@unkey/api 0.18.0 → 0.19.0

package/dist/index.d.mts

@@ -314,6 +314,17 @@ interface paths {
              * @example false
              */
             enabled?: boolean;
+            /**
+             * @description Environments allow you to divide your keyspace.
+             *
+             * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
+             * give the developer a way to develop their own application without the risk of modifying real world
+             * resources.
+             *
+             * When you set an environment, we will return it back to you when validating the key, so you can
+             * handle it correctly.
+             */
+            environment?: string;
           };
         };
       };
@@ -673,7 +684,7 @@ interface paths {
         };
       };
       responses: {
-        /** @description The configuration for a single key */
+        /** @description Usage numbers over time */
         200: {
           content: {
             "application/json": {
@@ -1029,126 +1040,6 @@ interface paths {
       };
     };
   };
-  "/v1/keys/{keyId}": {
-    put: {
-      parameters: {
-        path: {
-          keyId: string;
-        };
-      };
-      requestBody: {
-        content: {
-          "application/json": {
-            /**
-             * @description The name of the key
-             * @example Customer X
-             */
-            name?: string | null;
-            /**
-             * @description The id of the tenant associated with this key. Use whatever reference you have in your system to identify the tenant. When verifying the key, we will send this field back to you, so you know who is accessing your API.
-             * @example user_123
-             */
-            ownerId?: string | null;
-            /**
-             * @description Any additional metadata you want to store with the key
-             * @example {
-             *   "roles": [
-             *     "admin",
-             *     "user"
-             *   ],
-             *   "stripeCustomerId": "cus_1234"
-             * }
-             */
-            meta?: {
-              [key: string]: unknown;
-            } | null;
-            /**
-             * @description The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.
-             * @example 0
-             */
-            expires?: number | null;
-            /**
-             * @description Unkey comes with per-key ratelimiting out of the box. Set `null` to disable.
-             * @example {
-             *   "type": "fast",
-             *   "limit": 10,
-             *   "refillRate": 1,
-             *   "refillInterval": 60
-             * }
-             */
-            ratelimit?: ({
-              /**
-               * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
-               * @enum {string}
-               */
-              type: "fast" | "consistent";
-              /** @description The total amount of burstable requests. */
-              limit: number;
-              /** @description How many tokens to refill during each refillInterval. */
-              refillRate: number;
-              /** @description Determines the speed at which tokens are refilled, in milliseconds. */
-              refillInterval: number;
-            }) | null;
-            /**
-             * @description The number of requests that can be made with this key before it becomes invalid. Set `null` to disable.
-             * @example 1000
-             */
-            remaining?: number | null;
-          };
-        };
-      };
-      responses: {
-        /** @description The key was successfully updated, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
   "/v1/keys": {
     post: {
       requestBody: {
@@ -1456,331 +1347,6 @@ interface paths {
       };
     };
   };
-  "/v1/keys/:keyId": {
-    delete: {
-      responses: {
-        /** @description The key was successfully revoked, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis": {
-    post: {
-      requestBody: {
-        content: {
-          "application/json": {
-            /**
-             * @description The name for your API. This is not customer facing.
-             * @example my-api
-             */
-            name: string;
-          };
-        };
-      };
-      responses: {
-        /** @description The configuration for an api */
-        200: {
-          content: {
-            "application/json": {
-              /**
-               * @description The id of the api
-               * @example api_134
-               */
-              apiId: string;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis/{apiId}": {
-    get: {
-      parameters: {
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description The configuration for an api */
-        200: {
-          content: {
-            "application/json": {
-              /**
-               * @description The id of the key
-               * @example key_1234
-               */
-              id: string;
-              /**
-               * @description The id of the workspace that owns the api
-               * @example ws_1234
-               */
-              workspaceId: string;
-              /**
-               * @description The name of the api. This is internal and your users will not see this.
-               * @example Unkey - Production
-               */
-              name?: string;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-    delete: {
-      parameters: {
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis/{apiId}/keys": {
-    get: {
-      parameters: {
-        query?: {
-          limit?: number;
-          offset?: number | null;
-          ownerId?: string;
-        };
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description Keys belonging to the api */
-        200: {
-          content: {
-            "application/json": {
-              keys: components["schemas"]["Key"][];
-              /** @description The total number of keys for this api */
-              total: number;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
 }
 
 interface components {
@@ -2167,6 +1733,11 @@ interface components {
        * ]
        */
       permissions?: string[];
+      /**
+       * @description The environment of the key, this is what what you set when you crated the key
+       * @example test
+       */
+      environment?: string;
     };
     V1KeysVerifyKeyRequest: {
       /**
@@ -2369,6 +1940,7 @@ declare function verifyKey(req: string | {
         code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | undefined;
         enabled?: boolean | undefined;
         permissions?: string[] | undefined;
+        environment?: string | undefined;
     };
     error?: undefined;
 }>;

package/dist/index.d.ts

@@ -314,6 +314,17 @@ interface paths {
              * @example false
              */
             enabled?: boolean;
+            /**
+             * @description Environments allow you to divide your keyspace.
+             *
+             * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
+             * give the developer a way to develop their own application without the risk of modifying real world
+             * resources.
+             *
+             * When you set an environment, we will return it back to you when validating the key, so you can
+             * handle it correctly.
+             */
+            environment?: string;
           };
         };
       };
@@ -673,7 +684,7 @@ interface paths {
         };
       };
       responses: {
-        /** @description The configuration for a single key */
+        /** @description Usage numbers over time */
         200: {
           content: {
             "application/json": {
@@ -1029,126 +1040,6 @@ interface paths {
       };
     };
   };
-  "/v1/keys/{keyId}": {
-    put: {
-      parameters: {
-        path: {
-          keyId: string;
-        };
-      };
-      requestBody: {
-        content: {
-          "application/json": {
-            /**
-             * @description The name of the key
-             * @example Customer X
-             */
-            name?: string | null;
-            /**
-             * @description The id of the tenant associated with this key. Use whatever reference you have in your system to identify the tenant. When verifying the key, we will send this field back to you, so you know who is accessing your API.
-             * @example user_123
-             */
-            ownerId?: string | null;
-            /**
-             * @description Any additional metadata you want to store with the key
-             * @example {
-             *   "roles": [
-             *     "admin",
-             *     "user"
-             *   ],
-             *   "stripeCustomerId": "cus_1234"
-             * }
-             */
-            meta?: {
-              [key: string]: unknown;
-            } | null;
-            /**
-             * @description The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.
-             * @example 0
-             */
-            expires?: number | null;
-            /**
-             * @description Unkey comes with per-key ratelimiting out of the box. Set `null` to disable.
-             * @example {
-             *   "type": "fast",
-             *   "limit": 10,
-             *   "refillRate": 1,
-             *   "refillInterval": 60
-             * }
-             */
-            ratelimit?: ({
-              /**
-               * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
-               * @enum {string}
-               */
-              type: "fast" | "consistent";
-              /** @description The total amount of burstable requests. */
-              limit: number;
-              /** @description How many tokens to refill during each refillInterval. */
-              refillRate: number;
-              /** @description Determines the speed at which tokens are refilled, in milliseconds. */
-              refillInterval: number;
-            }) | null;
-            /**
-             * @description The number of requests that can be made with this key before it becomes invalid. Set `null` to disable.
-             * @example 1000
-             */
-            remaining?: number | null;
-          };
-        };
-      };
-      responses: {
-        /** @description The key was successfully updated, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
   "/v1/keys": {
     post: {
       requestBody: {
@@ -1456,331 +1347,6 @@ interface paths {
       };
     };
   };
-  "/v1/keys/:keyId": {
-    delete: {
-      responses: {
-        /** @description The key was successfully revoked, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis": {
-    post: {
-      requestBody: {
-        content: {
-          "application/json": {
-            /**
-             * @description The name for your API. This is not customer facing.
-             * @example my-api
-             */
-            name: string;
-          };
-        };
-      };
-      responses: {
-        /** @description The configuration for an api */
-        200: {
-          content: {
-            "application/json": {
-              /**
-               * @description The id of the api
-               * @example api_134
-               */
-              apiId: string;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis/{apiId}": {
-    get: {
-      parameters: {
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description The configuration for an api */
-        200: {
-          content: {
-            "application/json": {
-              /**
-               * @description The id of the key
-               * @example key_1234
-               */
-              id: string;
-              /**
-               * @description The id of the workspace that owns the api
-               * @example ws_1234
-               */
-              workspaceId: string;
-              /**
-               * @description The name of the api. This is internal and your users will not see this.
-               * @example Unkey - Production
-               */
-              name?: string;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-    delete: {
-      parameters: {
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
-        200: {
-          content: {
-            "application/json": Record<string, never>;
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
-  "/v1/apis/{apiId}/keys": {
-    get: {
-      parameters: {
-        query?: {
-          limit?: number;
-          offset?: number | null;
-          ownerId?: string;
-        };
-        path: {
-          apiId: string;
-        };
-      };
-      responses: {
-        /** @description Keys belonging to the api */
-        200: {
-          content: {
-            "application/json": {
-              keys: components["schemas"]["Key"][];
-              /** @description The total number of keys for this api */
-              total: number;
-            };
-          };
-        };
-        /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
-        400: {
-          content: {
-            "application/json": components["schemas"]["ErrBadRequest"];
-          };
-        };
-        /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrUnauthorized"];
-          };
-        };
-        /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
-        403: {
-          content: {
-            "application/json": components["schemas"]["ErrForbidden"];
-          };
-        };
-        /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
-        404: {
-          content: {
-            "application/json": components["schemas"]["ErrNotFound"];
-          };
-        };
-        /** @description This response is sent when a request conflicts with the current state of the server. */
-        409: {
-          content: {
-            "application/json": components["schemas"]["ErrConflict"];
-          };
-        };
-        /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
-        429: {
-          content: {
-            "application/json": components["schemas"]["ErrTooManyRequests"];
-          };
-        };
-        /** @description The server has encountered a situation it does not know how to handle. */
-        500: {
-          content: {
-            "application/json": components["schemas"]["ErrInternalServerError"];
-          };
-        };
-      };
-    };
-  };
 }
 
 interface components {
@@ -2167,6 +1733,11 @@ interface components {
        * ]
        */
       permissions?: string[];
+      /**
+       * @description The environment of the key, this is what what you set when you crated the key
+       * @example test
+       */
+      environment?: string;
     };
     V1KeysVerifyKeyRequest: {
       /**
@@ -2369,6 +1940,7 @@ declare function verifyKey(req: string | {
         code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | undefined;
         enabled?: boolean | undefined;
         permissions?: string[] | undefined;
+        environment?: string | undefined;
     };
     error?: undefined;
 }>;

package/dist/index.js

@@ -28,7 +28,7 @@ __export(src_exports, {
 module.exports = __toCommonJS(src_exports);
 
 // package.json
-var version = "0.18.0";
+var version = "0.19.0";
 
 // src/telemetry.ts
 function getTelemetry(opts) {

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../package.json","../src/telemetry.ts","../src/client.ts","../src/verify.ts"],"sourcesContent":["export * from \"./client\";\nexport * from \"./verify\";\nexport * from \"./errors\";\nexport { and, or, type Flatten } from \"@unkey/rbac\";\n","{\n  \"name\": \"@unkey/api\",\n  \"version\": \"0.18.0\",\n  \"main\": \"./dist/index.js\",\n  \"module\": \"./dist/index.mjs\",\n  \"types\": \"./dist/index.d.ts\",\n  \"license\": \"MIT\",\n  \"private\": false,\n  \"publishConfig\": {\n    \"access\": \"public\"\n  },\n  \"keywords\": [\n    \"unkey\",\n    \"client\",\n    \"api\"\n  ],\n  \"bugs\": {\n    \"url\": \"https://github.com/unkeyed/unkey/issues\"\n  },\n  \"homepage\": \"https://github.com/unkeyed/unkey#readme\",\n  \"files\": [\n    \"./dist/**\"\n  ],\n  \"author\": \"Andreas Thomas <andreas@chronark.com>\",\n  \"scripts\": {\n    \"generate\": \"openapi-typescript https://api.unkey.dev/openapi.json -o ./src/openapi.d.ts\",\n    \"build\": \"pnpm generate && tsup\"\n  },\n  \"devDependencies\": {\n    \"@types/node\": \"^20.11.19\",\n    \"@unkey/tsconfig\": \"workspace:^\",\n    \"openapi-typescript\": \"^6.7.4\",\n    \"tsup\": \"^8.0.2\",\n    \"typescript\": \"^5.3.3\"\n  },\n  \"dependencies\": {\n    \"@unkey/rbac\": \"workspace:^\"\n  }\n}\n","import { version } from \"../package.json\";\nimport { UnkeyOptions } from \"./client\";\n\nexport type Telemetry = {\n  /**\n   * Unkey-Telemetry-Sdk\n   * @example @unkey/api@v1.1.1\n   */\n  sdkVersions: string[];\n  /**\n   * Unkey-Telemetry-Platform\n   * @example cloudflare\n   */\n  platform?: string;\n  /**\n   * Unkey-Telemetry-Runtime\n   * @example node@v18\n   */\n  runtime?: string;\n};\n\nexport function getTelemetry(opts: UnkeyOptions): Telemetry | null {\n  let platform: string | undefined;\n  let runtime: string | undefined;\n  const sdkVersions = [`@unkey/api@${version}`];\n\n  try {\n    if (typeof process !== \"undefined\") {\n      if (process.env.UNKEY_DISABLE_TELEMETRY) {\n        return null;\n      }\n      platform = process.env.VERCEL ? \"vercel\" : process.env.AWS_REGION ? \"aws\" : undefined;\n\n      // @ts-ignore\n      if (typeof EdgeRuntime !== \"undefined\") {\n        runtime = \"edge-light\";\n      } else {\n        runtime = `node@${process.version}`;\n      }\n    }\n\n    if (opts.wrapperSdkVersion) {\n      sdkVersions.push(opts.wrapperSdkVersion);\n    }\n  } catch (_error) {}\n\n  return { platform, runtime, sdkVersions };\n}\n","import { PermissionQuery } from \"@unkey/rbac\";\nimport { ErrorResponse } from \"./errors\";\nimport type { paths } from \"./openapi\";\n\nimport { type Telemetry, getTelemetry } from \"./telemetry\";\n\nexport type UnkeyOptions = (\n  | {\n      token?: never;\n\n      /**\n       * The root key from unkey.dev.\n       *\n       * You can create/manage your root keys here:\n       * https://unkey.dev/app/settings/root-keys\n       */\n      rootKey: string;\n    }\n  | {\n      /**\n       * The workspace key from unkey.dev\n       *\n       * @deprecated Use `rootKey`\n       */\n      token: string;\n      rootKey?: never;\n    }\n) & {\n  /**\n   * @default https://api.unkey.dev\n   */\n  baseUrl?: string;\n\n  /**\n   *\n   * By default telemetry data is enabled, and sends:\n   * runtime (Node.js / Edge)\n   * platform (Node.js / Vercel / AWS)\n   * SDK version\n   */\n  disableTelemetry?: boolean;\n\n  /**\n   * Retry on network errors\n   */\n  retry?: {\n    /**\n     * How many attempts should be made\n     * The maximum number of requests will be `attempts + 1`\n     * `0` means no retries\n     *\n     * @default 5\n     */\n    attempts?: number;\n    /**\n     * Return how many milliseconds to wait until the next attempt is made\n     *\n     * @default `(retryCount) => Math.round(Math.exp(retryCount) * 10)),`\n     */\n    backoff?: (retryCount: number) => number;\n  };\n  /**\n   * Customize the `fetch` cache behaviour\n   */\n  cache?: RequestCache;\n\n  /**\n   * The version of the SDK instantiating this client.\n   *\n   * This is used for internal metrics and is not covered by semver, and may change at any time.\n   *\n   * You can leave this blank unless you are building a wrapper around this SDK.\n   */\n  wrapperSdkVersion?: string;\n};\n\ntype ApiRequest = {\n  path: string[];\n} & (\n  | {\n      method: \"GET\";\n      body?: never;\n      query?: Record<string, string | number | boolean | null>;\n    }\n  | {\n      method: \"POST\";\n      body?: unknown;\n      query?: never;\n    }\n);\n\ntype Result<R> =\n  | {\n      result: R;\n      error?: never;\n    }\n  | {\n      result?: never;\n      error: ErrorResponse[\"error\"];\n    };\n\nexport class Unkey {\n  public readonly baseUrl: string;\n  private readonly rootKey: string;\n  private readonly cache?: RequestCache;\n  private readonly telemetry?: Telemetry | null;\n\n  public readonly retry: {\n    attempts: number;\n    backoff: (retryCount: number) => number;\n  };\n\n  constructor(opts: UnkeyOptions) {\n    this.baseUrl = opts.baseUrl ?? \"https://api.unkey.dev\";\n    this.rootKey = opts.rootKey ?? opts.token;\n    if (!opts.disableTelemetry) {\n      this.telemetry = getTelemetry(opts);\n    }\n\n    this.cache = opts.cache;\n    /**\n     * Even though typescript should prevent this, some people still pass undefined or empty strings\n     */\n    if (!this.rootKey) {\n      throw new Error(\n        \"Unkey root key must be set, maybe you passed in `undefined` or an empty string?\",\n      );\n    }\n\n    this.retry = {\n      attempts: opts.retry?.attempts ?? 5,\n      backoff: opts.retry?.backoff ?? ((n) => Math.round(Math.exp(n) * 10)),\n    };\n  }\n\n  private getHeaders(): Record<string, string> {\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/json\",\n      Authorization: `Bearer ${this.rootKey}`,\n    };\n    if (this.telemetry?.sdkVersions) {\n      headers[\"Unkey-Telemetry-SDK\"] = this.telemetry.sdkVersions.join(\",\");\n    }\n    if (this.telemetry?.platform) {\n      headers[\"Unkey-Telemetry-Platform\"] = this.telemetry.platform;\n    }\n    if (this.telemetry?.runtime) {\n      headers[\"Unkey-Telemetry-Runtime\"] = this.telemetry.runtime;\n    }\n    return headers;\n  }\n\n  private async fetch<TResult>(req: ApiRequest): Promise<Result<TResult>> {\n    let res: Response | null = null;\n    let err: Error | null = null;\n    for (let i = 0; i <= this.retry.attempts; i++) {\n      const url = new URL(`${this.baseUrl}/${req.path.join(\"/\")}`);\n      if (req.query) {\n        for (const [k, v] of Object.entries(req.query)) {\n          if (v === null) {\n            continue;\n          }\n          url.searchParams.set(k, v.toString());\n        }\n      }\n      res = await fetch(url, {\n        method: req.method,\n        headers: this.getHeaders(),\n        cache: this.cache,\n        body: JSON.stringify(req.body),\n      }).catch((e: Error) => {\n        err = e;\n        return null; // set `res` to `null`\n      });\n      if (res?.ok) {\n        return { result: (await res.json()) as TResult };\n      }\n      const backoff = this.retry.backoff(i);\n      console.debug(\n        \"attempt %d of %d to reach %s failed, retrying in %d ms: %s\",\n        i + 1,\n        this.retry.attempts + 1,\n        url,\n        backoff,\n        // @ts-ignore I don't understand why `err` is `never`\n        err?.message,\n      );\n      await new Promise((r) => setTimeout(r, backoff));\n    }\n\n    if (res) {\n      return { error: (await res.json()) as ErrorResponse[\"error\"] };\n    }\n\n    return {\n      error: {\n        // @ts-ignore\n        code: \"FETCH_ERROR\",\n        // @ts-ignore I don't understand why `err` is `never`\n        message: err?.message ?? \"No response\",\n        docs: \"https://developer.mozilla.org/en-US/docs/Web/API/fetch\",\n        requestId: \"N/A\",\n      },\n    };\n  }\n\n  public get keys() {\n    return {\n      create: async (\n        req: paths[\"/v1/keys.createKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.createKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.createKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      update: async (\n        req: paths[\"/v1/keys.updateKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      verify: async <TPermission extends string = string>(\n        req: Omit<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n          \"authorization\"\n        > & { authorization?: { permissions: PermissionQuery<TPermission> } },\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.verifyKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/keys.deleteKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.deleteKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.deleteKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      updateRemaining: async (\n        req: paths[\"/v1/keys.updateRemaining\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateRemaining\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateRemaining\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/keys.getKey\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/keys.getKey\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getKey\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      getVerifications: async (\n        req: paths[\"/v1/keys.getVerifications\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.getVerifications\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getVerifications\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n\n  public get apis() {\n    return {\n      create: async (\n        req: paths[\"/v1/apis.createApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.createApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.createApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/apis.deleteApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.deleteApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.deleteApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/apis.getApi\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.getApi\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.getApi\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      listKeys: async (\n        req: paths[\"/v1/apis.listKeys\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.listKeys\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.listKeys\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n}\n","import { Unkey } from \"./client\";\n\n/**\n * Verify a key\n *\n * @example\n * ```ts\n * const { result, error } = await verifyKey(\"key_123\")\n * if (error){\n *   // handle potential network or bad request error\n *   // a link to our docs will be in the `error.docs` field\n *   console.error(error.message)\n *   return\n * }\n * if (!result.valid) {\n *   // do not grant access\n *   return\n * }\n *\n * // process request\n * console.log(result)\n * ```\n */\nexport function verifyKey(req: string | { key: string; apiId: string }) {\n  // yes this is empty to make typescript happy but we don't need a token for verifying keys\n  // it's not the cleanest but it works for now :)\n  const unkey = new Unkey({ rootKey: \"public\" });\n  return unkey.keys.verify(typeof req === \"string\" ? { key: req } : req);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEE,cAAW;;;ACmBN,SAAS,aAAa,MAAsC;AACjE,MAAI;AACJ,MAAI;AACJ,QAAM,cAAc,CAAC,cAAc,OAAO,EAAE;AAE5C,MAAI;AACF,QAAI,OAAO,YAAY,aAAa;AAClC,UAAI,QAAQ,IAAI,yBAAyB;AACvC,eAAO;AAAA,MACT;AACA,iBAAW,QAAQ,IAAI,SAAS,WAAW,QAAQ,IAAI,aAAa,QAAQ;AAG5E,UAAI,OAAO,gBAAgB,aAAa;AACtC,kBAAU;AAAA,MACZ,OAAO;AACL,kBAAU,QAAQ,QAAQ,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,QAAI,KAAK,mBAAmB;AAC1B,kBAAY,KAAK,KAAK,iBAAiB;AAAA,IACzC;AAAA,EACF,SAAS,QAAQ;AAAA,EAAC;AAElB,SAAO,EAAE,UAAU,SAAS,YAAY;AAC1C;;;ACsDO,IAAM,QAAN,MAAY;AAAA,EACD;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EAED;AAAA,EAKhB,YAAY,MAAoB;AAC9B,SAAK,UAAU,KAAK,WAAW;AAC/B,SAAK,UAAU,KAAK,WAAW,KAAK;AACpC,QAAI,CAAC,KAAK,kBAAkB;AAC1B,WAAK,YAAY,aAAa,IAAI;AAAA,IACpC;AAEA,SAAK,QAAQ,KAAK;AAIlB,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,QAAQ;AAAA,MACX,UAAU,KAAK,OAAO,YAAY;AAAA,MAClC,SAAS,KAAK,OAAO,YAAY,CAAC,MAAM,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE;AAAA,IACrE;AAAA,EACF;AAAA,EAEQ,aAAqC;AAC3C,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,OAAO;AAAA,IACvC;AACA,QAAI,KAAK,WAAW,aAAa;AAC/B,cAAQ,qBAAqB,IAAI,KAAK,UAAU,YAAY,KAAK,GAAG;AAAA,IACtE;AACA,QAAI,KAAK,WAAW,UAAU;AAC5B,cAAQ,0BAA0B,IAAI,KAAK,UAAU;AAAA,IACvD;AACA,QAAI,KAAK,WAAW,SAAS;AAC3B,cAAQ,yBAAyB,IAAI,KAAK,UAAU;AAAA,IACtD;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAe,KAA2C;AACtE,QAAI,MAAuB;AAC3B,QAAI,MAAoB;AACxB,aAAS,IAAI,GAAG,KAAK,KAAK,MAAM,UAAU,KAAK;AAC7C,YAAM,MAAM,IAAI,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,GAAG,CAAC,EAAE;AAC3D,UAAI,IAAI,OAAO;AACb,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,KAAK,GAAG;AAC9C,cAAI,MAAM,MAAM;AACd;AAAA,UACF;AACA,cAAI,aAAa,IAAI,GAAG,EAAE,SAAS,CAAC;AAAA,QACtC;AAAA,MACF;AACA,YAAM,MAAM,MAAM,KAAK;AAAA,QACrB,QAAQ,IAAI;AAAA,QACZ,SAAS,KAAK,WAAW;AAAA,QACzB,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK,UAAU,IAAI,IAAI;AAAA,MAC/B,CAAC,EAAE,MAAM,CAAC,MAAa;AACrB,cAAM;AACN,eAAO;AAAA,MACT,CAAC;AACD,UAAI,KAAK,IAAI;AACX,eAAO,EAAE,QAAS,MAAM,IAAI,KAAK,EAAc;AAAA,MACjD;AACA,YAAM,UAAU,KAAK,MAAM,QAAQ,CAAC;AACpC,cAAQ;AAAA,QACN;AAAA,QACA,IAAI;AAAA,QACJ,KAAK,MAAM,WAAW;AAAA,QACtB;AAAA,QACA;AAAA;AAAA,QAEA,KAAK;AAAA,MACP;AACA,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAAA,IACjD;AAEA,QAAI,KAAK;AACP,aAAO,EAAE,OAAQ,MAAM,IAAI,KAAK,EAA6B;AAAA,IAC/D;AAEA,WAAO;AAAA,MACL,OAAO;AAAA;AAAA,QAEL,MAAM;AAAA;AAAA,QAEN,SAAS,KAAK,WAAW;AAAA,QACzB,MAAM;AAAA,QACN,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAQG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,iBAAiB,OACf,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,sBAAsB;AAAA,UACnC,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,kBAAkB,OAChB,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,uBAAuB;AAAA,UACpC,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,UAAU,OACR,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,eAAe;AAAA,UAC5B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AC5UO,SAAS,UAAU,KAA8C;AAGtE,QAAM,QAAQ,IAAI,MAAM,EAAE,SAAS,SAAS,CAAC;AAC7C,SAAO,MAAM,KAAK,OAAO,OAAO,QAAQ,WAAW,EAAE,KAAK,IAAI,IAAI,GAAG;AACvE;;;AJzBA,kBAAsC;","names":[]}
+{"version":3,"sources":["../src/index.ts","../package.json","../src/telemetry.ts","../src/client.ts","../src/verify.ts"],"sourcesContent":["export * from \"./client\";\nexport * from \"./verify\";\nexport * from \"./errors\";\nexport { and, or, type Flatten } from \"@unkey/rbac\";\n","{\n  \"name\": \"@unkey/api\",\n  \"version\": \"0.19.0\",\n  \"main\": \"./dist/index.js\",\n  \"module\": \"./dist/index.mjs\",\n  \"types\": \"./dist/index.d.ts\",\n  \"license\": \"MIT\",\n  \"private\": false,\n  \"publishConfig\": {\n    \"access\": \"public\"\n  },\n  \"keywords\": [\n    \"unkey\",\n    \"client\",\n    \"api\"\n  ],\n  \"bugs\": {\n    \"url\": \"https://github.com/unkeyed/unkey/issues\"\n  },\n  \"homepage\": \"https://github.com/unkeyed/unkey#readme\",\n  \"files\": [\n    \"./dist/**\"\n  ],\n  \"author\": \"Andreas Thomas <andreas@chronark.com>\",\n  \"scripts\": {\n    \"generate\": \"openapi-typescript https://api.unkey.dev/openapi.json -o ./src/openapi.d.ts\",\n    \"build\": \"pnpm generate && tsup\"\n  },\n  \"devDependencies\": {\n    \"@types/node\": \"^20.11.19\",\n    \"@unkey/tsconfig\": \"workspace:^\",\n    \"openapi-typescript\": \"^6.7.4\",\n    \"tsup\": \"^8.0.2\",\n    \"typescript\": \"^5.3.3\"\n  },\n  \"dependencies\": {\n    \"@unkey/rbac\": \"workspace:^\"\n  }\n}\n","import { version } from \"../package.json\";\nimport { UnkeyOptions } from \"./client\";\n\nexport type Telemetry = {\n  /**\n   * Unkey-Telemetry-Sdk\n   * @example @unkey/api@v1.1.1\n   */\n  sdkVersions: string[];\n  /**\n   * Unkey-Telemetry-Platform\n   * @example cloudflare\n   */\n  platform?: string;\n  /**\n   * Unkey-Telemetry-Runtime\n   * @example node@v18\n   */\n  runtime?: string;\n};\n\nexport function getTelemetry(opts: UnkeyOptions): Telemetry | null {\n  let platform: string | undefined;\n  let runtime: string | undefined;\n  const sdkVersions = [`@unkey/api@${version}`];\n\n  try {\n    if (typeof process !== \"undefined\") {\n      if (process.env.UNKEY_DISABLE_TELEMETRY) {\n        return null;\n      }\n      platform = process.env.VERCEL ? \"vercel\" : process.env.AWS_REGION ? \"aws\" : undefined;\n\n      // @ts-ignore\n      if (typeof EdgeRuntime !== \"undefined\") {\n        runtime = \"edge-light\";\n      } else {\n        runtime = `node@${process.version}`;\n      }\n    }\n\n    if (opts.wrapperSdkVersion) {\n      sdkVersions.push(opts.wrapperSdkVersion);\n    }\n  } catch (_error) {}\n\n  return { platform, runtime, sdkVersions };\n}\n","import { PermissionQuery } from \"@unkey/rbac\";\nimport { ErrorResponse } from \"./errors\";\nimport type { paths } from \"./openapi\";\n\nimport { type Telemetry, getTelemetry } from \"./telemetry\";\n\nexport type UnkeyOptions = (\n  | {\n      token?: never;\n\n      /**\n       * The root key from unkey.dev.\n       *\n       * You can create/manage your root keys here:\n       * https://unkey.dev/app/settings/root-keys\n       */\n      rootKey: string;\n    }\n  | {\n      /**\n       * The workspace key from unkey.dev\n       *\n       * @deprecated Use `rootKey`\n       */\n      token: string;\n      rootKey?: never;\n    }\n) & {\n  /**\n   * @default https://api.unkey.dev\n   */\n  baseUrl?: string;\n\n  /**\n   *\n   * By default telemetry data is enabled, and sends:\n   * runtime (Node.js / Edge)\n   * platform (Node.js / Vercel / AWS)\n   * SDK version\n   */\n  disableTelemetry?: boolean;\n\n  /**\n   * Retry on network errors\n   */\n  retry?: {\n    /**\n     * How many attempts should be made\n     * The maximum number of requests will be `attempts + 1`\n     * `0` means no retries\n     *\n     * @default 5\n     */\n    attempts?: number;\n    /**\n     * Return how many milliseconds to wait until the next attempt is made\n     *\n     * @default `(retryCount) => Math.round(Math.exp(retryCount) * 10)),`\n     */\n    backoff?: (retryCount: number) => number;\n  };\n  /**\n   * Customize the `fetch` cache behaviour\n   */\n  cache?: RequestCache;\n\n  /**\n   * The version of the SDK instantiating this client.\n   *\n   * This is used for internal metrics and is not covered by semver, and may change at any time.\n   *\n   * You can leave this blank unless you are building a wrapper around this SDK.\n   */\n  wrapperSdkVersion?: string;\n};\n\ntype ApiRequest = {\n  path: string[];\n} & (\n  | {\n      method: \"GET\";\n      body?: never;\n      query?: Record<string, string | number | boolean | null>;\n    }\n  | {\n      method: \"POST\";\n      body?: unknown;\n      query?: never;\n    }\n);\n\ntype Result<R> =\n  | {\n      result: R;\n      error?: never;\n    }\n  | {\n      result?: never;\n      error: ErrorResponse[\"error\"];\n    };\n\nexport class Unkey {\n  public readonly baseUrl: string;\n  private readonly rootKey: string;\n  private readonly cache?: RequestCache;\n  private readonly telemetry?: Telemetry | null;\n\n  public readonly retry: {\n    attempts: number;\n    backoff: (retryCount: number) => number;\n  };\n\n  constructor(opts: UnkeyOptions) {\n    this.baseUrl = opts.baseUrl ?? \"https://api.unkey.dev\";\n    this.rootKey = opts.rootKey ?? opts.token;\n    if (!opts.disableTelemetry) {\n      this.telemetry = getTelemetry(opts);\n    }\n\n    this.cache = opts.cache;\n    /**\n     * Even though typescript should prevent this, some people still pass undefined or empty strings\n     */\n    if (!this.rootKey) {\n      throw new Error(\n        \"Unkey root key must be set, maybe you passed in `undefined` or an empty string?\",\n      );\n    }\n\n    this.retry = {\n      attempts: opts.retry?.attempts ?? 5,\n      backoff: opts.retry?.backoff ?? ((n) => Math.round(Math.exp(n) * 10)),\n    };\n  }\n\n  private getHeaders(): Record<string, string> {\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/json\",\n      Authorization: `Bearer ${this.rootKey}`,\n    };\n    if (this.telemetry?.sdkVersions) {\n      headers[\"Unkey-Telemetry-SDK\"] = this.telemetry.sdkVersions.join(\",\");\n    }\n    if (this.telemetry?.platform) {\n      headers[\"Unkey-Telemetry-Platform\"] = this.telemetry.platform;\n    }\n    if (this.telemetry?.runtime) {\n      headers[\"Unkey-Telemetry-Runtime\"] = this.telemetry.runtime;\n    }\n    return headers;\n  }\n\n  private async fetch<TResult>(req: ApiRequest): Promise<Result<TResult>> {\n    let res: Response | null = null;\n    let err: Error | null = null;\n    for (let i = 0; i <= this.retry.attempts; i++) {\n      const url = new URL(`${this.baseUrl}/${req.path.join(\"/\")}`);\n      if (req.query) {\n        for (const [k, v] of Object.entries(req.query)) {\n          if (v === null) {\n            continue;\n          }\n          url.searchParams.set(k, v.toString());\n        }\n      }\n      res = await fetch(url, {\n        method: req.method,\n        headers: this.getHeaders(),\n        cache: this.cache,\n        body: JSON.stringify(req.body),\n      }).catch((e: Error) => {\n        err = e;\n        return null; // set `res` to `null`\n      });\n      if (res?.ok) {\n        return { result: (await res.json()) as TResult };\n      }\n      const backoff = this.retry.backoff(i);\n      console.debug(\n        \"attempt %d of %d to reach %s failed, retrying in %d ms: %s\",\n        i + 1,\n        this.retry.attempts + 1,\n        url,\n        backoff,\n        // @ts-ignore I don't understand why `err` is `never`\n        err?.message,\n      );\n      await new Promise((r) => setTimeout(r, backoff));\n    }\n\n    if (res) {\n      return { error: (await res.json()) as ErrorResponse[\"error\"] };\n    }\n\n    return {\n      error: {\n        // @ts-ignore\n        code: \"FETCH_ERROR\",\n        // @ts-ignore I don't understand why `err` is `never`\n        message: err?.message ?? \"No response\",\n        docs: \"https://developer.mozilla.org/en-US/docs/Web/API/fetch\",\n        requestId: \"N/A\",\n      },\n    };\n  }\n\n  public get keys() {\n    return {\n      create: async (\n        req: paths[\"/v1/keys.createKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.createKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.createKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      update: async (\n        req: paths[\"/v1/keys.updateKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      verify: async <TPermission extends string = string>(\n        req: Omit<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n          \"authorization\"\n        > & { authorization?: { permissions: PermissionQuery<TPermission> } },\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.verifyKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/keys.deleteKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.deleteKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.deleteKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      updateRemaining: async (\n        req: paths[\"/v1/keys.updateRemaining\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateRemaining\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateRemaining\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/keys.getKey\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/keys.getKey\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getKey\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      getVerifications: async (\n        req: paths[\"/v1/keys.getVerifications\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.getVerifications\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getVerifications\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n\n  public get apis() {\n    return {\n      create: async (\n        req: paths[\"/v1/apis.createApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.createApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.createApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/apis.deleteApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.deleteApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.deleteApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/apis.getApi\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.getApi\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.getApi\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      listKeys: async (\n        req: paths[\"/v1/apis.listKeys\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.listKeys\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.listKeys\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n}\n","import { Unkey } from \"./client\";\n\n/**\n * Verify a key\n *\n * @example\n * ```ts\n * const { result, error } = await verifyKey(\"key_123\")\n * if (error){\n *   // handle potential network or bad request error\n *   // a link to our docs will be in the `error.docs` field\n *   console.error(error.message)\n *   return\n * }\n * if (!result.valid) {\n *   // do not grant access\n *   return\n * }\n *\n * // process request\n * console.log(result)\n * ```\n */\nexport function verifyKey(req: string | { key: string; apiId: string }) {\n  // yes this is empty to make typescript happy but we don't need a token for verifying keys\n  // it's not the cleanest but it works for now :)\n  const unkey = new Unkey({ rootKey: \"public\" });\n  return unkey.keys.verify(typeof req === \"string\" ? { key: req } : req);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEE,cAAW;;;ACmBN,SAAS,aAAa,MAAsC;AACjE,MAAI;AACJ,MAAI;AACJ,QAAM,cAAc,CAAC,cAAc,OAAO,EAAE;AAE5C,MAAI;AACF,QAAI,OAAO,YAAY,aAAa;AAClC,UAAI,QAAQ,IAAI,yBAAyB;AACvC,eAAO;AAAA,MACT;AACA,iBAAW,QAAQ,IAAI,SAAS,WAAW,QAAQ,IAAI,aAAa,QAAQ;AAG5E,UAAI,OAAO,gBAAgB,aAAa;AACtC,kBAAU;AAAA,MACZ,OAAO;AACL,kBAAU,QAAQ,QAAQ,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,QAAI,KAAK,mBAAmB;AAC1B,kBAAY,KAAK,KAAK,iBAAiB;AAAA,IACzC;AAAA,EACF,SAAS,QAAQ;AAAA,EAAC;AAElB,SAAO,EAAE,UAAU,SAAS,YAAY;AAC1C;;;ACsDO,IAAM,QAAN,MAAY;AAAA,EACD;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EAED;AAAA,EAKhB,YAAY,MAAoB;AAC9B,SAAK,UAAU,KAAK,WAAW;AAC/B,SAAK,UAAU,KAAK,WAAW,KAAK;AACpC,QAAI,CAAC,KAAK,kBAAkB;AAC1B,WAAK,YAAY,aAAa,IAAI;AAAA,IACpC;AAEA,SAAK,QAAQ,KAAK;AAIlB,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,QAAQ;AAAA,MACX,UAAU,KAAK,OAAO,YAAY;AAAA,MAClC,SAAS,KAAK,OAAO,YAAY,CAAC,MAAM,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE;AAAA,IACrE;AAAA,EACF;AAAA,EAEQ,aAAqC;AAC3C,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,OAAO;AAAA,IACvC;AACA,QAAI,KAAK,WAAW,aAAa;AAC/B,cAAQ,qBAAqB,IAAI,KAAK,UAAU,YAAY,KAAK,GAAG;AAAA,IACtE;AACA,QAAI,KAAK,WAAW,UAAU;AAC5B,cAAQ,0BAA0B,IAAI,KAAK,UAAU;AAAA,IACvD;AACA,QAAI,KAAK,WAAW,SAAS;AAC3B,cAAQ,yBAAyB,IAAI,KAAK,UAAU;AAAA,IACtD;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAe,KAA2C;AACtE,QAAI,MAAuB;AAC3B,QAAI,MAAoB;AACxB,aAAS,IAAI,GAAG,KAAK,KAAK,MAAM,UAAU,KAAK;AAC7C,YAAM,MAAM,IAAI,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,GAAG,CAAC,EAAE;AAC3D,UAAI,IAAI,OAAO;AACb,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,KAAK,GAAG;AAC9C,cAAI,MAAM,MAAM;AACd;AAAA,UACF;AACA,cAAI,aAAa,IAAI,GAAG,EAAE,SAAS,CAAC;AAAA,QACtC;AAAA,MACF;AACA,YAAM,MAAM,MAAM,KAAK;AAAA,QACrB,QAAQ,IAAI;AAAA,QACZ,SAAS,KAAK,WAAW;AAAA,QACzB,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK,UAAU,IAAI,IAAI;AAAA,MAC/B,CAAC,EAAE,MAAM,CAAC,MAAa;AACrB,cAAM;AACN,eAAO;AAAA,MACT,CAAC;AACD,UAAI,KAAK,IAAI;AACX,eAAO,EAAE,QAAS,MAAM,IAAI,KAAK,EAAc;AAAA,MACjD;AACA,YAAM,UAAU,KAAK,MAAM,QAAQ,CAAC;AACpC,cAAQ;AAAA,QACN;AAAA,QACA,IAAI;AAAA,QACJ,KAAK,MAAM,WAAW;AAAA,QACtB;AAAA,QACA;AAAA;AAAA,QAEA,KAAK;AAAA,MACP;AACA,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAAA,IACjD;AAEA,QAAI,KAAK;AACP,aAAO,EAAE,OAAQ,MAAM,IAAI,KAAK,EAA6B;AAAA,IAC/D;AAEA,WAAO;AAAA,MACL,OAAO;AAAA;AAAA,QAEL,MAAM;AAAA;AAAA,QAEN,SAAS,KAAK,WAAW;AAAA,QACzB,MAAM;AAAA,QACN,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAQG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,iBAAiB,OACf,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,sBAAsB;AAAA,UACnC,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,kBAAkB,OAChB,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,uBAAuB;AAAA,UACpC,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,UAAU,OACR,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,eAAe;AAAA,UAC5B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AC5UO,SAAS,UAAU,KAA8C;AAGtE,QAAM,QAAQ,IAAI,MAAM,EAAE,SAAS,SAAS,CAAC;AAC7C,SAAO,MAAM,KAAK,OAAO,OAAO,QAAQ,WAAW,EAAE,KAAK,IAAI,IAAI,GAAG;AACvE;;;AJzBA,kBAAsC;","names":[]}

package/dist/index.mjs

@@ -1,5 +1,5 @@
 // package.json
-var version = "0.18.0";
+var version = "0.19.0";
 
 // src/telemetry.ts
 function getTelemetry(opts) {

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../package.json","../src/telemetry.ts","../src/client.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["{\n  \"name\": \"@unkey/api\",\n  \"version\": \"0.18.0\",\n  \"main\": \"./dist/index.js\",\n  \"module\": \"./dist/index.mjs\",\n  \"types\": \"./dist/index.d.ts\",\n  \"license\": \"MIT\",\n  \"private\": false,\n  \"publishConfig\": {\n    \"access\": \"public\"\n  },\n  \"keywords\": [\n    \"unkey\",\n    \"client\",\n    \"api\"\n  ],\n  \"bugs\": {\n    \"url\": \"https://github.com/unkeyed/unkey/issues\"\n  },\n  \"homepage\": \"https://github.com/unkeyed/unkey#readme\",\n  \"files\": [\n    \"./dist/**\"\n  ],\n  \"author\": \"Andreas Thomas <andreas@chronark.com>\",\n  \"scripts\": {\n    \"generate\": \"openapi-typescript https://api.unkey.dev/openapi.json -o ./src/openapi.d.ts\",\n    \"build\": \"pnpm generate && tsup\"\n  },\n  \"devDependencies\": {\n    \"@types/node\": \"^20.11.19\",\n    \"@unkey/tsconfig\": \"workspace:^\",\n    \"openapi-typescript\": \"^6.7.4\",\n    \"tsup\": \"^8.0.2\",\n    \"typescript\": \"^5.3.3\"\n  },\n  \"dependencies\": {\n    \"@unkey/rbac\": \"workspace:^\"\n  }\n}\n","import { version } from \"../package.json\";\nimport { UnkeyOptions } from \"./client\";\n\nexport type Telemetry = {\n  /**\n   * Unkey-Telemetry-Sdk\n   * @example @unkey/api@v1.1.1\n   */\n  sdkVersions: string[];\n  /**\n   * Unkey-Telemetry-Platform\n   * @example cloudflare\n   */\n  platform?: string;\n  /**\n   * Unkey-Telemetry-Runtime\n   * @example node@v18\n   */\n  runtime?: string;\n};\n\nexport function getTelemetry(opts: UnkeyOptions): Telemetry | null {\n  let platform: string | undefined;\n  let runtime: string | undefined;\n  const sdkVersions = [`@unkey/api@${version}`];\n\n  try {\n    if (typeof process !== \"undefined\") {\n      if (process.env.UNKEY_DISABLE_TELEMETRY) {\n        return null;\n      }\n      platform = process.env.VERCEL ? \"vercel\" : process.env.AWS_REGION ? \"aws\" : undefined;\n\n      // @ts-ignore\n      if (typeof EdgeRuntime !== \"undefined\") {\n        runtime = \"edge-light\";\n      } else {\n        runtime = `node@${process.version}`;\n      }\n    }\n\n    if (opts.wrapperSdkVersion) {\n      sdkVersions.push(opts.wrapperSdkVersion);\n    }\n  } catch (_error) {}\n\n  return { platform, runtime, sdkVersions };\n}\n","import { PermissionQuery } from \"@unkey/rbac\";\nimport { ErrorResponse } from \"./errors\";\nimport type { paths } from \"./openapi\";\n\nimport { type Telemetry, getTelemetry } from \"./telemetry\";\n\nexport type UnkeyOptions = (\n  | {\n      token?: never;\n\n      /**\n       * The root key from unkey.dev.\n       *\n       * You can create/manage your root keys here:\n       * https://unkey.dev/app/settings/root-keys\n       */\n      rootKey: string;\n    }\n  | {\n      /**\n       * The workspace key from unkey.dev\n       *\n       * @deprecated Use `rootKey`\n       */\n      token: string;\n      rootKey?: never;\n    }\n) & {\n  /**\n   * @default https://api.unkey.dev\n   */\n  baseUrl?: string;\n\n  /**\n   *\n   * By default telemetry data is enabled, and sends:\n   * runtime (Node.js / Edge)\n   * platform (Node.js / Vercel / AWS)\n   * SDK version\n   */\n  disableTelemetry?: boolean;\n\n  /**\n   * Retry on network errors\n   */\n  retry?: {\n    /**\n     * How many attempts should be made\n     * The maximum number of requests will be `attempts + 1`\n     * `0` means no retries\n     *\n     * @default 5\n     */\n    attempts?: number;\n    /**\n     * Return how many milliseconds to wait until the next attempt is made\n     *\n     * @default `(retryCount) => Math.round(Math.exp(retryCount) * 10)),`\n     */\n    backoff?: (retryCount: number) => number;\n  };\n  /**\n   * Customize the `fetch` cache behaviour\n   */\n  cache?: RequestCache;\n\n  /**\n   * The version of the SDK instantiating this client.\n   *\n   * This is used for internal metrics and is not covered by semver, and may change at any time.\n   *\n   * You can leave this blank unless you are building a wrapper around this SDK.\n   */\n  wrapperSdkVersion?: string;\n};\n\ntype ApiRequest = {\n  path: string[];\n} & (\n  | {\n      method: \"GET\";\n      body?: never;\n      query?: Record<string, string | number | boolean | null>;\n    }\n  | {\n      method: \"POST\";\n      body?: unknown;\n      query?: never;\n    }\n);\n\ntype Result<R> =\n  | {\n      result: R;\n      error?: never;\n    }\n  | {\n      result?: never;\n      error: ErrorResponse[\"error\"];\n    };\n\nexport class Unkey {\n  public readonly baseUrl: string;\n  private readonly rootKey: string;\n  private readonly cache?: RequestCache;\n  private readonly telemetry?: Telemetry | null;\n\n  public readonly retry: {\n    attempts: number;\n    backoff: (retryCount: number) => number;\n  };\n\n  constructor(opts: UnkeyOptions) {\n    this.baseUrl = opts.baseUrl ?? \"https://api.unkey.dev\";\n    this.rootKey = opts.rootKey ?? opts.token;\n    if (!opts.disableTelemetry) {\n      this.telemetry = getTelemetry(opts);\n    }\n\n    this.cache = opts.cache;\n    /**\n     * Even though typescript should prevent this, some people still pass undefined or empty strings\n     */\n    if (!this.rootKey) {\n      throw new Error(\n        \"Unkey root key must be set, maybe you passed in `undefined` or an empty string?\",\n      );\n    }\n\n    this.retry = {\n      attempts: opts.retry?.attempts ?? 5,\n      backoff: opts.retry?.backoff ?? ((n) => Math.round(Math.exp(n) * 10)),\n    };\n  }\n\n  private getHeaders(): Record<string, string> {\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/json\",\n      Authorization: `Bearer ${this.rootKey}`,\n    };\n    if (this.telemetry?.sdkVersions) {\n      headers[\"Unkey-Telemetry-SDK\"] = this.telemetry.sdkVersions.join(\",\");\n    }\n    if (this.telemetry?.platform) {\n      headers[\"Unkey-Telemetry-Platform\"] = this.telemetry.platform;\n    }\n    if (this.telemetry?.runtime) {\n      headers[\"Unkey-Telemetry-Runtime\"] = this.telemetry.runtime;\n    }\n    return headers;\n  }\n\n  private async fetch<TResult>(req: ApiRequest): Promise<Result<TResult>> {\n    let res: Response | null = null;\n    let err: Error | null = null;\n    for (let i = 0; i <= this.retry.attempts; i++) {\n      const url = new URL(`${this.baseUrl}/${req.path.join(\"/\")}`);\n      if (req.query) {\n        for (const [k, v] of Object.entries(req.query)) {\n          if (v === null) {\n            continue;\n          }\n          url.searchParams.set(k, v.toString());\n        }\n      }\n      res = await fetch(url, {\n        method: req.method,\n        headers: this.getHeaders(),\n        cache: this.cache,\n        body: JSON.stringify(req.body),\n      }).catch((e: Error) => {\n        err = e;\n        return null; // set `res` to `null`\n      });\n      if (res?.ok) {\n        return { result: (await res.json()) as TResult };\n      }\n      const backoff = this.retry.backoff(i);\n      console.debug(\n        \"attempt %d of %d to reach %s failed, retrying in %d ms: %s\",\n        i + 1,\n        this.retry.attempts + 1,\n        url,\n        backoff,\n        // @ts-ignore I don't understand why `err` is `never`\n        err?.message,\n      );\n      await new Promise((r) => setTimeout(r, backoff));\n    }\n\n    if (res) {\n      return { error: (await res.json()) as ErrorResponse[\"error\"] };\n    }\n\n    return {\n      error: {\n        // @ts-ignore\n        code: \"FETCH_ERROR\",\n        // @ts-ignore I don't understand why `err` is `never`\n        message: err?.message ?? \"No response\",\n        docs: \"https://developer.mozilla.org/en-US/docs/Web/API/fetch\",\n        requestId: \"N/A\",\n      },\n    };\n  }\n\n  public get keys() {\n    return {\n      create: async (\n        req: paths[\"/v1/keys.createKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.createKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.createKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      update: async (\n        req: paths[\"/v1/keys.updateKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      verify: async <TPermission extends string = string>(\n        req: Omit<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n          \"authorization\"\n        > & { authorization?: { permissions: PermissionQuery<TPermission> } },\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.verifyKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/keys.deleteKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.deleteKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.deleteKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      updateRemaining: async (\n        req: paths[\"/v1/keys.updateRemaining\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateRemaining\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateRemaining\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/keys.getKey\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/keys.getKey\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getKey\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      getVerifications: async (\n        req: paths[\"/v1/keys.getVerifications\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.getVerifications\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getVerifications\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n\n  public get apis() {\n    return {\n      create: async (\n        req: paths[\"/v1/apis.createApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.createApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.createApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/apis.deleteApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.deleteApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.deleteApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/apis.getApi\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.getApi\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.getApi\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      listKeys: async (\n        req: paths[\"/v1/apis.listKeys\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.listKeys\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.listKeys\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n}\n","import { Unkey } from \"./client\";\n\n/**\n * Verify a key\n *\n * @example\n * ```ts\n * const { result, error } = await verifyKey(\"key_123\")\n * if (error){\n *   // handle potential network or bad request error\n *   // a link to our docs will be in the `error.docs` field\n *   console.error(error.message)\n *   return\n * }\n * if (!result.valid) {\n *   // do not grant access\n *   return\n * }\n *\n * // process request\n * console.log(result)\n * ```\n */\nexport function verifyKey(req: string | { key: string; apiId: string }) {\n  // yes this is empty to make typescript happy but we don't need a token for verifying keys\n  // it's not the cleanest but it works for now :)\n  const unkey = new Unkey({ rootKey: \"public\" });\n  return unkey.keys.verify(typeof req === \"string\" ? { key: req } : req);\n}\n","export * from \"./client\";\nexport * from \"./verify\";\nexport * from \"./errors\";\nexport { and, or, type Flatten } from \"@unkey/rbac\";\n"],"mappings":";AAEE,cAAW;;;ACmBN,SAAS,aAAa,MAAsC;AACjE,MAAI;AACJ,MAAI;AACJ,QAAM,cAAc,CAAC,cAAc,OAAO,EAAE;AAE5C,MAAI;AACF,QAAI,OAAO,YAAY,aAAa;AAClC,UAAI,QAAQ,IAAI,yBAAyB;AACvC,eAAO;AAAA,MACT;AACA,iBAAW,QAAQ,IAAI,SAAS,WAAW,QAAQ,IAAI,aAAa,QAAQ;AAG5E,UAAI,OAAO,gBAAgB,aAAa;AACtC,kBAAU;AAAA,MACZ,OAAO;AACL,kBAAU,QAAQ,QAAQ,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,QAAI,KAAK,mBAAmB;AAC1B,kBAAY,KAAK,KAAK,iBAAiB;AAAA,IACzC;AAAA,EACF,SAAS,QAAQ;AAAA,EAAC;AAElB,SAAO,EAAE,UAAU,SAAS,YAAY;AAC1C;;;ACsDO,IAAM,QAAN,MAAY;AAAA,EACD;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EAED;AAAA,EAKhB,YAAY,MAAoB;AAC9B,SAAK,UAAU,KAAK,WAAW;AAC/B,SAAK,UAAU,KAAK,WAAW,KAAK;AACpC,QAAI,CAAC,KAAK,kBAAkB;AAC1B,WAAK,YAAY,aAAa,IAAI;AAAA,IACpC;AAEA,SAAK,QAAQ,KAAK;AAIlB,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,QAAQ;AAAA,MACX,UAAU,KAAK,OAAO,YAAY;AAAA,MAClC,SAAS,KAAK,OAAO,YAAY,CAAC,MAAM,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE;AAAA,IACrE;AAAA,EACF;AAAA,EAEQ,aAAqC;AAC3C,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,OAAO;AAAA,IACvC;AACA,QAAI,KAAK,WAAW,aAAa;AAC/B,cAAQ,qBAAqB,IAAI,KAAK,UAAU,YAAY,KAAK,GAAG;AAAA,IACtE;AACA,QAAI,KAAK,WAAW,UAAU;AAC5B,cAAQ,0BAA0B,IAAI,KAAK,UAAU;AAAA,IACvD;AACA,QAAI,KAAK,WAAW,SAAS;AAC3B,cAAQ,yBAAyB,IAAI,KAAK,UAAU;AAAA,IACtD;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAe,KAA2C;AACtE,QAAI,MAAuB;AAC3B,QAAI,MAAoB;AACxB,aAAS,IAAI,GAAG,KAAK,KAAK,MAAM,UAAU,KAAK;AAC7C,YAAM,MAAM,IAAI,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,GAAG,CAAC,EAAE;AAC3D,UAAI,IAAI,OAAO;AACb,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,KAAK,GAAG;AAC9C,cAAI,MAAM,MAAM;AACd;AAAA,UACF;AACA,cAAI,aAAa,IAAI,GAAG,EAAE,SAAS,CAAC;AAAA,QACtC;AAAA,MACF;AACA,YAAM,MAAM,MAAM,KAAK;AAAA,QACrB,QAAQ,IAAI;AAAA,QACZ,SAAS,KAAK,WAAW;AAAA,QACzB,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK,UAAU,IAAI,IAAI;AAAA,MAC/B,CAAC,EAAE,MAAM,CAAC,MAAa;AACrB,cAAM;AACN,eAAO;AAAA,MACT,CAAC;AACD,UAAI,KAAK,IAAI;AACX,eAAO,EAAE,QAAS,MAAM,IAAI,KAAK,EAAc;AAAA,MACjD;AACA,YAAM,UAAU,KAAK,MAAM,QAAQ,CAAC;AACpC,cAAQ;AAAA,QACN;AAAA,QACA,IAAI;AAAA,QACJ,KAAK,MAAM,WAAW;AAAA,QACtB;AAAA,QACA;AAAA;AAAA,QAEA,KAAK;AAAA,MACP;AACA,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAAA,IACjD;AAEA,QAAI,KAAK;AACP,aAAO,EAAE,OAAQ,MAAM,IAAI,KAAK,EAA6B;AAAA,IAC/D;AAEA,WAAO;AAAA,MACL,OAAO;AAAA;AAAA,QAEL,MAAM;AAAA;AAAA,QAEN,SAAS,KAAK,WAAW;AAAA,QACzB,MAAM;AAAA,QACN,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAQG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,iBAAiB,OACf,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,sBAAsB;AAAA,UACnC,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,kBAAkB,OAChB,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,uBAAuB;AAAA,UACpC,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,UAAU,OACR,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,eAAe;AAAA,UAC5B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AC5UO,SAAS,UAAU,KAA8C;AAGtE,QAAM,QAAQ,IAAI,MAAM,EAAE,SAAS,SAAS,CAAC;AAC7C,SAAO,MAAM,KAAK,OAAO,OAAO,QAAQ,WAAW,EAAE,KAAK,IAAI,IAAI,GAAG;AACvE;;;ACzBA,SAAS,KAAK,UAAwB;","names":[]}
+{"version":3,"sources":["../package.json","../src/telemetry.ts","../src/client.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["{\n  \"name\": \"@unkey/api\",\n  \"version\": \"0.19.0\",\n  \"main\": \"./dist/index.js\",\n  \"module\": \"./dist/index.mjs\",\n  \"types\": \"./dist/index.d.ts\",\n  \"license\": \"MIT\",\n  \"private\": false,\n  \"publishConfig\": {\n    \"access\": \"public\"\n  },\n  \"keywords\": [\n    \"unkey\",\n    \"client\",\n    \"api\"\n  ],\n  \"bugs\": {\n    \"url\": \"https://github.com/unkeyed/unkey/issues\"\n  },\n  \"homepage\": \"https://github.com/unkeyed/unkey#readme\",\n  \"files\": [\n    \"./dist/**\"\n  ],\n  \"author\": \"Andreas Thomas <andreas@chronark.com>\",\n  \"scripts\": {\n    \"generate\": \"openapi-typescript https://api.unkey.dev/openapi.json -o ./src/openapi.d.ts\",\n    \"build\": \"pnpm generate && tsup\"\n  },\n  \"devDependencies\": {\n    \"@types/node\": \"^20.11.19\",\n    \"@unkey/tsconfig\": \"workspace:^\",\n    \"openapi-typescript\": \"^6.7.4\",\n    \"tsup\": \"^8.0.2\",\n    \"typescript\": \"^5.3.3\"\n  },\n  \"dependencies\": {\n    \"@unkey/rbac\": \"workspace:^\"\n  }\n}\n","import { version } from \"../package.json\";\nimport { UnkeyOptions } from \"./client\";\n\nexport type Telemetry = {\n  /**\n   * Unkey-Telemetry-Sdk\n   * @example @unkey/api@v1.1.1\n   */\n  sdkVersions: string[];\n  /**\n   * Unkey-Telemetry-Platform\n   * @example cloudflare\n   */\n  platform?: string;\n  /**\n   * Unkey-Telemetry-Runtime\n   * @example node@v18\n   */\n  runtime?: string;\n};\n\nexport function getTelemetry(opts: UnkeyOptions): Telemetry | null {\n  let platform: string | undefined;\n  let runtime: string | undefined;\n  const sdkVersions = [`@unkey/api@${version}`];\n\n  try {\n    if (typeof process !== \"undefined\") {\n      if (process.env.UNKEY_DISABLE_TELEMETRY) {\n        return null;\n      }\n      platform = process.env.VERCEL ? \"vercel\" : process.env.AWS_REGION ? \"aws\" : undefined;\n\n      // @ts-ignore\n      if (typeof EdgeRuntime !== \"undefined\") {\n        runtime = \"edge-light\";\n      } else {\n        runtime = `node@${process.version}`;\n      }\n    }\n\n    if (opts.wrapperSdkVersion) {\n      sdkVersions.push(opts.wrapperSdkVersion);\n    }\n  } catch (_error) {}\n\n  return { platform, runtime, sdkVersions };\n}\n","import { PermissionQuery } from \"@unkey/rbac\";\nimport { ErrorResponse } from \"./errors\";\nimport type { paths } from \"./openapi\";\n\nimport { type Telemetry, getTelemetry } from \"./telemetry\";\n\nexport type UnkeyOptions = (\n  | {\n      token?: never;\n\n      /**\n       * The root key from unkey.dev.\n       *\n       * You can create/manage your root keys here:\n       * https://unkey.dev/app/settings/root-keys\n       */\n      rootKey: string;\n    }\n  | {\n      /**\n       * The workspace key from unkey.dev\n       *\n       * @deprecated Use `rootKey`\n       */\n      token: string;\n      rootKey?: never;\n    }\n) & {\n  /**\n   * @default https://api.unkey.dev\n   */\n  baseUrl?: string;\n\n  /**\n   *\n   * By default telemetry data is enabled, and sends:\n   * runtime (Node.js / Edge)\n   * platform (Node.js / Vercel / AWS)\n   * SDK version\n   */\n  disableTelemetry?: boolean;\n\n  /**\n   * Retry on network errors\n   */\n  retry?: {\n    /**\n     * How many attempts should be made\n     * The maximum number of requests will be `attempts + 1`\n     * `0` means no retries\n     *\n     * @default 5\n     */\n    attempts?: number;\n    /**\n     * Return how many milliseconds to wait until the next attempt is made\n     *\n     * @default `(retryCount) => Math.round(Math.exp(retryCount) * 10)),`\n     */\n    backoff?: (retryCount: number) => number;\n  };\n  /**\n   * Customize the `fetch` cache behaviour\n   */\n  cache?: RequestCache;\n\n  /**\n   * The version of the SDK instantiating this client.\n   *\n   * This is used for internal metrics and is not covered by semver, and may change at any time.\n   *\n   * You can leave this blank unless you are building a wrapper around this SDK.\n   */\n  wrapperSdkVersion?: string;\n};\n\ntype ApiRequest = {\n  path: string[];\n} & (\n  | {\n      method: \"GET\";\n      body?: never;\n      query?: Record<string, string | number | boolean | null>;\n    }\n  | {\n      method: \"POST\";\n      body?: unknown;\n      query?: never;\n    }\n);\n\ntype Result<R> =\n  | {\n      result: R;\n      error?: never;\n    }\n  | {\n      result?: never;\n      error: ErrorResponse[\"error\"];\n    };\n\nexport class Unkey {\n  public readonly baseUrl: string;\n  private readonly rootKey: string;\n  private readonly cache?: RequestCache;\n  private readonly telemetry?: Telemetry | null;\n\n  public readonly retry: {\n    attempts: number;\n    backoff: (retryCount: number) => number;\n  };\n\n  constructor(opts: UnkeyOptions) {\n    this.baseUrl = opts.baseUrl ?? \"https://api.unkey.dev\";\n    this.rootKey = opts.rootKey ?? opts.token;\n    if (!opts.disableTelemetry) {\n      this.telemetry = getTelemetry(opts);\n    }\n\n    this.cache = opts.cache;\n    /**\n     * Even though typescript should prevent this, some people still pass undefined or empty strings\n     */\n    if (!this.rootKey) {\n      throw new Error(\n        \"Unkey root key must be set, maybe you passed in `undefined` or an empty string?\",\n      );\n    }\n\n    this.retry = {\n      attempts: opts.retry?.attempts ?? 5,\n      backoff: opts.retry?.backoff ?? ((n) => Math.round(Math.exp(n) * 10)),\n    };\n  }\n\n  private getHeaders(): Record<string, string> {\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/json\",\n      Authorization: `Bearer ${this.rootKey}`,\n    };\n    if (this.telemetry?.sdkVersions) {\n      headers[\"Unkey-Telemetry-SDK\"] = this.telemetry.sdkVersions.join(\",\");\n    }\n    if (this.telemetry?.platform) {\n      headers[\"Unkey-Telemetry-Platform\"] = this.telemetry.platform;\n    }\n    if (this.telemetry?.runtime) {\n      headers[\"Unkey-Telemetry-Runtime\"] = this.telemetry.runtime;\n    }\n    return headers;\n  }\n\n  private async fetch<TResult>(req: ApiRequest): Promise<Result<TResult>> {\n    let res: Response | null = null;\n    let err: Error | null = null;\n    for (let i = 0; i <= this.retry.attempts; i++) {\n      const url = new URL(`${this.baseUrl}/${req.path.join(\"/\")}`);\n      if (req.query) {\n        for (const [k, v] of Object.entries(req.query)) {\n          if (v === null) {\n            continue;\n          }\n          url.searchParams.set(k, v.toString());\n        }\n      }\n      res = await fetch(url, {\n        method: req.method,\n        headers: this.getHeaders(),\n        cache: this.cache,\n        body: JSON.stringify(req.body),\n      }).catch((e: Error) => {\n        err = e;\n        return null; // set `res` to `null`\n      });\n      if (res?.ok) {\n        return { result: (await res.json()) as TResult };\n      }\n      const backoff = this.retry.backoff(i);\n      console.debug(\n        \"attempt %d of %d to reach %s failed, retrying in %d ms: %s\",\n        i + 1,\n        this.retry.attempts + 1,\n        url,\n        backoff,\n        // @ts-ignore I don't understand why `err` is `never`\n        err?.message,\n      );\n      await new Promise((r) => setTimeout(r, backoff));\n    }\n\n    if (res) {\n      return { error: (await res.json()) as ErrorResponse[\"error\"] };\n    }\n\n    return {\n      error: {\n        // @ts-ignore\n        code: \"FETCH_ERROR\",\n        // @ts-ignore I don't understand why `err` is `never`\n        message: err?.message ?? \"No response\",\n        docs: \"https://developer.mozilla.org/en-US/docs/Web/API/fetch\",\n        requestId: \"N/A\",\n      },\n    };\n  }\n\n  public get keys() {\n    return {\n      create: async (\n        req: paths[\"/v1/keys.createKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.createKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.createKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      update: async (\n        req: paths[\"/v1/keys.updateKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      verify: async <TPermission extends string = string>(\n        req: Omit<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n          \"authorization\"\n        > & { authorization?: { permissions: PermissionQuery<TPermission> } },\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.verifyKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.verifyKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/keys.deleteKey\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.deleteKey\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.deleteKey\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      updateRemaining: async (\n        req: paths[\"/v1/keys.updateRemaining\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.updateRemaining\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.updateRemaining\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/keys.getKey\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/keys.getKey\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getKey\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      getVerifications: async (\n        req: paths[\"/v1/keys.getVerifications\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/keys.getVerifications\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"keys.getVerifications\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n\n  public get apis() {\n    return {\n      create: async (\n        req: paths[\"/v1/apis.createApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.createApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.createApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      delete: async (\n        req: paths[\"/v1/apis.deleteApi\"][\"post\"][\"requestBody\"][\"content\"][\"application/json\"],\n      ): Promise<\n        Result<\n          paths[\"/v1/apis.deleteApi\"][\"post\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]\n        >\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.deleteApi\"],\n          method: \"POST\",\n          body: req,\n        });\n      },\n      get: async (\n        req: paths[\"/v1/apis.getApi\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.getApi\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.getApi\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n      listKeys: async (\n        req: paths[\"/v1/apis.listKeys\"][\"get\"][\"parameters\"][\"query\"],\n      ): Promise<\n        Result<paths[\"/v1/apis.listKeys\"][\"get\"][\"responses\"][\"200\"][\"content\"][\"application/json\"]>\n      > => {\n        return await this.fetch({\n          path: [\"v1\", \"apis.listKeys\"],\n          method: \"GET\",\n          query: req,\n        });\n      },\n    };\n  }\n}\n","import { Unkey } from \"./client\";\n\n/**\n * Verify a key\n *\n * @example\n * ```ts\n * const { result, error } = await verifyKey(\"key_123\")\n * if (error){\n *   // handle potential network or bad request error\n *   // a link to our docs will be in the `error.docs` field\n *   console.error(error.message)\n *   return\n * }\n * if (!result.valid) {\n *   // do not grant access\n *   return\n * }\n *\n * // process request\n * console.log(result)\n * ```\n */\nexport function verifyKey(req: string | { key: string; apiId: string }) {\n  // yes this is empty to make typescript happy but we don't need a token for verifying keys\n  // it's not the cleanest but it works for now :)\n  const unkey = new Unkey({ rootKey: \"public\" });\n  return unkey.keys.verify(typeof req === \"string\" ? { key: req } : req);\n}\n","export * from \"./client\";\nexport * from \"./verify\";\nexport * from \"./errors\";\nexport { and, or, type Flatten } from \"@unkey/rbac\";\n"],"mappings":";AAEE,cAAW;;;ACmBN,SAAS,aAAa,MAAsC;AACjE,MAAI;AACJ,MAAI;AACJ,QAAM,cAAc,CAAC,cAAc,OAAO,EAAE;AAE5C,MAAI;AACF,QAAI,OAAO,YAAY,aAAa;AAClC,UAAI,QAAQ,IAAI,yBAAyB;AACvC,eAAO;AAAA,MACT;AACA,iBAAW,QAAQ,IAAI,SAAS,WAAW,QAAQ,IAAI,aAAa,QAAQ;AAG5E,UAAI,OAAO,gBAAgB,aAAa;AACtC,kBAAU;AAAA,MACZ,OAAO;AACL,kBAAU,QAAQ,QAAQ,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,QAAI,KAAK,mBAAmB;AAC1B,kBAAY,KAAK,KAAK,iBAAiB;AAAA,IACzC;AAAA,EACF,SAAS,QAAQ;AAAA,EAAC;AAElB,SAAO,EAAE,UAAU,SAAS,YAAY;AAC1C;;;ACsDO,IAAM,QAAN,MAAY;AAAA,EACD;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EAED;AAAA,EAKhB,YAAY,MAAoB;AAC9B,SAAK,UAAU,KAAK,WAAW;AAC/B,SAAK,UAAU,KAAK,WAAW,KAAK;AACpC,QAAI,CAAC,KAAK,kBAAkB;AAC1B,WAAK,YAAY,aAAa,IAAI;AAAA,IACpC;AAEA,SAAK,QAAQ,KAAK;AAIlB,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,QAAQ;AAAA,MACX,UAAU,KAAK,OAAO,YAAY;AAAA,MAClC,SAAS,KAAK,OAAO,YAAY,CAAC,MAAM,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE;AAAA,IACrE;AAAA,EACF;AAAA,EAEQ,aAAqC;AAC3C,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,OAAO;AAAA,IACvC;AACA,QAAI,KAAK,WAAW,aAAa;AAC/B,cAAQ,qBAAqB,IAAI,KAAK,UAAU,YAAY,KAAK,GAAG;AAAA,IACtE;AACA,QAAI,KAAK,WAAW,UAAU;AAC5B,cAAQ,0BAA0B,IAAI,KAAK,UAAU;AAAA,IACvD;AACA,QAAI,KAAK,WAAW,SAAS;AAC3B,cAAQ,yBAAyB,IAAI,KAAK,UAAU;AAAA,IACtD;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAe,KAA2C;AACtE,QAAI,MAAuB;AAC3B,QAAI,MAAoB;AACxB,aAAS,IAAI,GAAG,KAAK,KAAK,MAAM,UAAU,KAAK;AAC7C,YAAM,MAAM,IAAI,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,GAAG,CAAC,EAAE;AAC3D,UAAI,IAAI,OAAO;AACb,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,KAAK,GAAG;AAC9C,cAAI,MAAM,MAAM;AACd;AAAA,UACF;AACA,cAAI,aAAa,IAAI,GAAG,EAAE,SAAS,CAAC;AAAA,QACtC;AAAA,MACF;AACA,YAAM,MAAM,MAAM,KAAK;AAAA,QACrB,QAAQ,IAAI;AAAA,QACZ,SAAS,KAAK,WAAW;AAAA,QACzB,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK,UAAU,IAAI,IAAI;AAAA,MAC/B,CAAC,EAAE,MAAM,CAAC,MAAa;AACrB,cAAM;AACN,eAAO;AAAA,MACT,CAAC;AACD,UAAI,KAAK,IAAI;AACX,eAAO,EAAE,QAAS,MAAM,IAAI,KAAK,EAAc;AAAA,MACjD;AACA,YAAM,UAAU,KAAK,MAAM,QAAQ,CAAC;AACpC,cAAQ;AAAA,QACN;AAAA,QACA,IAAI;AAAA,QACJ,KAAK,MAAM,WAAW;AAAA,QACtB;AAAA,QACA;AAAA;AAAA,QAEA,KAAK;AAAA,MACP;AACA,YAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAAA,IACjD;AAEA,QAAI,KAAK;AACP,aAAO,EAAE,OAAQ,MAAM,IAAI,KAAK,EAA6B;AAAA,IAC/D;AAEA,WAAO;AAAA,MACL,OAAO;AAAA;AAAA,QAEL,MAAM;AAAA;AAAA,QAEN,SAAS,KAAK,WAAW;AAAA,QACzB,MAAM;AAAA,QACN,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAQG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,iBAAiB,OACf,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,sBAAsB;AAAA,UACnC,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,kBAAkB,OAChB,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,uBAAuB;AAAA,UACpC,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,IAAW,OAAO;AAChB,WAAO;AAAA,MACL,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,QAAQ,OACN,QAKG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,gBAAgB;AAAA,UAC7B,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,MACA,KAAK,OACH,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,aAAa;AAAA,UAC1B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,MACA,UAAU,OACR,QAGG;AACH,eAAO,MAAM,KAAK,MAAM;AAAA,UACtB,MAAM,CAAC,MAAM,eAAe;AAAA,UAC5B,QAAQ;AAAA,UACR,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AC5UO,SAAS,UAAU,KAA8C;AAGtE,QAAM,QAAQ,IAAI,MAAM,EAAE,SAAS,SAAS,CAAC;AAC7C,SAAO,MAAM,KAAK,OAAO,OAAO,QAAQ,WAAW,EAAE,KAAK,IAAI,IAAI,GAAG;AACvE;;;ACzBA,SAAS,KAAK,UAAwB;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@unkey/api",
-  "version": "0.18.0",
+  "version": "0.19.0",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",