	if (email && password) {
-		return login(email, password);
+	const userIdValue = cfg.USER_ID as string | undefined;
+	if (userIdValue) {
+		setUserId(userIdValue);
 	}
 
 	return null;
@@ -99,9 +85,6 @@ export async function initialize(cfg: Record<string, unknown>): Promise<LoginRes
 
 // ── Internal helpers ──
 
-/** Pending auto-login promise for dedup. */
-let autoLoginPromise: Promise<LoginResponse | ApiError> | null = null;
-
 function handleApiError(error: unknown, context: string): ApiError {
 	const err = error as { response?: { status?: number; data?: { message?: string; error?: string; code?: string } }; message?: string };
 	const status = err.response?.status ?? null;
@@ -117,50 +100,19 @@ function handleApiError(error: unknown, context: string): ApiError {
 	return { error: true, status, code, message };
 }
 
-/** Pending refresh promise for dedup. */
-let refreshPromise: Promise<RefreshResponse | ApiError> | null = null;
-
-async function ensureAuthenticated(): Promise<ApiError | null> {
-	// API key takes priority — no login needed
+function ensureAuthenticated(): ApiError | null {
+	// API key from config if not already set
 	const configApiKey = (config as Record<string, unknown>).API_KEY as string | undefined;
 	if (!getApiKey() && configApiKey) {
 		setApiKeyFromConfig(configApiKey);
 	}
 	if (getApiKey()) return null;
 
-	// Auto-login from config if no token exists
-	if (!getAccessToken()) {
-		const email = (config as Record<string, unknown>).API_EMAIL as string | undefined;
-		const password = (config as Record<string, unknown>).API_PASSWORD as string | undefined;
-		if (email && password) {
-			if (!autoLoginPromise) {
-				autoLoginPromise = login(email, password).finally(() => {
-					autoLoginPromise = null;
-				});
-			}
-			const result = await autoLoginPromise;
-			if ("error" in result && result.error) return result as ApiError;
-		} else {
-			return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "Not logged in. Call login() or provide API_EMAIL/API_PASSWORD in config." };
-		}
-	}
-
-	// Auto-refresh if expired
-	if (isTokenExpired()) {
-		if (!refreshPromise) {
-			refreshPromise = refreshAccessToken().finally(() => {
-				refreshPromise = null;
-			});
-		}
-		const result = await refreshPromise;
-		if ("error" in result && result.error) return result as ApiError;
-	}
-
-	return null;
+	return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "API key required. Pass API_KEY in initialize() or call setApiKey()." };
 }
 
 async function authenticatedGet<T>(path: string, params?: Record<string, string | number | undefined>): Promise<T | ApiError> {
-	const authError = await ensureAuthenticated();
+	const authError = ensureAuthenticated();
 	if (authError) return authError;
 
 	const headers = {
@@ -188,7 +140,7 @@ async function authenticatedGet<T>(path: string, params?: Record<string, string
 }
 
 async function authenticatedPost<T>(path: string, body?: Record<string, unknown>): Promise<T | ApiError> {
-	const authError = await ensureAuthenticated();
+	const authError = ensureAuthenticated();
 	if (authError) return authError;
 
 	const headers = {
@@ -204,60 +156,6 @@ async function authenticatedPost<T>(path: string, body?: Record<string, unknown>
 	}
 }
 
-// ── Auth ──
-
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export async function login(email: string, password: string): Promise<LoginResponse | ApiError> {
-	if (!email || !password) {
-		return { error: true, status: null, code: "INVALID_PARAMS", message: "Email and password are required." };
-	}
-
-	try {
-		const response = await axios.post<LoginResponse>(`${config.API_BASE_URL}/auth/login`, {
-			email,
-			password,
-		});
-		setTokens(response.data);
-		return response.data;
-	} catch (error) {
-		return handleApiError(error, "login");
-	}
-}
-
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export async function refreshAccessToken(refreshTokenOverride?: string): Promise<RefreshResponse | ApiError> {
-	const token = refreshTokenOverride ?? getRefreshToken();
-	if (!token) {
-		return { error: true, status: null, code: "NO_REFRESH_TOKEN", message: "No refresh token available. Call login() first." };
-	}
-
-	try {
-		const response = await axios.post<RefreshResponse>(`${config.API_BASE_URL}/auth/refresh`, {
-			refresh_token: token,
-		});
-		setTokens(response.data);
-		return response.data;
-	} catch (error) {
-		return handleApiError(error, "refreshAccessToken");
-	}
-}
-
-/**
- * Logout: clear all stored REST API tokens.
- */
-export function logout(): void {
-	clearTokens();
-}
-
 // ── Helpers ──
 
 /** Normalize CC → Amulet in symbol strings (e.g. "CC/SBC" → "Amulet/SBC", "CC" → "Amulet") */
@@ -378,7 +276,6 @@ export async function getDisclosures(partyId: string): Promise<DisclosuresRespon
 
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export async function getDelegation(): Promise<DelegationResponse | ApiError> {
 	return authenticatedGet("/api/trading/delegation");

package/src/api/tokenStore.ts

@@ -1,65 +1,24 @@
-import type { TokenData, AuthHeaders } from "./types.js";
+import type { AuthHeaders } from "./types.js";
 
-let accessToken: string | null = null;
-let refreshToken: string | null = null;
-let tokenExpiryTime: number | null = null;
 let apiKey: string | null = null;
 let userId: string | null = null;
 
 /**
- * Store tokens received from login or refresh.
- */
-export function setTokens(data: TokenData): void {
-	accessToken = data.access_token;
-	refreshToken = data.refresh_token;
-	tokenExpiryTime = Date.now() + data.expires_in * 1000;
-	if (data.user?.user_id != null) {
-		userId = String(data.user.user_id);
-	}
-}
-
-/**
- * Get the current access token, or null if not logged in.
- */
-export function getAccessToken(): string | null {
-	return accessToken;
-}
-
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export function getRefreshToken(): string | null {
-	return refreshToken;
-}
-
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export function isTokenExpired(): boolean {
-	if (!tokenExpiryTime) return true;
-	return Date.now() >= tokenExpiryTime - 60_000;
-}
-
-/**
- * Get the stored user ID from login, or null if not logged in.
+ * Get the stored user ID, or null if not set.
  */
 export function getUserId(): string | null {
 	return userId;
 }
 
-
 /**
- * Clear all stored tokens (logout).
+ * Set the user ID directly (e.g. from config at init time).
  */
-export function clearTokens(): void {
-	accessToken = null;
-	refreshToken = null;
-	tokenExpiryTime = null;
-	userId = null;
+export function setUserId(id: string): void {
+	userId = id;
 }
 
 /**
- * Set an API key for authentication (future: replaces email/password login).
+ * Set an API key for authentication.
  */
 export function setApiKey(key: string): void {
 	apiKey = key;
@@ -73,15 +32,12 @@ export function getApiKey(): string | null {
 }
 
 /**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
+ * Get the authorization header using the API key.
+ * Returns null if no API key is set.
  */
 export function getAuthHeader(): AuthHeaders | null {
 	if (apiKey) {
 		return { Authorization: `Bearer ${apiKey}` };
 	}
-	if (accessToken) {
-		return { Authorization: `Bearer ${accessToken}` };
-	}
 	return null;
 }

package/src/api/types.ts

@@ -1,25 +1,3 @@
-// ── Auth ──
-
-export interface LoginUser {
-	user_id: number;
-	max_limit_orders: number;
-	max_market_orders: number;
-}
-
-export interface LoginResponse {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-	token_type: string;
-	user: LoginUser;
-}
-
-export interface RefreshResponse {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-}
-
 // ── Market Data ──
 
 export interface Ticker {
@@ -209,14 +187,7 @@ export interface ApiError {
 	message: string;
 }
 
-// ── Token Store ──
-
-export interface TokenData {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-	user?: LoginUser;
-}
+// ── Auth ──
 
 export interface AuthHeaders {
 	Authorization: string;

package/src/config/index.js

@@ -114,7 +114,11 @@ const config = {
 	get NETWORK() { return getConfigValue("NETWORK") || NETWORK_MAINNET; },
 
 	// Temple REST API
-	get API_BASE_URL() { return getConfigValue("API_BASE_URL") || "https://api.templedigitalgroup.com"; },
+	get API_BASE_URL() {
+		const network = getConfigValue("NETWORK") || NETWORK_MAINNET;
+		if (network === NETWORK_TESTNET) return "https://api-testnet.templedigitalgroup.com";
+		return "https://api.templedigitalgroup.com";
+	},
 	get API_EMAIL() { return getConfigValue("API_EMAIL"); },
 	get API_PASSWORD() { return getConfigValue("API_PASSWORD"); },
 	get API_KEY() { return getConfigValue("API_KEY"); },