npm - @thirdweb-dev/service-utils - Versions diffs - 0.5.0-nightly-0f027069-20230828164852 → 0.5.0-nightly-6cf298a29-20240308012322 - Mend

@thirdweb-dev/service-utils 0.5.0-nightly-0f027069-20230828164852 → 0.5.0-nightly-6cf298a29-20240308012322

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/declarations/src/core/rateLimit/index.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { CoreServiceConfig } from "../api";
+import { AuthorizationResult } from "../authorize/types";
+import { RateLimitResult } from "./types";
+type IRedis = {
+    incr: (key: string) => Promise<number>;
+    expire: (key: string, ttlSeconds: number) => Promise<0 | 1>;
+};
+export declare function rateLimit(args: {
+    authzResult: AuthorizationResult;
+    serviceConfig: CoreServiceConfig;
+    redis: IRedis;
+    /**
+     * Sample requests to reduce load on Redis.
+     * This scales down the request count and the rate limit threshold.
+     * @default 1.0
+     */
+    sampleRate?: number;
+}): Promise<RateLimitResult>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/core/rateLimit/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAuB,MAAM,QAAQ,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAK1C,KAAK,MAAM,GAAG;IACZ,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7D,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,WAAW,EAAE,mBAAmB,CAAC;IACjC,aAAa,EAAE,iBAAiB,CAAC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,eAAe,CAAC,CAsE3B"}

package/dist/declarations/src/core/rateLimit/types.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export type RateLimitResult = {
+    rateLimited: false;
+    requestCount: number;
+    rateLimit: number;
+} | {
+    rateLimited: true;
+    requestCount: number;
+    rateLimit: number;
+    status: number;
+    errorMessage: string;
+    errorCode: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/core/rateLimit/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GACvB;IACE,WAAW,EAAE,KAAK,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,GACD;IACE,WAAW,EAAE,IAAI,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/declarations/src/core/services.d.ts CHANGED Viewed

@@ -31,8 +31,26 @@ export declare const SERVICE_DEFINITIONS: {
         readonly description: "Enable gasless transactions";
         readonly actions: readonly [];
     };
+    readonly embeddedWallets: {
+        readonly name: "embeddedWallets";
+        readonly title: "Embedded Wallets";
+        readonly description: "E-mail and social login wallets for easy web3 onboarding";
+        readonly actions: readonly [];
+    };
+    readonly checkout: {
+        readonly name: "checkout";
+        readonly title: "Checkouts";
+        readonly description: "NFT Checkouts for easy web3 onboarding";
+        readonly actions: readonly [];
+    };
+    readonly pay: {
+        readonly name: "pay";
+        readonly title: "Pay";
+        readonly description: "Pay for a blockchain transaction with any currency";
+        readonly actions: readonly [];
+    };
 };
-export declare const SERVICE_NAMES: ("storage" | "rpc" | "bundler" | "relayer")[];
+export declare const SERVICE_NAMES: ("storage" | "rpc" | "bundler" | "relayer" | "embeddedWallets" | "checkout" | "pay")[];
 export declare const SERVICES: ({
     readonly name: "storage";
     readonly title: "Storage";
@@ -61,6 +79,21 @@ export declare const SERVICES: ({
     readonly title: "Gasless Relayer";
     readonly description: "Enable gasless transactions";
     readonly actions: readonly [];
+} | {
+    readonly name: "embeddedWallets";
+    readonly title: "Embedded Wallets";
+    readonly description: "E-mail and social login wallets for easy web3 onboarding";
+    readonly actions: readonly [];
+} | {
+    readonly name: "checkout";
+    readonly title: "Checkouts";
+    readonly description: "NFT Checkouts for easy web3 onboarding";
+    readonly actions: readonly [];
+} | {
+    readonly name: "pay";
+    readonly title: "Pay";
+    readonly description: "Pay for a blockchain transaction with any currency";
+    readonly actions: readonly [];
 })[];
 export type ServiceName = (typeof SERVICE_NAMES)[number];
 export type ServiceAction = {
@@ -97,5 +130,20 @@ export declare function getServiceByName(name: ServiceName): {
     readonly title: "Gasless Relayer";
     readonly description: "Enable gasless transactions";
     readonly actions: readonly [];
+} | {
+    readonly name: "embeddedWallets";
+    readonly title: "Embedded Wallets";
+    readonly description: "E-mail and social login wallets for easy web3 onboarding";
+    readonly actions: readonly [];
+} | {
+    readonly name: "checkout";
+    readonly title: "Checkouts";
+    readonly description: "NFT Checkouts for easy web3 onboarding";
+    readonly actions: readonly [];
+} | {
+    readonly name: "pay";
+    readonly title: "Pay";
+    readonly description: "Pay for a blockchain transaction with any currency";
+    readonly actions: readonly [];
 };
 //# sourceMappingURL=services.d.ts.map

package/dist/declarations/src/core/services.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"services.d.ts","sourceRoot":"../../../../src/core","sources":["services.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuCtB~~,CAAC;AAEX,eAAO,MAAM,aAAa~~,+CAEe~~,CAAC;AAE1C,eAAO,MAAM,QAAQ~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~IAAqC,CAAC;AAE3D,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,OAAO,GACjB,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,WAAW~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~EAEjD"}
1	+ {"version":3,"file":"services.d.ts","sourceRoot":"../../../../src/core","sources":["services.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4DtB,CAAC;AAEX,eAAO,MAAM,aAAa,wFAEe,CAAC;AAE1C,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAAqC,CAAC;AAE3D,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,OAAO,GACjB,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEjD"}

package/dist/declarations/src/core/usageLimit/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { CoreServiceConfig } from "../api";
+import { AuthorizationResult } from "../authorize/types";
+import { UsageLimitResult } from "./types";
+export declare function usageLimit(authzResult: AuthorizationResult, serviceConfig: CoreServiceConfig): Promise<UsageLimitResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/core/usageLimit/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/usageLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,wBAAsB,UAAU,CAC9B,WAAW,EAAE,mBAAmB,EAChC,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,gBAAgB,CAAC,CAmD3B"}

package/dist/declarations/src/core/usageLimit/types.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export type UsageLimitResult = {
+    usageLimited: false;
+} | {
+    usageLimited: true;
+    status: number;
+    errorMessage: string;
+    errorCode: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/core/usageLimit/types.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/usageLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GACxB;IACE,YAAY,EAAE,KAAK,CAAC;CACrB,GACD;IACE,YAAY,EAAE,IAAI,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/declarations/src/node/index.d.ts CHANGED Viewed

@@ -1,23 +1,43 @@
 /// <reference types="node" />
+import type { ServerResponse } from "http";
 import type { IncomingMessage } from "node:http";
-import type { AuthorizationInput } from "../core/authorize";
 import type { CoreServiceConfig } from "../core/api";
+import type { AuthorizationInput } from "../core/authorize";
 import type { AuthorizationResult } from "../core/authorize/types";
 import type { CoreAuthInput } from "../core/types";
-import type { ServerResponse } from "http";
 export * from "../core/services";
+export * from "../core/rateLimit";
+export * from "../core/usageLimit";
 type NodeServiceConfig = CoreServiceConfig;
 export type AuthInput = CoreAuthInput & {
     req: IncomingMessage;
 };
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
 export declare function authorizeNode(authInput: AuthInput, serviceConfig: NodeServiceConfig): Promise<AuthorizationResult>;
 export declare function extractAuthorizationData(authInput: AuthInput): AuthorizationInput;
 export declare function hashSecretKey(secretKey: string): string;
 export declare function deriveClientIdFromSecretKeyHash(secretKeyHash: string): string;
-export declare function logHttpRequest({ source, clientId, req, res, isAuthed, statusMessage, }: AuthInput & {
+export declare function logHttpRequest({ source, clientId, req, res, isAuthed, statusMessage, latencyMs, }: AuthInput & {
     source: string;
     res: ServerResponse;
     isAuthed?: boolean;
     statusMessage?: Error | string;
+    latencyMs?: number;
 }): void;
 //# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/node/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAGA,OAAO,KAAK,~~EAAuB~~,~~eAAe~~,EAAE,MAAM,~~WAAW~~,CAAC;~~AACtE~~,OAAO,KAAK,~~EAAE~~,~~kBAAkB~~,EAAE,MAAM,~~mBAAmB~~,CAAC;~~AAC5D~~,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,~~mBAAmB~~,EAAE,MAAM,~~yBAAyB~~,CAAC;~~AACnE~~,OAAO,KAAK,EAAE,~~aAAa~~,EAAE,MAAM,~~eAAe~~,CAAC;~~AACnD~~,OAAO,KAAK,EAAE,~~cAAc~~,EAAE,MAAM,~~MAAM~~,CAAC;~~AAE3C~~,cAAc,kBAAkB,CAAC;~~AAEjC~~,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,CA2FpB;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,UAE9C;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAED,wBAAgB,cAAc,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,~~GACd~~,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,cAAc,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;~~CAChC~~,~~QAsBA~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAC3C,OAAO,KAAK,EAAuB,eAAe,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,CA2FpB;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,UAE9C;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAED,wBAAgB,cAAc,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,EACb,SAAS,GACV,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,cAAc,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,QA4BA"}

package/dist/{index-ffddf746.esm.js → index-3b9a0743.esm.js} RENAMED Viewed

@@ -2,9 +2,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
   const {
     apiUrl,
     serviceScope,
-    serviceApiKey
+    serviceApiKey,
+    checkPolicy,
+    policyMetadata
   } = config;
-  const url = `${apiUrl}/v1/keys/use?clientId=${clientId}&scope=${serviceScope}`;
+  const policyQuery = checkPolicy && policyMetadata ? `&checkPolicy=true&policyMetadata=${encodeURIComponent(JSON.stringify(policyMetadata))}` : "";
+  const url = `${apiUrl}/v1/keys/use?clientId=${clientId}&scope=${serviceScope}&includeUsage=true${policyQuery}`;
   const response = await fetch(url, {
     method: "GET",
     headers: {
@@ -12,20 +15,20 @@ async function fetchKeyMetadataFromApi(clientId, config) {
       "content-type": "application/json"
     }
   });
-  let json;
+  let text = "";
   try {
-    json = await response.json();
+    text = await response.text();
+    return JSON.parse(text);
   } catch (e) {
-    throw new Error(`Error fetching key metadata from API: ${response.status} - ${response.statusText} - ${await response.text()}`);
+    throw new Error(`Error fetching key metadata from API: ${response.status} - ${text}`);
   }
-  return json;
 }
 async function fetchAccountFromApi(jwt, config, useWalletAuth) {
   const {
     apiUrl,
     serviceApiKey
   } = config;
-  const url = useWalletAuth ? `${apiUrl}/v1/wallet/me` : `${apiUrl}/v1/account/me`;
+  const url = useWalletAuth ? `${apiUrl}/v1/wallet/me?includeUsage=true` : `${apiUrl}/v1/account/me?includeUsage=true`;
   const response = await fetch(url, {
     method: "GET",
     headers: {
@@ -34,13 +37,32 @@ async function fetchAccountFromApi(jwt, config, useWalletAuth) {
       authorization: `Bearer ${jwt}`
     }
   });
-  let json;
+  let text = "";
   try {
-    json = await response.json();
+    text = await response.text();
+    return JSON.parse(text);
   } catch (e) {
-    throw new Error(`Error fetching account from API: ${response.status} - ${response.statusText} - ${await response.text()}`);
+    throw new Error(`Error fetching account from API: ${response.status} - ${text}`);
   }
-  return json;
+}
+async function updateRateLimitedAt(apiKeyId, config) {
+  const {
+    apiUrl,
+    serviceScope: scope,
+    serviceApiKey
+  } = config;
+  const url = `${apiUrl}/usage/rateLimit`;
+  await fetch(url, {
+    method: "PUT",
+    headers: {
+      "x-service-api-key": serviceApiKey,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      apiKeyId,
+      scope
+    })
+  });
 }
 function authorizeClient(authOptions, apiKeyMeta) {
@@ -61,7 +83,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
       id: apiKeyMeta.accountId,
       // TODO update this later
       name: "",
-      creatorWalletAddress: apiKeyMeta.creatorWalletAddress
+      creatorWalletAddress: apiKeyMeta.creatorWalletAddress,
+      limits: apiKeyMeta.limits,
+      rateLimits: apiKeyMeta.rateLimits,
+      usage: apiKeyMeta.usage
     }
   };
@@ -191,12 +216,15 @@ function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
   }
   return {
     authorized: true,
+    apiKeyMeta: apiKeyMetadata,
     accountMeta: {
       id: apiKeyMetadata.accountId,
       name: "",
-      creatorWalletAddress: apiKeyMetadata.creatorWalletAddress
-    },
-    apiKeyMeta: apiKeyMetadata
+      creatorWalletAddress: apiKeyMetadata.creatorWalletAddress,
+      limits: apiKeyMetadata.limits,
+      rateLimits: apiKeyMetadata.rateLimits,
+      usage: apiKeyMetadata.usage
+    }
   };
 }
@@ -234,9 +262,9 @@ async function authorize(authData, serviceConfig, cacheOptions) {
             // if the difference is greater than the cacheTtl we want to ignore the cached data
             const now = Date.now();
             const diff = now - parsed.updatedAt;
-            const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
+            const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
             // only if the diff is less than the cacheTtl do we want to use the cached key
-            if (diff < cacheTtl * 1000) {
+            if (diff < cacheTtlMs) {
               accountMeta = parsed.apiKeyMeta;
             }
           } else {
@@ -320,9 +348,9 @@ async function authorize(authData, serviceConfig, cacheOptions) {
           // if the difference is greater than the cacheTtl we want to ignore the cached data
           const now = Date.now();
           const diff = now - parsed.updatedAt;
-          const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
+          const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
           // only if the diff is less than the cacheTtl do we want to use the cached key
-          if (diff < cacheTtl * 1000) {
+          if (diff < cacheTtlMs) {
             apiKeyMeta = parsed.apiKeyMeta;
           }
         } else {
@@ -414,9 +442,131 @@ async function authorize(authData, serviceConfig, cacheOptions) {
       id: apiKeyMeta.accountId,
       // TODO update this later
       name: "",
+      limits: apiKeyMeta.limits,
+      rateLimits: apiKeyMeta.rateLimits,
+      usage: apiKeyMeta.usage,
       creatorWalletAddress: apiKeyMeta.creatorWalletAddress
     }
   };
 }
-export { authorize as a };
+const RATE_LIMIT_WINDOW_SECONDS = 10;
+// Redis interface compatible with ioredis (Node) and upstash (Cloudflare Workers).
+async function rateLimit(args) {
+  const {
+    authzResult,
+    serviceConfig,
+    redis,
+    sampleRate = 1.0
+  } = args;
+  const shouldSampleRequest = Math.random() < sampleRate;
+  if (!shouldSampleRequest || !authzResult.authorized) {
+    return {
+      rateLimited: false,
+      requestCount: 0,
+      rateLimit: 0
+    };
+  }
+  const {
+    apiKeyMeta,
+    accountMeta
+  } = authzResult;
+  const accountId = apiKeyMeta?.accountId || accountMeta?.id;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limitPerSecond = apiKeyMeta?.rateLimits?.[serviceScope] ?? accountMeta?.rateLimits?.[serviceScope];
+  if (!limitPerSecond) {
+    // No rate limit is provided. Assume the request is not rate limited.
+    return {
+      rateLimited: false,
+      requestCount: 0,
+      rateLimit: 0
+    };
+  }
+  // Gets the 10-second window for the current timestamp.
+  const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) * RATE_LIMIT_WINDOW_SECONDS;
+  const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+  // Increment and get the current request count in this window.
+  const requestCount = await redis.incr(key);
+  if (requestCount === 1) {
+    // For the first increment, set an expiration to clean up this key.
+    await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+  }
+  // Get the limit for this window accounting for the sample rate.
+  const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+  if (requestCount > limitPerWindow) {
+    // Report rate limit hits.
+    if (apiKeyMeta?.id) {
+      await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
+    }
+    // Reject requests when they've exceeded 2x the rate limit.
+    if (requestCount > 2 * limitPerWindow) {
+      return {
+        rateLimited: true,
+        requestCount,
+        rateLimit: limitPerWindow,
+        status: 429,
+        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+        errorCode: "RATE_LIMIT_EXCEEDED"
+      };
+    }
+  }
+  return {
+    rateLimited: false,
+    requestCount,
+    rateLimit: limitPerWindow
+  };
+}
+async function usageLimit(authzResult, serviceConfig) {
+  if (!authzResult.authorized) {
+    return {
+      usageLimited: false
+    };
+  }
+  const {
+    apiKeyMeta,
+    accountMeta
+  } = authzResult;
+  const {
+    limits,
+    usage
+  } = apiKeyMeta || accountMeta || {};
+  const {
+    serviceScope
+  } = serviceConfig;
+  if (!usage || !(serviceScope in usage) || !limits || !(serviceScope in limits)) {
+    // No usage limit is provided. Assume the request is not limited.
+    return {
+      usageLimited: false
+    };
+  }
+  if (serviceScope === "storage" && (usage.storage?.sumFileSizeBytes ?? 0) > (limits.storage ?? 0)) {
+    return {
+      usageLimited: true,
+      status: 403,
+      errorMessage: `You've used all of your total usage credits for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+      errorCode: "PAYMENT_METHOD_REQUIRED"
+    };
+  }
+  if (serviceScope === "embeddedWallets" && (usage.embeddedWallets?.countWalletAddresses ?? 0) > (limits.embeddedWallets ?? 0)) {
+    return {
+      usageLimited: true,
+      status: 403,
+      errorMessage: `You've used all of your total usage credits for Embedded Wallets. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+      errorCode: "PAYMENT_METHOD_REQUIRED"
+    };
+  }
+  return {
+    usageLimited: false
+  };
+}
+export { authorize as a, rateLimit as r, usageLimit as u };