@transmitsecurity/platform-web-sdk 1.18.2 → 2.0.0

package/dist/web-sdk.d.ts

@@ -1,3 +1,389 @@
+type AgentCreate<T> = T extends new (...any: any) => Agent ? InstanceType<T> : T extends Function ? OmitThisParameter<T> : T extends {} ? BoundMethods<T> : T;
+type BoundMethods<T> = {
+    [key in keyof T]: OmitThisParameter<AgentCreate<T[key]>>;
+};
+declare class Agent {
+    slug: string;
+    constructor(slug: string);
+    static create<T extends object>(method: (agent: Agent) => T): new (slug: string) => Agent & BoundMethods<T>;
+}
+
+interface eventNameToDataParam {
+    [eventName: string]: unknown;
+}
+type eventKnownName = keyof eventNameToDataParam;
+type callback<T> = (eventData: T) => void;
+declare function on<T extends eventKnownName>(eventName: T, method: callback<eventNameToDataParam[T]>): void;
+declare function off<T extends eventKnownName>(eventName: T, method: callback<eventNameToDataParam[T]>): void;
+declare function emit<T extends eventKnownName>(eventName: T, eventData: eventNameToDataParam[T]): void;
+
+declare module './events' {
+    interface eventNameToDataParam {
+        [MODULE_INITIALIZED]: undefined;
+    }
+}
+declare const MODULE_INITIALIZED: unique symbol;
+
+declare const events_MODULE_INITIALIZED: typeof MODULE_INITIALIZED;
+declare const events_emit: typeof emit;
+type events_eventNameToDataParam = eventNameToDataParam;
+declare const events_off: typeof off;
+declare const events_on: typeof on;
+declare namespace events {
+  export {
+    events_MODULE_INITIALIZED as MODULE_INITIALIZED,
+    events_emit as emit,
+    events_eventNameToDataParam as eventNameToDataParam,
+    events_off as off,
+    events_on as on,
+  };
+}
+
+interface initConfigParams {
+    clientId: string;
+}
+declare let initConfig: initConfigParams | null;
+declare function getInitConfig(): initConfigParams | null;
+declare function setInitConfig(config: initConfigParams): void;
+
+declare const moduleMetadata_getInitConfig: typeof getInitConfig;
+declare const moduleMetadata_initConfig: typeof initConfig;
+type moduleMetadata_initConfigParams = initConfigParams;
+declare const moduleMetadata_setInitConfig: typeof setInitConfig;
+declare namespace moduleMetadata {
+  export {
+    moduleMetadata_getInitConfig as getInitConfig,
+    moduleMetadata_initConfig as initConfig,
+    moduleMetadata_initConfigParams as initConfigParams,
+    moduleMetadata_setInitConfig as setInitConfig,
+  };
+}
+
+declare function initialize(params: initConfigParams): void;
+
+type mainEntry_initConfigParams = initConfigParams;
+declare const mainEntry_initialize: typeof initialize;
+declare namespace mainEntry {
+  export {
+    mainEntry_initConfigParams as initConfigParams,
+    mainEntry_initialize as initialize,
+  };
+}
+
+type JsonNode = number | string | boolean | null | undefined | JsonNode[] | {
+    [key: string]: JsonNode;
+};
+
+declare const COMMON_STORAGE_KEY = "tsec";
+declare const GENERAL_ID_KEY = "general";
+type storageKeyOptions = {
+    isGeneral?: boolean;
+    sessionOnly?: boolean;
+};
+/**
+ * Storage module handles local storage and session storgae for multyple modules in
+ * same storage key, with JSON serialization. It stores data in 'tsec' key, as an
+ * object with that structure:
+ * { [moduleSlug]: { [clientId | 'general']: { [key]: value } } }
+ */
+declare function setValue(this: Agent, key: string, value: JsonNode, options?: storageKeyOptions): void;
+declare function removeValue(this: Agent, key: string, options?: storageKeyOptions): void;
+declare function getValue(this: Agent, key: string, options?: storageKeyOptions): JsonNode;
+declare function hasValue(this: Agent, key: string, options?: storageKeyOptions): JsonNode;
+
+declare const storage_COMMON_STORAGE_KEY: typeof COMMON_STORAGE_KEY;
+declare const storage_GENERAL_ID_KEY: typeof GENERAL_ID_KEY;
+declare const storage_getValue: typeof getValue;
+declare const storage_hasValue: typeof hasValue;
+declare const storage_removeValue: typeof removeValue;
+declare const storage_setValue: typeof setValue;
+type storage_storageKeyOptions = storageKeyOptions;
+declare namespace storage {
+  export {
+    storage_COMMON_STORAGE_KEY as COMMON_STORAGE_KEY,
+    storage_GENERAL_ID_KEY as GENERAL_ID_KEY,
+    storage_getValue as getValue,
+    storage_hasValue as hasValue,
+    storage_removeValue as removeValue,
+    storage_setValue as setValue,
+    storage_storageKeyOptions as storageKeyOptions,
+  };
+}
+
+declare const INIT_ROTATION_RESPONSE = "init";
+declare const COMPLETED_ROTATION_RESPONSE = "completed";
+type CryptoBindingPublicData = {
+    publicKey: string;
+    keyIdentifier: string;
+    currentKeyId: string;
+};
+type CryptoBindingRotationPayload = {
+    data: string;
+    signature: string;
+};
+type CryptoBindingOptions = {
+    /** Set to true if you want to scope your crypto-binding keys with your product only (default is false, to use global-platofrm scope) */
+    productScope?: boolean;
+    /** Custom database name, will be affected only if set `productScope` to true */
+    indexedDBName?: string;
+    /** Custom db-versioning, will be be affected only if set `productScope` to true */
+    dbVersion?: number;
+    /** Custom keys-store (table) name, will be affected only if set `productScope` to true */
+    keysStoreName?: string;
+    /** Set to true if product supports key rotation */
+    /** Expiry days - number of days after which the key will expire */
+    /** Started at - timestamp of the day when the rotation was enabled for the product */
+    keyRotation?: {
+        isEnabled: boolean;
+        expiryDays: number;
+        startedAt: number;
+        tenantId: string;
+    };
+    /** @internal
+     *  Warning! This flag shouldn't be used, it was added temporarily for multi-tenant support.
+     *
+     *  Internal flag used when the Product SDK instance has its own client ID separate from the Platform SDK root-level client ID */
+    fallbackClientId?: string;
+};
+/**
+ * @param keysType - the purpose of the keys, will use different key generator
+ * @param options - typeof CryptoBindingOptions
+ */
+declare class CryptoBinding {
+    agent: Agent;
+    private keysType;
+    private options?;
+    private indexedDBClient;
+    private indexedDBClientFallback;
+    private keysDatabaseName;
+    private keysStoreName;
+    private dbVersion;
+    private publicKeyBase64;
+    private keyIdentifier;
+    private currentKeyId;
+    private _extractingKeysPromise;
+    constructor(agent: Agent, keysType?: 'encrypt' | 'sign', options?: CryptoBindingOptions);
+    private getClientConfiguration;
+    private getKeysRecordKey;
+    private getRotatedKeysRecordKey;
+    private getRotatedKeysRecordKeyPending;
+    private arrayBufferToBase64;
+    private getPKRepresentations;
+    private generateKeyPair;
+    private calcKeyIdentifier;
+    private extractKeysData;
+    private generateKeyPairData;
+    private shouldKeyBeRotated;
+    private extractMainKeysData;
+    private extractFallbackMainKeysData;
+    private extractRotatedKeysData;
+    private extractPendingRotatedKeysData;
+    private saveKeyData;
+    private getKeysData;
+    private getOrCreateRotatedKeys;
+    private getRotatedKeysData;
+    getPublicData(): Promise<CryptoBindingPublicData>;
+    sign(message: string): Promise<string>;
+    clearKeys(): Promise<void>;
+    private getBaseRotationPayload;
+    getRotationData(): Promise<CryptoBindingRotationPayload | undefined>;
+    private signPayload;
+    handleRotateResponse(response: string): Promise<void>;
+}
+declare function createCryptoBinding(this: Agent, keysType?: 'encrypt' | 'sign', options?: CryptoBindingOptions): CryptoBinding;
+
+declare const generateRSAKeyPair: () => Promise<CryptoKey | CryptoKeyPair>;
+declare const generateRSASignKeyPair: () => Promise<CryptoKey | CryptoKeyPair>;
+declare const signAssymetric: (privateKey: CryptoKey, message: string) => Promise<ArrayBuffer>;
+declare const verifyAssymetric: (publicKey: CryptoKey, message: string, signature: ArrayBuffer) => Promise<boolean>;
+
+declare const crypto_COMPLETED_ROTATION_RESPONSE: typeof COMPLETED_ROTATION_RESPONSE;
+type crypto_CryptoBindingOptions = CryptoBindingOptions;
+type crypto_CryptoBindingPublicData = CryptoBindingPublicData;
+declare const crypto_INIT_ROTATION_RESPONSE: typeof INIT_ROTATION_RESPONSE;
+declare const crypto_createCryptoBinding: typeof createCryptoBinding;
+declare const crypto_generateRSAKeyPair: typeof generateRSAKeyPair;
+declare const crypto_generateRSASignKeyPair: typeof generateRSASignKeyPair;
+declare const crypto_signAssymetric: typeof signAssymetric;
+declare const crypto_verifyAssymetric: typeof verifyAssymetric;
+declare namespace crypto {
+  export {
+    crypto_COMPLETED_ROTATION_RESPONSE as COMPLETED_ROTATION_RESPONSE,
+    crypto_CryptoBindingOptions as CryptoBindingOptions,
+    crypto_CryptoBindingPublicData as CryptoBindingPublicData,
+    crypto_INIT_ROTATION_RESPONSE as INIT_ROTATION_RESPONSE,
+    crypto_createCryptoBinding as createCryptoBinding,
+    crypto_generateRSAKeyPair as generateRSAKeyPair,
+    crypto_generateRSASignKeyPair as generateRSASignKeyPair,
+    crypto_signAssymetric as signAssymetric,
+    crypto_verifyAssymetric as verifyAssymetric,
+  };
+}
+
+type QueryObjectStoreOptions = {
+    operation?: 'read' | 'readwrite';
+    attemptToRecoverDB?: boolean;
+};
+type TransactionOperation = {
+    type: 'put';
+    key: string;
+    value: any;
+} | {
+    type: 'delete';
+    key: string;
+};
+
+type indexedDB_QueryObjectStoreOptions = QueryObjectStoreOptions;
+type indexedDB_TransactionOperation = TransactionOperation;
+declare namespace indexedDB {
+  export {
+    indexedDB_QueryObjectStoreOptions as QueryObjectStoreOptions,
+    indexedDB_TransactionOperation as TransactionOperation,
+  };
+}
+
+type LogSeverity = 1 | 2 | 3 | 4 | 5 | 6;
+interface LogRow {
+    timestamp: number;
+    severity: LogSeverity;
+    message: string;
+    module: string;
+    fields: object;
+}
+type Middleware = (instance: SdkLogger) => void;
+declare class SdkLogger {
+    agent: Agent;
+    middlewares: Middleware[];
+    logs: LogRow[];
+    constructor(agent: Agent, middlewares?: Middleware[]);
+    info(message: string, fields?: object): void;
+    warn(message: string, fields?: object): void;
+    error(message: string, fields?: object): void;
+    private pushLog;
+}
+
+declare function createSdkLogger(this: Agent, middlewares?: Middleware[]): SdkLogger;
+
+declare function consoleMiddleware(logger: SdkLogger): void;
+
+type logger_SdkLogger = SdkLogger;
+declare const logger_SdkLogger: typeof SdkLogger;
+declare const logger_consoleMiddleware: typeof consoleMiddleware;
+declare const logger_createSdkLogger: typeof createSdkLogger;
+declare namespace logger {
+  export {
+    logger_SdkLogger as SdkLogger,
+    logger_consoleMiddleware as consoleMiddleware,
+    logger_createSdkLogger as createSdkLogger,
+  };
+}
+
+type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE';
+type RequestBody = object;
+type HttpResponse<T> = Response & {
+    data: T;
+};
+type ResponseError = {
+    message: string;
+};
+declare function init(method: HttpMethod, body?: RequestBody, headers?: HeadersInit): RequestInit;
+/**
+ * constructs a `GET` request
+ * @param path API path
+ * @param params request parameters
+ * @returns a promise of the response body if successful and throw an error if failed
+ */
+declare function httpGet<T>(path: string, params?: URLSearchParams, headers?: HeadersInit): Promise<HttpResponse<T>>;
+/**
+ * constructs a `POST` request
+ * @param path API path
+ * @param data content of the request
+ * @param params request parameters
+ * @returns a promise of the response body if successful and throw an error if failed
+ */
+declare function httpPost<T>(path: string, data: RequestBody, params?: URLSearchParams, headers?: HeadersInit): Promise<HttpResponse<T>>;
+/**
+ * constructs a `PUT` request
+ * @param path API path
+ * @param data content of the request
+ * @param params request parameters
+ * @returns a promise of the response body if successful and throw an error if failed
+ */
+declare function httpPut<T>(path: string, data: RequestBody, params?: URLSearchParams, headers?: HeadersInit): Promise<HttpResponse<T>>;
+/**
+ * constructs a `DELETE` request
+ * @param path API path
+ * @param body content of the request
+ * @param params request parameters
+ * @returns a promise of the response body if successful and throw an error if failed
+ */
+declare function httpDelete<T>(path: string, headers?: HeadersInit): Promise<HttpResponse<T>>;
+
+type http_HttpMethod = HttpMethod;
+type http_HttpResponse<T> = HttpResponse<T>;
+type http_RequestBody = RequestBody;
+type http_ResponseError = ResponseError;
+declare const http_httpDelete: typeof httpDelete;
+declare const http_httpGet: typeof httpGet;
+declare const http_httpPost: typeof httpPost;
+declare const http_httpPut: typeof httpPut;
+declare const http_init: typeof init;
+declare namespace http {
+  export {
+    http_HttpMethod as HttpMethod,
+    http_HttpResponse as HttpResponse,
+    http_RequestBody as RequestBody,
+    http_ResponseError as ResponseError,
+    http_httpDelete as httpDelete,
+    http_httpGet as httpGet,
+    http_httpPost as httpPost,
+    http_httpPut as httpPut,
+    http_init as init,
+  };
+}
+
+declare const _default$1: new (slug: string) => Agent & BoundMethods<{
+    events: typeof events;
+    moduleMetadata: typeof moduleMetadata;
+    mainEntry: typeof mainEntry;
+    utils: new (slug: string) => Agent & BoundMethods<{
+        Agent: typeof Agent;
+        exceptions: new (slug: string) => Agent & BoundMethods<{
+            TsError: {
+                new (errorCode: string, message: string): {
+                    name: string;
+                    message: string;
+                    stack?: string;
+                };
+                captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+                prepareStackTrace?: (err: Error, stackTraces: NodeJS.CallSite[]) => any;
+                stackTraceLimit: number;
+            };
+            TsInternalError: {
+                new (errorCode: string): {
+                    name: string;
+                    message: string;
+                    stack?: string;
+                };
+                captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+                prepareStackTrace?: (err: Error, stackTraces: NodeJS.CallSite[]) => any;
+                stackTraceLimit: number;
+            };
+        }>;
+    }>;
+    storage: typeof storage;
+    crypto: typeof crypto;
+    indexedDB: typeof indexedDB;
+    logger: typeof logger;
+    http: typeof http;
+}>;
+
+declare namespace index_d$3 {
+  export {
+    _default$1 as default,
+  };
+}
+
 declare enum RecommendationType {
     ALLOW = "ALLOW",
     CHALLENGE = "CHALLENGE",
@@ -13,36 +399,27 @@ type EventResponse = {
 type Recommendation = {
     type: RecommendationType;
 };
+type LightweightPayload = {
+    clientId: string;
+    deviceId: string;
+    userId: string | null;
+    sdkPlatform: 'mobile_web' | 'desktop_web';
+    events: Array<Record<string, unknown>>;
+};
 
 interface ActionResponse {
-    /** The token return by the SDK when the action was reported */
     actionToken?: string;
 }
 interface InitOptions {
-    /** Opaque identifier of the user in your system */
     userId?: string;
 }
-/**
- * Initial parameters for SDK
- */
 interface ConstructorOptions {
-    /** Print logs to console */
     verbose?: boolean;
-    /** Your server URL
-     *
-     * Default value is https://collect.riskid.security */
-    serverPath?: string;
-    /** Enable session token fetching
-     *
-     * Default value is false */
+    serverPath: string;
     enableSessionToken?: boolean;
-    /** First party server url for the identifiers migration
-     *
-     * Default value is undefined */
     firstPartyMigrationUrl?: string;
-    /** @internal
-     * Internal flag indicating this web_sdk instance has its own clientId separate from the Platform SDK root-level clientId */
     hasOwnClientId?: boolean;
+    tier?: 'standard' | 'lightweight';
 }
 interface TransactionData {
     amount: number;
@@ -63,27 +440,12 @@ interface TransactionData {
     };
 }
 interface ActionEventOptions {
-    /** Any ID that could help relate the action with external context or session */
     correlationId?: string;
-    /** User ID of the not yet authenticated user, used to enhance risk and
-     * trust assessments. Once the user is authenticated,
-     * {@link TSAccountProtection.setAuthenticatedUser} should be called. */
     claimedUserId?: string;
-    /**
-     * The reported claimedUserId type (if provided), should not contain PII unless it is hashed.
-     * Supported values: email, phone_number, account_id, ssn, national_id, passport_number, drivers_license_number, other.
-     */
     claimedUserIdType?: string;
-    /**
-     * A transaction data-points object for transaction-monitoring
-     */
     transactionData?: TransactionData;
-    /**
-     * Custom attributes matching the schema previously defined in the Admin Portal
-     */
     customAttributes?: Record<string, string | number | boolean>;
     /**
-     * The fields below are supported for Enterprise-IAM sdk usage actions, added `ignore` for avoiding preseting this attribute in the docs
      * @ignore
      */
     publicKey?: string;
@@ -120,6 +482,7 @@ declare class TSAccountProtection {
     private identifiersMigrationEnabled;
     private firstPartyMigrationUrl;
     private hasOwnClientId;
+    private tier;
     private validationManager;
     private storageManager;
     private eventsManager;
@@ -132,62 +495,34 @@ declare class TSAccountProtection {
     private logsReporter;
     private options;
     private clientId;
-    /**
-     *
-     Creates a new Account Protection SDK instance with your client context
-     @param clientId Your AccountProtection client identifier
-     @param options SDK configuration options
-     */
-    constructor(clientId: string, options?: ConstructorOptions);
+    constructor(clientId: string, options: ConstructorOptions);
     /** @ignore */
     constructor(serverPath: string, clientId: string);
     private generateDisabledToken;
     /**
      * @ignore
-     * @returns List of loaded actions that can be invoked
      */
     get actions(): string[];
     /** @ignore */
     getActions(): Promise<string[]>;
     getSessionToken(): Promise<any>;
-    /**
-     * Initializes the AccountProtection SDK, which starts automatically tracking and submitting info of the user journey
-     * @param options Init options
-     * @returns Indicates if the call succeeded
-     */
+    getPayload(): Promise<LightweightPayload>;
+    clearQueue(): void;
     init(options?: InitOptions | string): Promise<boolean>;
     private isInitialized;
-    /**
-     * Reports a user action event to the SDK
-     * @param actionType Type of user action event that was predefined in the Transmit Security server
-     * @returns Indicates if the call succeeded
-     */
     triggerActionEvent(actionType: string, options?: ActionEventOptions): Promise<ActionResponse>;
     /**
      * @ignore
      */
     identifyUser(userId: string): Promise<boolean>;
     private updateUserId;
+    setAuthenticatedUser(userId: string, options?: {}): Promise<boolean>;
+    clearUser(options?: {}): Promise<boolean>;
     /**
      * @ignore
      */
     unidentifiedUser(): Promise<boolean>;
-    /**
-     * Sets the user context for all subsequent events in the browser session (or until the user is explicitly cleared)
-     * It should be set only after you've fully authenticated the user (including, for example, any 2FA that was required)
-     * @param userId Opaque identifier of the user in your system
-     * @param options Reserved for future use
-     * @returns Indicates if the call succeeded
-     */
-    setAuthenticatedUser(userId: string, options?: {}): Promise<boolean>;
-    /** @ignore */
-    setUser(userId: string, _options?: {}): Promise<boolean>;
-    /**
-     * Clears the user context for all subsequent events in the browser session
-     * @param options Reserved for future use
-     * @returns Indicates if the call succeeded
-     */
-    clearUser(options?: {}): Promise<boolean>;
+    getSecureSessionToken(actionType?: string | null, expirationSeconds?: number): Promise<string>;
 }
 
 declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
@@ -205,8 +540,6 @@ declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-me
  * @returns Indicates if the call succeeded
  */
 declare const triggerActionEvent: TSAccountProtection['triggerActionEvent'];
-/** @ignore */
-declare const setUser: TSAccountProtection['setUser'];
 /**
  * Sets the user context for all subsequent events in the browser session (or until the user is explicitly cleared)
  * It should be set only after you've fully authenticated the user (including, for example, any 2FA that was required)
@@ -222,13 +555,18 @@ declare const setAuthenticatedUser: TSAccountProtection['setAuthenticatedUser'];
  */
 declare const clearUser: TSAccountProtection['clearUser'];
 /** @ignore */
-declare const identifyUser: TSAccountProtection['identifyUser'];
-/** @ignore */
-declare const unidentifiedUser: TSAccountProtection['unidentifiedUser'];
-/** @ignore */
 declare const getActions: TSAccountProtection['getActions'];
 /** @ignore */
 declare const getSessionToken: TSAccountProtection['getSessionToken'];
+/**
+ * Gets a secure session token that is signed with the device's private key
+ * @param actionType Optional action type to include in the token payload (default: null)
+ * @param expirationSeconds Optional expiration time in seconds (default: 300 seconds / 5 minutes)
+ * @returns A JWT-like token containing the backend session token and device information, signed with the device's private key
+ */
+declare const getSecureSessionToken: TSAccountProtection['getSecureSessionToken'];
+/** @ignore */
+declare const getPayload: TSAccountProtection['getPayload'];
 /** @ignore */
 declare const __internal: {
     getDeviceId(): string;
@@ -238,28 +576,28 @@ declare const __internal: {
 
 type webSdkModule_d_ActionEventOptions = ActionEventOptions;
 type webSdkModule_d_ActionResponse = ActionResponse;
+type webSdkModule_d_LightweightPayload = LightweightPayload;
 declare const webSdkModule_d___internal: typeof __internal;
 declare const webSdkModule_d_clearUser: typeof clearUser;
 declare const webSdkModule_d_getActions: typeof getActions;
+declare const webSdkModule_d_getPayload: typeof getPayload;
+declare const webSdkModule_d_getSecureSessionToken: typeof getSecureSessionToken;
 declare const webSdkModule_d_getSessionToken: typeof getSessionToken;
-declare const webSdkModule_d_identifyUser: typeof identifyUser;
 declare const webSdkModule_d_setAuthenticatedUser: typeof setAuthenticatedUser;
-declare const webSdkModule_d_setUser: typeof setUser;
 declare const webSdkModule_d_triggerActionEvent: typeof triggerActionEvent;
-declare const webSdkModule_d_unidentifiedUser: typeof unidentifiedUser;
 declare namespace webSdkModule_d {
   export {
     webSdkModule_d_ActionEventOptions as ActionEventOptions,
     webSdkModule_d_ActionResponse as ActionResponse,
+    webSdkModule_d_LightweightPayload as LightweightPayload,
     webSdkModule_d___internal as __internal,
     webSdkModule_d_clearUser as clearUser,
     webSdkModule_d_getActions as getActions,
+    webSdkModule_d_getPayload as getPayload,
+    webSdkModule_d_getSecureSessionToken as getSecureSessionToken,
     webSdkModule_d_getSessionToken as getSessionToken,
-    webSdkModule_d_identifyUser as identifyUser,
     webSdkModule_d_setAuthenticatedUser as setAuthenticatedUser,
-    webSdkModule_d_setUser as setUser,
     webSdkModule_d_triggerActionEvent as triggerActionEvent,
-    webSdkModule_d_unidentifiedUser as unidentifiedUser,
   };
 }
 
@@ -322,16 +660,16 @@ declare function recapture(): Promise<boolean>;
 declare function restart(): Promise<boolean>;
 declare const version: () => string;
 
-declare const index_d$1_recapture: typeof recapture;
-declare const index_d$1_restart: typeof restart;
-declare const index_d$1_start: typeof start;
-declare const index_d$1_version: typeof version;
-declare namespace index_d$1 {
+declare const index_d$2_recapture: typeof recapture;
+declare const index_d$2_restart: typeof restart;
+declare const index_d$2_start: typeof start;
+declare const index_d$2_version: typeof version;
+declare namespace index_d$2 {
   export {
-    index_d$1_recapture as recapture,
-    index_d$1_restart as restart,
-    index_d$1_start as start,
-    index_d$1_version as version,
+    index_d$2_recapture as recapture,
+    index_d$2_restart as restart,
+    index_d$2_start as start,
+    index_d$2_version as version,
   };
 }
 
@@ -573,7 +911,10 @@ interface WebauthnCrossDeviceFlows {
      * @throws {@link ErrorCode.RegistrationFailed}
      * @throws {@link ErrorCode.RegistrationCanceled}
      */
-    register: (crossDeviceTicketId: string, options?: WebauthnCrossDeviceRegistrationOptions) => Promise<string>;
+    register: (params: {
+        crossDeviceTicketId: string;
+        options?: WebauthnCrossDeviceRegistrationOptions;
+    }) => Promise<string>;
     /**
      * Indicates when a session is accepted on another device in cross-device flows.
      *
@@ -685,14 +1026,17 @@ interface AutofillHandlers {
      * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials using autofill, and then prompting the user for biometrics. In order to prompt this credentials list, the autocomplete="username webauthn" attribute **must** be defined on the username input box of the authentication page.<br/>
      * If authentication is completed successfully, the `onSuccess` callback will be triggered with the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
      * If it fails, the `onError` callback will be triggered with an SdkError.
+     * @param params.handlers - Handlers that will be invoked once the authentication is completed (success or failure)
+     * @param params.username - Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
      * @throws {@link ErrorCode.NotInitialized}
      * @throws {@link ErrorCode.AuthenticationFailed}
      * @throws {@link ErrorCode.AuthenticationCanceled}
      * @throws {@link ErrorCode.AutofillAuthenticationAborted}
-     * @param handlers Handlers that will be invoked once the authentication is completed (success or failure)
-     * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
      */
-    activate(handlers: AuthenticationAutofillActivateHandlers, username?: string): void;
+    activate(params: {
+        handlers: AuthenticationAutofillActivateHandlers;
+        username?: string;
+    }): void;
     /**
      * Aborts a WebAuthn authentication. This method should be called after the passkey autofill is dismissed in order to be able to query existing passkeys once again. This will end the browser's  `navigator.credentials.get()` operation.
      */
@@ -708,20 +1052,29 @@ interface WebauthnAuthenticationOptions {
 
 interface WebauthnAuthenticationFlows {
     /**
-       * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
-       * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
-       * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-  
-       * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
-       * @param options {@link WebauthnAuthenticationOptions} Options for the authentication process
-       * @throws {@link ErrorCode.NotInitialized}
-       * @throws {@link ErrorCode.AuthenticationFailed}
-       * @throws {@link ErrorCode.AuthenticationCanceled}
-       * @throws {@link ErrorCode.InvalidApprovalData}
-       * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
-       * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
-       */
-    modal(username?: string, options?: WebauthnAuthenticationOptions): Promise<string>;
+     * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+     * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+     * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+     *
+     * @param params.username - Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
+     * @param params.options - Options for the authentication process
+     * @param params.identifier - Identifier value (email, phone number, user ID, or custom identifier). Mutually exclusive with username.
+     * @param params.identifierType - Type of identifier (email, phone_number, user_id, username, or custom identifier type). Required when using identifier.
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.AuthenticationFailed}
+     * @throws {@link ErrorCode.AuthenticationCanceled}
+     * @throws {@link ErrorCode.InvalidApprovalData}
+     * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
+     * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+     */
+    modal(params: {
+        username?: string;
+        options?: WebauthnAuthenticationOptions;
+    } | {
+        identifier?: string;
+        identifierType?: string;
+        options?: WebauthnAuthenticationOptions;
+    }): Promise<string>;
     /**
      * Property used to implement credential selection via autofill UI.
      */
@@ -733,8 +1086,8 @@ interface WebauthnApprovalFlows {
      * Invokes a WebAuthn approval, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
      * This call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
      * If approval is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-     * @param username Name of user account, as used in the WebAuthn registration.
-     * @param approvalData Data that represents the approval to be signed with a passkey
+     * @param params.username Name of user account, as used in the WebAuthn registration.
+     * @param params.approvalData Data that represents the approval to be signed with a passkey
      * @throws {@link ErrorCode.NotInitialized}
      * @throws {@link ErrorCode.InvalidApprovalData}
      * @throws {@link ErrorCode.AuthenticationFailed}
@@ -742,7 +1095,10 @@ interface WebauthnApprovalFlows {
      * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
      * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
      */
-    modal(username: string | undefined, approvalData: Record<string, string>): Promise<string>;
+    modal(params: {
+        username: string | undefined;
+        approvalData: Record<string, string>;
+    }): Promise<string>;
 }
 
 declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
@@ -761,13 +1117,16 @@ declare const approve: WebauthnApprovalFlows;
  *
  * If registration fails, an SdkError will be thrown.
  *
- * @param username WebAuthn username to register
- * @param options Additional configuration for registration flow
+ * @param params.username - WebAuthn username to register
+ * @param params.options - Additional configuration for registration flow
  * @throws {@link ErrorCode.NotInitialized}
  * @throws {@link ErrorCode.RegistrationFailed}
  * @throws {@link ErrorCode.RegistrationCanceled}
  */
-declare function register(username: string, options?: WebauthnRegistrationOptions): Promise<string>;
+declare function register(params: {
+    username: string;
+    options?: WebauthnRegistrationOptions;
+}): Promise<string>;
 /**
  * Returns webauthn cross device flows
  * @type WebauthnCrossDeviceFlows
@@ -786,56 +1145,56 @@ declare const isAutofillSupported: () => Promise<boolean>;
  */
 declare const getDefaultPaths: () => WebauthnApis;
 
-type index_d_ApiCrossDeviceStatusResponse = ApiCrossDeviceStatusResponse;
-type index_d_AttachDeviceResult = AttachDeviceResult;
-type index_d_AuthenticationAutofillActivateHandlers = AuthenticationAutofillActivateHandlers;
-type index_d_AutofillHandlers = AutofillHandlers;
-type index_d_CrossDeviceAuthenticationHandlers = CrossDeviceAuthenticationHandlers;
-type index_d_CrossDeviceController = CrossDeviceController;
-type index_d_CrossDeviceRegistrationHandlers = CrossDeviceRegistrationHandlers;
-type index_d_SdkError = SdkError;
-type index_d_WebauthnApis = WebauthnApis;
-type index_d_WebauthnApprovalFlows = WebauthnApprovalFlows;
-type index_d_WebauthnAuthenticationFlows = WebauthnAuthenticationFlows;
-type index_d_WebauthnAuthenticationOptions = WebauthnAuthenticationOptions;
-type index_d_WebauthnCrossDeviceFlows = WebauthnCrossDeviceFlows;
-type index_d_WebauthnCrossDeviceRegistrationOptions = WebauthnCrossDeviceRegistrationOptions;
-type index_d_WebauthnCrossDeviceStatus = WebauthnCrossDeviceStatus;
-declare const index_d_WebauthnCrossDeviceStatus: typeof WebauthnCrossDeviceStatus;
-type index_d_WebauthnRegistrationOptions = WebauthnRegistrationOptions;
-declare const index_d_approve: typeof approve;
-declare const index_d_authenticate: typeof authenticate;
-declare const index_d_crossDevice: typeof crossDevice;
-declare const index_d_getDefaultPaths: typeof getDefaultPaths;
-declare const index_d_isAutofillSupported: typeof isAutofillSupported;
-declare const index_d_isPlatformAuthenticatorSupported: typeof isPlatformAuthenticatorSupported;
-declare const index_d_register: typeof register;
-declare namespace index_d {
+type index_d$1_ApiCrossDeviceStatusResponse = ApiCrossDeviceStatusResponse;
+type index_d$1_AttachDeviceResult = AttachDeviceResult;
+type index_d$1_AuthenticationAutofillActivateHandlers = AuthenticationAutofillActivateHandlers;
+type index_d$1_AutofillHandlers = AutofillHandlers;
+type index_d$1_CrossDeviceAuthenticationHandlers = CrossDeviceAuthenticationHandlers;
+type index_d$1_CrossDeviceController = CrossDeviceController;
+type index_d$1_CrossDeviceRegistrationHandlers = CrossDeviceRegistrationHandlers;
+type index_d$1_SdkError = SdkError;
+type index_d$1_WebauthnApis = WebauthnApis;
+type index_d$1_WebauthnApprovalFlows = WebauthnApprovalFlows;
+type index_d$1_WebauthnAuthenticationFlows = WebauthnAuthenticationFlows;
+type index_d$1_WebauthnAuthenticationOptions = WebauthnAuthenticationOptions;
+type index_d$1_WebauthnCrossDeviceFlows = WebauthnCrossDeviceFlows;
+type index_d$1_WebauthnCrossDeviceRegistrationOptions = WebauthnCrossDeviceRegistrationOptions;
+type index_d$1_WebauthnCrossDeviceStatus = WebauthnCrossDeviceStatus;
+declare const index_d$1_WebauthnCrossDeviceStatus: typeof WebauthnCrossDeviceStatus;
+type index_d$1_WebauthnRegistrationOptions = WebauthnRegistrationOptions;
+declare const index_d$1_approve: typeof approve;
+declare const index_d$1_authenticate: typeof authenticate;
+declare const index_d$1_crossDevice: typeof crossDevice;
+declare const index_d$1_getDefaultPaths: typeof getDefaultPaths;
+declare const index_d$1_isAutofillSupported: typeof isAutofillSupported;
+declare const index_d$1_isPlatformAuthenticatorSupported: typeof isPlatformAuthenticatorSupported;
+declare const index_d$1_register: typeof register;
+declare namespace index_d$1 {
   export {
-    index_d_ApiCrossDeviceStatusResponse as ApiCrossDeviceStatusResponse,
-    index_d_AttachDeviceResult as AttachDeviceResult,
-    index_d_AuthenticationAutofillActivateHandlers as AuthenticationAutofillActivateHandlers,
-    index_d_AutofillHandlers as AutofillHandlers,
-    index_d_CrossDeviceAuthenticationHandlers as CrossDeviceAuthenticationHandlers,
-    index_d_CrossDeviceController as CrossDeviceController,
-    index_d_CrossDeviceRegistrationHandlers as CrossDeviceRegistrationHandlers,
+    index_d$1_ApiCrossDeviceStatusResponse as ApiCrossDeviceStatusResponse,
+    index_d$1_AttachDeviceResult as AttachDeviceResult,
+    index_d$1_AuthenticationAutofillActivateHandlers as AuthenticationAutofillActivateHandlers,
+    index_d$1_AutofillHandlers as AutofillHandlers,
+    index_d$1_CrossDeviceAuthenticationHandlers as CrossDeviceAuthenticationHandlers,
+    index_d$1_CrossDeviceController as CrossDeviceController,
+    index_d$1_CrossDeviceRegistrationHandlers as CrossDeviceRegistrationHandlers,
     ErrorCode$1 as ErrorCode,
-    index_d_SdkError as SdkError,
-    index_d_WebauthnApis as WebauthnApis,
-    index_d_WebauthnApprovalFlows as WebauthnApprovalFlows,
-    index_d_WebauthnAuthenticationFlows as WebauthnAuthenticationFlows,
-    index_d_WebauthnAuthenticationOptions as WebauthnAuthenticationOptions,
-    index_d_WebauthnCrossDeviceFlows as WebauthnCrossDeviceFlows,
-    index_d_WebauthnCrossDeviceRegistrationOptions as WebauthnCrossDeviceRegistrationOptions,
-    index_d_WebauthnCrossDeviceStatus as WebauthnCrossDeviceStatus,
-    index_d_WebauthnRegistrationOptions as WebauthnRegistrationOptions,
-    index_d_approve as approve,
-    index_d_authenticate as authenticate,
-    index_d_crossDevice as crossDevice,
-    index_d_getDefaultPaths as getDefaultPaths,
-    index_d_isAutofillSupported as isAutofillSupported,
-    index_d_isPlatformAuthenticatorSupported as isPlatformAuthenticatorSupported,
-    index_d_register as register,
+    index_d$1_SdkError as SdkError,
+    index_d$1_WebauthnApis as WebauthnApis,
+    index_d$1_WebauthnApprovalFlows as WebauthnApprovalFlows,
+    index_d$1_WebauthnAuthenticationFlows as WebauthnAuthenticationFlows,
+    index_d$1_WebauthnAuthenticationOptions as WebauthnAuthenticationOptions,
+    index_d$1_WebauthnCrossDeviceFlows as WebauthnCrossDeviceFlows,
+    index_d$1_WebauthnCrossDeviceRegistrationOptions as WebauthnCrossDeviceRegistrationOptions,
+    index_d$1_WebauthnCrossDeviceStatus as WebauthnCrossDeviceStatus,
+    index_d$1_WebauthnRegistrationOptions as WebauthnRegistrationOptions,
+    index_d$1_approve as approve,
+    index_d$1_authenticate as authenticate,
+    index_d$1_crossDevice as crossDevice,
+    index_d$1_getDefaultPaths as getDefaultPaths,
+    index_d$1_isAutofillSupported as isAutofillSupported,
+    index_d$1_isPlatformAuthenticatorSupported as isPlatformAuthenticatorSupported,
+    index_d$1_register as register,
   };
 }
 
@@ -868,6 +1227,12 @@ interface IdoInitOptions {
      * The expected locale format is the standard language tags as defined by the localization RFC 5646 (https://datatracker.ietf.org/doc/html/rfc5646).
      */
     locale?: string;
+    /**
+     * When true, the SDK will collect queued device events and send them back to the server.
+     * This flag is mandatory for collecting data for the Risk Level Analysis step.
+     * @default false
+     */
+    collectRiskData?: boolean;
 }
 /**
  * @interface
@@ -1786,13 +2151,57 @@ declare module "@transmit-security/web-sdk-common/dist/module-metadata/module-me
         ido?: IdoInitOptions;
     }
 }
-declare const instance: IdoSdk;
 
-interface initConfigParams {
-    clientId: string;
-}
+declare const startJourney: IdoSdk['startJourney'];
+declare const startSsoJourney: IdoSdk['startSsoJourney'];
+declare const submitClientResponse: IdoSdk['submitClientResponse'];
+declare const serializeState: IdoSdk['serializeState'];
+declare const restoreFromSerializedState: IdoSdk['restoreFromSerializedState'];
+declare const generateDebugPin: IdoSdk['generateDebugPin'];
 
-declare function initialize(params: initConfigParams): void;
+type index_d_ClientResponseOption = ClientResponseOption;
+type index_d_ClientResponseOptionType = ClientResponseOptionType;
+declare const index_d_ClientResponseOptionType: typeof ClientResponseOptionType;
+type index_d_IdoInitOptions = IdoInitOptions;
+type index_d_IdoJourneyActionType = IdoJourneyActionType;
+declare const index_d_IdoJourneyActionType: typeof IdoJourneyActionType;
+type index_d_IdoSdk = IdoSdk;
+type index_d_IdoSdkError = IdoSdkError;
+type index_d_IdoServiceResponse = IdoServiceResponse;
+type index_d_IdoServiceResponseType = IdoServiceResponseType;
+declare const index_d_IdoServiceResponseType: typeof IdoServiceResponseType;
+type index_d_LogLevel = LogLevel;
+declare const index_d_LogLevel: typeof LogLevel;
+type index_d_StartJourneyOptions = StartJourneyOptions;
+type index_d_StartSsoJourneyOptions = StartSsoJourneyOptions;
+declare const index_d_generateDebugPin: typeof generateDebugPin;
+declare const index_d_restoreFromSerializedState: typeof restoreFromSerializedState;
+declare const index_d_serializeState: typeof serializeState;
+declare const index_d_startJourney: typeof startJourney;
+declare const index_d_startSsoJourney: typeof startSsoJourney;
+declare const index_d_submitClientResponse: typeof submitClientResponse;
+declare namespace index_d {
+  export {
+    index_d_ClientResponseOption as ClientResponseOption,
+    index_d_ClientResponseOptionType as ClientResponseOptionType,
+    ErrorCode as IdoErrorCode,
+    index_d_IdoInitOptions as IdoInitOptions,
+    index_d_IdoJourneyActionType as IdoJourneyActionType,
+    index_d_IdoSdk as IdoSdk,
+    index_d_IdoSdkError as IdoSdkError,
+    index_d_IdoServiceResponse as IdoServiceResponse,
+    index_d_IdoServiceResponseType as IdoServiceResponseType,
+    index_d_LogLevel as LogLevel,
+    index_d_StartJourneyOptions as StartJourneyOptions,
+    index_d_StartSsoJourneyOptions as StartSsoJourneyOptions,
+    index_d_generateDebugPin as generateDebugPin,
+    index_d_restoreFromSerializedState as restoreFromSerializedState,
+    index_d_serializeState as serializeState,
+    index_d_startJourney as startJourney,
+    index_d_startSsoJourney as startSsoJourney,
+    index_d_submitClientResponse as submitClientResponse,
+  };
+}
 
 /**
  * Main SDK class for CDN usage (window.tsPlatform)
@@ -1807,6 +2216,6 @@ declare class TSWebSDK {
 }
 declare const _default: TSWebSDK;
 
-declare const PACKAGE_VERSION = "1.18.2";
+declare const PACKAGE_VERSION = "2.0.0";
 
-export { ActionEventOptions, ActionResponse, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceController, ErrorCode$1 as ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnAuthenticationFlows, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions, authenticate, crossDevice, _default as default, webSdkModule_d as drs, getDefaultPaths, instance as ido, index_d$1 as idv, initConfigParams, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, index_d as webauthn };
+export { ActionEventOptions, ActionResponse, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceController, ErrorCode$1 as ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnAuthenticationFlows, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions, authenticate, index_d$3 as common, crossDevice, _default as default, webSdkModule_d as drs, getDefaultPaths, index_d as ido, index_d$2 as idv, initConfigParams, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, index_d$1 as webauthn };