@temple-digital-group/temple-canton-js 1.0.39-beta.6 → 2.0.0-beta.2

package/README.md

@@ -40,12 +40,7 @@ setWalletAdapter(loop);
 | ---------------- | -------- | --------------------------------------------------------------- |
 | `NETWORK`        | Yes      | `mainnet`, `testnet`, or `localhost`                            |
 | `WALLET_ADAPTER` | Yes      | Loop SDK instance — auto-detects server/client mode for signing |
-| `API_EMAIL`      | No       | Temple REST API email (triggers login at init)                  |
-| `API_PASSWORD`   | No       | Temple REST API password (required with `API_EMAIL`)            |
-
-> You can optionally pass `API_EMAIL`/`API_PASSWORD` to authenticate with the REST API at init time.
-
-> **Legacy:** `initializeConfig()` is still available as a sync-only alternative (no REST API auth). `initialize()` is the recommended approach.
+| `API_KEY`        | No       | Temple REST API key for authenticated endpoints                 |
 
 ## Supported Instruments
 
@@ -301,21 +296,17 @@ const counts = await getUtxoCount(partyId, "USDCx", walletProvider);
 | ------------------------------------------------------------------------------------------ | -------- | ------------------------------ |
 | `mergeAmuletHoldingsForParty(party, returnCommand, provider, maxUtxos, amuletDisclosures)` | **W**    | Merge Amulet holdings into one |
 | `mergeUtilityHoldingsForParty(party, utilityAsset, returnCommand, provider, maxUtxos)`     | **W**    | Merge utility holdings into one |
-| `splitAmuletHoldingForParty(party, outputQuantity)`                                        |          | Split an Amulet holding        |
-| `unlockLockedAmulets(party)`                                                               |          | Unlock locked Amulet holdings  |
 
 ### Temple REST API
 
-> These functions call the Temple REST API. Pass `API_EMAIL`/`API_PASSWORD` in `initialize()`, or call `login()` directly — tokens are stored and auto-refreshed.
+> These functions call the Temple REST API. Pass `API_KEY` in `initialize()` or call `setApiKey()` to authenticate.
 
 #### Auth
 
 | Function                            | Description                                         |
 | ----------------------------------- | --------------------------------------------------- |
-| `login(email, password)`            | Login and store access/refresh tokens and user profile |
-| `refreshAccessToken(refreshToken?)` | Refresh the access token (auto-called when expired)    |
-| `logout()`                          | Clear stored tokens                                    |
-| `getUserId()`                       | Get the stored user ID from login                      |
+| `setApiKey(key)`                    | Set the API key for REST API authentication         |
+| `getUserId()`                       | Get the stored user ID                              |
 
 #### Market Data
 

package/dist/api/index.d.ts

@@ -1,32 +1,13 @@
-import type { ApiError, LoginUser, LoginResponse, RefreshResponse, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestOpts, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse } from "./types.js";
-export type { ApiError, LoginUser, LoginResponse, RefreshResponse, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse, };
-export { setApiKey, getUserId } from "./tokenStore.js";
+import type { ApiError, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestOpts, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse } from "./types.js";
+export type { ApiError, Ticker, OrderBook, OrderBookOptions, SymbolConfig, OpenInterest, Trade, RecentTradesOptions, ActiveOrder, ActiveOrdersOptions, CancelOrderResponse, CancelAllOrdersOptions, CancelAllOrdersResponse, CreateOrderRequestResponse, DelegationResponse, WithdrawalResponse, WithdrawalStatusResponse, TradingBalanceResponse, AmuletDisclosure, DisclosuresResponse, };
+export { getUserId } from "./tokenStore.js";
 export { setWalletAdapter } from "../../src/config/index.js";
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
-export declare function initialize(cfg: Record<string, unknown>): Promise<LoginResponse | ApiError | null>;
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export declare function login(email: string, password: string): Promise<LoginResponse | ApiError>;
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export declare function refreshAccessToken(refreshTokenOverride?: string): Promise<RefreshResponse | ApiError>;
-/**
- * Logout: clear all stored REST API tokens.
- */
-export declare function logout(): void;
+export declare function initialize(cfg: Record<string, unknown>): Promise<null>;
 /**
  * Get ticker data for one or all trading pairs.
  * @param symbol - Optional symbol filter (e.g., "Amulet/USDCx")
@@ -77,7 +58,6 @@ export declare function cancelAllOrders(options?: CancelAllOrdersOptions): Promi
 export declare function getDisclosures(partyId: string): Promise<DisclosuresResponse | ApiError>;
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export declare function getDelegation(): Promise<DelegationResponse | ApiError>;
 /**

package/dist/api/index.js

@@ -1,36 +1,26 @@
 import axios from "axios";
 import config, { initializeConfig, setWalletAdapter } from "../../src/config/index.js";
-import { setTokens, getAccessToken, getRefreshToken, getApiKey, setApiKey as setApiKeyFromConfig, isTokenExpired, clearTokens, getAuthHeader, } from "./tokenStore.js";
-export { setApiKey, getUserId } from "./tokenStore.js";
+import { getAuthHeader, setUserId, } from "./tokenStore.js";
+export { getUserId } from "./tokenStore.js";
 export { setWalletAdapter } from "../../src/config/index.js";
 // ── Initialization ──
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
 export async function initialize(cfg) {
     initializeConfig(cfg);
     if (cfg.WALLET_ADAPTER) {
         setWalletAdapter(cfg.WALLET_ADAPTER);
     }
-    const apiKey = cfg.API_KEY;
-    if (apiKey) {
-        setApiKeyFromConfig(apiKey);
-        return null;
-    }
-    const email = cfg.API_EMAIL;
-    const password = cfg.API_PASSWORD;
-    if (email && password) {
-        return login(email, password);
+    const userIdValue = cfg.USER_ID;
+    if (userIdValue) {
+        setUserId(userIdValue);
     }
     return null;
 }
 // ── Internal helpers ──
-/** Pending auto-login promise for dedup. */
-let autoLoginPromise = null;
 function handleApiError(error, context) {
     const err = error;
     const status = err.response?.status ?? null;
@@ -42,49 +32,13 @@ function handleApiError(error, context) {
     console.error(`[Temple API] ${context}: ${message}${status ? ` (HTTP ${status})` : ""}`);
     return { error: true, status, code, message };
 }
-/** Pending refresh promise for dedup. */
-let refreshPromise = null;
-async function ensureAuthenticated() {
-    // API key takes priority — no login needed
-    const configApiKey = config.API_KEY;
-    if (!getApiKey() && configApiKey) {
-        setApiKeyFromConfig(configApiKey);
-    }
-    if (getApiKey())
+function ensureAuthenticated() {
+    if (config.API_KEY)
         return null;
-    // Auto-login from config if no token exists
-    if (!getAccessToken()) {
-        const email = config.API_EMAIL;
-        const password = config.API_PASSWORD;
-        if (email && password) {
-            if (!autoLoginPromise) {
-                autoLoginPromise = login(email, password).finally(() => {
-                    autoLoginPromise = null;
-                });
-            }
-            const result = await autoLoginPromise;
-            if ("error" in result && result.error)
-                return result;
-        }
-        else {
-            return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "Not logged in. Call login() or provide API_EMAIL/API_PASSWORD in config." };
-        }
-    }
-    // Auto-refresh if expired
-    if (isTokenExpired()) {
-        if (!refreshPromise) {
-            refreshPromise = refreshAccessToken().finally(() => {
-                refreshPromise = null;
-            });
-        }
-        const result = await refreshPromise;
-        if ("error" in result && result.error)
-            return result;
-    }
-    return null;
+    return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "API key required. Pass API_KEY in initialize()." };
 }
 async function authenticatedGet(path, params) {
-    const authError = await ensureAuthenticated();
+    const authError = ensureAuthenticated();
     if (authError)
         return authError;
     const headers = {
@@ -111,7 +65,7 @@ async function authenticatedGet(path, params) {
     }
 }
 async function authenticatedPost(path, body) {
-    const authError = await ensureAuthenticated();
+    const authError = ensureAuthenticated();
     if (authError)
         return authError;
     const headers = {
@@ -126,56 +80,6 @@ async function authenticatedPost(path, body) {
         return handleApiError(error, `POST ${path}`);
     }
 }
-// ── Auth ──
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export async function login(email, password) {
-    if (!email || !password) {
-        return { error: true, status: null, code: "INVALID_PARAMS", message: "Email and password are required." };
-    }
-    try {
-        const response = await axios.post(`${config.API_BASE_URL}/auth/login`, {
-            email,
-            password,
-        });
-        setTokens(response.data);
-        return response.data;
-    }
-    catch (error) {
-        return handleApiError(error, "login");
-    }
-}
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export async function refreshAccessToken(refreshTokenOverride) {
-    const token = refreshTokenOverride ?? getRefreshToken();
-    if (!token) {
-        return { error: true, status: null, code: "NO_REFRESH_TOKEN", message: "No refresh token available. Call login() first." };
-    }
-    try {
-        const response = await axios.post(`${config.API_BASE_URL}/auth/refresh`, {
-            refresh_token: token,
-        });
-        setTokens(response.data);
-        return response.data;
-    }
-    catch (error) {
-        return handleApiError(error, "refreshAccessToken");
-    }
-}
-/**
- * Logout: clear all stored REST API tokens.
- */
-export function logout() {
-    clearTokens();
-}
 // ── Helpers ──
 /** Normalize CC → Amulet in symbol strings (e.g. "CC/SBC" → "Amulet/SBC", "CC" → "Amulet") */
 function normalizeSymbol(symbol) {
@@ -281,7 +185,6 @@ export async function getDisclosures(partyId) {
 // ── Delegation ──
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export async function getDelegation() {
     return authenticatedGet("/api/trading/delegation");

package/dist/api/tokenStore.d.ts

@@ -1,38 +1,14 @@
-import type { TokenData, AuthHeaders } from "./types.js";
+import type { AuthHeaders } from "./types.js";
 /**
- * Store tokens received from login or refresh.
- */
-export declare function setTokens(data: TokenData): void;
-/**
- * Get the current access token, or null if not logged in.
- */
-export declare function getAccessToken(): string | null;
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export declare function getRefreshToken(): string | null;
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export declare function isTokenExpired(): boolean;
-/**
- * Get the stored user ID from login, or null if not logged in.
+ * Get the stored user ID, or null if not set.
  */
 export declare function getUserId(): string | null;
 /**
- * Clear all stored tokens (logout).
- */
-export declare function clearTokens(): void;
-/**
- * Set an API key for authentication (future: replaces email/password login).
- */
-export declare function setApiKey(key: string): void;
-/**
- * Get the stored API key, or null if not set.
+ * Set the user ID directly (e.g. from config at init time).
  */
-export declare function getApiKey(): string | null;
+export declare function setUserId(id: string): void;
 /**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
+ * Get the authorization header using the API key from config.
+ * Returns null if no API key is configured.
  */
 export declare function getAuthHeader(): AuthHeaders | null;

package/dist/api/tokenStore.js

@@ -1,76 +1,25 @@
-let accessToken = null;
-let refreshToken = null;
-let tokenExpiryTime = null;
-let apiKey = null;
+import config from "../../src/config/index.js";
 let userId = null;
 /**
- * Store tokens received from login or refresh.
- */
-export function setTokens(data) {
-    accessToken = data.access_token;
-    refreshToken = data.refresh_token;
-    tokenExpiryTime = Date.now() + data.expires_in * 1000;
-    if (data.user?.user_id != null) {
-        userId = String(data.user.user_id);
-    }
-}
-/**
- * Get the current access token, or null if not logged in.
- */
-export function getAccessToken() {
-    return accessToken;
-}
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export function getRefreshToken() {
-    return refreshToken;
-}
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export function isTokenExpired() {
-    if (!tokenExpiryTime)
-        return true;
-    return Date.now() >= tokenExpiryTime - 60000;
-}
-/**
- * Get the stored user ID from login, or null if not logged in.
+ * Get the stored user ID, or null if not set.
  */
 export function getUserId() {
     return userId;
 }
 /**
- * Clear all stored tokens (logout).
- */
-export function clearTokens() {
-    accessToken = null;
-    refreshToken = null;
-    tokenExpiryTime = null;
-    userId = null;
-}
-/**
- * Set an API key for authentication (future: replaces email/password login).
+ * Set the user ID directly (e.g. from config at init time).
  */
-export function setApiKey(key) {
-    apiKey = key;
+export function setUserId(id) {
+    userId = id;
 }
 /**
- * Get the stored API key, or null if not set.
- */
-export function getApiKey() {
-    return apiKey;
-}
-/**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
+ * Get the authorization header using the API key from config.
+ * Returns null if no API key is configured.
  */
 export function getAuthHeader() {
+    const apiKey = config.API_KEY;
     if (apiKey) {
-        return { Authorization: `Bearer ${apiKey}` };
-    }
-    if (accessToken) {
-        return { Authorization: `Bearer ${accessToken}` };
+        return { "X-API-Key": apiKey };
     }
     return null;
 }

package/dist/api/types.d.ts

@@ -1,20 +1,3 @@
-export interface LoginUser {
-    user_id: number;
-    max_limit_orders: number;
-    max_market_orders: number;
-}
-export interface LoginResponse {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-    token_type: string;
-    user: LoginUser;
-}
-export interface RefreshResponse {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-}
 export interface Ticker {
     symbol: string;
     last_price: string;
@@ -161,12 +144,6 @@ export interface ApiError {
     code: string | null;
     message: string;
 }
-export interface TokenData {
-    access_token: string;
-    refresh_token: string;
-    expires_in: number;
-    user?: LoginUser;
-}
 export interface AuthHeaders {
-    Authorization: string;
+    "X-API-Key": string;
 }

package/dist/api/types.js

@@ -1,2 +1,2 @@
-// ── Auth ──
+// ── Market Data ──
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@temple-digital-group/temple-canton-js",
-  "version": "1.0.39-beta.6",
+  "version": "2.0.0-beta.2",
   "description": "JavaScript library for interacting with Temple Canton blockchain",
   "type": "module",
   "main": "index.js",

package/src/api/index.ts

@@ -1,20 +1,11 @@
 import axios, { type AxiosRequestConfig } from "axios";
 import config, { initializeConfig, setWalletAdapter } from "../../src/config/index.js";
 import {
-	setTokens,
-	getAccessToken,
-	getRefreshToken,
-	getApiKey,
-	setApiKey as setApiKeyFromConfig,
-	isTokenExpired,
-	clearTokens,
 	getAuthHeader,
+	setUserId,
 } from "./tokenStore.js";
 import type {
 	ApiError,
-	LoginUser,
-	LoginResponse,
-	RefreshResponse,
 	Ticker,
 	OrderBook,
 	OrderBookOptions,
@@ -40,9 +31,6 @@ import type {
 // Re-export types and token utilities consumers may need
 export type {
 	ApiError,
-	LoginUser,
-	LoginResponse,
-	RefreshResponse,
 	Ticker,
 	OrderBook,
 	OrderBookOptions,
@@ -63,35 +51,26 @@ export type {
 	AmuletDisclosure,
 	DisclosuresResponse,
 };
-export { setApiKey, getUserId } from "./tokenStore.js";
+export { getUserId } from "./tokenStore.js";
 export { setWalletAdapter } from "../../src/config/index.js";
 
 // ── Initialization ──
 
 /**
- * Initialize the Temple SDK — sets config and optionally authenticates with the REST API.
- * Pass `API_EMAIL`/`API_PASSWORD` or `API_KEY` to authenticate eagerly at init time.
+ * Initialize the Temple SDK — sets config and authenticates with the REST API via API key.
  *
- * @returns The login response on success, or an ApiError on failure.
- *          Returns `null` if no API credentials were provided (config-only init).
+ * @returns null (config-only init). Throws no errors.
  */
-export async function initialize(cfg: Record<string, unknown>): Promise<LoginResponse | ApiError | null> {
+export async function initialize(cfg: Record<string, unknown>): Promise<null> {
 	initializeConfig(cfg);
 
 	if (cfg.WALLET_ADAPTER) {
 		setWalletAdapter(cfg.WALLET_ADAPTER);
 	}
 
-	const apiKey = cfg.API_KEY as string | undefined;
-	if (apiKey) {
-		setApiKeyFromConfig(apiKey);
-		return null;
-	}
-
-	const email = cfg.API_EMAIL as string | undefined;
-	const password = cfg.API_PASSWORD as string | undefined;
-	if (email && password) {
-		return login(email, password);
+	const userIdValue = cfg.USER_ID as string | undefined;
+	if (userIdValue) {
+		setUserId(userIdValue);
 	}
 
 	return null;
@@ -99,9 +78,6 @@ export async function initialize(cfg: Record<string, unknown>): Promise<LoginRes
 
 // ── Internal helpers ──
 
-/** Pending auto-login promise for dedup. */
-let autoLoginPromise: Promise<LoginResponse | ApiError> | null = null;
-
 function handleApiError(error: unknown, context: string): ApiError {
 	const err = error as { response?: { status?: number; data?: { message?: string; error?: string; code?: string } }; message?: string };
 	const status = err.response?.status ?? null;
@@ -117,50 +93,13 @@ function handleApiError(error: unknown, context: string): ApiError {
 	return { error: true, status, code, message };
 }
 
-/** Pending refresh promise for dedup. */
-let refreshPromise: Promise<RefreshResponse | ApiError> | null = null;
-
-async function ensureAuthenticated(): Promise<ApiError | null> {
-	// API key takes priority — no login needed
-	const configApiKey = (config as Record<string, unknown>).API_KEY as string | undefined;
-	if (!getApiKey() && configApiKey) {
-		setApiKeyFromConfig(configApiKey);
-	}
-	if (getApiKey()) return null;
-
-	// Auto-login from config if no token exists
-	if (!getAccessToken()) {
-		const email = (config as Record<string, unknown>).API_EMAIL as string | undefined;
-		const password = (config as Record<string, unknown>).API_PASSWORD as string | undefined;
-		if (email && password) {
-			if (!autoLoginPromise) {
-				autoLoginPromise = login(email, password).finally(() => {
-					autoLoginPromise = null;
-				});
-			}
-			const result = await autoLoginPromise;
-			if ("error" in result && result.error) return result as ApiError;
-		} else {
-			return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "Not logged in. Call login() or provide API_EMAIL/API_PASSWORD in config." };
-		}
-	}
-
-	// Auto-refresh if expired
-	if (isTokenExpired()) {
-		if (!refreshPromise) {
-			refreshPromise = refreshAccessToken().finally(() => {
-				refreshPromise = null;
-			});
-		}
-		const result = await refreshPromise;
-		if ("error" in result && result.error) return result as ApiError;
-	}
-
-	return null;
+function ensureAuthenticated(): ApiError | null {
+	if (config.API_KEY) return null;
+	return { error: true, status: 401, code: "NOT_AUTHENTICATED", message: "API key required. Pass API_KEY in initialize()." };
 }
 
 async function authenticatedGet<T>(path: string, params?: Record<string, string | number | undefined>): Promise<T | ApiError> {
-	const authError = await ensureAuthenticated();
+	const authError = ensureAuthenticated();
 	if (authError) return authError;
 
 	const headers = {
@@ -188,7 +127,7 @@ async function authenticatedGet<T>(path: string, params?: Record<string, string
 }
 
 async function authenticatedPost<T>(path: string, body?: Record<string, unknown>): Promise<T | ApiError> {
-	const authError = await ensureAuthenticated();
+	const authError = ensureAuthenticated();
 	if (authError) return authError;
 
 	const headers = {
@@ -204,60 +143,6 @@ async function authenticatedPost<T>(path: string, body?: Record<string, unknown>
 	}
 }
 
-// ── Auth ──
-
-/**
- * Login to the Temple REST API with email and password.
- * Stores tokens automatically for subsequent API calls.
- * @param email - User email
- * @param password - User password
- */
-export async function login(email: string, password: string): Promise<LoginResponse | ApiError> {
-	if (!email || !password) {
-		return { error: true, status: null, code: "INVALID_PARAMS", message: "Email and password are required." };
-	}
-
-	try {
-		const response = await axios.post<LoginResponse>(`${config.API_BASE_URL}/auth/login`, {
-			email,
-			password,
-		});
-		setTokens(response.data);
-		return response.data;
-	} catch (error) {
-		return handleApiError(error, "login");
-	}
-}
-
-/**
- * Refresh the access token using the stored or provided refresh token.
- * Updates the token store automatically on success.
- * @param refreshTokenOverride - Optional explicit refresh token (uses stored one if omitted)
- */
-export async function refreshAccessToken(refreshTokenOverride?: string): Promise<RefreshResponse | ApiError> {
-	const token = refreshTokenOverride ?? getRefreshToken();
-	if (!token) {
-		return { error: true, status: null, code: "NO_REFRESH_TOKEN", message: "No refresh token available. Call login() first." };
-	}
-
-	try {
-		const response = await axios.post<RefreshResponse>(`${config.API_BASE_URL}/auth/refresh`, {
-			refresh_token: token,
-		});
-		setTokens(response.data);
-		return response.data;
-	} catch (error) {
-		return handleApiError(error, "refreshAccessToken");
-	}
-}
-
-/**
- * Logout: clear all stored REST API tokens.
- */
-export function logout(): void {
-	clearTokens();
-}
-
 // ── Helpers ──
 
 /** Normalize CC → Amulet in symbol strings (e.g. "CC/SBC" → "Amulet/SBC", "CC" → "Amulet") */
@@ -378,7 +263,6 @@ export async function getDisclosures(partyId: string): Promise<DisclosuresRespon
 
 /**
  * Get the user's trading delegation status.
- * The user ID is extracted from the JWT token automatically.
  */
 export async function getDelegation(): Promise<DelegationResponse | ApiError> {
 	return authenticatedGet("/api/trading/delegation");

package/src/api/tokenStore.ts

@@ -1,87 +1,30 @@
-import type { TokenData, AuthHeaders } from "./types.js";
-
-let accessToken: string | null = null;
-let refreshToken: string | null = null;
-let tokenExpiryTime: number | null = null;
-let apiKey: string | null = null;
-let userId: string | null = null;
-
-/**
- * Store tokens received from login or refresh.
- */
-export function setTokens(data: TokenData): void {
-	accessToken = data.access_token;
-	refreshToken = data.refresh_token;
-	tokenExpiryTime = Date.now() + data.expires_in * 1000;
-	if (data.user?.user_id != null) {
-		userId = String(data.user.user_id);
-	}
-}
-
-/**
- * Get the current access token, or null if not logged in.
- */
-export function getAccessToken(): string | null {
-	return accessToken;
-}
-
-/**
- * Get the stored refresh token, or null if not logged in.
- */
-export function getRefreshToken(): string | null {
-	return refreshToken;
-}
-
-/**
- * Check if the current access token is expired (with 60-second buffer).
- */
-export function isTokenExpired(): boolean {
-	if (!tokenExpiryTime) return true;
-	return Date.now() >= tokenExpiryTime - 60_000;
-}
-
-/**
- * Get the stored user ID from login, or null if not logged in.
- */
-export function getUserId(): string | null {
-	return userId;
-}
-
-
-/**
- * Clear all stored tokens (logout).
- */
-export function clearTokens(): void {
-	accessToken = null;
-	refreshToken = null;
-	tokenExpiryTime = null;
-	userId = null;
-}
-
-/**
- * Set an API key for authentication (future: replaces email/password login).
- */
-export function setApiKey(key: string): void {
-	apiKey = key;
-}
-
-/**
- * Get the stored API key, or null if not set.
- */
-export function getApiKey(): string | null {
-	return apiKey;
-}
-
-/**
- * Get the authorization header. Prefers API key if set, otherwise uses Bearer token.
- * Returns null if neither is available.
- */
-export function getAuthHeader(): AuthHeaders | null {
-	if (apiKey) {
-		return { Authorization: `Bearer ${apiKey}` };
-	}
-	if (accessToken) {
-		return { Authorization: `Bearer ${accessToken}` };
-	}
-	return null;
-}
+import config from "../../src/config/index.js";
+import type { AuthHeaders } from "./types.js";
+
+let userId: string | null = null;
+
+/**
+ * Get the stored user ID, or null if not set.
+ */
+export function getUserId(): string | null {
+	return userId;
+}
+
+/**
+ * Set the user ID directly (e.g. from config at init time).
+ */
+export function setUserId(id: string): void {
+	userId = id;
+}
+
+/**
+ * Get the authorization header using the API key from config.
+ * Returns null if no API key is configured.
+ */
+export function getAuthHeader(): AuthHeaders | null {
+	const apiKey = config.API_KEY;
+	if (apiKey) {
+		return { "X-API-Key": apiKey };
+	}
+	return null;
+}

package/src/api/types.ts

@@ -1,25 +1,3 @@
-// ── Auth ──
-
-export interface LoginUser {
-	user_id: number;
-	max_limit_orders: number;
-	max_market_orders: number;
-}
-
-export interface LoginResponse {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-	token_type: string;
-	user: LoginUser;
-}
-
-export interface RefreshResponse {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-}
-
 // ── Market Data ──
 
 export interface Ticker {
@@ -209,15 +187,8 @@ export interface ApiError {
 	message: string;
 }
 
-// ── Token Store ──
-
-export interface TokenData {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-	user?: LoginUser;
-}
+// ── Auth ──
 
 export interface AuthHeaders {
-	Authorization: string;
+	"X-API-Key": string;
 }

package/src/config/index.d.ts

@@ -57,4 +57,5 @@ export namespace config {
     const VALIDATOR_REGISTRAR_PARTY_ID: any;
     const PACKAGE_NAME_SETTLEMENT_INTERFACE: any;
     const PACKAGE_NAME_SETTLEMENT_IMPL: any;
+    const API_KEY: any;
 }