@verdocs/js-sdk 6.1.1 → 6.2.0-beta.11

package/dist/index.mjs

@@ -1608,13 +1608,13 @@ const getEnvelope = async (endpoint, envelopeId) => endpoint.api //
  * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
  * @apiSuccess IEnvelopeDocument . The detailed metadata for the document requested
  */
-const getEnvelopeDocument = async (endpoint, _envelopeId, documentId) => endpoint.api //
+const getEnvelopeDocument = async (endpoint, documentId) => endpoint.api //
     .get(`/v2/envelope-documents/${documentId}`)
     .then((r) => r.data);
 /**
  * Download a document directly.
  */
-const downloadDocument = async (endpoint, _envelopeId, documentId) => endpoint.api //
+const downloadEnvelopeDocument = async (endpoint, documentId) => endpoint.api //
     .get(`/v2/envelope-documents/${documentId}?type=file`, { responseType: 'blob' })
     .then((r) => r.data);
 /**
@@ -1630,14 +1630,14 @@ const downloadDocument = async (endpoint, _envelopeId, documentId) => endpoint.a
  * @apiQuery string(enum:'file'|'download'|'preview') type? Download the file directly, generate a download link, or generate a preview link.
  * @apiSuccess string . The generated link.
  */
-const getDocumentDownloadLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+const getEnvelopeDocumentDownloadLink = async (endpoint, documentId) => endpoint.api //
     .get(`/v2/envelope-documents/${documentId}?type=download`)
     .then((r) => r.data);
 /**
  * Get a pre-signed preview link for an Envelope Document. This link expires quickly, so it should
  * be accessed immediately and never shared. Content-Disposition will be set to "inline".
  */
-const getDocumentPreviewLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+const getEnvelopeDocumentPreviewLink = async (endpoint, documentId) => endpoint.api //
     .get(`/v2/envelope-documents/${documentId}?type=preview`)
     .then((r) => r.data);
 /**
@@ -1659,7 +1659,7 @@ const cancelEnvelope = async (endpoint, envelopeId) => endpoint.api //
  *
  * @deprecated Use getDocumentPreviewLink/getDocumentDownloadLink/downloadDocument instead.
  */
-const getEnvelopeFile = async (endpoint, envelopeId, documentId) => endpoint.api //
+const getEnvelopeFile = async (endpoint, documentId) => endpoint.api //
     .get(`/v2/envelope-documents/${documentId}?type=file`, { responseType: 'blob' })
     .then((r) => r.data);
 /**
@@ -1678,60 +1678,26 @@ const updateEnvelope = async (endpoint, envelopeId, params) => endpoint.api //
  * Update a Document field. Typically called during the signing process as a Recipient fills in fields.
  *
  * @group Envelopes
- * @api PUT /envelopes/:envelope_id/fields/:field_name Update Envelope Field
+ * @api PUT /v2/envelopes/:envelope_id/fields/:field_name Update Envelope Field
  * @apiParam string(format: 'uuid') envelope_id The ID of the envelope to retrieve.
+ * @apiParam string role_name The role to submit. Be sure to URL-encode the value.
  * @apiParam string field_name The name of the field to update. Be sure to URL-encode the value.
- * @apiBody IEnvelopeFieldSettings . Set of properties to update. Leave undefined any properties that should not be changed.
- * @apiSuccess IEnvelope . A copy of the newly-updated field.
+ * @apiParam string value The value to set. For signature/initial fields, the UUID of the signature/initial block. For attachment fields, a file uploaded in a FORM-POST field named "document". For checkbox/radio buttons, a boolean. For all other fields, a string.
+ * @apiBody value . Value to set.
+ * @apiSuccess IEnvelopeField . A copy of the newly-updated field.
  */
-const updateEnvelopeField = async (endpoint, envelopeId, fieldName, value) => endpoint.api //
-    .put(`/envelopes/${envelopeId}/fields/${fieldName}`, value)
+const updateEnvelopeField = async (endpoint, envelopeId, roleName, fieldName, value, prepared) => endpoint.api //
+    .put(`/v2/envelopes/${envelopeId}/recipients/${roleName}/fields/${fieldName}`, { value, prepared })
     .then((r) => r.data);
 /**
- * Apply a signature to a signature field. Signature fields are ID-driven. Call `createSignature()`
- * first to create a signature for a Recipient, then call `updateEnvelopeFieldSignature()` to
- * attach it to a field.
- *
- * @group Envelopes
- * @api PUT /envelopes/:envelope_id/fields/:field_name/signature/:signature_id Update Envelope
- * @apiParam string(format: 'uuid') envelope_id The ID of the envelope to update.
- * @apiParam string field_name The name of the field to update. Be sure to URL-encode the value.
- * @apiParam string(format: 'uuid') signature_id The ID of the signature to attach.
- * @apiSuccess IEnvelopeFieldSettings . A copy of the newly-updated field.
- */
-const updateEnvelopeFieldSignature = async (endpoint, envelopeId, fieldName, signatureId) => endpoint.api //
-    .put(`/envelopes/${envelopeId}/fields/${fieldName}/signature/${signatureId}`)
-    .then((r) => r.data);
-/**
- * Apply an initial to an initials field. Initial fields are ID-driven. Call `createInitial()`
- * first to create an initial block for a Recipient, then call `supdateEnvelopeFieldInitials()` to
- * attach it to a field.
- *
- * @group Envelopes
- * @api PUT /envelopes/:envelope_id/fields/:field_name/initial/:initial_id Update Envelope
- * @apiParam string(format: 'uuid') envelope_id The ID of the envelope to update.
- * @apiParam string field_name The name of the field to update. Be sure to URL-encode the value.
- * @apiParam string(format: 'uuid') initial_id The ID of the initial block to attach.
- * @apiSuccess IEnvelopeFieldSettings . A copy of the newly-updated field.
- */
-const updateEnvelopeFieldInitials = async (endpoint, envelopeId, fieldName, initialId) => endpoint.api //
-    .put(`/envelopes/${envelopeId}/fields/${fieldName}/initial/${initialId}`)
-    .then((r) => r.data);
-/**
- * Upload an attachment to an attachment field
- *
- * @group Envelopes
- * @api PUT /envelopes/:envelope_id/fields/:field_name Upload or Delete Attachment
- * @apiParam string(format: 'uuid') envelope_id The ID of the envelope to update.
- * @apiParam string field_name The name of the field to update. Be sure to URL-encode the value.
- * @apiBody string document The file to attach. Must contain standard File object fields. If omitted, the attachment will be deleted instead.
- * @apiSuccess IEnvelopeFieldSettings . A copy of the newly-updated field.
+ * Upload an attachment to an attachment field.
  */
-const uploadEnvelopeFieldAttachment = async (endpoint, envelopeId, fieldName, file, onUploadProgress) => {
+const uploadEnvelopeFieldAttachment = async (endpoint, envelopeId, roleName, fieldName, file, onUploadProgress) => {
     const formData = new FormData();
     formData.append('document', file, file.name);
+    formData.append('value', '');
     return endpoint.api //
-        .put(`/envelopes/${envelopeId}/fields/${fieldName}`, formData, {
+        .put(`/v2/envelopes/${envelopeId}/recipients/${roleName}/fields/${fieldName}`, formData, {
         timeout: 120000,
         onUploadProgress: (event) => {
             const total = event.total || 1;
@@ -1746,25 +1712,13 @@ const uploadEnvelopeFieldAttachment = async (endpoint, envelopeId, fieldName, fi
  * being deleted. Instead, it is a similar operation to uploading a new attachment, but the
  * omission of the attachment signals the server to delete the current entry.
  */
-const deleteEnvelopeFieldAttachment = async (endpoint, envelopeId, fieldName) => {
+const deleteEnvelopeFieldAttachment = async (endpoint, envelopeId, roleName, fieldName) => {
     const formData = new FormData();
     // Omitting file is the trigger here
     return endpoint.api //
-        .put(`/envelopes/${envelopeId}/fields/${fieldName}`, formData)
+        .put(`/v2/envelopes/${envelopeId}/recipients/${roleName}/fields/${fieldName}`, formData)
         .then((r) => r.data);
 };
-/**
- * Get the attached file for an attachment field (if any).
- *
- * @group Envelopes
- * @api GET /envelopes/:envelope_id/fields/:field_name/document Download attachment in binary format
- * @apiParam string(format: 'uuid') envelope_id The ID of the envelope to retrieve.
- * @apiParam string field_name The name of the field from which to download the attachment.
- * @apiSuccess string . The file binary data.
- */
-const getFieldAttachment = async (endpoint, envelopeId, fieldName) => endpoint.api //
-    .get(`/envelopes/${envelopeId}/fields/${fieldName}/document`, { responseType: 'blob' })
-    .then((r) => r.data);
 /**
  * Get a display URI for a given page in a file attached to an envelope document. These pages are rendered server-side
  * into PNG resources suitable for display in IMG tags although they may be used elsewhere. Note that these are intended
@@ -1808,1833 +1762,1802 @@ const getEnvelopeDocumentPageDisplayUri = async (endpoint, documentId, page, var
 const getEnvelopes = (endpoint, params) => endpoint.api //
     .get('/v2/envelopes', { params })
     .then((r) => r.data);
-
 /**
- * Create an initials block. In a typical signing workflow, the user is asked at the beginning of the process to "adopt"
- * an initials block to be used for all initials fields in the document. Thus, this is typically called one time to
- * create and store an initials block. Thereafter, the ID of the initials block may be re-used for each initials field
- * to be "stamped" by the user.
- *
- * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
- * typically only ever have one, tied to that session. But authenticated users can create more than
- * one, and can use them interchangeably.
- *
- * @group Signatures and Initials
- * @api POST /v2/profiles/initials Create Initial Block
- * @apiBody string initial Blob containing initials image to store.
- * @apiSuccess IInitial . The newly-created initial block.
+ * Generate a ZIP file containing all data for the specified envelopes. The caller must be the
+ * owner of each envelope. The returned ZIP file contains a folder for each envelope.
  */
-const createInitials = (endpoint, name, initials) => {
-    const data = new FormData();
-    data.append('initial', initials, name);
-    return endpoint.api //
-        .post(`/v2/profiles/initials`, data)
-        .then((r) => r.data);
+const getEnvelopesZip = (endpoint, envelope_ids) => endpoint.api //
+    .get(`/v2/envelopes/zip/${envelope_ids.join(',')}`, { responseType: 'blob', timeout: 120000 });
+
+const canPerformTemplateAction = (profile, action, template) => {
+    if (!template && !action.includes('create')) {
+        return { canPerform: false, message: 'Missing required template object' };
+    }
+    // We use BOGUS here to force the option-chain in things like template?.profile_id to NOT match profile?.profile_id because if both
+    // were undefined, they would actually match.
+    const profile_id = profile?.id || 'BOGUS';
+    const organization_id = profile?.organization_id || 'BOGUS';
+    const isCreator = template?.profile_id === profile_id;
+    const isSameOrg = template?.organization_id === organization_id;
+    const isPersonal = template?.is_personal ?? false;
+    const isPublic = template?.is_public ?? false;
+    const permissionsRequired = [];
+    switch (action) {
+        case 'create_personal':
+            permissionsRequired.push('template:creator:create:personal');
+            break;
+        case 'create_org':
+            permissionsRequired.push('template:creator:create:org');
+            break;
+        case 'create_public':
+            permissionsRequired.push('template:creator:create:public');
+            break;
+        case 'read':
+            if (!isCreator) {
+                if ((!isPersonal && isSameOrg) || !isPublic) {
+                    permissionsRequired.push('template:member:read');
+                }
+            }
+            break;
+        case 'write':
+            if (!isCreator) {
+                permissionsRequired.push('template:member:read');
+                permissionsRequired.push('template:member:write');
+            }
+            break;
+        case 'change_visibility_personal':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:personal');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'change_visibility_org':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:org');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'change_visibility_public':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:public');
+                permissionsRequired.push('template:creator:visibility');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'delete':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:delete');
+            }
+            else {
+                permissionsRequired.push('template:member:delete');
+            }
+            break;
+        default:
+            return { canPerform: false, message: 'Action is not defined' };
+    }
+    if (hasRequiredPermissions(profile, permissionsRequired)) {
+        return { canPerform: true, message: '' };
+    }
+    return { canPerform: false, message: `Insufficient access to perform '${action}'. Needed permissions: ${permissionsRequired.toString()}` };
 };
+const hasRequiredPermissions = (profile, permissions) => permissions.every((perm) => (profile?.permissions || []).includes(perm));
 
 /**
- * Get the current KBA status. Note that this may only be called by the recipient and requires a
- * valid signing session to proceed. Although the Recipient object itself contains indications of
- * whether KBA is required, it will not contain the current status of the process. If
- * `recipient.auth_methods` is set (not empty), and `recipient.kba_completed` is false, this endpoint
- * should be called to determine the next KBA step required.
- */
-const getKbaStep = (endpoint, envelope_id, role_name) => endpoint.api //
-    .get(`/v2/kba/${envelope_id}/${encodeURIComponent(role_name)}`)
-    .then((r) => r.data);
-/**
- * Submit a response to a KBA PIN challenge.
- */
-const submitKbaPin = (endpoint, envelope_id, role_name, pin) => endpoint.api //
-    .post(`/v2/kba/pin`, { envelope_id, role_name, pin })
-    .then((r) => r.data);
-/**
- * Submit an identity response to a KBA challenge.
- */
-const submitKbaIdentity = (endpoint, envelope_id, role_name, identity) => endpoint.api //
-    .post(`/v2/kba/identity`, { envelope_id, role_name, identity })
-    .then((r) => r.data);
-/**
- * Submit an identity response to a KBA challenge. Answers should be submitted in the same order as
- * the challenges were listed in `IRecipientKbaStepChallenge.questions`.
+ * Add a field to a template.
+ *
+ * ```typescript
+ * import {createField} from '@verdocs/js-sdk/Templates';
+ *
+ * await createField((VerdocsEndpoint.getDefault(), template_id, { ... });
+ * ```
+ *
+ * @group Fields
+ * @api POST /v2/fields/:template_id Add a field to a template
+ * @apiBody string name Name for the new field. Field names must be unique within a template. Although special characters are allowed, they must be URL-encoded in subsequent requests, so it is recommended to use only alphanumeric characters and hyphens if possible.
+ * @apiBody string role_name Role to assign to the field. Role names must be valid, so it is recommended to create roles before fields.
+ * @apiBody string document_id ID of the document upon which to place the field.
+ * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type Type of field to create
+ * @apiBody boolean(default: false) required Whether the field is required
+ * @apiBody integer(min: 0) page 0-based page number upon which to place the field
+ * @apiBody integer(min: 0) x X position for the field (left to right)
+ * @apiBody integer(min: 0) y Y position for the field (_bottom to top!_)
+ * @apiBody string label? Optional label to display above the field
+ * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody string placeholder? Optional placeholder to display in text fields
+ * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
+ * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
+ * @apiBody string value? Optional default value to set on the field
+ * @apiSuccess ITemplateField . Template field
  */
-const submitKbaChallengeResponse = (endpoint, envelope_id, role_name, responses) => endpoint.api //
-    .post(`/v2/kba/response`, { envelope_id, role_name, responses })
+const createField = (endpoint, templateId, params) => endpoint.api //
+    .post(`/v2/fields/${templateId}`, params)
     .then((r) => r.data);
-
 /**
- * Update a recipient's status.
+ * Update a template field.
  *
- * @group Recipients
- * @api PUT /envelopes/:envelope_id/recipients/:role_name Update Recipient Status
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to adjust.
- * @apiBody string(enum:'submit'|'decline'|'owner_update'|'update'|'prepare') action The action to take. Adjusts the status, and may also perform other operations.
- * @apiBody string first_name? Ignored unless action is 'owner_update' or 'update'. The new owner's or recipient's first name.
- * @apiBody string last_name? Ignored unless action is 'owner_update' or 'update'. The new owner's or recipient's last name.
- * @apiBody string email? Ignored unless action is 'owner_update'. The new owner's email address.
- * @apiBody boolean agreed? Ignored unless action is 'update'. Set to true to accept the e-signing disclosures.
- * @apiBody array(items:IRecipient) recipients? Ignored unless action is 'prepare'. A list of recipients and their fields to set defaults for.
- * @apiSuccess IRecipient . The updated Recipient.
+ * ```typescript
+ * import {updateField} from '@verdocs/js-sdk/Templates';
+ *
+ * await updateField((VerdocsEndpoint.getDefault(), template_id, field_name, { ... });
+ * ```
+ *
+ * @group Fields
+ * @api PATCH /v2/fields/:template_id/:field_name Update a field. See createField for additional details on the supported parameters.
+ * @apiBody string name? Rename the field. Note that template field names must be unique within a template.
+ * @apiBody string role_name Role to assign to the field.
+ * @apiBody string document_id ID of the document upon which to place the field.
+ * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type? Change the field type. Note that while this is technically allowed, fields have different behaviors, validators, default sizes, etc. It is usually easier to add a new field and delete the old one.
+ * @apiBody boolean(default: false) required? Whether the field is required
+ * @apiBody integer(min: 0) page? 0-based page number upon which to place the field
+ * @apiBody integer(min: 0) x? X position for the field (left to right)
+ * @apiBody integer(min: 0) y? Y position for the field (_bottom to top!_)
+ * @apiBody string label? Optional label to display above the field
+ * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody string placeholder? Optional placeholder to display in text fields
+ * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
+ * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
+ * @apiBody string value? Optional default value to set on the field
+ * @apiSuccess ITemplateField . Updated template field
  */
-const updateRecipientStatus = async (endpoint, envelope_id, role_name, params) => endpoint.api //
-    .put(`/envelopes/${envelope_id}/recipients/${role_name}`, params)
+const updateField = (endpoint, templateId, name, params) => endpoint.api //
+    .patch(`/v2/fields/${templateId}/${encodeURIComponent(name)}`, params)
     .then((r) => r.data);
 /**
- * Submit an envelope (signing is finished). Note that all fields must be valid/completed for this to succeed.
- */
-const envelopeRecipientSubmit = (endpoint, envelopeId, roleName) => updateRecipientStatus(endpoint, envelopeId, roleName, { action: 'submit' });
-/**
- * Decline to complete an envelope (signing will not terminated).
- */
-const envelopeRecipientDecline = (endpoint, envelopeId, roleName) => updateRecipientStatus(endpoint, envelopeId, roleName, { action: 'decline' });
-/**
- * Claim / change ownership of an envelope. This is a special-case operation only available in certain workflows.
- */
-const envelopeRecipientChangeOwner = (endpoint, envelope_id, role_name, email, first_name, last_name) => updateRecipientStatus(endpoint, envelope_id, role_name, { action: 'owner_update', email, first_name, last_name });
-/**
- * Agree to electronic signing disclosures.
+ * Remove a field from a template.
+ *
+ * ```typescript
+ * import {deleteField} from '@verdocs/js-sdk/Templates';
+ *
+ * await deleteField((VerdocsEndpoint.getDefault(), template_id, field_name);
+ * ```
+ *
+ * @group Fields
+ * @api DELETE /v2/fields/:template_id/:field_name Delete a field
+ * @apiSuccess string . Success
  */
-const envelopeRecipientAgree = (endpoint, envelopeId, roleName, disclosures) => endpoint.api //
-    .put(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'accept', disclosures })
+const deleteField = (endpoint, templateId, name) => endpoint.api //
+    .delete(`/v2/fields/${templateId}/${encodeURIComponent(name)}`)
     .then((r) => r.data);
+
 /**
- * Change a recipient's name.
- */
-const envelopeRecipientUpdateName = (endpoint, envelopeId, roleName, first_name, last_name) => updateRecipientStatus(endpoint, envelopeId, roleName, { action: 'update', first_name, last_name });
-/**
- * Change a recipient's name.
- */
-const envelopeRecipientPrepare = (endpoint, envelopeId, roleName, recipients) => updateRecipientStatus(endpoint, envelopeId, roleName, { action: 'prepare', recipients });
-/**
- * Begin a signing session for an Envelope. This path requires an invite code, and should generally
- * be called with a NON-default Endpoint to avoid conflicting with any active user session the user
- * may have. To initiate in-person signing by an authenticated user (e.g. self-signing), call
- * getInPersonLink() instead. The response from that call includes both a link for direct signing
- * via a Web browser as well as an in-person access_key. That access_key.key may be used here as well.
- *
- * @group Recipients
- * @api POST /v2/sign/unauth/:envelope_id/:role_name/:key Start Signing Session
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to request.
- * @apiParam string key Access key generated by the envelope creator or email/SMS invite.
- * @apiSuccess ISignerTokenResponse . Signing session token and envelope/recipient metadata.
+ * A map of the permissions each role confers.
  */
-const startSigningSession = async (endpoint, envelope_id, role_name, key) => {
-    return endpoint.api //
-        .post(`/v2/sign/unauth/${envelope_id}/${encodeURIComponent(role_name)}/${key}`)
-        .then((r) => {
-        endpoint.setToken(r.data.access_token, 'signing');
-        return r.data;
-    });
-};
-/**
- * Get an in-person signing link. Must be called by the owner/creator of the envelope. The response
- * also includes the raw access key that may be used to directly initiate a signing session (see
- * `startSigningSession`) as well as an access token representing a valid signing session for
- * immediate use in embeds or other applications. Note that in-person signing is considered a
- * lower-security operation than authenticated signing, and the final envelope certificate will
- * reflect this.
- *
- * @group Recipients
- * @api POST /v2/sign/in-person/:envelope_id/:role_name Get In-Person Signing Link
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to request.
- * @apiSuccess IInPersonLinkResponse . Signing session token and envelope/recipient metadata.
+const RolePermissions = {
+    owner: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'template:member:visibility',
+        'owner:add',
+        'owner:remove',
+        'admin:add',
+        'admin:remove',
+        'member:view',
+        'member:add',
+        'member:remove',
+        'org:create',
+        'org:view',
+        'org:update',
+        'org:delete',
+        'org:transfer',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    admin: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'template:member:visibility',
+        'admin:add',
+        'admin:remove',
+        'member:view',
+        'member:add',
+        'member:remove',
+        'org:create',
+        'org:view',
+        'org:update',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    member: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'member:view',
+        'org:create',
+        'org:view',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    basic_user: ['template:member:read', 'member:view', 'org:view', 'org:list'],
+    contact: ['org:view', 'org:list', 'org:create'],
+};
+/**
+ * Confirm whether the user has all of the specified permissions.
  */
-const getInPersonLink = (endpoint, envelope_id, role_name) => endpoint.api //
-    .post(`/v2/sign/in-person/${envelope_id}/${encodeURIComponent(role_name)}`)
-    .then((r) => r.data);
+const userHasPermissions = (profile, permissions) => {
+    // No need to de-dupe here, we're just checking present-at-least-once set membership.
+    const netPermissions = [...(profile?.permissions || [])];
+    (profile?.roles || []).forEach((role) => {
+        netPermissions.push(...(RolePermissions[role] || []));
+    });
+    (profile?.group_profiles || []).forEach((groupProfile) => {
+        netPermissions.push(...(groupProfile.group?.permissions || []));
+    });
+    return permissions.every((perm) => netPermissions.includes(perm));
+};
+
 /**
- * Verify a recipient within a signing session. All signing sessions use an invite code at a minimum,
- * but many scenarios require more robust verification of recipients, so one or more verification
- * methods may be attached to each recipient. If an authentication method is enabled, the
- * signer must first accept the e-signature disclosures, then complete each verification step
- * before attempting to view/display documents, complete any fields, or submit the envelope.
- * This endpoint should be called to complete each step. If the call fails an error will be
- * thrown.
+ * Various helpers to identify available operations for a template by a user.
  *
- * @group Recipients
- * @api POST /v2/sign/verify Verify recipient/signer
- * @apiParam string(enum:'passcode'|'email'|'sms'|'kba'|'id') auth_method The authentication method being completed
- * @apiParam string code? The passcode or OTP entered. Required for passcode, email, and SMS methods.
- * @apiParam boolean resend? For SMS or email methods, set to send a new code.
- * @apiParam boolean first_name? For KBA, the recipient's first name
- * @apiParam boolean last_name? For KBA, the recipient's last name
- * @apiParam boolean address? For KBA, the recipient's address
- * @apiParam boolean city? For KBA, the recipient's city
- * @apiParam boolean state? For KBA, the recipient's state
- * @apiParam boolean zip? For KBA, the recipient's zip code
- * @apiParam boolean ssn_last_4? For KBA, the last 4 digits of the recipient's SSN
- * @apiParam boolean dob? For KBA, the recipient's date of birth
- * @apiParam array(items:IKBAResponse) responses? For KBA, responses to any challenge questions presented
- * @apiSuccess ISignerTokenResponse . Updated signing session.
+ * @module
  */
-const verifySigner = (endpoint, params) => endpoint.api //
-    .post(`/v2/sign/verify`, params)
-    .then((r) => r.data);
 /**
- * Delegate a recipient's signing responsibility. The envelope sender must enable this before the
- * recipient calls this endpoint, and only the recipient may call it, or the call will be rejected.
- * The recipient's role will be renamed and configured to indicate to whom the delegation was made,
- * and a new recipient entry with the updated details (e.g. name and email address) will be added
- * to the flow with the same role_name, order, and sequence of the original recipient. Unless
- * no_contact is set on the envelope, the delegation recipient and envelope creator will also be
- * notified.
- *
- * @group Recipients
- * @api PUT /v2/envelopes/:envelope_id/recipients/:role_name Delegate Recipient
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to operate on.
- * @apiBody string(enum:'delegate') action The operation to perform (delegate).
- * @apiBody string first_name The first name of the new recipient.
- * @apiBody string last_name The last name of the new recipient.
- * @apiBody string email The email address of the new recipient.
- * @apiBody string phone? Optional phone number for the new recipient.
- * @apiBody string message? Optional phone number for the new recipient's invitation.
- * @apiSuccess string . Success message.
+ * Check to see if the user created the template.
  */
-const delegateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
-    .put(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'delegate', ...params })
-    .then((r) => r.data);
+const userIsTemplateCreator = (profile, template) => profile && template && profile.id === template.profile_id;
 /**
- * Update a recipient. NOTE: User interfaces should rate-limit this operation to avoid spamming recipients.
- * Excessive use of this endpoint may result in Verdocs rate-limiting the calling application to prevent
- * abuse. This endpoint will return a 200 OK even if the no_contact flag is set on the envelope (in which
- * case the call will be silently ignored).
- *
- * @group Recipients
- * @api PATCH /envelopes/:envelope_id/recipients/:role_name Update Recipient
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role name to update.
- * @apiBody string(enum:'remind'|'reset') action? Trigger a reminder, or fully reset the recipient
- * @apiBody string first_name? Update the recipient's first name.
- * @apiBody string last_name? Update the recipient's last name.
- * @apiBody string email? Update the recipient's email address.
- * @apiBody string message? Update the recipient's invite message.
- * @apiBody string phone? Update the recipient's phone number.
- * @apiBody string passcode? If passcode authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed passcode-based auth.
- * @apiBody string address? If KBA-based authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string city? If KBA-based authentication is used, the recipient's city to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string state? If KBA-based authentication is used, the recipient's state to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string zip? If KBA-based authentication is used, the recipient's zip code to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string dob? If KBA-based authentication is used, the recipient's date of birth to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string ssn_last_4? If KBA-based authentication is used, the recipient's SSN-last-4 to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiSuccess IRecipient . The updated Recipient.
+ * Check to see if a template is "shared" with the user.
  */
-const updateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, params)
-    .then((r) => r.data);
+const userHasSharedTemplate = (profile, template) => profile && template && !template.is_personal && profile.organization_id === template.organization_id;
 /**
- * Send a reminder to a recipient. The recipient must still be an active member of the signing flow
- * (e.g. not declined, already submitted, etc.)
+ * Check to see if the user can create a personal/private template.
  */
-const remindRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'remind' })
-    .then((r) => r.data);
+const userCanCreatePersonalTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:personal']);
 /**
- * Fully reset a recipient. This allows the recipient to restart failed KBA flows, change
- * fields they may have filled in incorrectly while signing, etc. This cannot be used on a
- * canceled or completed envelope, but may be used to restart an envelope marked declined.
+ * Check to see if the user can create an org-shared template.
  */
-const resetRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'reset' })
-    .then((r) => r.data);
-
+const userCanCreateOrgTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:org']);
 /**
- * Various helpers to identify available operations for an envelope by a user.
- *
- * @module
+ * Check to see if the user can create a public template.
  */
+const userCanCreatePublicTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:public']);
 /**
- * Check to see if the profile ID owns the envelope.
+ * Check to see if the user can read/view a template.
  */
-const isEnvelopeOwner = (profile_id, envelope) => envelope.profile_id === profile_id;
+const userCanReadTemplate = (profile, template) => template.is_public ||
+    userIsTemplateCreator(profile, template) ||
+    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read']));
 /**
- * Check to see if the profile ID is a recipient within the envelope.
+ * Check to see if the user can update a tempate.
  */
-const isEnvelopeRecipient = (profile_id, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile_id);
+const userCanUpdateTemplate = (profile, template) => userIsTemplateCreator(profile, template) ||
+    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read', 'template:member:write']));
 /**
- * Check to see if the profile ID is the envelope's sender or one of the recipients.
+ * Check to see if the user can change whether a template is personal vs org-shared.
  */
-const canAccessEnvelope = (profile_id, envelope) => isEnvelopeOwner(profile_id, envelope) || isEnvelopeRecipient(profile_id, envelope);
+const userCanMakeTemplatePrivate = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:personal'])
+    : userHasPermissions(profile, ['template:member:visibility']);
 /**
- * Check to see if the user owns the envelope.
+ * Check to see if the user can change whether a template is personal vs org-shared.
  */
-const userIsEnvelopeOwner = (profile, envelope) => envelope.profile_id === profile?.id;
+const userCanMakeTemplateShared = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:org'])
+    : userHasPermissions(profile, ['template:member:visibility']);
 /**
- * Check to see if the user is a recipient within the envelope.
+ * Check to see if the user can change whether a template is personal vs org-shared.
  */
-const userIsEnvelopeRecipient = (profile, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile?.id);
+const userCanMakeTemplatePublic = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:public'])
+    : userHasPermissions(profile, ['template:member:visibility']);
 /**
- * Check to see if the profile ID is the envelope's sender or one of the recipients.
+ * Check to see if the user can change whether a template is personal vs org-shared.
  */
-const useCanAccessEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) || userIsEnvelopeRecipient(profile, envelope);
+const userCanChangeOrgVisibility = (profile, template) => userIsTemplateCreator(profile, template) && userHasPermissions(profile, ['template:creator:create:personal']);
 /**
- * Check to see if the envelope has pending actions.
+ * Check to see if the user can change whether a template is personal vs org-shared.
  */
-const envelopeIsActive = (envelope) => envelope.status !== 'complete' && envelope.status !== 'declined' && envelope.status !== 'canceled';
+const userCanDeleteTemplate = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:delete'])
+    : userHasPermissions(profile, ['template:member:delete']);
 /**
- * Check to see if the envelope has been completed.
+ * Confirm whether the user can create an envelope using the specified template.
  */
-const envelopeIsComplete = (envelope) => envelope.status !== 'complete';
+const userCanSendTemplate = (profile, template) => {
+    switch (template.visibility) {
+        case 'private':
+            return userIsTemplateCreator(profile, template);
+        case 'shared':
+            return userIsTemplateCreator(profile, template) || template.organization_id === profile?.organization_id;
+        case 'public':
+            return true;
+    }
+};
 /**
- * Check to see if the user owns the envelope.
+ * Confirm whether the user can create a new template.
  */
-const userCanCancelEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
-    envelope.status !== 'complete' &&
-    envelope.status !== 'declined' &&
-    envelope.status !== 'canceled';
+const userCanCreateTemplate = (profile) => userCanCreatePersonalTemplate(profile) || userCanCreateOrgTemplate(profile) || userCanCreatePublicTemplate(profile);
 /**
- * Check to see if the user owns the envelope.
+ * Check to see if the user can "build" the template (use the field builder). The user must have write access to the
+ * template, and the template must have at least one signer role.
  */
-const userCanFinishEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
-    envelope.status !== 'complete' &&
-    envelope.status !== 'declined' &&
-    envelope.status !== 'canceled';
-/**
- * Returns true if the recipient has a pending action. Note that this does not necessarily mean the recipient can act (yet).
- */
-const recipientHasAction = (recipient) => !['submitted', 'canceled', 'declined'].includes(recipient.status);
-/**
- * Returns the recipients who still have a pending action. Note that not all of these recipients may be able to act (yet).
- */
-const getRecipientsWithActions = (envelope) => (envelope?.recipients || []).filter(recipientHasAction);
-/**
- * Returns true if the recipient can act.
- */
-const recipientCanAct = (recipient, recipientsWithActions) => recipient.sequence === recipientsWithActions?.[0]?.sequence;
-/**
- * Returns true if the user can act.
- */
-const userCanAct = (email, recipientsWithActions) => {
-    const recipient = recipientsWithActions.find((r) => r.email === email);
-    return recipient && recipient.sequence === recipientsWithActions?.[0]?.sequence;
-};
+const userCanBuildTemplate = (profile, template) => userCanUpdateTemplate(profile, template) && (template.roles || []).filter((role) => role.type === 'signer').length > 0;
+const getFieldsForRole = (template, role_name) => (template.fields || []).filter((field) => field.role_name === role_name);
 /**
- * Returns true if the user can act.
+ * Check to see if the user can preview the template. The user must have read access to the template, the template must
+ * have at least one signer, and every signer must have at least one field.
  */
-const userCanSignNow = (profile, envelope) => {
-    if (!profile) {
-        return false;
-    }
-    const recipientsWithActions = getRecipientsWithActions(envelope);
-    const myRecipient = recipientsWithActions.find((r) => r.profile_id === profile?.id || r.email === profile?.email);
-    return (myRecipient &&
-        envelopeIsActive(envelope) &&
-        userIsEnvelopeRecipient(profile, envelope) &&
-        recipientCanAct(myRecipient, recipientsWithActions));
-};
-const getNextRecipient = (envelope) => {
-    const recipientsWithActions = getRecipientsWithActions(envelope);
-    return recipientsWithActions?.[0];
+const userCanPreviewTemplate = (profile, template) => {
+    const hasPermission = userCanReadTemplate(profile, template);
+    const signers = (template.roles || []).filter((role) => role.type === 'signer');
+    return hasPermission && signers.length > 0 && signers.every((signer) => getFieldsForRole(template, signer.name).length > 0);
 };
 
 /**
- * Create a signature block. In a typical signing workflow, the user is asked at the beginning of the process to "adopt"
- * a signature block to be used for all signature fields in the document. Thus, this is typically called one time to
- * create and store a signature block. Thereafter, the ID of the signature block may be re-used for each signature field
- * to be "stamped" by the user.
- *
- * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
- * typically only ever have one, tied to that session. But authenticated users can create more than
- * one, and can use them interchangeably.
- *
- * @group Signatures and Initials
- * @api POST /v2/profiles/signatures Create Signature Block
- * @apiBody string signature Blob containing signature image to store.
- * @apiSuccess ISignature . The newly-created signature block.
- */
-const createSignature = (endpoint, name, signature) => {
-    const data = new FormData();
-    data.append('signature', signature, name);
-    return endpoint.api //
-        .post(`/v2/profiles/signatures`, data)
-        .then((r) => r.data);
-};
-/**
- * Get the available signatures for a user.
- *
- * @group Signatures and Initials
- * @api GET /signatures Create Signature Block
- *
- * @apiSuccess array(items:ISignature) . A list of signatures previously stored for the user.
- */
-const getSignatures = (endpoint) => endpoint.api //
-    .get('/signatures')
-    .then((r) => r.data);
-/**
- * Get a user's signature by ID.
- *
- * @group Signatures and Initials
- * @api GET /signatures/:id Delete Signature Block
- * @apiParam string(format: 'uuid') id The ID of the signature to delete.
- * @apiSuccess ISignature . The signature metadata requested.
- */
-const getSignature = (endpoint, signatureId) => endpoint.api //
-    .get(`/signatures/${signatureId}`)
-    .then((r) => r.data);
-/**
- * Delete a user's signature.
+ * A "role" is an individual participant in a signing flow, such as a signer or CC contact.
+ * A role is a placeholder that will eventually become a named recipient. For example, "Tenant 1"
+ * might be replaced with "John Smith" when the document is sent out for signature.
  *
- * @group Signatures and Initials
- * @api DELETE /signatures/:id Delete Signature Block
- * @apiParam string(format: 'uuid') id The ID of the signature to delete.
- * @apiSuccess string . OK
- */
-const deleteSignature = (endpoint, signatureId) => endpoint.api //
-    .delete(`/signatures/${signatureId}`)
-    .then((r) => r.data);
-
-/**
- * API keys are used to authenticate server-to-server calls. (API keys should **never** be used for client-to-server operations!)
- * To generate a key, either use the Verdocs admin interface and make note of the client_id and client_secret generated, or call
- * createKey as shown below. Then call {@link Users.Auth.authenticateApp} to obtain an access token using the provided ID and
- * secret. Note that server-to-server authentication requests return shorter-lived tokens, so it is important to check the `exp`
- * field and re-authenticate as needed for subsequent calls.
+ * Role names must be unique within a template, e.g. 'Recipient 1'. They may contain any [a-zA-Z0-9_- ]
+ * characters, although it is recommended to keep them simple and human-readable, and to avoid
+ * spaces (although they are allowed). If spaces are used in role names, be sure to URL-encode them
+ * when calling endpoints like `updateRole()` e.g. 'Recipient%201'.
  *
- * API keys may be updated or rotated at any time. Regular rotation is recommended. Rotation will not expire or invalidate
- * existing server-to-server sessions, so it may be done at any time without disrupting your application.
+ * NOTE: Roles are always enumerated under Template objects, so there are no "list" or "get" endpoints
+ * for them. To get a template's latest role list, simply call `getTemplate()`.
  *
  * @module
  */
 /**
- * Get a list of keys for a given organization. The caller must have admin access to the organization.
- *
- * ```typescript
- * import {getApiKeys} from '@verdocs/js-sdk';
- *
- * const keys = await getApiKeys(ORGID);
- * ```
- *
- * @group API Keys
- * @api GET /v2/api-keys Get API keys
- * @apiSuccess array(items: IApiKey) . A list of the API keys for the caller's organization. Secrets will not be included.
- */
-const getApiKeys = (endpoint) => endpoint.api //
-    .get(`/v2/api-keys`)
-    .then((r) => r.data);
-/**
- * Create an API key.
- *
- * ```typescript
- * import {createApiKey} from '@verdocs/js-sdk';
- *
- * await createApiKey(ORGID, {name: NEWNAME});
- * ```
- *
- * @group API Keys
- * @api POST /v2/api-keys Create API key
- * @apiBody string name A name used to identify the key in the Verdocs Web App
- * @apiBody string(format:uuid) profile_id The profile ID that calls made using the key will act as
- * @apiBody array(items:string) permission An array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
- * @apiSuccess IApiKey . The newly-created API key, including its secret.
- */
-const createApiKey = (endpoint, params) => endpoint.api //
-    .post('/v2/api-keys', params)
-    .then((r) => r.data);
-/**
- * Rotate the secret for an API key. The caller must have admin access to the organization.
+ * Create a role.
  *
  * ```typescript
- * import {rotateApiKey} from '@verdocs/js-sdk';
+ * import {createTemplateRole} from '@verdocs/js-sdk';
  *
- * const {client_secret: newSecret} = await rotateApiKey(ORGID, CLIENTID);
+ * const role = await createTemplateRole(VerdocsEndpoint.getDefault(), template_id, params...);
  * ```
  *
- * @group API Keys
- * @api POST /v2/api-keys/:client_id/rotate Rotate API key
- * @apiParam string(format:uuid) client_id The client ID of the key to rotate
- * @apiSuccess IApiKey . The updated API key with its new secret.
+ * @group Roles
+ * @api POST /v2/roles/:template_id Add a role to a template
+ * @apiBody string name Name for the new role. Must be unique within the template. May include spaces, but later calls must URL-encode any references to this role, so it is recomended that special characters be avoided.
+ * @apiBody string(enum:'signer' | 'cc' | 'approver') type Type of role to create. Signers act on documents by filling and signing fields. CC recipients receive a copy but do not act on the document. Approvers control the final submission of a document, but do not have fields of their own to fill out.
+ * @apiBody string full_name? Default full name for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string email? Default email address for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string phone? Default (SMS-capable) phone number for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string message? Optional message to include in email and SMS signing invitations.
+ * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role. Roles that share the same sequence number act in parallel, and will receive invitations at the same time.
+ * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role. Controls the left-to-right display order of roles at the same sequence number in the UI components e.g. `<verdocs-template-roles />`.
+ * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
+ * @apiSuccess IRole . The newly-created role
  */
-const rotateApiKey = (endpoint, clientId) => endpoint.api //
-    .post(`/v2/api-keys/${clientId}/rotate`)
+const createTemplateRole = (endpoint, template_id, params) => endpoint.api //
+    .post(`/v2/roles/${template_id}`, params)
     .then((r) => r.data);
 /**
- * Update an API key to change its assigned Profile ID or Name.
+ * Update a role.
  *
  * ```typescript
- * import {updateApiKey} from '@verdocs/js-sdk';
+ * import {updateTemplateRole} from '@verdocs/js-sdk';
  *
- * await updateApiKey(ORGID, CLIENTID, {name: NEWNAME});
+ * const role = await updateTemplateRole(VerdocsEndpoint.getDefault(), template_id, name, params...);
  * ```
  *
- * @group API Keys
- * @api PATCH /v2/api-keys/:client_id Update API key
- * @apiBody string name? New name for the API key
- * @apiBody array(items:string) permission New array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
- * @apiSuccess IApiKey . The updated API key. The secret will not be included.
+ * @group Roles
+ * @api PATCH /v2/roles/:template_id/:role_id Update a role. See createRole for additional details on the parameters available.
+ * @apiBody string name? Rename the role. Note that role names must be unique within a template, so this may fail if the new name is already in use.
+ * @apiBody string(enum:'signer' | 'cc' | 'approver') type? Type of role.
+ * @apiBody string full_name? Default full name for the role.
+ * @apiBody string email? Default email address for the role.
+ * @apiBody string phone? Default (SMS-capable) phone number for the role.
+ * @apiBody string message? Optional message to include in email and SMS signing invitations.
+ * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role.
+ * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role.
+ * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
+ * @apiBody string(enum:'pin'|'identity'|'') kba_method? Active PIN- or Identity-based KBA for the role.
+ * @apiSuccess IRole . The newly-created role
  */
-const updateApiKey = (endpoint, clientId, params) => endpoint.api //
-    .patch(`/v2/api-keys/${clientId}`, params)
+const updateTemplateRole = (endpoint, template_id, name, params) => endpoint.api //
+    .patch(`/v2/roles/${template_id}/${encodeURIComponent(name)}`, params)
     .then((r) => r.data);
 /**
- * Delete an API key.
+ * Delete a role.
  *
  * ```typescript
- * import {deleteApiKey} from '@verdocs/js-sdk';
+ * import {deleteTemplateRole} from '@verdocs/js-sdk';
  *
- * await deleteApiKey(ORGID, CLIENTID);
+ * const profiles = await deleteTemplateRole(VerdocsEndpoint.getDefault(), template_id, name);
  * ```
  *
- * @group API Keys
- * @api DELETE /v2/api-keys/:client_id Delete API key
- * @apiSuccess string . Success.
+ * @group Roles
+ * @api DELETE /v2/roles/:template_id/:role_id Delete a role.
+ * @apiSuccess string . Success
  */
-const deleteApiKey = (endpoint, clientId) => endpoint.api //
-    .delete(`/v2/api-keys/${clientId}`)
+const deleteTemplateRole = (endpoint, template_id, name) => endpoint.api //
+    .delete(`/v2/roles/${template_id}/${encodeURIComponent(name)}`)
     .then((r) => r.data);
 
 /**
- * An Organization Contact (aka Profile) is an individual user with no access to an organization. These entries
- * appear only in contact lists, usually to populate quick-search dropdowns when sending envelopes.
+ * A Template defines how a Verdocs signing flow will be performed, including attachments, signing fields, and
+ * recipients.
  *
  * @module
  */
 /**
- * Get a list of the contacts in the caller's organization.
+ * Get all templates accessible by the caller, with optional filters.
  *
  * ```typescript
- * import {getOrganizationContacts} from '@verdocs/js-sdk';
+ * import {getTemplates} from '@verdocs/js-sdk/Templates';
  *
- * const members = await getOrganizationContacts(VerdocsEndpoint.getDefault()});
+ * await getTemplates((VerdocsEndpoint.getDefault());
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_starred: true });
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_creator: true });
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_organization: true });
  * ```
  *
- * @group Organization Contacts
- * @api GET /v2/organization-contacts Get a list of organization contacts
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * @group Templates
+ * @api GET /v2/templates Get Templates
+ * @apiQuery string q? Find templates whose names/descriptions contain the specified query string
+ * @apiQuery boolean is_starred? If true, returns only templates with at least one "star".
+ * @apiQuery boolean is_creator? If true, returns only templates that the caller created.
+ * @apiQuery string(enum: 'private_shared' | 'private' | 'shared' | 'public') visibility? Return only templates with the specified visibility.
+ * @apiQuery string(enum: 'created_at' | 'updated_at' | 'name' | 'last_used_at' | 'counter' | 'star_counter') sort_by? Return results sorted by this criteria
+ * @apiQuery boolean ascending? Set true/false to override the sort direction. Note that the default depends on `sort_by`. Date-based sorts default to descending, while name defaults to ascending.
+ * @apiQuery integer(default: 20) rows? Limit the number of rows returned
+ * @apiQuery integer(default: 0) page? Specify which page of results to return
+ * @apiSuccess integer(format: int32) count The total number of records matching the query, helpful for pagination
+ * @apiSuccess integer(format: int32) rows The number of rows returned in this response page
+ * @apiSuccess integer(format: int32) page The page number of this response
+ * @apiSuccess array(items: ITemplate) templates List of templates found
  */
-const getOrganizationContacts = (endpoint) => endpoint.api //
-    .get(`/v2/organization-contacts`)
+const getTemplates = (endpoint, params) => endpoint.api //
+    .get('/v2/templates', { params })
     .then((r) => r.data);
 /**
- * Delete a contact from the caller's organization. Note that the caller must be an admin or owner.
+ * Get one template by its ID.
  *
  * ```typescript
- * import {deleteOrganizationContact} from '@verdocs/js-sdk';
+ * import {getTemplate} from '@verdocs/js-sdk/Templates';
  *
- * await deleteOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID'});
+ * const template = await getTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
  * ```
  *
- * @group Organization Contacts
- * @api POST /v2/organization-invitations/decline GET a list of pending invitations
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * @group Templates
+ * @api GET /v2/templates/:template_id Get a template. Note that the caller must have at least View access to the template.
+ * @apiSuccess ITemplate . The requested template
  */
-const deleteOrganizationContact = (endpoint, profileId) => endpoint.api //
-    .delete(`/v2/organization-contacts/${profileId}`)
-    .then((r) => r.data);
-/**
- * Update a member.
- *
- * ```typescript
- * import {createOrganizationContact} from '@verdocs/js-sdk';
- *
- * const result = await createOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'First', last_name:'Last', email:'a@b.com'});
- * ```
- */
-const createOrganizationContact = (endpoint, params) => endpoint.api //
-    .post(`/v2/organization-contacts`, params)
-    .then((r) => r.data);
+const getTemplate = (endpoint, templateId) => {
+    return endpoint.api //
+        .get(`/v2/templates/${templateId}`)
+        .then((r) => {
+        const template = r.data;
+        // Post-process the template to upgrade to new data fields
+        if (!template.documents && template.template_documents) {
+            template.documents = template.template_documents;
+        }
+        template.documents?.forEach((document) => {
+            if (!document.order) {
+                document.order = 0;
+            }
+            if (document.page_numbers) {
+                document.pages = document.page_numbers;
+            }
+        });
+        // Temporary upgrade from legacy app
+        template.fields?.forEach((field) => {
+            if (field.setting) {
+                field.settings = field.setting;
+            }
+        });
+        return template;
+    });
+};
+const ALLOWED_CREATE_FIELDS = [
+    'name',
+    'is_personal',
+    'is_public',
+    'sender',
+    'description',
+    'roles',
+    'fields',
+];
 /**
- * Update a member.
+ * Create a template.
  *
  * ```typescript
- * import {updateOrganizationContact} from '@verdocs/js-sdk';
+ * import {createTemplate} from '@verdocs/js-sdk/Templates';
  *
- * const result = await updateOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'NewFirst'});
+ * const newTemplate = await createTemplate((VerdocsEndpoint.getDefault(), {...});
  * ```
- */
-const updateOrganizationContact = (endpoint, profileId, params) => endpoint.api //
-    .patch(`/v2/organization-contacts/${profileId}`, params)
-    .then((r) => r.data);
-
-/**
- * Organizations may contain "Groups" of user profiles, called Members. Groups may have permissions assigned that
- * apply to all Members, making it easy to configure role-based access control (RBAC) within an Organization. Note
- * that permissions are **additive**. A user may be a member of more than one group, and may also have permissions
- * assigned directly. In that case, the user will have the combined set of all permissions inherited from all
- * sources.
  *
- * @module
+ * @group Templates
+ * @api POST /v2/templates Create a template
+ * @apiBody string name Template name
+ * @apiBody string description? Optional description
+ * @apiBody TTemplateVisibility visibility? Visibility setting
+ * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
+ * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
+ * @apiBody TTemplateSender sender? Who may send envelopes using this template
+ * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
+ * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
+ * @apiBody array(items:object) documents? Optional list of documents to attach to the template
+ * @apiBody array(items:IRole) roles? Optional list of roles to create. Note that if roles are not included in the request, fields will be ignored.
+ * @apiBody array(fields:ITemplateField) fields? Optional list of fields to create. Note that if fields that do not match a role will be ignored.
+ * @apiSuccess ITemplate . The newly-created template
  */
+const createTemplate = (endpoint, params, onUploadProgress) => {
+    const options = {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    };
+    if (params.documents && params.documents[0] instanceof File) {
+        const formData = new FormData();
+        ALLOWED_CREATE_FIELDS.forEach((allowedKey) => {
+            if (params[allowedKey] !== undefined) {
+                formData.append(allowedKey, params[allowedKey]);
+            }
+        });
+        params.documents.forEach((file) => {
+            formData.append('documents', file, file.name);
+        });
+        return endpoint.api.post('/v2/templates', formData, options).then((r) => r.data);
+    }
+    else {
+        return endpoint.api.post('/v2/templates', params, options).then((r) => r.data);
+    }
+};
 /**
- * Get a list of groups for the caller's organization. NOTE: Any organization member may request
- * the list of groups, but only Owners and Admins may update them.
+ * Duplicate a template. Creates a complete clone, including all settings (e.g. reminders), fields,
+ * roles, and documents.
  *
  * ```typescript
- * import {getGroups} from '@verdocs/js-sdk';
+ * import {duplicateTemplate} from '@verdocs/js-sdk/Templates';
  *
- * const groups = await getGroups();
+ * const newTemplate = await duplicateTemplate((VerdocsEndpoint.getDefault(), originalTemplateId, 'My Template Copy');
  * ```
+ *
+ * @group Templates
+ * @api PUT /v2/templates/:template_id Perform an operation on a template
+ * @apiBody string(enum:'duplicate') action Action to perform
+ * @apiBody string name? If duplicating the template, a name for the new copy
+ * @apiSuccess ITemplate . The newly-copied template
  */
-const getGroups = (endpoint) => endpoint.api //
-    .get(`/v2/organization-groups`)
+const duplicateTemplate = (endpoint, templateId, name) => endpoint.api //
+    .put(`/v2/templates/${templateId}`, { action: 'duplicate', name })
     .then((r) => r.data);
 /**
- * Get the details for a group, including its member profiles and list of permissions.
+ * Create a template from a Sharepoint asset.
  *
  * ```typescript
- * import {getGroup} from '@verdocs/js-sdk/v2/organization-groups';
+ * import {createTemplateFromSharepoint} from '@verdocs/js-sdk/Templates';
  *
- * const group = await getGroup(GROUPID);
+ * const newTemplate = await createTemplateFromSharepoint((VerdocsEndpoint.getDefault(), {...});
  * ```
+ *
+ * @group Templates
+ * @api POST /v2/templates/from-sharepoint Create a template from an asset in Sharepoint
+ * @apiBody string name Name for the new template
+ * @apiBody string siteId Name for the new template
+ * @apiBody string itemId Name for the new template
+ * @apiBody string oboToken On-Behalf-Of token for calls to Sharepoint. Should be generated as a short-expiration token with at least Read privileges to the siteId/itemId. This token will be discarded after being used.
+ * @apiSuccess ITemplate . The newly-created template
  */
-const getGroup = (endpoint, groupId) => endpoint.api //
-    .get(`/v2/organization-groups/${groupId}`)
-    .then((r) => r.data);
+const createTemplateFromSharepoint = (endpoint, params) => {
+    const options = {
+        timeout: 120000,
+    };
+    return endpoint.api.post('/v2/templates/from-sharepoint', params, options).then((r) => r.data);
+};
 /**
- * Create a group. Note that "everyone" is a reserved name and may not be created.
+ * Update a template.
  *
  * ```typescript
- * import {createGroup} from '@verdocs/js-sdk';
+ * import {updateTemplate} from '@verdocs/js-sdk/Templates';
  *
- * const group = await createGroup(VerdocsEndpoint.getDefault(), {name:'newgroup'});
+ * const updatedTemplate = await updateTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9', { name: 'New Name' });
  * ```
+ *
+ * @group Templates
+ * @api PATCH /v2/templates/:template_id Update a template
+ * @apiBody string name? Template name
+ * @apiBody string description? Optional description
+ * @apiBody TTemplateVisibility visibility? Visibility setting
+ * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
+ * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
+ * @apiBody TTemplateSender sender? Who may send envelopes using this template
+ * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
+ * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
+ * @apiSuccess ITemplate . The updated template
  */
-const createGroup = (endpoint, params) => endpoint.api //
-    .post('/v2/organization-groups', params)
+const updateTemplate = (endpoint, templateId, params) => endpoint.api //
+    .patch(`/v2/templates/${templateId}`, params)
     .then((r) => r.data);
 /**
- * Update a group. Note that "everyone" is a reserved name and may not be changed.
+ * Delete a template.
  *
  * ```typescript
- * import {updateGroup} from '@verdocs/js-sdk';
+ * import {deleteTemplate} from '@verdocs/js-sdk/Templates';
  *
- * const updated = await updateGroup(VerdocsEndpoint.getDefault(), {name:'newname'});
+ * await deleteTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
  * ```
+ *
+ * @group Templates
+ * @api DELETE /v2/templates/:template_id Delete a template
+ * @apiSuccess string . Success
  */
-const updateGroup = (endpoint, groupId, params) => endpoint.api //
-    .patch(`/v2/organization-groups/${groupId}`, params)
+const deleteTemplate = (endpoint, templateId) => endpoint.api //
+    .delete(`/v2/templates/${templateId}`)
     .then((r) => r.data);
 /**
- * Get an organization by ID. Note that the "everyone" group cannot be deleted.
+ * Toggle the template star for a template.
  *
  * ```typescript
- * import {deleteGroup} from '@verdocs/js-sdk';
+ * import {toggleTemplateStar} from '@verdocs/js-sdk/Templates';
  *
- * await deleteGroup(VerdocsEndpoint.getDefault(), 'ORGID');
+ * await toggleTemplateStar((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
  * ```
+ *
+ * @group Templates
+ * @api POST /v2/templates/:template_id/star Star or unstar a template (toggle state)
+ * @apiSuccess ITemplate . Success
  */
-const deleteGroup = (endpoint, groupId) => endpoint.api //
-    .delete(`/v2/organization-groups/${groupId}`)
+const toggleTemplateStar = (endpoint, templateId) => endpoint.api //
+    .post(`/v2/templates/${templateId}/stars/toggle`)
     .then((r) => r.data);
+
 /**
- * Add a member to a group.
+ * A TemplateDocument represents a PDF or other attachment in a Template.
+ *
+ * @module
+ */
+/**
+ * Create a Document for a particular Template.
  *
  * ```typescript
- * import {addGroupMember} from '@verdocs/js-sdk';
+ * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
  *
- * await addGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
+ * await TemplateDocument.createDocument(VerdocsEndpoint.getDefault(), templateID, params);
  * ```
+ *
+ * @group Template Documents
+ * @api POST /v2/templates/:template_id/documents Attach a document to a template
+ * @apiBody string(format:binary) file Document file to attach. The file name will automatically be used as the document name.
+ * @apiBody string(format:uuid) template_id Template ID to attach the document to
+ * @apiSuccess ITemplateDocument . Template document
  */
-const addGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
-    .post(`/v2/organization-groups/${groupId}/members`, { profile_id })
-    .then((r) => r.data);
+const createTemplateDocument = (endpoint, template_id, file, onUploadProgress) => {
+    const formData = new FormData();
+    formData.append('file', file, file.name);
+    formData.append('template_id', template_id);
+    return endpoint.api //
+        .post(`/v2/template-documents`, formData, {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    })
+        .then((r) => r.data);
+};
 /**
- * Remove a member from a group.
+ * Delete a specific Document.
  *
  * ```typescript
- * import {deleteGroupMember} from '@verdocs/js-sdk';
+ * import {deleteTemplateDocument} from '@verdocs/js-sdk/Templates';
  *
- * await deleteGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
+ * await deleteTemplateDocument(VerdocsEndpoint.getDefault(), documentID);
  * ```
- */
-const deleteGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
-    .delete(`/v2/organization-groups/${groupId}/members/${profile_id}`)
-    .then((r) => r.data);
-
-/**
- * An invitation represents an opportunity for a Member to join an Organization.
  *
- * @module
+ * @group Template Documents
+ * @api DELETE /v2/template-documents/:document_id Delete a template document
+ * @apiSuccess string . Success
  */
+const deleteTemplateDocument = (endpoint, documentId) => endpoint.api //
+    .delete(`/v2/template-documents/${documentId}`)
+    .then((r) => r.data);
 /**
- * Get a list of invitations pending for the caller's organization. The caller must be an admin or owner.
+ * Get all metadata for a template document. Note that when called by non-creators (e.g. Org Collaborators)
+ * this will return only the **metadata** the caller is allowed to view.
  *
- * @group Organization Invitations
- * @api GET /v2/organization-invitations Get a list of pending invitations
- * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * @group Template Documents
+ * @api GET /v2/envelope-documents/:id Get envelope document
+ * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
+ * @apiSuccess IEnvelopeDocument . The detailed metadata for the document requested
  */
-const getOrganizationInvitations = (endpoint) => endpoint.api //
-    .get(`/v2/organization-invitations`)
+const getTemplateDocument = async (endpoint, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}`)
     .then((r) => r.data);
 /**
- * Invite a new user to join the organization.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations Invite a new user to join the organization
- * @apiBody string email Email address to send the invitation to
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiBody TRole role Initial role to assign to the user once they accept.
- * @apiSuccess IOrganizationInvitation . The newly-created invitation.
+ * Download a document directly.
  */
-const createOrganizationInvitation = (endpoint, params) => endpoint.api //
-    .post(`/v2/organization-invitations`, params)
+const downloadTemplateDocument = async (endpoint, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}?type=file`, { responseType: 'blob' })
     .then((r) => r.data);
 /**
- * Delete an invitation. Note that no cancellation message will be sent. Invitations are also one-time-use.
- * If the invitee attempts to join after the invitation is deleted, accepted, or decline, they will be
- * shown an error.
+ * Get an envelope document's metadata, or the document itself. If no "type" parameter is specified,
+ * the document metadata is returned. If "type" is set to "file", the document binary content is
+ * returned with Content-Type set to the MIME type of the file. If "type" is set to "download", a
+ * string download link will be returned. If "type" is set to "preview" a string preview link will
+ * be returned. This link expires quickly, so it should be accessed immediately and never shared.
  *
- * @group Organization Invitations
- * @api DELETE /v2/organization-invitations/:email Delete a pending invitation
- * @apiSuccess string . Success
+ * @group Template Documents
+ * @api GET /v2/envelope-documents/:document_id Preview, Download, or Link to a Document
+ * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
+ * @apiQuery string(enum:'file'|'download'|'preview') type? Download the file directly, generate a download link, or generate a preview link.
+ * @apiSuccess string . The generated link.
  */
-const deleteOrganizationInvitation = (endpoint, email) => endpoint.api //
-    .delete(`/v2/organization-invitations/${email}`)
+const getTemplateDocumentDownloadLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}?type=download`)
     .then((r) => r.data);
 /**
- * Update an invitation. Note that email may not be changed after the invite is sent. To change
- * an invitee's email, delete the incorrect entry and create one with the correct value.
- *
- * @group Organization Invitations
- * @api PATCH /v2/organization-invitations/:email Update a pending invitation
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiBody TRole role Initial role to assign to the user once they accept.
- * @apiSuccess IOrganizationInvitation . The updated invitation.
+ * Get a pre-signed preview link for an Envelope Document. This link expires quickly, so it should
+ * be accessed immediately and never shared. Content-Disposition will be set to "inline".
  */
-const updateOrganizationInvitation = (endpoint, email, params) => endpoint.api //
-    .patch(`/v2/organization-invitations/${email}`, params)
+const getTemplateDocumentPreviewLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+    .get(`/v2/envelope-documents/${documentId}?type=preview`)
     .then((r) => r.data);
 /**
- * Send a reminder to the invitee to join the organization.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/resend Send a reminder to a pending invitee
- * @apiBody string email The recipient to send the reminder to
- * @apiSuccess IOrganizationInvitation . The updated invitation
+ * Get (binary download) a file attached to a Template. It is important to use this method
+ * rather than a direct A HREF or similar link to set the authorization headers for the
+ * request.
  */
-const resendOrganizationInvitation = (endpoint, email) => endpoint.api //
-    .post('/v2/organization-invitations/resend', { email })
+const getTemplateDocumentFile = async (endpoint, templateId, documentId) => endpoint.api //
+    .get(`/v2/templates/${templateId}/documents/${documentId}?file=true`, { responseType: 'blob' })
     .then((r) => r.data);
 /**
- * Get an invitation's details. This is generally used as the first step of accepting the invite.
- * A successful response will indicate that the invite token is still valid, and include some
- * metadata for the organization to style the acceptance screen.
- *
- * @group Organization Invitations
- * @api GET /v2/organization-invitations/:email/:token Get a pending invitation (_Authenticated via invite token, not an active session._). Intended to be called by the invitee to get details about the invitation they are about to accept.
- * @apiSuccess IOrganizationInvitation . Requested invitation's details. Will always include summary details for the organization, to be used for branding the accept-invite view.
+ * Get (binary download) a file attached to a Template. It is important to use this method
+ * rather than a direct A HREF or similar link to set the authorization headers for the
+ * request.
  */
-const getOrganizationInvitation = (endpoint, email, token) => endpoint.api //
-    .get(`/v2/organization-invitations/${email}/${token}`)
+const getTemplateDocumentThumbnail = async (endpoint, templateId, documentId) => endpoint.api //
+    .get(`/v2/templates/${templateId}/documents/${documentId}?thumbnail=true`, { responseType: 'blob' })
     .then((r) => r.data);
 /**
- * Accept an invitation. This will automatically create a user record for the caller as well as a profile
- * with the appropriate role as specified in the invite. The profile will be set as "current" for the caller,
- * and session tokens will be returned to access the new profile. The profile's email_verified flag will
- * also be set to true.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/accept Accept an invitation
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiBody string first_name First name
- * @apiBody string last_name Last name
- * @apiBody string password Password
- * @apiSuccess IAuthenticateResponse . Session credentials for the newly-created user's profile. If the user already had a profile for another organization, the new profile will be made "current" automatically.
+ * Get a display URI for a given page in a file attached to a template document. These pages are rendered server-side
+ * into PNG resources suitable for display in IMG tags although they may be used elsewhere. Note that these are intended
+ * for DISPLAY ONLY, are not legally binding documents, and do not contain any encoded metadata from participants. The
+ * original asset may be obtained by calling `getTemplateDocumentFile()` or similar.
  */
-const acceptOrganizationInvitation = (endpoint, params) => endpoint.api //
-    .post('/v2/organization-invitations/accept', params)
-    .then((r) => r.data);
+const getTemplateDocumentPageDisplayUri = async (endpoint, documentId, page, variant = 'original') => endpoint.api.get(`/v2/template-documents/page-image/${documentId}/${variant}/${page}`, { timeout: 20000 }).then((r) => r.data);
+
+const EMAIL_REGEX = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+// @see https://www.regextester.com/1978
+const PHONE_REGEX = /((?:\+|00)[17](?: |\-)?|(?:\+|00)[1-9]\d{0,2}(?: |\-)?|(?:\+|00)1\-\d{3}(?: |\-)?)?(0\d|\([0-9]{3}\)|[1-9]{0,3})(?:((?: |\-)[0-9]{2}){4}|((?:[0-9]{2}){4})|((?: |\-)[0-9]{3}(?: |\-)[0-9]{4})|([0-9]{7}))/;
+const URL_REGEX = /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/;
+const POSTAL_CODE_REGEX = /^[A-Za-z0-9-\s]{3,10}$/;
+const NUMBER_REGEX = /^\d+$/;
+const DATE_REGEX = /^(\d{4}[-\/]\d{2}[-\/]\d{2})|(\d{2}[-\/]\d{2}[-\/]\d{4})$/;
+const VALIDATORS = {
+    email: { regex: EMAIL_REGEX, label: 'Email Address' },
+    phone: { regex: PHONE_REGEX, label: 'Phone Number' },
+    url: { regex: URL_REGEX, label: 'URL' },
+    postal_code: { regex: POSTAL_CODE_REGEX, label: 'Zip/Postal Code' },
+    number: { regex: NUMBER_REGEX, label: 'Number' },
+    date: { regex: DATE_REGEX, label: 'Date' },
+};
+const isValidInput = (value, validator) => Object.keys(VALIDATORS).includes(validator) && VALIDATORS[validator].regex.test(value);
 /**
- * Decline an invitation. This will mark the status "declined," providing a visual indication to the
- * organization's admins that the invite was declined, preventing further invites from being created
- * to the same email address, and also preventing the invitee from receiving reminders to join.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/decline Decline an invitation
- * @apiDescription Mark the status "declined," providing a visual indication to the organization's admins that the invite was declined, preventing further invites from being created to the same email address, and also preventing the invitee from receiving reminders to join.
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * Get a list of available validators for field inputs. Note that validators always check strings,
+ * because that is all a user can enter in an HTML input field. Numeric-format validators should
+ * perform any necessary conversions internally. Validators never throw - they just return a boolean.
+ * indicating whether the value is valid.
  */
-const declineOrganizationInvitation = (endpoint, email, token) => endpoint.api //
-    .post('/v2/organization-invitations/decline', { email, token })
-    .then((r) => r.data);
+const getValidators = () => Object.keys(VALIDATORS);
+const isValidEmail = (email) => !!email && EMAIL_REGEX.test(email);
+const isValidPhone = (phone) => !!phone && PHONE_REGEX.test(phone);
+const isValidRoleName = (value, roles) => roles.findIndex((role) => role.name === value) !== -1;
+const TagRegEx = /^[a-zA-Z0-9-]{0,32}$/;
+const isValidTag = (value, tags) => TagRegEx.test(value) || tags.findIndex((tag) => tag === value) !== -1;
+
+const isFieldFilled = (field, allRecipientFields) => {
+    const { value = '' } = field;
+    switch (field.type) {
+        case 'textarea':
+        case 'textbox':
+            switch (field.validator || '') {
+                case 'email':
+                    return value && isValidInput(value, 'email');
+                case 'phone':
+                    return value && isValidInput(value, 'phone');
+                default:
+                    return (value || '').trim() !== '';
+            }
+        case 'signature':
+            return value === 'signed';
+        case 'initial':
+            return value === 'initialed';
+        // Timestamp fields get automatically filled when the envelope is submitted.
+        case 'timestamp':
+            return true;
+        case 'date':
+            return !!value;
+        case 'attachment':
+            return value === 'attached';
+        case 'dropdown':
+            return value !== '';
+        case 'checkbox':
+            return value === 'true';
+        case 'radio':
+            if (!!field.group) {
+                return allRecipientFields.filter((f) => f.group === field.group).some((field) => field.value === 'true');
+            }
+            return field.value === 'true';
+        default:
+            return false;
+    }
+};
+// TODO: Only allow !required to bypass validation if the field is empty.
+const isFieldValid = (field, allRecipientFields) => {
+    return !field.required || isFieldFilled(field, allRecipientFields);
+};
 
 /**
- * An Organization Member (aka Profile) is an individual user with access to an organization.
+ * Create an initials block. In a typical signing workflow, the user is asked at the beginning of the process to
+ * "adopt" an initials block to be used for all initials fields in the document. Thus, this is typically called
+ * one time to create and store an initials block. Thereafter, the ID of the initials block may be re-used for each
+ * initials field to be "stamped" by the user.
  *
- * @module
+ * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
+ * typically only ever have one, tied to that session. But authenticated users can create more than
+ * one, and can use them interchangeably.
+ *
+ * @group Signatures and Initials
+ * @api POST /v2/profiles/initials Create Initial Block
+ * @apiBody string initial Blob containing initials image to store.
+ * @apiSuccess IInitial . The newly-created initial block.
  */
+const createInitials = (endpoint, name, initials) => {
+    const data = new FormData();
+    data.append('initial', initials, name);
+    return endpoint.api //
+        .post(`/v2/profiles/initials`, data)
+        .then((r) => r.data);
+};
+
 /**
- * Get a list of the members in the caller's organization.
- *
- * ```typescript
- * import {getOrganizationMembers} from '@verdocs/js-sdk';
- *
- * const members = await getOrganizationMembers(VerdocsEndpoint.getDefault()});
- * ```
- *
- * @group Organization Members
- * @api GET /v2/organization-members List current organization's members
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * Get the current KBA status. Note that this may only be called by the recipient and requires a
+ * valid signing session to proceed. Although the Recipient object itself contains indications of
+ * whether KBA is required, it will not contain the current status of the process. If
+ * `recipient.auth_methods` is set (not empty), and `recipient.kba_completed` is false, this endpoint
+ * should be called to determine the next KBA step required.
  */
-const getOrganizationMembers = (endpoint) => endpoint.api //
-    .get(`/v2/organization-members`)
+const getKbaStep = (endpoint, envelope_id, role_name) => endpoint.api //
+    .get(`/v2/kba/${envelope_id}/${encodeURIComponent(role_name)}`)
     .then((r) => r.data);
 /**
- * Delete a member from the caller's organization. Note that the caller must be an admin or owner,
- * may not delete him/herself.
- *
- * ```typescript
- * import {deleteOrganizationMember} from '@verdocs/js-sdk';
- *
- * await deleteOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID'});
- * ```
- *
- * @group Organization Members
- * @api DELETE /v2/organization-members/:profile_id Delete a member from the organization
- * @apiSuccess string . Success
+ * Submit a response to a KBA PIN challenge.
  */
-const deleteOrganizationMember = (endpoint, profileId) => endpoint.api //
-    .delete(`/v2/organization-members/${profileId}`)
+const submitKbaPin = (endpoint, envelope_id, role_name, pin) => endpoint.api //
+    .post(`/v2/kba/pin`, { envelope_id, role_name, pin })
     .then((r) => r.data);
 /**
- * Update a member.
- *
- * ```typescript
- * import {updateOrganizationMember} from '@verdocs/js-sdk';
- *
- * const result = await updateOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID', {roles:['member']});
- * ```
- *
- * @group Organization Members
- * @api PATCH /v2/organization-members/:profile_id Update an organization member.
- * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody string first_name Set to true to enable Webhooks calls.
- * @apiBody string last_name Record<TWebhookEvent, boolean> map of events to enable/disable.
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * Submit an identity response to a KBA challenge.
  */
-const updateOrganizationMember = (endpoint, profileId, params) => endpoint.api //
-    .patch(`/v2/organization-members/${profileId}`, params)
+const submitKbaIdentity = (endpoint, envelope_id, role_name, identity) => endpoint.api //
+    .post(`/v2/kba/identity`, { envelope_id, role_name, identity })
     .then((r) => r.data);
-
 /**
- * An Organization is the top level object for ownership for Members, Documents, and Templates.
- *
- * NOTE: There is no call specifically to create an organization. Every organization must have
- * at least one "owner" type member. To create a new organization, call createProfile() with
- * the desired new orgName to create. The caller will become the first owner of the new org, and
- * can then invite new members to join as well.
- *
- * NOTE: There is no call to delete an organization. For safety, this is a manual process. Please
- * contact support@verdocs.com if you wish to completely delete an organization and all its records.
- *
- * @module
+ * Submit an identity response to a KBA challenge. Answers should be submitted in the same order as
+ * the challenges were listed in `IRecipientKbaStepChallenge.questions`.
  */
+const submitKbaChallengeResponse = (endpoint, envelope_id, role_name, responses) => endpoint.api //
+    .post(`/v2/kba/response`, { envelope_id, role_name, responses })
+    .then((r) => r.data);
+
 /**
- * Get an organization by ID. Note that this endpoint will return only a subset of fields
- * if the caller is not a member of the organization (the public fields).
- *
- * ```typescript
- * import {getOrganization} from '@verdocs/js-sdk';
- *
- * const organizations = await getOrganization(VerdocsEndpoint.getDefault(), 'ORGID');
- * ```
+ * Agree to electronic signing dislosures.
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id Get organization
- * @apiSuccess IOrganization . The requested organization. The caller must be a member.
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/agree Agree to e-Signing Disclosures
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to operate on.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const getOrganization = (endpoint, organizationId) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}`)
+const envelopeRecipientAgree = (endpoint, envelopeId, roleName, disclosures) => endpoint.api //
+    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/agree`, { disclosures })
     .then((r) => r.data);
 /**
- * Get an organization's "children".
- *
- * ```typescript
- * import {getOrganizationChildren} from '@verdocs/js-sdk';
- *
- * const children = await getOrganizationChildren(VerdocsEndpoint.getDefault(), 'ORGID');
- * ```
+ * Decline electronic signing dislosures. Note that if any recipient declines, the entire envelope
+ * becomes non-viable and later recipients may no longer act. The creator will receive a notification
+ * when this occurs.
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id/children Get an organization's children
- * @apiSuccess IOrganization[] . Any child organizations found.
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/decline Decline e-Signing Disclosures
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to adjust.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const getOrganizationChildren = (endpoint, organizationId) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}/children`)
+const envelopeRecipientDecline = (endpoint, envelopeId, roleName) => endpoint.api //
+    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/decline`)
     .then((r) => r.data);
 /**
- * Get an organization's usage data. If the organization is a parent, usage data for children
- * will be included as well. The response will be a nested object keyed by organization ID,
- * with each entry being a dictionary of usageType:count entries.
- *
- * ```typescript
- * import {getOrganizationUsage} from '@verdocs/js-sdk';
- *
- * const usage = await getOrganizationUsage(VerdocsEndpoint.getDefault(), 'ORGID');
- * ```
+ * Submit an envelope (signing is finished). Note that all fields must be valid/completed for this to succeed.
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id/usage Get an organization's usage metrics
- * @apiSuccess TOrganizationUsage . Usage data grouped by organization ID
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/submit Submit envelope
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to submit.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const getOrganizationUsage = (endpoint, organizationId, params) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}/usage`, { params })
+const envelopeRecipientSubmit = (endpoint, envelopeId, roleName) => endpoint.api //
+    .post(`/v2/envelopes/${envelopeId}/recipients/${roleName}/submit`)
     .then((r) => r.data);
 /**
- * Create an organization. The caller will be assigned an "Owner" profile in the new organization,
- * and it will be set to "current" automatically. A new set of session tokens will be issued to
- * the caller, and the caller should update their endpoint to use the new tokens.
- *
- * ```typescript
- * import {createOrganization} from '@verdocs/js-sdk';
+ * Begin a signing session for an Envelope. This path requires an invite code, and should generally
+ * be called with a NON-default Endpoint to avoid conflicting with any active user session the user
+ * may have. To initiate in-person signing by an authenticated user (e.g. self-signing), call
+ * getInPersonLink() instead. The response from that call includes both a link for direct signing
+ * via a Web browser as well as an in-person access_key. That access_key.key may be used here as well.
  *
- * const organization = await createOrganization(VerdocsEndpoint.getDefault(), {name: 'NewOrg'});
- * ```
+ * @group Recipients
+ * @api POST /v2/sign/unauth/:envelope_id/:role_name/:key Start Signing Session
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to request.
+ * @apiParam string key Access key generated by the envelope creator or email/SMS invite.
+ * @apiSuccess ISignerTokenResponse . Signing session token and envelope/recipient metadata.
+ */
+const startSigningSession = async (endpoint, envelope_id, role_name, key) => {
+    return endpoint.api //
+        .post(`/v2/sign/unauth/${envelope_id}/${encodeURIComponent(role_name)}/${key}`)
+        .then((r) => {
+        endpoint.setToken(r.data.access_token, 'signing');
+        return r.data;
+    });
+};
+/**
+ * Get an in-person signing link. Must be called by the owner/creator of the envelope. The response
+ * also includes the raw access key that may be used to directly initiate a signing session (see
+ * `startSigningSession`) as well as an access token representing a valid signing session for
+ * immediate use in embeds or other applications. Note that in-person signing is considered a
+ * lower-security operation than authenticated signing, and the final envelope certificate will
+ * reflect this.
  *
- * @group Organizations
- * @api POST /v2/organizations Create organization
- * @apiDescription The caller will be assigned an "Owner" profile in the new organization, and it will be set to "current" automatically. A new set of session tokens will be issued to  the caller, and the caller should update their endpoint to use the new tokens.
- * @apiBody string name The name of the new organization
- * @apiBody string parent_id? If set, the new organization will be created as a child of the specified parent organization. The caller must be an admin of the parent organization.
- * @apiBody string contact_email? Contact email for the new organization
- * @apiBody string url? URL for the new organization
- * @apiBody string full_logo_url? URL of a large-format PNG logo
- * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
- * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
- * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
- * @apiSuccess IAuthenticateResponse . Authentication credentials for user in the new organization. The user will be made an Owner automatically.
+ * @group Recipients
+ * @api POST /v2/sign/in-person/:envelope_id/:role_name Get In-Person Signing Link
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to request.
+ * @apiSuccess IInPersonLinkResponse . Signing session token and envelope/recipient metadata.
  */
-const createOrganization = (endpoint, params) => endpoint.api //
-    .post(`/v2/organizations`, params)
+const getInPersonLink = (endpoint, envelope_id, role_name) => endpoint.api //
+    .post(`/v2/sign/in-person/${envelope_id}/${encodeURIComponent(role_name)}`)
     .then((r) => r.data);
 /**
- * Update an organization. This can only be called by an admin or owner.
- *
- * ```typescript
- * import {updateOrganization} from '@verdocs/js-sdk';
- *
- * const organizations = await updateOrganization(VerdocsEndpoint.getDefault(), organizationId, {name:'ORGNAME'});
- * ```
+ * Verify a recipient within a signing session. All signing sessions use an invite code at a minimum,
+ * but many scenarios require more robust verification of recipients, so one or more verification
+ * methods may be attached to each recipient. If an authentication method is enabled, the
+ * signer must first accept the e-signature disclosures, then complete each verification step
+ * before attempting to view/display documents, complete any fields, or submit the envelope.
+ * This endpoint should be called to complete each step. If the call fails an error will be
+ * thrown.
  *
- * @group Organizations
- * @api PATCH /v2/organizations/:organization_id Update organization
- * @apiBody string name The name of the new organization
- * @apiBody string contact_email? Contact email for the new organization
- * @apiBody string url? URL for the new organization
- * @apiBody string full_logo_url? URL of a large-format PNG logo
- * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
- * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
- * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
- * @apiSuccess IOrganization . The details for the updated organization
+ * @group Recipients
+ * @api POST /v2/sign/verify Verify recipient/signer
+ * @apiParam string(enum:'passcode'|'email'|'sms'|'kba'|'id') auth_method The authentication method being completed
+ * @apiParam string code? The passcode or OTP entered. Required for passcode, email, and SMS methods.
+ * @apiParam boolean resend? For SMS or email methods, set to send a new code.
+ * @apiParam boolean first_name? For KBA, the recipient's first name
+ * @apiParam boolean last_name? For KBA, the recipient's last name
+ * @apiParam boolean address? For KBA, the recipient's address
+ * @apiParam boolean city? For KBA, the recipient's city
+ * @apiParam boolean state? For KBA, the recipient's state
+ * @apiParam boolean zip? For KBA, the recipient's zip code
+ * @apiParam boolean ssn_last_4? For KBA, the last 4 digits of the recipient's SSN
+ * @apiParam boolean dob? For KBA, the recipient's date of birth
+ * @apiParam array(items:IKBAResponse) responses? For KBA, responses to any challenge questions presented
+ * @apiSuccess ISignerTokenResponse . Updated signing session.
  */
-const updateOrganization = (endpoint, organizationId, params) => endpoint.api //
-    .patch(`/v2/organizations/${organizationId}`, params)
+const verifySigner = (endpoint, params) => endpoint.api //
+    .post(`/v2/sign/verify`, params)
     .then((r) => r.data);
 /**
- * Delete an organization. This can only be called by an owner. Inclusion of the organization ID to delete
- * is just a safety check. The caller may only delete the organization they have currently selected.
- *
- * ```typescript
- * import {deleteOrganization} from '@verdocs/js-sdk';
+ * Delegate a recipient's signing responsibility. The envelope sender must enable this before the
+ * recipient calls this endpoint, and only the recipient may call it, or the call will be rejected.
+ * The recipient's role will be renamed and configured to indicate to whom the delegation was made,
+ * and a new recipient entry with the updated details (e.g. name and email address) will be added
+ * to the flow with the same role_name, order, and sequence of the original recipient. Unless
+ * no_contact is set on the envelope, the delegation recipient and envelope creator will also be
+ * notified.
  *
- * const newSession = await deleteOrganization(VerdocsEndpoint.getDefault(), organizationId);
- * ```
+ * @group Recipients
+ * @api PUT /v2/envelopes/:envelope_id/recipients/:role_name Delegate Recipient
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to operate on.
+ * @apiBody string(enum:'delegate') action The operation to perform (delegate).
+ * @apiBody string first_name The first name of the new recipient.
+ * @apiBody string last_name The last name of the new recipient.
+ * @apiBody string email The email address of the new recipient.
+ * @apiBody string phone? Optional phone number for the new recipient.
+ * @apiBody string message? Optional phone number for the new recipient's invitation.
+ * @apiSuccess string . Success message.
+ */
+const delegateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
+    .put(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'delegate', ...params })
+    .then((r) => r.data);
+/**
+ * Update a recipient. NOTE: User interfaces should rate-limit this operation to avoid spamming recipients.
+ * Excessive use of this endpoint may result in Verdocs rate-limiting the calling application to prevent
+ * abuse. This endpoint will return a 200 OK even if the no_contact flag is set on the envelope (in which
+ * case the call will be silently ignored).
  *
- * @group Organizations
- * @api DELETE /v2/organizations/:organization_id Delete organization
- * @apiSuccess IAuthenticateResponse . If the caller is a member of another organization, authentication credentials for the next organization available. If not, this will be null and the caller will be logged out.
+ * @group Recipients
+ * @api PATCH /envelopes/:envelope_id/recipients/:role_name Update Recipient
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role name to update.
+ * @apiBody string(enum:'remind'|'reset') action? Trigger a reminder, or fully reset the recipient
+ * @apiBody string first_name? Update the recipient's first name.
+ * @apiBody string last_name? Update the recipient's last name.
+ * @apiBody string email? Update the recipient's email address.
+ * @apiBody string message? Update the recipient's invite message.
+ * @apiBody string phone? Update the recipient's phone number.
+ * @apiBody string passcode? If passcode authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed passcode-based auth.
+ * @apiBody string address? If KBA-based authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string city? If KBA-based authentication is used, the recipient's city to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string state? If KBA-based authentication is used, the recipient's state to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string zip? If KBA-based authentication is used, the recipient's zip code to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string dob? If KBA-based authentication is used, the recipient's date of birth to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string ssn_last_4? If KBA-based authentication is used, the recipient's SSN-last-4 to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const deleteOrganization = (endpoint, organizationId) => endpoint.api //
-    .delete(`/v2/organizations/${organizationId}`)
+const updateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, params)
     .then((r) => r.data);
 /**
- * Update the organization's full or thumbnail logo. This can only be called by an admin or owner.
+ * Send a reminder to a recipient. The recipient must still be an active member of the signing flow
+ * (e.g. not declined, already submitted, etc.)
+ */
+const remindRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'remind' })
+    .then((r) => r.data);
+/**
+ * Fully reset a recipient. This allows the recipient to restart failed KBA flows, change
+ * fields they may have filled in incorrectly while signing, etc. This cannot be used on a
+ * canceled or completed envelope, but may be used to restart an envelope marked declined.
+ */
+const resetRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'reset' })
+    .then((r) => r.data);
+
+/**
+ * Various helpers to identify available operations for an envelope by a user.
  *
- * ```typescript
- * import {updateOrganizationLogo} from '@verdocs/js-sdk';
+ * @module
+ */
+/**
+ * Check to see if the profile ID owns the envelope.
+ */
+const isEnvelopeOwner = (profile_id, envelope) => envelope.profile_id === profile_id;
+/**
+ * Check to see if the profile ID is a recipient within the envelope.
+ */
+const isEnvelopeRecipient = (profile_id, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile_id);
+/**
+ * Check to see if the profile ID is the envelope's sender or one of the recipients.
+ */
+const canAccessEnvelope = (profile_id, envelope) => isEnvelopeOwner(profile_id, envelope) || isEnvelopeRecipient(profile_id, envelope);
+/**
+ * Check to see if the user owns the envelope.
+ */
+const userIsEnvelopeOwner = (profile, envelope) => envelope.profile_id === profile?.id;
+/**
+ * Check to see if the user is a recipient within the envelope.
+ */
+const userIsEnvelopeRecipient = (profile, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile?.id);
+/**
+ * Check to see if the profile ID is the envelope's sender or one of the recipients.
+ */
+const useCanAccessEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) || userIsEnvelopeRecipient(profile, envelope);
+/**
+ * Check to see if the envelope has pending actions.
+ */
+const envelopeIsActive = (envelope) => envelope.status !== 'complete' && envelope.status !== 'declined' && envelope.status !== 'canceled';
+/**
+ * Check to see if the envelope has been completed.
+ */
+const envelopeIsComplete = (envelope) => envelope.status !== 'complete';
+/**
+ * Check to see if the user owns the envelope.
+ */
+const userCanCancelEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
+    envelope.status !== 'complete' &&
+    envelope.status !== 'declined' &&
+    envelope.status !== 'canceled';
+/**
+ * Check to see if the user owns the envelope.
+ */
+const userCanFinishEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
+    envelope.status !== 'complete' &&
+    envelope.status !== 'declined' &&
+    envelope.status !== 'canceled';
+/**
+ * Returns true if the recipient has a pending action. Note that this does not necessarily mean the recipient can act (yet).
+ */
+const recipientHasAction = (recipient) => !['submitted', 'canceled', 'declined'].includes(recipient.status);
+/**
+ * Returns the recipients who still have a pending action. Note that not all of these recipients may be able to act (yet).
+ */
+const getRecipientsWithActions = (envelope) => ['complete', 'declined', 'canceled'].includes(envelope.status) ? [] : (envelope?.recipients || []).filter(recipientHasAction);
+/**
+ * Returns true if the recipient can act.
+ */
+const recipientCanAct = (recipient, recipientsWithActions) => recipient.sequence === recipientsWithActions?.[0]?.sequence;
+/**
+ * Returns true if the user can act.
+ */
+const userCanAct = (email, recipientsWithActions) => {
+    const recipient = recipientsWithActions.find((r) => r.email === email);
+    return recipient && recipient.sequence === recipientsWithActions?.[0]?.sequence;
+};
+/**
+ * Returns true if the user can act.
+ */
+const userCanSignNow = (profile, envelope) => {
+    if (!profile) {
+        return false;
+    }
+    const recipientsWithActions = getRecipientsWithActions(envelope);
+    const myRecipient = recipientsWithActions.find((r) => r.profile_id === profile?.id || r.email === profile?.email);
+    return (myRecipient &&
+        envelopeIsActive(envelope) &&
+        userIsEnvelopeRecipient(profile, envelope) &&
+        recipientCanAct(myRecipient, recipientsWithActions));
+};
+const getNextRecipient = (envelope) => {
+    const recipientsWithActions = getRecipientsWithActions(envelope);
+    return recipientsWithActions?.[0];
+};
+
+/**
+ * Create a signature block. In a typical signing workflow, the user is asked at the beginning of the process to
+ * "adopt" a signature block to be used for all signature fields in the document. Thus, this is typically called one
+ * time to create and store a signature block. Thereafter, the ID of the signature block may be re-used for each
+ * signature field to be "stamped" by the user.
  *
- * await updateOrganizationLogo((VerdocsEndpoint.getDefault(), organizationId, file);
- * ```
+ * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
+ * typically only ever have one, tied to that session. But authenticated users can create more than
+ * one, and can use them interchangeably.
  *
- * @group Organizations
- * @api PATCH /v2/organizations/:organization_id Update organization full or thumbnail logo.
- * @apiBody image/png logo? Form-url-encoded file to upload
- * @apiBody image/png thumbnail? Form-url-encoded file to upload
- * @apiSuccess IOrganization . The updated organization.
+ * @group Signatures and Initials
+ * @api POST /v2/profiles/signatures Create Signature Block
+ * @apiBody string signature Blob containing signature image to store.
+ * @apiSuccess ISignature . The newly-created signature block.
  */
-const updateOrganizationLogo = (endpoint, organizationId, file, onUploadProgress) => {
-    const formData = new FormData();
-    formData.append('logo', file, file.name);
+const createSignature = (endpoint, name, signature) => {
+    const data = new FormData();
+    data.append('signature', signature, name);
     return endpoint.api //
-        .patch(`/v2/organizations/${organizationId}`, formData, {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    })
+        .post(`/v2/profiles/signatures`, data)
         .then((r) => r.data);
 };
+
 /**
- * Update the organization's thumbnail. This can only be called by an admin or owner.
+ * These disclosures will be used if no overrides are supplied by the caller. Overrides must
+ * be applied at the Organization level before creating an envelope.
+ */
+const DEFAULT_DISCLOSURES = `
+<ul>
+  <li>
+    Agree to use electronic records and signatures, and confirm you have read the
+    <a href="https://verdocs.com/en/electronic-record-signature-disclosure/" target="_blank">
+      Electronic Record and Signatures Disclosure</a>.</li>
+  <li>
+    Agree to Verdocs'
+    <a href="https://verdocs.com/en/eula" target="_blank">
+      End User License Agreement</a>
+    and confirm you have read Verdocs'
+    <a href="https://verdocs.com/en/privacy-policy/" target="_blank">
+      Privacy Policy</a>.
+  </li>
+</ul>`;
+
+/**
+ * API keys are used to authenticate server-to-server calls. (API keys should **never** be used for client-to-server operations!)
+ * To generate a key, either use the Verdocs admin interface and make note of the client_id and client_secret generated, or call
+ * createKey as shown below. Then call {@link Users.Auth.authenticateApp} to obtain an access token using the provided ID and
+ * secret. Note that server-to-server authentication requests return shorter-lived tokens, so it is important to check the `exp`
+ * field and re-authenticate as needed for subsequent calls.
+ *
+ * API keys may be updated or rotated at any time. Regular rotation is recommended. Rotation will not expire or invalidate
+ * existing server-to-server sessions, so it may be done at any time without disrupting your application.
+ *
+ * @module
+ */
+/**
+ * Get a list of keys for a given organization. The caller must have admin access to the organization.
  *
  * ```typescript
- * import {updateOrganizationThumbnail} from '@verdocs/js-sdk';
+ * import {getApiKeys} from '@verdocs/js-sdk';
  *
- * await updateOrganizationThumbnail((VerdocsEndpoint.getDefault(), organizationId, file);
+ * const keys = await getApiKeys(ORGID);
  * ```
+ *
+ * @group API Keys
+ * @api GET /v2/api-keys Get API keys
+ * @apiSuccess array(items: IApiKey) . A list of the API keys for the caller's organization. Secrets will not be included.
  */
-const updateOrganizationThumbnail = (endpoint, organizationId, file, onUploadProgress) => {
-    const formData = new FormData();
-    formData.append('thumbnail', file, file.name);
-    return endpoint.api //
-        .patch(`/v2/organizations/${organizationId}`, formData, {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    })
-        .then((r) => r.data);
-};
-const getEntitlements = async (endpoint) => endpoint.api.get(`/v2/organizations/entitlements`).then((r) => r.data);
+const getApiKeys = (endpoint) => endpoint.api //
+    .get(`/v2/api-keys`)
+    .then((r) => r.data);
 /**
- * Largely intended to be used internally by Web SDK components but may be informative for other cases.
- * Entitlements are feature grants such as "ID-based KBA" that require paid contracts to enable, typically
- * because the underlying services that support them are fee-based. Entitlements may run concurrently,
- * and may have different start/end dates e.g. "ID-based KBA" may run 1/1/2026-12/31/2026 while
- * "SMS Authentication" may be added later and run 6/1/2026-5/31/2027. The entitlements list is a simple
- * array of enablements and may include entries that are not YET enabled or have now expired.
- *
- * In client code it is helpful to simply know "is XYZ feature currently enabled?" This function collapses
- * the entitlements list to a simplified dictionary of current/active entitlements. Note that it is async
- * because it calls the server to obtain the "most current" entitlements list. Existence of an entry in the
- * resulting dictionary implies the feature is active. Metadata inside each entry can be used to determine
- * limits, etc.
+ * Create an API key.
  *
  * ```typescript
- * import {getActiveEntitlements} from '@verdocs/js-sdk';
+ * import {createApiKey} from '@verdocs/js-sdk';
  *
- * const activeEntitlements = await getActiveEntitlements((VerdocsEndpoint.getDefault());
- * const isSMSEnabled = !!activeEntitlements.sms_auth;
- * const monthlyKBALimit = activeEntitlements.kba_auth?.monthly_max;
+ * await createApiKey(ORGID, {name: NEWNAME});
  * ```
+ *
+ * @group API Keys
+ * @api POST /v2/api-keys Create API key
+ * @apiBody string name A name used to identify the key in the Verdocs Web App
+ * @apiBody string(format:uuid) profile_id The profile ID that calls made using the key will act as
+ * @apiBody array(items:string) permission An array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
+ * @apiSuccess IApiKey . The newly-created API key, including its secret.
  */
-const getActiveEntitlements = async (endpoint) => {
-    if (!endpoint.session) {
-        throw new Error('No active session');
-    }
-    const entitlements = await getEntitlements(endpoint);
-    return collapseEntitlements(entitlements);
-};
-
+const createApiKey = (endpoint, params) => endpoint.api //
+    .post('/v2/api-keys', params)
+    .then((r) => r.data);
 /**
- * Webhooks are callback triggers from Verdocs to your servers that notify your applications
- * of various events, such as signing operations.
+ * Rotate the secret for an API key. The caller must have admin access to the organization.
  *
- * @module
+ * ```typescript
+ * import {rotateApiKey} from '@verdocs/js-sdk';
+ *
+ * const {client_secret: newSecret} = await rotateApiKey(ORGID, CLIENTID);
+ * ```
+ *
+ * @group API Keys
+ * @api POST /v2/api-keys/:client_id/rotate Rotate API key
+ * @apiParam string(format:uuid) client_id The client ID of the key to rotate
+ * @apiSuccess IApiKey . The updated API key with its new secret.
  */
+const rotateApiKey = (endpoint, clientId) => endpoint.api //
+    .post(`/v2/api-keys/${clientId}/rotate`)
+    .then((r) => r.data);
 /**
- * Get the registered Webhook configuration for the caller's organization.
+ * Update an API key to change its assigned Profile ID or Name.
  *
  * ```typescript
- * import {getWebhooks} from '@verdocs/js-sdk';
+ * import {updateApiKey} from '@verdocs/js-sdk';
  *
- * await getWebhooks(ORGID, params);
+ * await updateApiKey(ORGID, CLIENTID, {name: NEWNAME});
  * ```
  *
- * @group Webhooks
- * @api GET /v2/webhooks Get organization Webhooks config
- * @apiSuccess IWebhook . The current Webhooks config for the caller's organization.
+ * @group API Keys
+ * @api PATCH /v2/api-keys/:client_id Update API key
+ * @apiBody string name? New name for the API key
+ * @apiBody array(items:string) permission New array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
+ * @apiSuccess IApiKey . The updated API key. The secret will not be included.
  */
-const getWebhooks = (endpoint) => endpoint.api //
-    .get(`/v2/webhooks`)
+const updateApiKey = (endpoint, clientId, params) => endpoint.api //
+    .patch(`/v2/api-keys/${clientId}`, params)
     .then((r) => r.data);
 /**
- * Update the registered Webhook configuration for the caller's organization. Note that
- * Webhooks cannot currently be deleted, but may be easily disabled by setting `active`
- * to `false` and/or setting the `url` to an empty string.
+ * Delete an API key.
  *
  * ```typescript
- * import {setWebhooks} from '@verdocs/js-sdk';
+ * import {deleteApiKey} from '@verdocs/js-sdk';
  *
- * await setWebhooks(ORGID, params);
+ * await deleteApiKey(ORGID, CLIENTID);
  * ```
  *
- * @group Webhooks
- * @api PATCH /v2/webhooks Update organization Webhooks config
- * @apiDescription Note that Webhooks cannot currently be deleted, but may be easily disabled by setting `active` to `false` and/or setting the `url` to an empty string.
- * @apiBody string url URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody boolean active Set to true to enable Webhooks calls.
- * @apiBody object events Record<TWebhookEvent, boolean> map of events to enable/disable.
- * @apiSuccess IWebhook . The updated Webhooks config for the caller's organization.
+ * @group API Keys
+ * @api DELETE /v2/api-keys/:client_id Delete API key
+ * @apiSuccess string . Success.
  */
-const setWebhooks = (endpoint, params) => endpoint.api //
-    .patch(`/v2/webhooks`, params)
+const deleteApiKey = (endpoint, clientId) => endpoint.api //
+    .delete(`/v2/api-keys/${clientId}`)
     .then((r) => r.data);
 
 /**
- * A map of the permissions each role confers.
- */
-const RolePermissions = {
-    owner: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'template:member:visibility',
-        'owner:add',
-        'owner:remove',
-        'admin:add',
-        'admin:remove',
-        'member:view',
-        'member:add',
-        'member:remove',
-        'org:create',
-        'org:view',
-        'org:update',
-        'org:delete',
-        'org:transfer',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    admin: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'template:member:visibility',
-        'admin:add',
-        'admin:remove',
-        'member:view',
-        'member:add',
-        'member:remove',
-        'org:create',
-        'org:view',
-        'org:update',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    member: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'member:view',
-        'org:create',
-        'org:view',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    basic_user: ['template:member:read', 'member:view', 'org:view', 'org:list'],
-    contact: ['org:view', 'org:list', 'org:create'],
-};
-/**
- * Confirm whether the user has all of the specified permissions.
+ * An Organization Contact (aka Profile) is an individual user with no access to an organization. These entries
+ * appear only in contact lists, usually to populate quick-search dropdowns when sending envelopes.
+ *
+ * @module
  */
-const userHasPermissions = (profile, permissions) => {
-    // No need to de-dupe here, we're just checking present-at-least-once set membership.
-    const netPermissions = [...(profile?.permissions || [])];
-    (profile?.roles || []).forEach((role) => {
-        netPermissions.push(...(RolePermissions[role] || []));
-    });
-    (profile?.group_profiles || []).forEach((groupProfile) => {
-        netPermissions.push(...(groupProfile.group?.permissions || []));
-    });
-    return permissions.every((perm) => netPermissions.includes(perm));
-};
-
-const canPerformTemplateAction = (profile, action, template) => {
-    if (!template && !action.includes('create')) {
-        return { canPerform: false, message: 'Missing required template object' };
-    }
-    // We use BOGUS here to force the option-chain in things like template?.profile_id to NOT match profile?.profile_id because if both
-    // were undefined, they would actually match.
-    const profile_id = profile?.id || 'BOGUS';
-    const organization_id = profile?.organization_id || 'BOGUS';
-    const isCreator = template?.profile_id === profile_id;
-    const isSameOrg = template?.organization_id === organization_id;
-    const isPersonal = template?.is_personal ?? false;
-    const isPublic = template?.is_public ?? false;
-    const permissionsRequired = [];
-    switch (action) {
-        case 'create_personal':
-            permissionsRequired.push('template:creator:create:personal');
-            break;
-        case 'create_org':
-            permissionsRequired.push('template:creator:create:org');
-            break;
-        case 'create_public':
-            permissionsRequired.push('template:creator:create:public');
-            break;
-        case 'read':
-            if (!isCreator) {
-                if ((!isPersonal && isSameOrg) || !isPublic) {
-                    permissionsRequired.push('template:member:read');
-                }
-            }
-            break;
-        case 'write':
-            if (!isCreator) {
-                permissionsRequired.push('template:member:read');
-                permissionsRequired.push('template:member:write');
-            }
-            break;
-        case 'change_visibility_personal':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:personal');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'change_visibility_org':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:org');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'change_visibility_public':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:public');
-                permissionsRequired.push('template:creator:visibility');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'delete':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:delete');
-            }
-            else {
-                permissionsRequired.push('template:member:delete');
-            }
-            break;
-        default:
-            return { canPerform: false, message: 'Action is not defined' };
-    }
-    if (hasRequiredPermissions(profile, permissionsRequired)) {
-        return { canPerform: true, message: '' };
-    }
-    return { canPerform: false, message: `Insufficient access to perform '${action}'. Needed permissions: ${permissionsRequired.toString()}` };
-};
-const hasRequiredPermissions = (profile, permissions) => permissions.every((perm) => (profile?.permissions || []).includes(perm));
-
 /**
- * Add a field to a template.
+ * Get a list of the contacts in the caller's organization.
  *
  * ```typescript
- * import {createField} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationContacts} from '@verdocs/js-sdk';
  *
- * await createField((VerdocsEndpoint.getDefault(), template_id, { ... });
+ * const members = await getOrganizationContacts(VerdocsEndpoint.getDefault()});
  * ```
  *
- * @group Fields
- * @api POST /v2/fields/:template_id Add a field to a template
- * @apiBody string name Name for the new field. Field names must be unique within a template. Although special characters are allowed, they must be URL-encoded in subsequent requests, so it is recommended to use only alphanumeric characters and hyphens if possible.
- * @apiBody string role_name Role to assign to the field. Role names must be valid, so it is recommended to create roles before fields.
- * @apiBody string document_id ID of the document upon which to place the field.
- * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type Type of field to create
- * @apiBody boolean(default: false) required Whether the field is required
- * @apiBody integer(min: 0) page 0-based page number upon which to place the field
- * @apiBody integer(min: 0) x X position for the field (left to right)
- * @apiBody integer(min: 0) y Y position for the field (_bottom to top!_)
- * @apiBody string label? Optional label to display above the field
- * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody string placeholder? Optional placeholder to display in text fields
- * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
- * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
- * @apiBody string value? Optional default value to set on the field
- * @apiSuccess ITemplateField . Template field
+ * @group Organization Contacts
+ * @api GET /v2/organization-contacts Get a list of organization contacts
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const createField = (endpoint, templateId, params) => endpoint.api //
-    .post(`/v2/fields/${templateId}`, params)
+const getOrganizationContacts = (endpoint) => endpoint.api //
+    .get(`/v2/organization-contacts`)
     .then((r) => r.data);
 /**
- * Update a template field.
+ * Delete a contact from the caller's organization. Note that the caller must be an admin or owner.
  *
  * ```typescript
- * import {updateField} from '@verdocs/js-sdk/Templates';
+ * import {deleteOrganizationContact} from '@verdocs/js-sdk';
  *
- * await updateField((VerdocsEndpoint.getDefault(), template_id, field_name, { ... });
+ * await deleteOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID'});
  * ```
  *
- * @group Fields
- * @api PATCH /v2/fields/:template_id/:field_name Update a field. See createField for additional details on the supported parameters.
- * @apiBody string name? Rename the field. Note that template field names must be unique within a template.
- * @apiBody string role_name Role to assign to the field.
- * @apiBody string document_id ID of the document upon which to place the field.
- * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type? Change the field type. Note that while this is technically allowed, fields have different behaviors, validators, default sizes, etc. It is usually easier to add a new field and delete the old one.
- * @apiBody boolean(default: false) required? Whether the field is required
- * @apiBody integer(min: 0) page? 0-based page number upon which to place the field
- * @apiBody integer(min: 0) x? X position for the field (left to right)
- * @apiBody integer(min: 0) y? Y position for the field (_bottom to top!_)
- * @apiBody string label? Optional label to display above the field
- * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody string placeholder? Optional placeholder to display in text fields
- * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
- * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
- * @apiBody string value? Optional default value to set on the field
- * @apiSuccess ITemplateField . Updated template field
+ * @group Organization Contacts
+ * @api POST /v2/organization-invitations/decline GET a list of pending invitations
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const updateField = (endpoint, templateId, name, params) => endpoint.api //
-    .patch(`/v2/fields/${templateId}/${encodeURIComponent(name)}`, params)
+const deleteOrganizationContact = (endpoint, profileId) => endpoint.api //
+    .delete(`/v2/organization-contacts/${profileId}`)
     .then((r) => r.data);
 /**
- * Remove a field from a template.
+ * Update a member.
  *
  * ```typescript
- * import {deleteField} from '@verdocs/js-sdk/Templates';
+ * import {createOrganizationContact} from '@verdocs/js-sdk';
  *
- * await deleteField((VerdocsEndpoint.getDefault(), template_id, field_name);
+ * const result = await createOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'First', last_name:'Last', email:'a@b.com'});
  * ```
+ */
+const createOrganizationContact = (endpoint, params) => endpoint.api //
+    .post(`/v2/organization-contacts`, params)
+    .then((r) => r.data);
+/**
+ * Update a member.
  *
- * @group Fields
- * @api DELETE /v2/fields/:template_id/:field_name Delete a field
- * @apiSuccess string . Success
+ * ```typescript
+ * import {updateOrganizationContact} from '@verdocs/js-sdk';
+ *
+ * const result = await updateOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'NewFirst'});
+ * ```
  */
-const deleteField = (endpoint, templateId, name) => endpoint.api //
-    .delete(`/v2/fields/${templateId}/${encodeURIComponent(name)}`)
+const updateOrganizationContact = (endpoint, profileId, params) => endpoint.api //
+    .patch(`/v2/organization-contacts/${profileId}`, params)
     .then((r) => r.data);
 
 /**
- * Various helpers to identify available operations for a template by a user.
+ * Organizations may contain "Groups" of user profiles, called Members. Groups may have permissions assigned that
+ * apply to all Members, making it easy to configure role-based access control (RBAC) within an Organization. Note
+ * that permissions are **additive**. A user may be a member of more than one group, and may also have permissions
+ * assigned directly. In that case, the user will have the combined set of all permissions inherited from all
+ * sources.
  *
  * @module
  */
 /**
- * Check to see if the user created the template.
- */
-const userIsTemplateCreator = (profile, template) => profile && template && profile.id === template.profile_id;
-/**
- * Check to see if a template is "shared" with the user.
- */
-const userHasSharedTemplate = (profile, template) => profile && template && !template.is_personal && profile.organization_id === template.organization_id;
-/**
- * Check to see if the user can create a personal/private template.
- */
-const userCanCreatePersonalTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:personal']);
-/**
- * Check to see if the user can create an org-shared template.
- */
-const userCanCreateOrgTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:org']);
-/**
- * Check to see if the user can create a public template.
- */
-const userCanCreatePublicTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:public']);
-/**
- * Check to see if the user can read/view a template.
- */
-const userCanReadTemplate = (profile, template) => template.is_public ||
-    userIsTemplateCreator(profile, template) ||
-    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read']));
-/**
- * Check to see if the user can update a tempate.
- */
-const userCanUpdateTemplate = (profile, template) => userIsTemplateCreator(profile, template) ||
-    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read', 'template:member:write']));
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanMakeTemplatePrivate = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:personal'])
-    : userHasPermissions(profile, ['template:member:visibility']);
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanMakeTemplateShared = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:org'])
-    : userHasPermissions(profile, ['template:member:visibility']);
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanMakeTemplatePublic = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:public'])
-    : userHasPermissions(profile, ['template:member:visibility']);
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanChangeOrgVisibility = (profile, template) => userIsTemplateCreator(profile, template) && userHasPermissions(profile, ['template:creator:create:personal']);
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanDeleteTemplate = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:delete'])
-    : userHasPermissions(profile, ['template:member:delete']);
-/**
- * Confirm whether the user can create an envelope using the specified template.
- */
-const userCanSendTemplate = (profile, template) => {
-    switch (template.visibility) {
-        case 'private':
-            return userIsTemplateCreator(profile, template);
-        case 'shared':
-            return userIsTemplateCreator(profile, template) || template.organization_id === profile?.organization_id;
-        case 'public':
-            return true;
-    }
-};
-/**
- * Confirm whether the user can create a new template.
- */
-const userCanCreateTemplate = (profile) => userCanCreatePersonalTemplate(profile) || userCanCreateOrgTemplate(profile) || userCanCreatePublicTemplate(profile);
-/**
- * Check to see if the user can "build" the template (use the field builder). The user must have write access to the
- * template, and the template must have at least one signer role.
+ * Get a list of groups for the caller's organization. NOTE: Any organization member may request
+ * the list of groups, but only Owners and Admins may update them.
+ *
+ * ```typescript
+ * import {getGroups} from '@verdocs/js-sdk';
+ *
+ * const groups = await getGroups();
+ * ```
  */
-const userCanBuildTemplate = (profile, template) => userCanUpdateTemplate(profile, template) && (template.roles || []).filter((role) => role.type === 'signer').length > 0;
-const getFieldsForRole = (template, role_name) => (template.fields || []).filter((field) => field.role_name === role_name);
+const getGroups = (endpoint) => endpoint.api //
+    .get(`/v2/organization-groups`)
+    .then((r) => r.data);
 /**
- * Check to see if the user can preview the template. The user must have read access to the template, the template must
- * have at least one signer, and every signer must have at least one field.
+ * Get the details for a group, including its member profiles and list of permissions.
+ *
+ * ```typescript
+ * import {getGroup} from '@verdocs/js-sdk/v2/organization-groups';
+ *
+ * const group = await getGroup(GROUPID);
+ * ```
  */
-const userCanPreviewTemplate = (profile, template) => {
-    const hasPermission = userCanReadTemplate(profile, template);
-    const signers = (template.roles || []).filter((role) => role.type === 'signer');
-    return hasPermission && signers.length > 0 && signers.every((signer) => getFieldsForRole(template, signer.name).length > 0);
-};
-
+const getGroup = (endpoint, groupId) => endpoint.api //
+    .get(`/v2/organization-groups/${groupId}`)
+    .then((r) => r.data);
 /**
- * A "role" is an individual participant in a signing flow, such as a signer or CC contact.
- * A role is a placeholder that will eventually become a named recipient. For example, "Tenant 1"
- * might be replaced with "John Smith" when the document is sent out for signature.
- *
- * Role names must be unique within a template, e.g. 'Recipient 1'. They may contain any [a-zA-Z0-9_- ]
- * characters, although it is recommended to keep them simple and human-readable, and to avoid
- * spaces (although they are allowed). If spaces are used in role names, be sure to URL-encode them
- * when calling endpoints like `updateRole()` e.g. 'Recipient%201'.
+ * Create a group. Note that "everyone" is a reserved name and may not be created.
  *
- * NOTE: Roles are always enumerated under Template objects, so there are no "list" or "get" endpoints
- * for them. To get a template's latest role list, simply call `getTemplate()`.
+ * ```typescript
+ * import {createGroup} from '@verdocs/js-sdk';
  *
- * @module
+ * const group = await createGroup(VerdocsEndpoint.getDefault(), {name:'newgroup'});
+ * ```
  */
+const createGroup = (endpoint, params) => endpoint.api //
+    .post('/v2/organization-groups', params)
+    .then((r) => r.data);
 /**
- * Create a role.
+ * Update a group. Note that "everyone" is a reserved name and may not be changed.
  *
  * ```typescript
- * import {createTemplateRole} from '@verdocs/js-sdk';
+ * import {updateGroup} from '@verdocs/js-sdk';
  *
- * const role = await createTemplateRole(VerdocsEndpoint.getDefault(), template_id, params...);
+ * const updated = await updateGroup(VerdocsEndpoint.getDefault(), {name:'newname'});
  * ```
- *
- * @group Roles
- * @api POST /v2/roles/:template_id Add a role to a template
- * @apiBody string name Name for the new role. Must be unique within the template. May include spaces, but later calls must URL-encode any references to this role, so it is recomended that special characters be avoided.
- * @apiBody string(enum:'signer' | 'cc' | 'approver') type Type of role to create. Signers act on documents by filling and signing fields. CC recipients receive a copy but do not act on the document. Approvers control the final submission of a document, but do not have fields of their own to fill out.
- * @apiBody string full_name? Default full name for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string email? Default email address for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string phone? Default (SMS-capable) phone number for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string message? Optional message to include in email and SMS signing invitations.
- * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role. Roles that share the same sequence number act in parallel, and will receive invitations at the same time.
- * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role. Controls the left-to-right display order of roles at the same sequence number in the UI components e.g. `<verdocs-template-roles />`.
- * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
- * @apiSuccess IRole . The newly-created role
  */
-const createTemplateRole = (endpoint, template_id, params) => endpoint.api //
-    .post(`/v2/roles/${template_id}`, params)
+const updateGroup = (endpoint, groupId, params) => endpoint.api //
+    .patch(`/v2/organization-groups/${groupId}`, params)
     .then((r) => r.data);
 /**
- * Update a role.
+ * Get an organization by ID. Note that the "everyone" group cannot be deleted.
  *
  * ```typescript
- * import {updateTemplateRole} from '@verdocs/js-sdk';
+ * import {deleteGroup} from '@verdocs/js-sdk';
  *
- * const role = await updateTemplateRole(VerdocsEndpoint.getDefault(), template_id, name, params...);
+ * await deleteGroup(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
- *
- * @group Roles
- * @api PATCH /v2/roles/:template_id/:role_id Update a role. See createRole for additional details on the parameters available.
- * @apiBody string name? Rename the role. Note that role names must be unique within a template, so this may fail if the new name is already in use.
- * @apiBody string(enum:'signer' | 'cc' | 'approver') type? Type of role.
- * @apiBody string full_name? Default full name for the role.
- * @apiBody string email? Default email address for the role.
- * @apiBody string phone? Default (SMS-capable) phone number for the role.
- * @apiBody string message? Optional message to include in email and SMS signing invitations.
- * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role.
- * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role.
- * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
- * @apiBody string(enum:'pin'|'identity'|'') kba_method? Active PIN- or Identity-based KBA for the role.
- * @apiSuccess IRole . The newly-created role
  */
-const updateTemplateRole = (endpoint, template_id, name, params) => endpoint.api //
-    .patch(`/v2/roles/${template_id}/${encodeURIComponent(name)}`, params)
+const deleteGroup = (endpoint, groupId) => endpoint.api //
+    .delete(`/v2/organization-groups/${groupId}`)
     .then((r) => r.data);
 /**
- * Delete a role.
+ * Add a member to a group.
  *
  * ```typescript
- * import {deleteTemplateRole} from '@verdocs/js-sdk';
+ * import {addGroupMember} from '@verdocs/js-sdk';
  *
- * const profiles = await deleteTemplateRole(VerdocsEndpoint.getDefault(), template_id, name);
+ * await addGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
  * ```
+ */
+const addGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
+    .post(`/v2/organization-groups/${groupId}/members`, { profile_id })
+    .then((r) => r.data);
+/**
+ * Remove a member from a group.
  *
- * @group Roles
- * @api DELETE /v2/roles/:template_id/:role_id Delete a role.
- * @apiSuccess string . Success
+ * ```typescript
+ * import {deleteGroupMember} from '@verdocs/js-sdk';
+ *
+ * await deleteGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
+ * ```
  */
-const deleteTemplateRole = (endpoint, template_id, name) => endpoint.api //
-    .delete(`/v2/roles/${template_id}/${encodeURIComponent(name)}`)
+const deleteGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
+    .delete(`/v2/organization-groups/${groupId}/members/${profile_id}`)
     .then((r) => r.data);
 
 /**
- * Get the template stars for a template.
+ * An invitation represents an opportunity for a Member to join an Organization.
+ *
+ * @module
  */
-const getStars = (endpoint, templateId) => endpoint.api //
-    .get(`/templates/${templateId}/stars`)
-    .then((r) => r.data);
 /**
- * Toggle the template star for a template.
+ * Get a list of invitations pending for the caller's organization. The caller must be an admin or owner.
+ *
+ * @group Organization Invitations
+ * @api GET /v2/organization-invitations Get a list of pending invitations
+ * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const toggleStar = (endpoint, templateId) => endpoint.api //
-    .post(`/templates/${templateId}/stars/toggle`)
+const getOrganizationInvitations = (endpoint) => endpoint.api //
+    .get(`/v2/organization-invitations`)
     .then((r) => r.data);
-
 /**
- * A Tag is a user-specified label applied to a template. Tags help users organize and find Templates.
- * recipients. Every Organization has a set of tags "owned" by that Organization and only visible inside it.
- * Verdocs also provides a set of system-wide "featured" tags available to all Organizations.
+ * Invite a new user to join the organization.
  *
- * @module
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations Invite a new user to join the organization
+ * @apiBody string email Email address to send the invitation to
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiBody TRole role Initial role to assign to the user once they accept.
+ * @apiSuccess IOrganizationInvitation . The newly-created invitation.
  */
+const createOrganizationInvitation = (endpoint, params) => endpoint.api //
+    .post(`/v2/organization-invitations`, params)
+    .then((r) => r.data);
 /**
- * Apply a tag to a template.
+ * Delete an invitation. Note that no cancellation message will be sent. Invitations are also one-time-use.
+ * If the invitee attempts to join after the invitation is deleted, accepted, or decline, they will be
+ * shown an error.
+ *
+ * @group Organization Invitations
+ * @api DELETE /v2/organization-invitations/:email Delete a pending invitation
+ * @apiSuccess string . Success
  */
-const addTemplateTag = (endpoint, templateId, params) => endpoint.api //
-    .post(`/templates/${templateId}/tags/`, params)
+const deleteOrganizationInvitation = (endpoint, email) => endpoint.api //
+    .delete(`/v2/organization-invitations/${email}`)
     .then((r) => r.data);
 /**
- * Get all tags for a template.
+ * Update an invitation. Note that email may not be changed after the invite is sent. To change
+ * an invitee's email, delete the incorrect entry and create one with the correct value.
+ *
+ * @group Organization Invitations
+ * @api PATCH /v2/organization-invitations/:email Update a pending invitation
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiBody TRole role Initial role to assign to the user once they accept.
+ * @apiSuccess IOrganizationInvitation . The updated invitation.
  */
-const getTemplateTags = (endpoint, templateId) => endpoint.api //
-    .get(`/templates/${templateId}/tags/`)
+const updateOrganizationInvitation = (endpoint, email, params) => endpoint.api //
+    .patch(`/v2/organization-invitations/${email}`, params)
     .then((r) => r.data);
 /**
- * Remove a tag from a template.
+ * Send a reminder to the invitee to join the organization.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/resend Send a reminder to a pending invitee
+ * @apiBody string email The recipient to send the reminder to
+ * @apiSuccess IOrganizationInvitation . The updated invitation
  */
-const deleteTemplateTag = (endpoint, templateId, tagName) => endpoint.api //
-    .post(`/templates/${templateId}/tags/${tagName}`)
+const resendOrganizationInvitation = (endpoint, email) => endpoint.api //
+    .post('/v2/organization-invitations/resend', { email })
     .then((r) => r.data);
 /**
- * Create an Organization-wide tag.
+ * Get an invitation's details. This is generally used as the first step of accepting the invite.
+ * A successful response will indicate that the invite token is still valid, and include some
+ * metadata for the organization to style the acceptance screen.
+ *
+ * @group Organization Invitations
+ * @api GET /v2/organization-invitations/:email/:token Get a pending invitation (_Authenticated via invite token, not an active session._). Intended to be called by the invitee to get details about the invitation they are about to accept.
+ * @apiSuccess IOrganizationInvitation . Requested invitation's details. Will always include summary details for the organization, to be used for branding the accept-invite view.
  */
-const createTag = (endpoint, name) => endpoint.api //
-    .post('/tags', { tag_name: name })
+const getOrganizationInvitation = (endpoint, email, token) => endpoint.api //
+    .get(`/v2/organization-invitations/${email}/${token}`)
     .then((r) => r.data);
 /**
- * Get an Organization-wide tag.
+ * Accept an invitation. This will automatically create a user record for the caller as well as a profile
+ * with the appropriate role as specified in the invite. The profile will be set as "current" for the caller,
+ * and session tokens will be returned to access the new profile. The profile's email_verified flag will
+ * also be set to true.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/accept Accept an invitation
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiBody string first_name First name
+ * @apiBody string last_name Last name
+ * @apiBody string password Password
+ * @apiSuccess IAuthenticateResponse . Session credentials for the newly-created user's profile. If the user already had a profile for another organization, the new profile will be made "current" automatically.
  */
-const getTag = (endpoint, name) => endpoint.api //
-    .get(`/tags/${name}`)
+const acceptOrganizationInvitation = (endpoint, params) => endpoint.api //
+    .post('/v2/organization-invitations/accept', params)
     .then((r) => r.data);
 /**
- * Get all tags available for use by an Organization.
+ * Decline an invitation. This will mark the status "declined," providing a visual indication to the
+ * organization's admins that the invite was declined, preventing further invites from being created
+ * to the same email address, and also preventing the invitee from receiving reminders to join.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/decline Decline an invitation
+ * @apiDescription Mark the status "declined," providing a visual indication to the organization's admins that the invite was declined, preventing further invites from being created to the same email address, and also preventing the invitee from receiving reminders to join.
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const getAllTags = (endpoint) => endpoint.api //
-    .get('/tags')
+const declineOrganizationInvitation = (endpoint, email, token) => endpoint.api //
+    .post('/v2/organization-invitations/decline', { email, token })
     .then((r) => r.data);
 
 /**
- * A Template defines how a Verdocs signing flow will be performed, including attachments, signing fields, and
- * recipients.
+ * An Organization Member (aka Profile) is an individual user with access to an organization.
  *
  * @module
  */
 /**
- * Get all templates accessible by the caller, with optional filters.
+ * Get a list of the members in the caller's organization.
  *
  * ```typescript
- * import {getTemplates} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationMembers} from '@verdocs/js-sdk';
  *
- * await getTemplates((VerdocsEndpoint.getDefault());
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_starred: true });
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_creator: true });
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_organization: true });
+ * const members = await getOrganizationMembers(VerdocsEndpoint.getDefault()});
  * ```
  *
- * @group Templates
- * @api GET /v2/templates Get Templates
- * @apiQuery string q? Find templates whose names/descriptions contain the specified query string
- * @apiQuery boolean is_starred? If true, returns only templates with at least one "star".
- * @apiQuery boolean is_creator? If true, returns only templates that the caller created.
- * @apiQuery string(enum: 'private_shared' | 'private' | 'shared' | 'public') visibility? Return only templates with the specified visibility.
- * @apiQuery string(enum: 'created_at' | 'updated_at' | 'name' | 'last_used_at' | 'counter' | 'star_counter') sort_by? Return results sorted by this criteria
- * @apiQuery boolean ascending? Set true/false to override the sort direction. Note that the default depends on `sort_by`. Date-based sorts default to descending, while name defaults to ascending.
- * @apiQuery integer(default: 20) rows? Limit the number of rows returned
- * @apiQuery integer(default: 0) page? Specify which page of results to return
- * @apiSuccess integer(format: int32) count The total number of records matching the query, helpful for pagination
- * @apiSuccess integer(format: int32) rows The number of rows returned in this response page
- * @apiSuccess integer(format: int32) page The page number of this response
- * @apiSuccess array(items: ITemplate) templates List of templates found
+ * @group Organization Members
+ * @api GET /v2/organization-members List current organization's members
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const getTemplates = (endpoint, params) => endpoint.api //
-    .get('/v2/templates', { params })
+const getOrganizationMembers = (endpoint) => endpoint.api //
+    .get(`/v2/organization-members`)
     .then((r) => r.data);
 /**
- * Get one template by its ID.
+ * Delete a member from the caller's organization. Note that the caller must be an admin or owner,
+ * may not delete him/herself.
  *
  * ```typescript
- * import {getTemplate} from '@verdocs/js-sdk/Templates';
+ * import {deleteOrganizationMember} from '@verdocs/js-sdk';
  *
- * const template = await getTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * await deleteOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID'});
  * ```
  *
- * @group Templates
- * @api GET /v2/templates/:template_id Get a template. Note that the caller must have at least View access to the template.
- * @apiSuccess ITemplate . The requested template
+ * @group Organization Members
+ * @api DELETE /v2/organization-members/:profile_id Delete a member from the organization
+ * @apiSuccess string . Success
  */
-const getTemplate = (endpoint, templateId) => {
-    return endpoint.api //
-        .get(`/v2/templates/${templateId}`)
-        .then((r) => {
-        const template = r.data;
-        // Post-process the template to upgrade to new data fields
-        if (!template.documents && template.template_documents) {
-            template.documents = template.template_documents;
-        }
-        template.documents?.forEach((document) => {
-            if (!document.order) {
-                document.order = 0;
-            }
-            if (document.page_numbers) {
-                document.pages = document.page_numbers;
-            }
-        });
-        // Temporary upgrade from legacy app
-        template.fields?.forEach((field) => {
-            if (field.setting) {
-                field.settings = field.setting;
-            }
-        });
-        return template;
-    });
-};
-const ALLOWED_CREATE_FIELDS = [
-    'name',
-    'is_personal',
-    'is_public',
-    'sender',
-    'description',
-    'roles',
-    'fields',
-];
+const deleteOrganizationMember = (endpoint, profileId) => endpoint.api //
+    .delete(`/v2/organization-members/${profileId}`)
+    .then((r) => r.data);
 /**
- * Create a template.
+ * Update a member.
  *
  * ```typescript
- * import {createTemplate} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationMember} from '@verdocs/js-sdk';
  *
- * const newTemplate = await createTemplate((VerdocsEndpoint.getDefault(), {...});
+ * const result = await updateOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID', {roles:['member']});
  * ```
  *
- * @group Templates
- * @api POST /v2/templates Create a template
- * @apiBody string name Template name
- * @apiBody string description? Optional description
- * @apiBody TTemplateVisibility visibility? Visibility setting
- * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
- * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
- * @apiBody TTemplateSender sender? Who may send envelopes using this template
- * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
- * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
- * @apiBody array(items:object) documents? Optional list of documents to attach to the template
- * @apiBody array(items:IRole) roles? Optional list of roles to create. Note that if roles are not included in the request, fields will be ignored.
- * @apiBody array(fields:ITemplateField) fields? Optional list of fields to create. Note that if fields that do not match a role will be ignored.
- * @apiSuccess ITemplate . The newly-created template
+ * @group Organization Members
+ * @api PATCH /v2/organization-members/:profile_id Update an organization member.
+ * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody string first_name Set to true to enable Webhooks calls.
+ * @apiBody string last_name Record<TWebhookEvent, boolean> map of events to enable/disable.
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const createTemplate = (endpoint, params, onUploadProgress) => {
-    const options = {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    };
-    if (params.documents && params.documents[0] instanceof File) {
-        const formData = new FormData();
-        ALLOWED_CREATE_FIELDS.forEach((allowedKey) => {
-            if (params[allowedKey] !== undefined) {
-                formData.append(allowedKey, params[allowedKey]);
-            }
-        });
-        params.documents.forEach((file) => {
-            formData.append('documents', file, file.name);
-        });
-        return endpoint.api.post('/v2/templates', formData, options).then((r) => r.data);
-    }
-    else {
-        return endpoint.api.post('/v2/templates', params, options).then((r) => r.data);
-    }
-};
+const updateOrganizationMember = (endpoint, profileId, params) => endpoint.api //
+    .patch(`/v2/organization-members/${profileId}`, params)
+    .then((r) => r.data);
+
 /**
- * Duplicate a template. Creates a complete clone, including all settings (e.g. reminders), fields,
- * roles, and documents.
+ * An Organization is the top level object for ownership for Members, Documents, and Templates.
+ *
+ * NOTE: There is no call specifically to create an organization. Every organization must have
+ * at least one "owner" type member. To create a new organization, call createProfile() with
+ * the desired new orgName to create. The caller will become the first owner of the new org, and
+ * can then invite new members to join as well.
+ *
+ * NOTE: There is no call to delete an organization. For safety, this is a manual process. Please
+ * contact support@verdocs.com if you wish to completely delete an organization and all its records.
+ *
+ * @module
+ */
+/**
+ * Get an organization by ID. Note that this endpoint will return only a subset of fields
+ * if the caller is not a member of the organization (the public fields).
  *
  * ```typescript
- * import {duplicateTemplate} from '@verdocs/js-sdk/Templates';
+ * import {getOrganization} from '@verdocs/js-sdk';
  *
- * const newTemplate = await duplicateTemplate((VerdocsEndpoint.getDefault(), originalTemplateId, 'My Template Copy');
+ * const organizations = await getOrganization(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api PUT /v2/templates/:template_id Perform an operation on a template
- * @apiBody string(enum:'duplicate') action Action to perform
- * @apiBody string name? If duplicating the template, a name for the new copy
- * @apiSuccess ITemplate . The newly-copied template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id Get organization
+ * @apiSuccess IOrganization . The requested organization. The caller must be a member.
  */
-const duplicateTemplate = (endpoint, templateId, name) => endpoint.api //
-    .put(`/v2/templates/${templateId}`, { action: 'duplicate', name })
+const getOrganization = (endpoint, organizationId) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}`)
     .then((r) => r.data);
 /**
- * Create a template from a Sharepoint asset.
+ * Get an organization's "children".
  *
  * ```typescript
- * import {createTemplateFromSharepoint} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationChildren} from '@verdocs/js-sdk';
  *
- * const newTemplate = await createTemplateFromSharepoint((VerdocsEndpoint.getDefault(), {...});
+ * const children = await getOrganizationChildren(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api POST /v2/templates/from-sharepoint Create a template from an asset in Sharepoint
- * @apiBody string name Name for the new template
- * @apiBody string siteId Name for the new template
- * @apiBody string itemId Name for the new template
- * @apiBody string oboToken On-Behalf-Of token for calls to Sharepoint. Should be generated as a short-expiration token with at least Read privileges to the siteId/itemId. This token will be discarded after being used.
- * @apiSuccess ITemplate . The newly-created template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id/children Get an organization's children
+ * @apiSuccess IOrganization[] . Any child organizations found.
  */
-const createTemplateFromSharepoint = (endpoint, params) => {
-    const options = {
-        timeout: 120000,
-    };
-    return endpoint.api.post('/v2/templates/from-sharepoint', params, options).then((r) => r.data);
-};
+const getOrganizationChildren = (endpoint, organizationId) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}/children`)
+    .then((r) => r.data);
 /**
- * Update a template.
+ * Get an organization's usage data. If the organization is a parent, usage data for children
+ * will be included as well. The response will be a nested object keyed by organization ID,
+ * with each entry being a dictionary of usageType:count entries.
  *
  * ```typescript
- * import {updateTemplate} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationUsage} from '@verdocs/js-sdk';
  *
- * const updatedTemplate = await updateTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9', { name: 'New Name' });
+ * const usage = await getOrganizationUsage(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api PATCH /v2/templates/:template_id Update a template
- * @apiBody string name? Template name
- * @apiBody string description? Optional description
- * @apiBody TTemplateVisibility visibility? Visibility setting
- * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
- * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
- * @apiBody TTemplateSender sender? Who may send envelopes using this template
- * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
- * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
- * @apiSuccess ITemplate . The updated template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id/usage Get an organization's usage metrics
+ * @apiSuccess TOrganizationUsage . Usage data grouped by organization ID
  */
-const updateTemplate = (endpoint, templateId, params) => endpoint.api //
-    .patch(`/v2/templates/${templateId}`, params)
+const getOrganizationUsage = (endpoint, organizationId, params) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}/usage`, { params })
     .then((r) => r.data);
 /**
- * Delete a template.
+ * Create an organization. The caller will be assigned an "Owner" profile in the new organization,
+ * and it will be set to "current" automatically. A new set of session tokens will be issued to
+ * the caller, and the caller should update their endpoint to use the new tokens.
  *
  * ```typescript
- * import {deleteTemplate} from '@verdocs/js-sdk/Templates';
+ * import {createOrganization} from '@verdocs/js-sdk';
  *
- * await deleteTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * const organization = await createOrganization(VerdocsEndpoint.getDefault(), {name: 'NewOrg'});
  * ```
  *
- * @group Templates
- * @api DELETE /v2/templates/:template_id Delete a template
- * @apiSuccess string . Success
+ * @group Organizations
+ * @api POST /v2/organizations Create organization
+ * @apiDescription The caller will be assigned an "Owner" profile in the new organization, and it will be set to "current" automatically. A new set of session tokens will be issued to  the caller, and the caller should update their endpoint to use the new tokens.
+ * @apiBody string name The name of the new organization
+ * @apiBody string parent_id? If set, the new organization will be created as a child of the specified parent organization. The caller must be an admin of the parent organization.
+ * @apiBody string contact_email? Contact email for the new organization
+ * @apiBody string url? URL for the new organization
+ * @apiBody string full_logo_url? URL of a large-format PNG logo
+ * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiSuccess IAuthenticateResponse . Authentication credentials for user in the new organization. The user will be made an Owner automatically.
  */
-const deleteTemplate = (endpoint, templateId) => endpoint.api //
-    .delete(`/v2/templates/${templateId}`)
+const createOrganization = (endpoint, params) => endpoint.api //
+    .post(`/v2/organizations`, params)
     .then((r) => r.data);
-
-/**
- * A TemplateDocument represents a PDF or other attachment in a Template.
- *
- * @module
- */
 /**
- * Get all the Template Documents associated to a particular Template.
+ * Update an organization. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganization} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.geTemplateDocuments((VerdocsEndpoint.getDefault(), templateId);
+ * const organizations = await updateOrganization(VerdocsEndpoint.getDefault(), organizationId, {name:'ORGNAME'});
  * ```
  *
- * @group Template Documents
- * @api GET /v2/templates/:template_id/documents List the documents assigned to a template
- * @apiSuccess array(items: ITemplateDocument) . Template documents
+ * @group Organizations
+ * @api PATCH /v2/organizations/:organization_id Update organization
+ * @apiBody string name The name of the new organization
+ * @apiBody string contact_email? Contact email for the new organization
+ * @apiBody string url? URL for the new organization
+ * @apiBody string full_logo_url? URL of a large-format PNG logo
+ * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiSuccess IOrganization . The details for the updated organization
  */
-const getTemplateDocuments = (endpoint, templateId) => endpoint.api //
-    .get(`/templates/${templateId}/documents/`)
+const updateOrganization = (endpoint, organizationId, params) => endpoint.api //
+    .patch(`/v2/organizations/${organizationId}`, params)
     .then((r) => r.data);
 /**
- * Get a specific Document.
+ * Delete an organization. This can only be called by an owner. Inclusion of the organization ID to delete
+ * is just a safety check. The caller may only delete the organization they have currently selected.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {deleteOrganization} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.geTemplateDocument((VerdocsEndpoint.getDefault(), templateId,documentId);
+ * const newSession = await deleteOrganization(VerdocsEndpoint.getDefault(), organizationId);
  * ```
  *
- * @group Template Documents
- * @api GET /v2/templates/:template_id/documents/:document_id Get an individual template document
- * @apiSuccess ITemplateDocument . Template document
+ * @group Organizations
+ * @api DELETE /v2/organizations/:organization_id Delete organization
+ * @apiSuccess IAuthenticateResponse . If the caller is a member of another organization, authentication credentials for the next organization available. If not, this will be null and the caller will be logged out.
  */
-const getTemplateDocument = (endpoint, templateId, documentId) => endpoint.api //
-    .get(`/templates/${templateId}/documents/${documentId}`)
+const deleteOrganization = (endpoint, organizationId) => endpoint.api //
+    .delete(`/v2/organizations/${organizationId}`)
     .then((r) => r.data);
 /**
- * Create a Document for a particular Template.
+ * Update the organization's full or thumbnail logo. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationLogo} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.createDocument((VerdocsEndpoint.getDefault(), templateID, params);
+ * await updateOrganizationLogo((VerdocsEndpoint.getDefault(), organizationId, file);
  * ```
  *
- * @group Template Documents
- * @api POST /v2/templates/:template_id/documents Attach a document to a template
- * @apiBody string(format:binary) file Document file to attach. The file name will automatically be used as the document name.
- * @apiSuccess ITemplateDocument . Template document
+ * @group Organizations
+ * @api PATCH /v2/organizations/:organization_id Update organization full or thumbnail logo.
+ * @apiBody image/png logo? Form-url-encoded file to upload
+ * @apiBody image/png thumbnail? Form-url-encoded file to upload
+ * @apiSuccess IOrganization . The updated organization.
  */
-const createTemplateDocument = (endpoint, templateId, file, onUploadProgress) => {
+const updateOrganizationLogo = (endpoint, organizationId, file, onUploadProgress) => {
     const formData = new FormData();
-    formData.append('document', file, file.name);
+    formData.append('logo', file, file.name);
     return endpoint.api //
-        .post(`/templates/${templateId}/documents`, formData, {
+        .patch(`/v2/organizations/${organizationId}`, formData, {
         timeout: 120000,
         onUploadProgress: (event) => {
             const total = event.total || 1;
@@ -3645,68 +3568,103 @@ const createTemplateDocument = (endpoint, templateId, file, onUploadProgress) =>
         .then((r) => r.data);
 };
 /**
- * Delete a specific Document.
+ * Update the organization's thumbnail. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationThumbnail} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.deleteDocument((VerdocsEndpoint.getDefault(), templateID, documentID);
+ * await updateOrganizationThumbnail((VerdocsEndpoint.getDefault(), organizationId, file);
  * ```
- *
- * @group Template Documents
- * @api DELETE /v2/templates/:temlate_id/documents/:document_id Delete a template document
- * @apiSuccess string . Success
  */
-const deleteTemplateDocument = (endpoint, templateId, documentId) => endpoint.api //
-    .delete(`/templates/${templateId}/documents/${documentId}`)
-    .then((r) => r.data);
+const updateOrganizationThumbnail = (endpoint, organizationId, file, onUploadProgress) => {
+    const formData = new FormData();
+    formData.append('thumbnail', file, file.name);
+    return endpoint.api //
+        .patch(`/v2/organizations/${organizationId}`, formData, {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    })
+        .then((r) => r.data);
+};
+const getEntitlements = async (endpoint) => endpoint.api.get(`/v2/organizations/entitlements`).then((r) => r.data);
 /**
- * Get (binary download) a file attached to a Template. It is important to use this method
- * rather than a direct A HREF or similar link to set the authorization headers for the
- * request.
+ * Largely intended to be used internally by Web SDK components but may be informative for other cases.
+ * Entitlements are feature grants such as "ID-based KBA" that require paid contracts to enable, typically
+ * because the underlying services that support them are fee-based. Entitlements may run concurrently,
+ * and may have different start/end dates e.g. "ID-based KBA" may run 1/1/2026-12/31/2026 while
+ * "SMS Authentication" may be added later and run 6/1/2026-5/31/2027. The entitlements list is a simple
+ * array of enablements and may include entries that are not YET enabled or have now expired.
+ *
+ * In client code it is helpful to simply know "is XYZ feature currently enabled?" This function collapses
+ * the entitlements list to a simplified dictionary of current/active entitlements. Note that it is async
+ * because it calls the server to obtain the "most current" entitlements list. Existence of an entry in the
+ * resulting dictionary implies the feature is active. Metadata inside each entry can be used to determine
+ * limits, etc.
+ *
+ * ```typescript
+ * import {getActiveEntitlements} from '@verdocs/js-sdk';
+ *
+ * const activeEntitlements = await getActiveEntitlements((VerdocsEndpoint.getDefault());
+ * const isSMSEnabled = !!activeEntitlements.sms_auth;
+ * const monthlyKBALimit = activeEntitlements.kba_auth?.monthly_max;
+ * ```
  */
-const getTemplateDocumentFile = async (endpoint, templateId, documentId) => endpoint.api //
-    .get(`/templates/${templateId}/documents/${documentId}?file=true`, { responseType: 'blob' })
-    .then((r) => r.data);
+const getActiveEntitlements = async (endpoint) => {
+    if (!endpoint.session) {
+        throw new Error('No active session');
+    }
+    const entitlements = await getEntitlements(endpoint);
+    return collapseEntitlements(entitlements);
+};
+
 /**
- * Get (binary download) a file attached to a Template. It is important to use this method
- * rather than a direct A HREF or similar link to set the authorization headers for the
- * request.
+ * Webhooks are callback triggers from Verdocs to your servers that notify your applications
+ * of various events, such as signing operations.
+ *
+ * @module
  */
-const getTemplateDocumentThumbnail = async (endpoint, templateId, documentId) => endpoint.api //
-    .get(`/templates/${templateId}/documents/${documentId}?thumbnail=true`, { responseType: 'blob' })
-    .then((r) => r.data);
 /**
- * Get a display URI for a given page in a file attached to a template document. These pages are rendered server-side
- * into PNG resources suitable for display in IMG tags although they may be used elsewhere. Note that these are intended
- * for DISPLAY ONLY, are not legally binding documents, and do not contain any encoded metadata from participants. The
- * original asset may be obtained by calling `getTemplateDocumentFile()` or similar.
+ * Get the registered Webhook configuration for the caller's organization.
+ *
+ * ```typescript
+ * import {getWebhooks} from '@verdocs/js-sdk';
+ *
+ * await getWebhooks(ORGID, params);
+ * ```
+ *
+ * @group Webhooks
+ * @api GET /v2/webhooks Get organization Webhooks config
+ * @apiSuccess IWebhook . The current Webhooks config for the caller's organization.
  */
-const getTemplateDocumentPageDisplayUri = async (endpoint, documentId, page, variant = 'original') => endpoint.api.get(`/v2/template-documents/page-image/${documentId}/${variant}/${page}`, { timeout: 20000 }).then((r) => r.data);
-
+const getWebhooks = (endpoint) => endpoint.api //
+    .get(`/v2/webhooks`)
+    .then((r) => r.data);
 /**
- * Get all defined validators
+ * Update the registered Webhook configuration for the caller's organization. Note that
+ * Webhooks cannot currently be deleted, but may be easily disabled by setting `active`
+ * to `false` and/or setting the `url` to an empty string.
  *
  * ```typescript
- * import {Documents} from '@verdocs/js-sdk/Templates';
+ * import {setWebhooks} from '@verdocs/js-sdk';
  *
- * await Documents.getDocuments(templateID);
+ * await setWebhooks(ORGID, params);
  * ```
+ *
+ * @group Webhooks
+ * @api PATCH /v2/webhooks Update organization Webhooks config
+ * @apiDescription Note that Webhooks cannot currently be deleted, but may be easily disabled by setting `active` to `false` and/or setting the `url` to an empty string.
+ * @apiBody string url URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody boolean active Set to true to enable Webhooks calls.
+ * @apiBody object events Record<TWebhookEvent, boolean> map of events to enable/disable.
+ * @apiSuccess IWebhook . The updated Webhooks config for the caller's organization.
  */
-const getValidators = (endpoint) => endpoint.api //
-    .get('/validators')
-    .then((r) => r.data);
-const getValidator = (endpoint, validatorName) => endpoint.api //
-    .get(`/validators/${validatorName}`)
+const setWebhooks = (endpoint, params) => endpoint.api //
+    .patch(`/v2/webhooks`, params)
     .then((r) => r.data);
-const EMAIL_REGEX = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-const isValidEmail = (email) => !!email && EMAIL_REGEX.test(email);
-// @see https://www.regextester.com/1978
-const PHONE_REGEX = /((?:\+|00)[17](?: |\-)?|(?:\+|00)[1-9]\d{0,2}(?: |\-)?|(?:\+|00)1\-\d{3}(?: |\-)?)?(0\d|\([0-9]{3}\)|[1-9]{0,3})(?:((?: |\-)[0-9]{2}){4}|((?:[0-9]{2}){4})|((?: |\-)[0-9]{3}(?: |\-)[0-9]{4})|([0-9]{7}))/;
-const isValidPhone = (phone) => !!phone && PHONE_REGEX.test(phone);
-const isValidRoleName = (value, roles) => roles.findIndex((role) => role.name === value) !== -1;
-const TagRegEx = /^[a-zA-Z0-9-]{0,32}$/;
-const isValidTag = (value, tags) => TagRegEx.test(value) || tags.findIndex((tag) => tag === value) !== -1;
 
-export { ALL_PERMISSIONS, AtoB, Countries, DEFAULT_FIELD_HEIGHTS, DEFAULT_FIELD_WIDTHS, FIELD_TYPES, RolePermissions, VerdocsEndpoint, WEBHOOK_EVENTS, acceptOrganizationInvitation, addGroupMember, addTemplateTag, authenticate, blobToBase64, canAccessEnvelope, canPerformTemplateAction, cancelEnvelope, capitalize, changePassword, collapseEntitlements, convertToE164, createApiKey, createEnvelope, createField, createGroup, createInitials, createOrganization, createOrganizationContact, createOrganizationInvitation, createProfile, createSignature, createTag, createTemplate, createTemplateDocument, createTemplateFromSharepoint, createTemplateRole, declineOrganizationInvitation, decodeAccessTokenBody, decodeJWTBody, delegateRecipient, deleteApiKey, deleteEnvelopeFieldAttachment, deleteField, deleteGroup, deleteGroupMember, deleteOrganization, deleteOrganizationContact, deleteOrganizationInvitation, deleteOrganizationMember, deleteProfile, deleteSignature, deleteTemplate, deleteTemplateDocument, deleteTemplateRole, deleteTemplateTag, downloadBlob, downloadDocument, duplicateTemplate, envelopeIsActive, envelopeIsComplete, envelopeRecipientAgree, envelopeRecipientChangeOwner, envelopeRecipientDecline, envelopeRecipientPrepare, envelopeRecipientSubmit, envelopeRecipientUpdateName, fileToDataUrl, formatFullName, formatInitials, formatShortTimeAgo, fullNameToInitials, getActiveEntitlements, getAllTags, getApiKeys, getCountryByCode, getCurrentProfile, getDocumentDownloadLink, getDocumentPreviewLink, getEntitlements, getEnvelope, getEnvelopeDocument, getEnvelopeDocumentPageDisplayUri, getEnvelopeFile, getEnvelopes, getFieldAttachment, getFieldsForRole, getGroup, getGroups, getInPersonLink, getKbaStep, getMatchingCountry, getMyUser, getNextRecipient, getNotifications, getOrganization, getOrganizationChildren, getOrganizationContacts, getOrganizationInvitation, getOrganizationInvitations, getOrganizationMembers, getOrganizationUsage, getPlusOneCountry, getProfiles, getRGB, getRGBA, getRLeft, getRTop, getRValue, getRecipientsWithActions, getRoleColor, getSignature, getSignatures, getStars, getTag, getTemplate, getTemplateDocument, getTemplateDocumentFile, getTemplateDocumentPageDisplayUri, getTemplateDocumentThumbnail, getTemplateDocuments, getTemplateTags, getTemplates, getValidator, getValidators, getWebhooks, hasRequiredPermissions, integerSequence, isAmericanSamoa, isCanada, isDominicanRepublic, isEnvelopeOwner, isEnvelopeRecipient, isFrenchGuiana, isGuadeloupe, isMartinique, isMayotte, isPuertoRico, isValidEmail, isValidPhone, isValidRoleName, isValidTag, nameToRGBA, randomString, recipientCanAct, recipientHasAction, refreshToken, remindRecipient, rescale, resendOrganizationInvitation, resendVerification, resetPassword, resetRecipient, rotateApiKey, setWebhooks, sortFields, startSigningSession, submitKbaChallengeResponse, submitKbaIdentity, submitKbaPin, switchProfile, toggleStar, updateApiKey, updateEnvelope, updateEnvelopeField, updateEnvelopeFieldInitials, updateEnvelopeFieldSignature, updateField, updateGroup, updateOrganization, updateOrganizationContact, updateOrganizationInvitation, updateOrganizationLogo, updateOrganizationMember, updateOrganizationThumbnail, updateProfile, updateProfilePhoto, updateRecipient, updateRecipientStatus, updateTemplate, updateTemplateRole, uploadEnvelopeFieldAttachment, useCanAccessEnvelope, userCanAct, userCanBuildTemplate, userCanCancelEnvelope, userCanChangeOrgVisibility, userCanCreateOrgTemplate, userCanCreatePersonalTemplate, userCanCreatePublicTemplate, userCanCreateTemplate, userCanDeleteTemplate, userCanFinishEnvelope, userCanMakeTemplatePrivate, userCanMakeTemplatePublic, userCanMakeTemplateShared, userCanPreviewTemplate, userCanReadTemplate, userCanSendTemplate, userCanSignNow, userCanUpdateTemplate, userHasPermissions, userHasSharedTemplate, userIsEnvelopeOwner, userIsEnvelopeRecipient, userIsTemplateCreator, verifyEmail, verifySigner };
+export { ALL_PERMISSIONS, AtoB, Countries, DEFAULT_DISCLOSURES, DEFAULT_FIELD_HEIGHTS, DEFAULT_FIELD_WIDTHS, FIELD_TYPES, RolePermissions, VerdocsEndpoint, WEBHOOK_EVENTS, acceptOrganizationInvitation, addGroupMember, authenticate, blobToBase64, canAccessEnvelope, canPerformTemplateAction, cancelEnvelope, capitalize, changePassword, collapseEntitlements, convertToE164, createApiKey, createEnvelope, createField, createGroup, createInitials, createOrganization, createOrganizationContact, createOrganizationInvitation, createProfile, createSignature, createTemplate, createTemplateDocument, createTemplateFromSharepoint, createTemplateRole, declineOrganizationInvitation, decodeAccessTokenBody, decodeJWTBody, delegateRecipient, deleteApiKey, deleteEnvelopeFieldAttachment, deleteField, deleteGroup, deleteGroupMember, deleteOrganization, deleteOrganizationContact, deleteOrganizationInvitation, deleteOrganizationMember, deleteProfile, deleteTemplate, deleteTemplateDocument, deleteTemplateRole, downloadBlob, downloadEnvelopeDocument, downloadTemplateDocument, duplicateTemplate, envelopeIsActive, envelopeIsComplete, envelopeRecipientAgree, envelopeRecipientDecline, envelopeRecipientSubmit, fileToDataUrl, formatFullName, formatInitials, formatShortTimeAgo, fullNameToInitials, getActiveEntitlements, getApiKeys, getCountryByCode, getCurrentProfile, getEntitlements, getEnvelope, getEnvelopeDocument, getEnvelopeDocumentDownloadLink, getEnvelopeDocumentPageDisplayUri, getEnvelopeDocumentPreviewLink, getEnvelopeFile, getEnvelopes, getEnvelopesZip, getFieldsForRole, getGroup, getGroups, getInPersonLink, getKbaStep, getMatchingCountry, getMyUser, getNextRecipient, getNotifications, getOrganization, getOrganizationChildren, getOrganizationContacts, getOrganizationInvitation, getOrganizationInvitations, getOrganizationMembers, getOrganizationUsage, getPlusOneCountry, getProfiles, getRGB, getRGBA, getRLeft, getRTop, getRValue, getRecipientsWithActions, getRoleColor, getTemplate, getTemplateDocument, getTemplateDocumentDownloadLink, getTemplateDocumentFile, getTemplateDocumentPageDisplayUri, getTemplateDocumentPreviewLink, getTemplateDocumentThumbnail, getTemplates, getValidators, getWebhooks, hasRequiredPermissions, integerSequence, isAmericanSamoa, isCanada, isDominicanRepublic, isEnvelopeOwner, isEnvelopeRecipient, isFieldFilled, isFieldValid, isFrenchGuiana, isGuadeloupe, isMartinique, isMayotte, isPuertoRico, isValidEmail, isValidInput, isValidPhone, isValidRoleName, isValidTag, nameToRGBA, randomString, recipientCanAct, recipientHasAction, refreshToken, remindRecipient, rescale, resendOrganizationInvitation, resendVerification, resetPassword, resetRecipient, rotateApiKey, setWebhooks, sortFields, startSigningSession, submitKbaChallengeResponse, submitKbaIdentity, submitKbaPin, switchProfile, toggleTemplateStar, updateApiKey, updateEnvelope, updateEnvelopeField, updateField, updateGroup, updateOrganization, updateOrganizationContact, updateOrganizationInvitation, updateOrganizationLogo, updateOrganizationMember, updateOrganizationThumbnail, updateProfile, updateProfilePhoto, updateRecipient, updateTemplate, updateTemplateRole, uploadEnvelopeFieldAttachment, useCanAccessEnvelope, userCanAct, userCanBuildTemplate, userCanCancelEnvelope, userCanChangeOrgVisibility, userCanCreateOrgTemplate, userCanCreatePersonalTemplate, userCanCreatePublicTemplate, userCanCreateTemplate, userCanDeleteTemplate, userCanFinishEnvelope, userCanMakeTemplatePrivate, userCanMakeTemplatePublic, userCanMakeTemplateShared, userCanPreviewTemplate, userCanReadTemplate, userCanSendTemplate, userCanSignNow, userCanUpdateTemplate, userHasPermissions, userHasSharedTemplate, userIsEnvelopeOwner, userIsEnvelopeRecipient, userIsTemplateCreator, verifyEmail, verifySigner };
 //# sourceMappingURL=index.mjs.map