@unkey/api 2.3.2 → 2.3.4

package/src/lib/encodings.ts

@@ -479,6 +479,23 @@ export const encodeSpaceDelimitedQuery = queryEncoder(encodeSpaceDelimited);
 export const encodePipeDelimitedQuery = queryEncoder(encodePipeDelimited);
 export const encodeDeepObjectQuery = queryEncoder(encodeDeepObject);
 
+function isBlobLike(val: unknown): val is Blob {
+  if (val instanceof Blob) {
+    return true;
+  }
+
+  if (typeof val !== "object" || val == null || !(Symbol.toStringTag in val)) {
+    return false;
+  }
+
+  const tag = val[Symbol.toStringTag];
+  if (tag !== "Blob" && tag !== "File") {
+    return false;
+  }
+
+  return "stream" in val && typeof val.stream === "function";
+}
+
 export function appendForm(
   fd: FormData,
   key: string,
@@ -487,11 +504,22 @@ export function appendForm(
 ): void {
   if (value == null) {
     return;
-  } else if (value instanceof Blob && fileName) {
-    fd.append(key, value, fileName);
-  } else if (value instanceof Blob) {
-    fd.append(key, value);
+  } else if (isBlobLike(value)) {
+    if (fileName) {
+      fd.append(key, value as Blob, fileName);
+    } else {
+      fd.append(key, value as Blob);
+    }
   } else {
     fd.append(key, String(value));
   }
 }
+
+export async function normalizeBlob(
+  value: Pick<Blob, "arrayBuffer" | "type">,
+): Promise<Blob> {
+  if (value instanceof Blob) {
+    return value;
+  }
+  return new Blob([await value.arrayBuffer()], { type: value.type });
+}

package/src/lib/sdks.ts

@@ -22,7 +22,6 @@ import {
   isConnectionError,
   isTimeoutError,
   matchContentType,
-  matchStatusCode,
 } from "./http.js";
 import { Logger } from "./logger.js";
 import { retry, RetryConfig } from "./retries.js";
@@ -128,13 +127,15 @@ export class ClientSDK {
     if (!base) {
       return ERR(new InvalidRequestError("No base URL provided for operation"));
     }
-    const reqURL = new URL(base);
-    const inputURL = new URL(path, reqURL);
-
+    const baseURL = new URL(base);
+    let reqURL: URL;
     if (path) {
-      reqURL.pathname += reqURL.pathname.endsWith("/") ? "" : "/";
-      reqURL.pathname += inputURL.pathname.replace(/^\/+/, "");
+      baseURL.pathname = baseURL.pathname.replace(/\/+$/, "") + "/";
+      reqURL = new URL(path, baseURL);
+    } else {
+      reqURL = baseURL;
     }
+    reqURL.hash = "";
 
     let finalQuery = query || "";
 
@@ -232,7 +233,7 @@ export class ClientSDK {
     request: Request,
     options: {
       context: HookContext;
-      errorCodes: number | string | (number | string)[];
+      isErrorStatusCode: (statusCode: number) => boolean;
       retryConfig: RetryConfig;
       retryCodes: string[];
     },
@@ -245,7 +246,7 @@ export class ClientSDK {
       | UnexpectedClientError
     >
   > {
-    const { context, errorCodes } = options;
+    const { context, isErrorStatusCode } = options;
 
     return retry(
       async () => {
@@ -257,7 +258,7 @@ export class ClientSDK {
         let response = await this.#httpClient.request(req);
 
         try {
-          if (matchStatusCode(response, errorCodes)) {
+          if (isErrorStatusCode(response.status)) {
             const result = await this.#hooks.afterError(
               context,
               response,
@@ -381,8 +382,6 @@ async function logResponse(
       break;
     case matchContentType(res, "application/jsonl")
       || jsonlLikeContentTypeRE.test(ct):
-      logger.log(await res.clone().text());
-      break;
     case matchContentType(res, "text/event-stream"):
       logger.log(`<${contentType}>`);
       break;

package/src/lib/security.ts

@@ -240,8 +240,9 @@ function applyBearer(
 
 export function resolveGlobalSecurity(
   security: Partial<components.Security> | null | undefined,
+  allowedFields?: number[],
 ): SecurityState | null {
-  return resolveSecurity(
+  let inputs: SecurityInput[][] = [
     [
       {
         fieldName: "Authorization",
@@ -249,7 +250,18 @@ export function resolveGlobalSecurity(
         value: security?.rootKey ?? env().UNKEY_ROOT_KEY,
       },
     ],
-  );
+  ];
+
+  if (allowedFields) {
+    inputs = allowedFields.map((i) => {
+      if (i < 0 || i >= inputs.length) {
+        throw new RangeError(`invalid allowedFields index ${i}`);
+      }
+      return inputs[i]!;
+    });
+  }
+
+  return resolveSecurity(...inputs);
 }
 
 export async function extractSecurity<

package/src/lib/url.ts

@@ -13,21 +13,23 @@ export function pathToFunc(
   const paramRE = /\{([a-zA-Z0-9_][a-zA-Z0-9_-]*?)\}/g;
 
   return function buildURLPath(params: Record<string, unknown> = {}): string {
-    return pathPattern.replace(paramRE, function (_, placeholder) {
-      if (!hasOwn.call(params, placeholder)) {
-        throw new Error(`Parameter '${placeholder}' is required`);
-      }
+    return pathPattern
+      .replace(paramRE, function (_, placeholder) {
+        if (!hasOwn.call(params, placeholder)) {
+          throw new Error(`Parameter '${placeholder}' is required`);
+        }
 
-      const value = params[placeholder];
-      if (typeof value !== "string" && typeof value !== "number") {
-        throw new Error(
-          `Parameter '${placeholder}' must be a string or number`,
-        );
-      }
+        const value = params[placeholder];
+        if (typeof value !== "string" && typeof value !== "number") {
+          throw new Error(
+            `Parameter '${placeholder}' must be a string or number`,
+          );
+        }
 
-      return options?.charEncoding === "percent"
-        ? encodeURIComponent(`${value}`)
-        : `${value}`;
-    });
+        return options?.charEncoding === "percent"
+          ? encodeURIComponent(`${value}`)
+          : `${value}`;
+      })
+      .replace(/^\/+/, "");
   };
 }

package/src/models/components/index.ts

@@ -106,6 +106,12 @@ export * from "./v2permissionslistpermissionsrequestbody.js";
 export * from "./v2permissionslistpermissionsresponsebody.js";
 export * from "./v2permissionslistrolesrequestbody.js";
 export * from "./v2permissionslistrolesresponsebody.js";
+export * from "./v2portalcreatesessionrequestbody.js";
+export * from "./v2portalcreatesessionresponsebody.js";
+export * from "./v2portalcreatesessionresponsedata.js";
+export * from "./v2portalexchangesessionrequestbody.js";
+export * from "./v2portalexchangesessionresponsebody.js";
+export * from "./v2portalexchangesessionresponsedata.js";
 export * from "./v2ratelimitdeleteoverriderequestbody.js";
 export * from "./v2ratelimitdeleteoverrideresponsebody.js";
 export * from "./v2ratelimitdeleteoverrideresponsedata.js";

package/src/models/components/v2deploygetdeploymentresponsedata.ts

@@ -28,6 +28,9 @@ export const Status = {
   Failed: "FAILED",
   Skipped: "SKIPPED",
   AwaitingApproval: "AWAITING_APPROVAL",
+  Stopped: "STOPPED",
+  Superseded: "SUPERSEDED",
+  Cancelled: "CANCELLED",
 } as const;
 /**
  * Current deployment status

package/src/models/components/v2portalcreatesessionrequestbody.ts

@@ -0,0 +1,73 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+
+export type V2PortalCreateSessionRequestBody = {
+  /**
+   * The human-readable slug of the portal configuration to create the session against.
+   *
+   * @remarks
+   * Identifies which app's portal the end user will access.
+   * Must be 3-64 characters, lowercase alphanumeric and hyphens only,
+   * must not start or end with a hyphen, and must not contain consecutive hyphens.
+   */
+  slug: string;
+  /**
+   * The end user's identifier in the customer's system.
+   *
+   * @remarks
+   * Accepts arbitrary string values (user IDs, emails, UUIDs, etc.).
+   */
+  externalId: string;
+  /**
+   * List of RBAC tuple permissions defining what the end user can do in the Portal.
+   *
+   * @remarks
+   * Each permission is a string in the format `{resourceType}.{resourceId}.{action}`.
+   * Use `*` as resourceId to grant access to all resources of that type.
+   *
+   * Tab visibility is derived from the action segment:
+   * - Keys tab: `read_key`, `create_key`, `update_key`, `delete_key`
+   * - Analytics tab: `read_analytics`
+   * - Docs tab: visible when any permission is present
+   */
+  permissions: Array<string>;
+  /**
+   * When true, creates a preview session for testing the portal experience.
+   *
+   * @remarks
+   */
+  preview?: boolean | undefined;
+};
+
+/** @internal */
+export type V2PortalCreateSessionRequestBody$Outbound = {
+  slug: string;
+  externalId: string;
+  permissions: Array<string>;
+  preview: boolean;
+};
+
+/** @internal */
+export const V2PortalCreateSessionRequestBody$outboundSchema: z.ZodType<
+  V2PortalCreateSessionRequestBody$Outbound,
+  z.ZodTypeDef,
+  V2PortalCreateSessionRequestBody
+> = z.object({
+  slug: z.string(),
+  externalId: z.string(),
+  permissions: z.array(z.string()),
+  preview: z.boolean().default(false),
+});
+
+export function v2PortalCreateSessionRequestBodyToJSON(
+  v2PortalCreateSessionRequestBody: V2PortalCreateSessionRequestBody,
+): string {
+  return JSON.stringify(
+    V2PortalCreateSessionRequestBody$outboundSchema.parse(
+      v2PortalCreateSessionRequestBody,
+    ),
+  );
+}

package/src/models/components/v2portalcreatesessionresponsebody.ts

@@ -0,0 +1,41 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+import { Meta, Meta$inboundSchema } from "./meta.js";
+import {
+  V2PortalCreateSessionResponseData,
+  V2PortalCreateSessionResponseData$inboundSchema,
+} from "./v2portalcreatesessionresponsedata.js";
+
+export type V2PortalCreateSessionResponseBody = {
+  /**
+   * Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The `requestId` is particularly important when troubleshooting issues with the Unkey support team.
+   */
+  meta: Meta;
+  data: V2PortalCreateSessionResponseData;
+};
+
+/** @internal */
+export const V2PortalCreateSessionResponseBody$inboundSchema: z.ZodType<
+  V2PortalCreateSessionResponseBody,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  meta: Meta$inboundSchema,
+  data: V2PortalCreateSessionResponseData$inboundSchema,
+});
+
+export function v2PortalCreateSessionResponseBodyFromJSON(
+  jsonString: string,
+): SafeParseResult<V2PortalCreateSessionResponseBody, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => V2PortalCreateSessionResponseBody$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2PortalCreateSessionResponseBody' from JSON`,
+  );
+}

package/src/models/components/v2portalcreatesessionresponsedata.ts

@@ -0,0 +1,43 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+
+export type V2PortalCreateSessionResponseData = {
+  /**
+   * The short-lived session token ID. Valid for 15 minutes and can be exchanged once for a browser session.
+   *
+   * @remarks
+   */
+  sessionId: string;
+  /**
+   * The full portal URL with the session parameter. Redirect the end user to this URL.
+   *
+   * @remarks
+   */
+  url: string;
+};
+
+/** @internal */
+export const V2PortalCreateSessionResponseData$inboundSchema: z.ZodType<
+  V2PortalCreateSessionResponseData,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  sessionId: z.string(),
+  url: z.string(),
+});
+
+export function v2PortalCreateSessionResponseDataFromJSON(
+  jsonString: string,
+): SafeParseResult<V2PortalCreateSessionResponseData, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => V2PortalCreateSessionResponseData$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2PortalCreateSessionResponseData' from JSON`,
+  );
+}

package/src/models/components/v2portalexchangesessionrequestbody.ts

@@ -0,0 +1,39 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+
+export type V2PortalExchangeSessionRequestBody = {
+  /**
+   * The session token ID received from `portal.createSession`.
+   *
+   * @remarks
+   * Must be valid, unexpired, and not previously exchanged.
+   */
+  sessionId: string;
+};
+
+/** @internal */
+export type V2PortalExchangeSessionRequestBody$Outbound = {
+  sessionId: string;
+};
+
+/** @internal */
+export const V2PortalExchangeSessionRequestBody$outboundSchema: z.ZodType<
+  V2PortalExchangeSessionRequestBody$Outbound,
+  z.ZodTypeDef,
+  V2PortalExchangeSessionRequestBody
+> = z.object({
+  sessionId: z.string(),
+});
+
+export function v2PortalExchangeSessionRequestBodyToJSON(
+  v2PortalExchangeSessionRequestBody: V2PortalExchangeSessionRequestBody,
+): string {
+  return JSON.stringify(
+    V2PortalExchangeSessionRequestBody$outboundSchema.parse(
+      v2PortalExchangeSessionRequestBody,
+    ),
+  );
+}

package/src/models/components/v2portalexchangesessionresponsebody.ts

@@ -0,0 +1,42 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+import { Meta, Meta$inboundSchema } from "./meta.js";
+import {
+  V2PortalExchangeSessionResponseData,
+  V2PortalExchangeSessionResponseData$inboundSchema,
+} from "./v2portalexchangesessionresponsedata.js";
+
+export type V2PortalExchangeSessionResponseBody = {
+  /**
+   * Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The `requestId` is particularly important when troubleshooting issues with the Unkey support team.
+   */
+  meta: Meta;
+  data: V2PortalExchangeSessionResponseData;
+};
+
+/** @internal */
+export const V2PortalExchangeSessionResponseBody$inboundSchema: z.ZodType<
+  V2PortalExchangeSessionResponseBody,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  meta: Meta$inboundSchema,
+  data: V2PortalExchangeSessionResponseData$inboundSchema,
+});
+
+export function v2PortalExchangeSessionResponseBodyFromJSON(
+  jsonString: string,
+): SafeParseResult<V2PortalExchangeSessionResponseBody, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) =>
+      V2PortalExchangeSessionResponseBody$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2PortalExchangeSessionResponseBody' from JSON`,
+  );
+}

package/src/models/components/v2portalexchangesessionresponsedata.ts

@@ -0,0 +1,44 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+
+export type V2PortalExchangeSessionResponseData = {
+  /**
+   * The browser session token. Store this as an httpOnly cookie for subsequent portal requests.
+   *
+   * @remarks
+   */
+  token: string;
+  /**
+   * Unix timestamp in milliseconds when the browser session expires (24 hours from creation).
+   *
+   * @remarks
+   */
+  expiresAt: number;
+};
+
+/** @internal */
+export const V2PortalExchangeSessionResponseData$inboundSchema: z.ZodType<
+  V2PortalExchangeSessionResponseData,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  token: z.string(),
+  expiresAt: z.number().int(),
+});
+
+export function v2PortalExchangeSessionResponseDataFromJSON(
+  jsonString: string,
+): SafeParseResult<V2PortalExchangeSessionResponseData, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) =>
+      V2PortalExchangeSessionResponseData$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2PortalExchangeSessionResponseData' from JSON`,
+  );
+}

package/src/models/operations/index.ts

@@ -3,3 +3,5 @@
  */
 
 export * from "./identitieslistidentities.js";
+export * from "./portalcreatesession.js";
+export * from "./portalexchangesession.js";

package/src/models/operations/portalcreatesession.ts

@@ -0,0 +1,40 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { remap as remap$ } from "../../lib/primitives.js";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import * as components from "../components/index.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+
+export type PortalCreateSessionResponse = {
+  headers: { [k: string]: Array<string> };
+  result: components.V2PortalCreateSessionResponseBody;
+};
+
+/** @internal */
+export const PortalCreateSessionResponse$inboundSchema: z.ZodType<
+  PortalCreateSessionResponse,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  Headers: z.record(z.array(z.string())).default({}),
+  Result: components.V2PortalCreateSessionResponseBody$inboundSchema,
+}).transform((v) => {
+  return remap$(v, {
+    "Headers": "headers",
+    "Result": "result",
+  });
+});
+
+export function portalCreateSessionResponseFromJSON(
+  jsonString: string,
+): SafeParseResult<PortalCreateSessionResponse, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => PortalCreateSessionResponse$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'PortalCreateSessionResponse' from JSON`,
+  );
+}

package/src/models/operations/portalexchangesession.ts

@@ -0,0 +1,40 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod/v3";
+import { remap as remap$ } from "../../lib/primitives.js";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import * as components from "../components/index.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+
+export type PortalExchangeSessionResponse = {
+  headers: { [k: string]: Array<string> };
+  result: components.V2PortalExchangeSessionResponseBody;
+};
+
+/** @internal */
+export const PortalExchangeSessionResponse$inboundSchema: z.ZodType<
+  PortalExchangeSessionResponse,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  Headers: z.record(z.array(z.string())).default({}),
+  Result: components.V2PortalExchangeSessionResponseBody$inboundSchema,
+}).transform((v) => {
+  return remap$(v, {
+    "Headers": "headers",
+    "Result": "result",
+  });
+});
+
+export function portalExchangeSessionResponseFromJSON(
+  jsonString: string,
+): SafeParseResult<PortalExchangeSessionResponse, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => PortalExchangeSessionResponse$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'PortalExchangeSessionResponse' from JSON`,
+  );
+}

package/src/sdk/portal.ts

@@ -0,0 +1,60 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import { portalCreateSession } from "../funcs/portalCreateSession.js";
+import { portalExchangeSession } from "../funcs/portalExchangeSession.js";
+import { ClientSDK, RequestOptions } from "../lib/sdks.js";
+import * as components from "../models/components/index.js";
+import * as operations from "../models/operations/index.js";
+import { unwrapAsync } from "../types/fp.js";
+
+export class Portal extends ClientSDK {
+  /**
+   * Create portal session
+   *
+   * @remarks
+   * Create a short-lived session token for an end user to access the Customer Portal.
+   *
+   * The returned session ID is valid for 15 minutes and can be exchanged exactly once
+   * for a 24-hour browser session via `portal.exchangeSession`. Redirect the end user
+   * to the returned URL to start the portal experience.
+   *
+   * **Required Permissions**
+   *
+   * Your root key must be associated with a workspace that has an enabled portal configuration.
+   */
+  async createSession(
+    request: components.V2PortalCreateSessionRequestBody,
+    options?: RequestOptions,
+  ): Promise<operations.PortalCreateSessionResponse> {
+    return unwrapAsync(portalCreateSession(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * Exchange session token
+   *
+   * @remarks
+   * Exchange a short-lived session token for a long-lived browser session.
+   *
+   * This endpoint is unauthenticated. The session token itself serves as proof of authorization.
+   * Each token can only be exchanged once; subsequent attempts return 401.
+   *
+   * The returned browser session token is valid for 24 hours and should be stored as an
+   * httpOnly cookie or used in the Authorization header for subsequent API calls.
+   */
+  async exchangeSession(
+    request: components.V2PortalExchangeSessionRequestBody,
+    options?: RequestOptions,
+  ): Promise<operations.PortalExchangeSessionResponse> {
+    return unwrapAsync(portalExchangeSession(
+      this,
+      request,
+      options,
+    ));
+  }
+}

package/src/sdk/sdk.ts

@@ -9,6 +9,7 @@ import { Identities } from "./identities.js";
 import { Internal } from "./internal.js";
 import { Keys } from "./keys.js";
 import { Permissions } from "./permissions.js";
+import { Portal } from "./portal.js";
 import { Ratelimit } from "./ratelimit.js";
 
 export class Unkey extends ClientSDK {
@@ -42,6 +43,11 @@ export class Unkey extends ClientSDK {
     return (this._permissions ??= new Permissions(this._options));
   }
 
+  private _portal?: Portal;
+  get portal(): Portal {
+    return (this._portal ??= new Portal(this._options));
+  }
+
   private _ratelimit?: Ratelimit;
   get ratelimit(): Ratelimit {
     return (this._ratelimit ??= new Ratelimit(this._options));