@verdocs/js-sdk 6.2.0-beta.4 → 6.2.0-beta.6

package/dist/index.js

@@ -1770,1721 +1770,1818 @@ const getEnvelopes = (endpoint, params) => endpoint.api //
 const getEnvelopesZip = (endpoint, envelope_ids) => endpoint.api //
     .get(`/v2/envelopes/zip/${envelope_ids.join(',')}`, { responseType: 'blob', timeout: 120000 });
 
+const canPerformTemplateAction = (profile, action, template) => {
+    if (!template && !action.includes('create')) {
+        return { canPerform: false, message: 'Missing required template object' };
+    }
+    // We use BOGUS here to force the option-chain in things like template?.profile_id to NOT match profile?.profile_id because if both
+    // were undefined, they would actually match.
+    const profile_id = profile?.id || 'BOGUS';
+    const organization_id = profile?.organization_id || 'BOGUS';
+    const isCreator = template?.profile_id === profile_id;
+    const isSameOrg = template?.organization_id === organization_id;
+    const isPersonal = template?.is_personal ?? false;
+    const isPublic = template?.is_public ?? false;
+    const permissionsRequired = [];
+    switch (action) {
+        case 'create_personal':
+            permissionsRequired.push('template:creator:create:personal');
+            break;
+        case 'create_org':
+            permissionsRequired.push('template:creator:create:org');
+            break;
+        case 'create_public':
+            permissionsRequired.push('template:creator:create:public');
+            break;
+        case 'read':
+            if (!isCreator) {
+                if ((!isPersonal && isSameOrg) || !isPublic) {
+                    permissionsRequired.push('template:member:read');
+                }
+            }
+            break;
+        case 'write':
+            if (!isCreator) {
+                permissionsRequired.push('template:member:read');
+                permissionsRequired.push('template:member:write');
+            }
+            break;
+        case 'change_visibility_personal':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:personal');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'change_visibility_org':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:org');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'change_visibility_public':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:create:public');
+                permissionsRequired.push('template:creator:visibility');
+            }
+            else {
+                permissionsRequired.push('template:member:visibility');
+            }
+            break;
+        case 'delete':
+            if (isCreator) {
+                permissionsRequired.push('template:creator:delete');
+            }
+            else {
+                permissionsRequired.push('template:member:delete');
+            }
+            break;
+        default:
+            return { canPerform: false, message: 'Action is not defined' };
+    }
+    if (hasRequiredPermissions(profile, permissionsRequired)) {
+        return { canPerform: true, message: '' };
+    }
+    return { canPerform: false, message: `Insufficient access to perform '${action}'. Needed permissions: ${permissionsRequired.toString()}` };
+};
+const hasRequiredPermissions = (profile, permissions) => permissions.every((perm) => (profile?.permissions || []).includes(perm));
+
+/**
+ * Add a field to a template.
+ *
+ * ```typescript
+ * import {createField} from '@verdocs/js-sdk/Templates';
+ *
+ * await createField((VerdocsEndpoint.getDefault(), template_id, { ... });
+ * ```
+ *
+ * @group Fields
+ * @api POST /v2/fields/:template_id Add a field to a template
+ * @apiBody string name Name for the new field. Field names must be unique within a template. Although special characters are allowed, they must be URL-encoded in subsequent requests, so it is recommended to use only alphanumeric characters and hyphens if possible.
+ * @apiBody string role_name Role to assign to the field. Role names must be valid, so it is recommended to create roles before fields.
+ * @apiBody string document_id ID of the document upon which to place the field.
+ * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type Type of field to create
+ * @apiBody boolean(default: false) required Whether the field is required
+ * @apiBody integer(min: 0) page 0-based page number upon which to place the field
+ * @apiBody integer(min: 0) x X position for the field (left to right)
+ * @apiBody integer(min: 0) y Y position for the field (_bottom to top!_)
+ * @apiBody string label? Optional label to display above the field
+ * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody string placeholder? Optional placeholder to display in text fields
+ * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
+ * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
+ * @apiBody string value? Optional default value to set on the field
+ * @apiSuccess ITemplateField . Template field
+ */
+const createField = (endpoint, templateId, params) => endpoint.api //
+    .post(`/v2/fields/${templateId}`, params)
+    .then((r) => r.data);
+/**
+ * Update a template field.
+ *
+ * ```typescript
+ * import {updateField} from '@verdocs/js-sdk/Templates';
+ *
+ * await updateField((VerdocsEndpoint.getDefault(), template_id, field_name, { ... });
+ * ```
+ *
+ * @group Fields
+ * @api PATCH /v2/fields/:template_id/:field_name Update a field. See createField for additional details on the supported parameters.
+ * @apiBody string name? Rename the field. Note that template field names must be unique within a template.
+ * @apiBody string role_name Role to assign to the field.
+ * @apiBody string document_id ID of the document upon which to place the field.
+ * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type? Change the field type. Note that while this is technically allowed, fields have different behaviors, validators, default sizes, etc. It is usually easier to add a new field and delete the old one.
+ * @apiBody boolean(default: false) required? Whether the field is required
+ * @apiBody integer(min: 0) page? 0-based page number upon which to place the field
+ * @apiBody integer(min: 0) x? X position for the field (left to right)
+ * @apiBody integer(min: 0) y? Y position for the field (_bottom to top!_)
+ * @apiBody string label? Optional label to display above the field
+ * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
+ * @apiBody string placeholder? Optional placeholder to display in text fields
+ * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
+ * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
+ * @apiBody string value? Optional default value to set on the field
+ * @apiSuccess ITemplateField . Updated template field
+ */
+const updateField = (endpoint, templateId, name, params) => endpoint.api //
+    .patch(`/v2/fields/${templateId}/${encodeURIComponent(name)}`, params)
+    .then((r) => r.data);
+/**
+ * Remove a field from a template.
+ *
+ * ```typescript
+ * import {deleteField} from '@verdocs/js-sdk/Templates';
+ *
+ * await deleteField((VerdocsEndpoint.getDefault(), template_id, field_name);
+ * ```
+ *
+ * @group Fields
+ * @api DELETE /v2/fields/:template_id/:field_name Delete a field
+ * @apiSuccess string . Success
+ */
+const deleteField = (endpoint, templateId, name) => endpoint.api //
+    .delete(`/v2/fields/${templateId}/${encodeURIComponent(name)}`)
+    .then((r) => r.data);
+
+/**
+ * A map of the permissions each role confers.
+ */
+const RolePermissions = {
+    owner: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'template:member:visibility',
+        'owner:add',
+        'owner:remove',
+        'admin:add',
+        'admin:remove',
+        'member:view',
+        'member:add',
+        'member:remove',
+        'org:create',
+        'org:view',
+        'org:update',
+        'org:delete',
+        'org:transfer',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    admin: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'template:member:visibility',
+        'admin:add',
+        'admin:remove',
+        'member:view',
+        'member:add',
+        'member:remove',
+        'org:create',
+        'org:view',
+        'org:update',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    member: [
+        'template:creator:create:public',
+        'template:creator:create:org',
+        'template:creator:create:personal',
+        'template:creator:delete',
+        'template:creator:visibility',
+        'template:member:read',
+        'template:member:write',
+        'template:member:delete',
+        'member:view',
+        'org:create',
+        'org:view',
+        'org:list',
+        'envelope:create',
+        'envelope:cancel',
+        'envelope:view',
+    ],
+    basic_user: ['template:member:read', 'member:view', 'org:view', 'org:list'],
+    contact: ['org:view', 'org:list', 'org:create'],
+};
+/**
+ * Confirm whether the user has all of the specified permissions.
+ */
+const userHasPermissions = (profile, permissions) => {
+    // No need to de-dupe here, we're just checking present-at-least-once set membership.
+    const netPermissions = [...(profile?.permissions || [])];
+    (profile?.roles || []).forEach((role) => {
+        netPermissions.push(...(RolePermissions[role] || []));
+    });
+    (profile?.group_profiles || []).forEach((groupProfile) => {
+        netPermissions.push(...(groupProfile.group?.permissions || []));
+    });
+    return permissions.every((perm) => netPermissions.includes(perm));
+};
+
+/**
+ * Various helpers to identify available operations for a template by a user.
+ *
+ * @module
+ */
+/**
+ * Check to see if the user created the template.
+ */
+const userIsTemplateCreator = (profile, template) => profile && template && profile.id === template.profile_id;
+/**
+ * Check to see if a template is "shared" with the user.
+ */
+const userHasSharedTemplate = (profile, template) => profile && template && !template.is_personal && profile.organization_id === template.organization_id;
+/**
+ * Check to see if the user can create a personal/private template.
+ */
+const userCanCreatePersonalTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:personal']);
+/**
+ * Check to see if the user can create an org-shared template.
+ */
+const userCanCreateOrgTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:org']);
 /**
- * Create an initials block. In a typical signing workflow, the user is asked at the beginning of the process to
- * "adopt" an initials block to be used for all initials fields in the document. Thus, this is typically called
- * one time to create and store an initials block. Thereafter, the ID of the initials block may be re-used for each
- * initials field to be "stamped" by the user.
- *
- * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
- * typically only ever have one, tied to that session. But authenticated users can create more than
- * one, and can use them interchangeably.
- *
- * @group Signatures and Initials
- * @api POST /v2/profiles/initials Create Initial Block
- * @apiBody string initial Blob containing initials image to store.
- * @apiSuccess IInitial . The newly-created initial block.
+ * Check to see if the user can create a public template.
  */
-const createInitials = (endpoint, name, initials) => {
-    const data = new FormData();
-    data.append('initial', initials, name);
-    return endpoint.api //
-        .post(`/v2/profiles/initials`, data)
-        .then((r) => r.data);
+const userCanCreatePublicTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:public']);
+/**
+ * Check to see if the user can read/view a template.
+ */
+const userCanReadTemplate = (profile, template) => template.is_public ||
+    userIsTemplateCreator(profile, template) ||
+    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read']));
+/**
+ * Check to see if the user can update a tempate.
+ */
+const userCanUpdateTemplate = (profile, template) => userIsTemplateCreator(profile, template) ||
+    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read', 'template:member:write']));
+/**
+ * Check to see if the user can change whether a template is personal vs org-shared.
+ */
+const userCanMakeTemplatePrivate = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:personal'])
+    : userHasPermissions(profile, ['template:member:visibility']);
+/**
+ * Check to see if the user can change whether a template is personal vs org-shared.
+ */
+const userCanMakeTemplateShared = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:org'])
+    : userHasPermissions(profile, ['template:member:visibility']);
+/**
+ * Check to see if the user can change whether a template is personal vs org-shared.
+ */
+const userCanMakeTemplatePublic = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:create:public'])
+    : userHasPermissions(profile, ['template:member:visibility']);
+/**
+ * Check to see if the user can change whether a template is personal vs org-shared.
+ */
+const userCanChangeOrgVisibility = (profile, template) => userIsTemplateCreator(profile, template) && userHasPermissions(profile, ['template:creator:create:personal']);
+/**
+ * Check to see if the user can change whether a template is personal vs org-shared.
+ */
+const userCanDeleteTemplate = (profile, template) => userIsTemplateCreator(profile, template)
+    ? userHasPermissions(profile, ['template:creator:delete'])
+    : userHasPermissions(profile, ['template:member:delete']);
+/**
+ * Confirm whether the user can create an envelope using the specified template.
+ */
+const userCanSendTemplate = (profile, template) => {
+    switch (template.visibility) {
+        case 'private':
+            return userIsTemplateCreator(profile, template);
+        case 'shared':
+            return userIsTemplateCreator(profile, template) || template.organization_id === profile?.organization_id;
+        case 'public':
+            return true;
+    }
 };
-
 /**
- * Get the current KBA status. Note that this may only be called by the recipient and requires a
- * valid signing session to proceed. Although the Recipient object itself contains indications of
- * whether KBA is required, it will not contain the current status of the process. If
- * `recipient.auth_methods` is set (not empty), and `recipient.kba_completed` is false, this endpoint
- * should be called to determine the next KBA step required.
+ * Confirm whether the user can create a new template.
  */
-const getKbaStep = (endpoint, envelope_id, role_name) => endpoint.api //
-    .get(`/v2/kba/${envelope_id}/${encodeURIComponent(role_name)}`)
-    .then((r) => r.data);
+const userCanCreateTemplate = (profile) => userCanCreatePersonalTemplate(profile) || userCanCreateOrgTemplate(profile) || userCanCreatePublicTemplate(profile);
 /**
- * Submit a response to a KBA PIN challenge.
+ * Check to see if the user can "build" the template (use the field builder). The user must have write access to the
+ * template, and the template must have at least one signer role.
  */
-const submitKbaPin = (endpoint, envelope_id, role_name, pin) => endpoint.api //
-    .post(`/v2/kba/pin`, { envelope_id, role_name, pin })
-    .then((r) => r.data);
+const userCanBuildTemplate = (profile, template) => userCanUpdateTemplate(profile, template) && (template.roles || []).filter((role) => role.type === 'signer').length > 0;
+const getFieldsForRole = (template, role_name) => (template.fields || []).filter((field) => field.role_name === role_name);
 /**
- * Submit an identity response to a KBA challenge.
+ * Check to see if the user can preview the template. The user must have read access to the template, the template must
+ * have at least one signer, and every signer must have at least one field.
  */
-const submitKbaIdentity = (endpoint, envelope_id, role_name, identity) => endpoint.api //
-    .post(`/v2/kba/identity`, { envelope_id, role_name, identity })
-    .then((r) => r.data);
+const userCanPreviewTemplate = (profile, template) => {
+    const hasPermission = userCanReadTemplate(profile, template);
+    const signers = (template.roles || []).filter((role) => role.type === 'signer');
+    return hasPermission && signers.length > 0 && signers.every((signer) => getFieldsForRole(template, signer.name).length > 0);
+};
+
 /**
- * Submit an identity response to a KBA challenge. Answers should be submitted in the same order as
- * the challenges were listed in `IRecipientKbaStepChallenge.questions`.
+ * A "role" is an individual participant in a signing flow, such as a signer or CC contact.
+ * A role is a placeholder that will eventually become a named recipient. For example, "Tenant 1"
+ * might be replaced with "John Smith" when the document is sent out for signature.
+ *
+ * Role names must be unique within a template, e.g. 'Recipient 1'. They may contain any [a-zA-Z0-9_- ]
+ * characters, although it is recommended to keep them simple and human-readable, and to avoid
+ * spaces (although they are allowed). If spaces are used in role names, be sure to URL-encode them
+ * when calling endpoints like `updateRole()` e.g. 'Recipient%201'.
+ *
+ * NOTE: Roles are always enumerated under Template objects, so there are no "list" or "get" endpoints
+ * for them. To get a template's latest role list, simply call `getTemplate()`.
+ *
+ * @module
  */
-const submitKbaChallengeResponse = (endpoint, envelope_id, role_name, responses) => endpoint.api //
-    .post(`/v2/kba/response`, { envelope_id, role_name, responses })
+/**
+ * Create a role.
+ *
+ * ```typescript
+ * import {createTemplateRole} from '@verdocs/js-sdk';
+ *
+ * const role = await createTemplateRole(VerdocsEndpoint.getDefault(), template_id, params...);
+ * ```
+ *
+ * @group Roles
+ * @api POST /v2/roles/:template_id Add a role to a template
+ * @apiBody string name Name for the new role. Must be unique within the template. May include spaces, but later calls must URL-encode any references to this role, so it is recomended that special characters be avoided.
+ * @apiBody string(enum:'signer' | 'cc' | 'approver') type Type of role to create. Signers act on documents by filling and signing fields. CC recipients receive a copy but do not act on the document. Approvers control the final submission of a document, but do not have fields of their own to fill out.
+ * @apiBody string full_name? Default full name for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string email? Default email address for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string phone? Default (SMS-capable) phone number for the role. May be completed/overridden later, when envelopes are made from the template.
+ * @apiBody string message? Optional message to include in email and SMS signing invitations.
+ * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role. Roles that share the same sequence number act in parallel, and will receive invitations at the same time.
+ * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role. Controls the left-to-right display order of roles at the same sequence number in the UI components e.g. `<verdocs-template-roles />`.
+ * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
+ * @apiSuccess IRole . The newly-created role
+ */
+const createTemplateRole = (endpoint, template_id, params) => endpoint.api //
+    .post(`/v2/roles/${template_id}`, params)
     .then((r) => r.data);
-
 /**
- * Agree to electronic signing dislosures.
+ * Update a role.
  *
- * @group Recipients
- * @api POST /envelopes/:envelope_id/recipients/:role_name/agree Agree to e-Signing Disclosures
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to operate on.
- * @apiSuccess IRecipient . The updated Recipient.
+ * ```typescript
+ * import {updateTemplateRole} from '@verdocs/js-sdk';
+ *
+ * const role = await updateTemplateRole(VerdocsEndpoint.getDefault(), template_id, name, params...);
+ * ```
+ *
+ * @group Roles
+ * @api PATCH /v2/roles/:template_id/:role_id Update a role. See createRole for additional details on the parameters available.
+ * @apiBody string name? Rename the role. Note that role names must be unique within a template, so this may fail if the new name is already in use.
+ * @apiBody string(enum:'signer' | 'cc' | 'approver') type? Type of role.
+ * @apiBody string full_name? Default full name for the role.
+ * @apiBody string email? Default email address for the role.
+ * @apiBody string phone? Default (SMS-capable) phone number for the role.
+ * @apiBody string message? Optional message to include in email and SMS signing invitations.
+ * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role.
+ * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role.
+ * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
+ * @apiBody string(enum:'pin'|'identity'|'') kba_method? Active PIN- or Identity-based KBA for the role.
+ * @apiSuccess IRole . The newly-created role
  */
-const envelopeRecipientAgree = (endpoint, envelopeId, roleName, disclosures) => endpoint.api //
-    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/agree`, { disclosures })
+const updateTemplateRole = (endpoint, template_id, name, params) => endpoint.api //
+    .patch(`/v2/roles/${template_id}/${encodeURIComponent(name)}`, params)
     .then((r) => r.data);
 /**
- * Decline electronic signing dislosures. Note that if any recipient declines, the entire envelope
- * becomes non-viable and later recipients may no longer act. The creator will receive a notification
- * when this occurs.
+ * Delete a role.
  *
- * @group Recipients
- * @api POST /envelopes/:envelope_id/recipients/:role_name/decline Decline e-Signing Disclosures
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to adjust.
- * @apiSuccess IRecipient . The updated Recipient.
+ * ```typescript
+ * import {deleteTemplateRole} from '@verdocs/js-sdk';
+ *
+ * const profiles = await deleteTemplateRole(VerdocsEndpoint.getDefault(), template_id, name);
+ * ```
+ *
+ * @group Roles
+ * @api DELETE /v2/roles/:template_id/:role_id Delete a role.
+ * @apiSuccess string . Success
  */
-const envelopeRecipientDecline = (endpoint, envelopeId, roleName) => endpoint.api //
-    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/decline`)
+const deleteTemplateRole = (endpoint, template_id, name) => endpoint.api //
+    .delete(`/v2/roles/${template_id}/${encodeURIComponent(name)}`)
     .then((r) => r.data);
+
 /**
- * Submit an envelope (signing is finished). Note that all fields must be valid/completed for this to succeed.
+ * A Template defines how a Verdocs signing flow will be performed, including attachments, signing fields, and
+ * recipients.
  *
- * @group Recipients
- * @api POST /envelopes/:envelope_id/recipients/:role_name/submit Submit envelope
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to submit.
- * @apiSuccess IRecipient . The updated Recipient.
+ * @module
  */
-const envelopeRecipientSubmit = (endpoint, envelopeId, roleName) => endpoint.api //
-    .put(`/v2/envelopes/${envelopeId}/recipients/${roleName}/submit`)
+/**
+ * Get all templates accessible by the caller, with optional filters.
+ *
+ * ```typescript
+ * import {getTemplates} from '@verdocs/js-sdk/Templates';
+ *
+ * await getTemplates((VerdocsEndpoint.getDefault());
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_starred: true });
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_creator: true });
+ * await getTemplates((VerdocsEndpoint.getDefault(), { is_organization: true });
+ * ```
+ *
+ * @group Templates
+ * @api GET /v2/templates Get Templates
+ * @apiQuery string q? Find templates whose names/descriptions contain the specified query string
+ * @apiQuery boolean is_starred? If true, returns only templates with at least one "star".
+ * @apiQuery boolean is_creator? If true, returns only templates that the caller created.
+ * @apiQuery string(enum: 'private_shared' | 'private' | 'shared' | 'public') visibility? Return only templates with the specified visibility.
+ * @apiQuery string(enum: 'created_at' | 'updated_at' | 'name' | 'last_used_at' | 'counter' | 'star_counter') sort_by? Return results sorted by this criteria
+ * @apiQuery boolean ascending? Set true/false to override the sort direction. Note that the default depends on `sort_by`. Date-based sorts default to descending, while name defaults to ascending.
+ * @apiQuery integer(default: 20) rows? Limit the number of rows returned
+ * @apiQuery integer(default: 0) page? Specify which page of results to return
+ * @apiSuccess integer(format: int32) count The total number of records matching the query, helpful for pagination
+ * @apiSuccess integer(format: int32) rows The number of rows returned in this response page
+ * @apiSuccess integer(format: int32) page The page number of this response
+ * @apiSuccess array(items: ITemplate) templates List of templates found
+ */
+const getTemplates = (endpoint, params) => endpoint.api //
+    .get('/v2/templates', { params })
     .then((r) => r.data);
 /**
- * Begin a signing session for an Envelope. This path requires an invite code, and should generally
- * be called with a NON-default Endpoint to avoid conflicting with any active user session the user
- * may have. To initiate in-person signing by an authenticated user (e.g. self-signing), call
- * getInPersonLink() instead. The response from that call includes both a link for direct signing
- * via a Web browser as well as an in-person access_key. That access_key.key may be used here as well.
+ * Get one template by its ID.
  *
- * @group Recipients
- * @api POST /v2/sign/unauth/:envelope_id/:role_name/:key Start Signing Session
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to request.
- * @apiParam string key Access key generated by the envelope creator or email/SMS invite.
- * @apiSuccess ISignerTokenResponse . Signing session token and envelope/recipient metadata.
+ * ```typescript
+ * import {getTemplate} from '@verdocs/js-sdk/Templates';
+ *
+ * const template = await getTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * ```
+ *
+ * @group Templates
+ * @api GET /v2/templates/:template_id Get a template. Note that the caller must have at least View access to the template.
+ * @apiSuccess ITemplate . The requested template
  */
-const startSigningSession = async (endpoint, envelope_id, role_name, key) => {
+const getTemplate = (endpoint, templateId) => {
     return endpoint.api //
-        .post(`/v2/sign/unauth/${envelope_id}/${encodeURIComponent(role_name)}/${key}`)
+        .get(`/v2/templates/${templateId}`)
         .then((r) => {
-        endpoint.setToken(r.data.access_token, 'signing');
-        return r.data;
+        const template = r.data;
+        // Post-process the template to upgrade to new data fields
+        if (!template.documents && template.template_documents) {
+            template.documents = template.template_documents;
+        }
+        template.documents?.forEach((document) => {
+            if (!document.order) {
+                document.order = 0;
+            }
+            if (document.page_numbers) {
+                document.pages = document.page_numbers;
+            }
+        });
+        // Temporary upgrade from legacy app
+        template.fields?.forEach((field) => {
+            if (field.setting) {
+                field.settings = field.setting;
+            }
+        });
+        return template;
     });
 };
+const ALLOWED_CREATE_FIELDS = [
+    'name',
+    'is_personal',
+    'is_public',
+    'sender',
+    'description',
+    'roles',
+    'fields',
+];
 /**
- * Get an in-person signing link. Must be called by the owner/creator of the envelope. The response
- * also includes the raw access key that may be used to directly initiate a signing session (see
- * `startSigningSession`) as well as an access token representing a valid signing session for
- * immediate use in embeds or other applications. Note that in-person signing is considered a
- * lower-security operation than authenticated signing, and the final envelope certificate will
- * reflect this.
+ * Create a template.
  *
- * @group Recipients
- * @api POST /v2/sign/in-person/:envelope_id/:role_name Get In-Person Signing Link
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to request.
- * @apiSuccess IInPersonLinkResponse . Signing session token and envelope/recipient metadata.
+ * ```typescript
+ * import {createTemplate} from '@verdocs/js-sdk/Templates';
+ *
+ * const newTemplate = await createTemplate((VerdocsEndpoint.getDefault(), {...});
+ * ```
+ *
+ * @group Templates
+ * @api POST /v2/templates Create a template
+ * @apiBody string name Template name
+ * @apiBody string description? Optional description
+ * @apiBody TTemplateVisibility visibility? Visibility setting
+ * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
+ * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
+ * @apiBody TTemplateSender sender? Who may send envelopes using this template
+ * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
+ * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
+ * @apiBody array(items:object) documents? Optional list of documents to attach to the template
+ * @apiBody array(items:IRole) roles? Optional list of roles to create. Note that if roles are not included in the request, fields will be ignored.
+ * @apiBody array(fields:ITemplateField) fields? Optional list of fields to create. Note that if fields that do not match a role will be ignored.
+ * @apiSuccess ITemplate . The newly-created template
  */
-const getInPersonLink = (endpoint, envelope_id, role_name) => endpoint.api //
-    .post(`/v2/sign/in-person/${envelope_id}/${encodeURIComponent(role_name)}`)
-    .then((r) => r.data);
+const createTemplate = (endpoint, params, onUploadProgress) => {
+    const options = {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    };
+    if (params.documents && params.documents[0] instanceof File) {
+        const formData = new FormData();
+        ALLOWED_CREATE_FIELDS.forEach((allowedKey) => {
+            if (params[allowedKey] !== undefined) {
+                formData.append(allowedKey, params[allowedKey]);
+            }
+        });
+        params.documents.forEach((file) => {
+            formData.append('documents', file, file.name);
+        });
+        return endpoint.api.post('/v2/templates', formData, options).then((r) => r.data);
+    }
+    else {
+        return endpoint.api.post('/v2/templates', params, options).then((r) => r.data);
+    }
+};
 /**
- * Verify a recipient within a signing session. All signing sessions use an invite code at a minimum,
- * but many scenarios require more robust verification of recipients, so one or more verification
- * methods may be attached to each recipient. If an authentication method is enabled, the
- * signer must first accept the e-signature disclosures, then complete each verification step
- * before attempting to view/display documents, complete any fields, or submit the envelope.
- * This endpoint should be called to complete each step. If the call fails an error will be
- * thrown.
+ * Duplicate a template. Creates a complete clone, including all settings (e.g. reminders), fields,
+ * roles, and documents.
  *
- * @group Recipients
- * @api POST /v2/sign/verify Verify recipient/signer
- * @apiParam string(enum:'passcode'|'email'|'sms'|'kba'|'id') auth_method The authentication method being completed
- * @apiParam string code? The passcode or OTP entered. Required for passcode, email, and SMS methods.
- * @apiParam boolean resend? For SMS or email methods, set to send a new code.
- * @apiParam boolean first_name? For KBA, the recipient's first name
- * @apiParam boolean last_name? For KBA, the recipient's last name
- * @apiParam boolean address? For KBA, the recipient's address
- * @apiParam boolean city? For KBA, the recipient's city
- * @apiParam boolean state? For KBA, the recipient's state
- * @apiParam boolean zip? For KBA, the recipient's zip code
- * @apiParam boolean ssn_last_4? For KBA, the last 4 digits of the recipient's SSN
- * @apiParam boolean dob? For KBA, the recipient's date of birth
- * @apiParam array(items:IKBAResponse) responses? For KBA, responses to any challenge questions presented
- * @apiSuccess ISignerTokenResponse . Updated signing session.
+ * ```typescript
+ * import {duplicateTemplate} from '@verdocs/js-sdk/Templates';
+ *
+ * const newTemplate = await duplicateTemplate((VerdocsEndpoint.getDefault(), originalTemplateId, 'My Template Copy');
+ * ```
+ *
+ * @group Templates
+ * @api PUT /v2/templates/:template_id Perform an operation on a template
+ * @apiBody string(enum:'duplicate') action Action to perform
+ * @apiBody string name? If duplicating the template, a name for the new copy
+ * @apiSuccess ITemplate . The newly-copied template
  */
-const verifySigner = (endpoint, params) => endpoint.api //
-    .post(`/v2/sign/verify`, params)
+const duplicateTemplate = (endpoint, templateId, name) => endpoint.api //
+    .put(`/v2/templates/${templateId}`, { action: 'duplicate', name })
     .then((r) => r.data);
 /**
- * Delegate a recipient's signing responsibility. The envelope sender must enable this before the
- * recipient calls this endpoint, and only the recipient may call it, or the call will be rejected.
- * The recipient's role will be renamed and configured to indicate to whom the delegation was made,
- * and a new recipient entry with the updated details (e.g. name and email address) will be added
- * to the flow with the same role_name, order, and sequence of the original recipient. Unless
- * no_contact is set on the envelope, the delegation recipient and envelope creator will also be
- * notified.
+ * Create a template from a Sharepoint asset.
  *
- * @group Recipients
- * @api PUT /v2/envelopes/:envelope_id/recipients/:role_name Delegate Recipient
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role to operate on.
- * @apiBody string(enum:'delegate') action The operation to perform (delegate).
- * @apiBody string first_name The first name of the new recipient.
- * @apiBody string last_name The last name of the new recipient.
- * @apiBody string email The email address of the new recipient.
- * @apiBody string phone? Optional phone number for the new recipient.
- * @apiBody string message? Optional phone number for the new recipient's invitation.
- * @apiSuccess string . Success message.
+ * ```typescript
+ * import {createTemplateFromSharepoint} from '@verdocs/js-sdk/Templates';
+ *
+ * const newTemplate = await createTemplateFromSharepoint((VerdocsEndpoint.getDefault(), {...});
+ * ```
+ *
+ * @group Templates
+ * @api POST /v2/templates/from-sharepoint Create a template from an asset in Sharepoint
+ * @apiBody string name Name for the new template
+ * @apiBody string siteId Name for the new template
+ * @apiBody string itemId Name for the new template
+ * @apiBody string oboToken On-Behalf-Of token for calls to Sharepoint. Should be generated as a short-expiration token with at least Read privileges to the siteId/itemId. This token will be discarded after being used.
+ * @apiSuccess ITemplate . The newly-created template
  */
-const delegateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
-    .put(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'delegate', ...params })
-    .then((r) => r.data);
+const createTemplateFromSharepoint = (endpoint, params) => {
+    const options = {
+        timeout: 120000,
+    };
+    return endpoint.api.post('/v2/templates/from-sharepoint', params, options).then((r) => r.data);
+};
 /**
- * Update a recipient. NOTE: User interfaces should rate-limit this operation to avoid spamming recipients.
- * Excessive use of this endpoint may result in Verdocs rate-limiting the calling application to prevent
- * abuse. This endpoint will return a 200 OK even if the no_contact flag is set on the envelope (in which
- * case the call will be silently ignored).
+ * Update a template.
  *
- * @group Recipients
- * @api PATCH /envelopes/:envelope_id/recipients/:role_name Update Recipient
- * @apiParam string(format:uuid) envelope_id The envelope to operate on.
- * @apiParam string role_name The role name to update.
- * @apiBody string(enum:'remind'|'reset') action? Trigger a reminder, or fully reset the recipient
- * @apiBody string first_name? Update the recipient's first name.
- * @apiBody string last_name? Update the recipient's last name.
- * @apiBody string email? Update the recipient's email address.
- * @apiBody string message? Update the recipient's invite message.
- * @apiBody string phone? Update the recipient's phone number.
- * @apiBody string passcode? If passcode authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed passcode-based auth.
- * @apiBody string address? If KBA-based authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string city? If KBA-based authentication is used, the recipient's city to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string state? If KBA-based authentication is used, the recipient's state to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string zip? If KBA-based authentication is used, the recipient's zip code to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string dob? If KBA-based authentication is used, the recipient's date of birth to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiBody string ssn_last_4? If KBA-based authentication is used, the recipient's SSN-last-4 to prefill. May only be changed if the recipient has not already completed KBA-based auth.
- * @apiSuccess IRecipient . The updated Recipient.
+ * ```typescript
+ * import {updateTemplate} from '@verdocs/js-sdk/Templates';
+ *
+ * const updatedTemplate = await updateTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9', { name: 'New Name' });
+ * ```
+ *
+ * @group Templates
+ * @api PATCH /v2/templates/:template_id Update a template
+ * @apiBody string name? Template name
+ * @apiBody string description? Optional description
+ * @apiBody TTemplateVisibility visibility? Visibility setting
+ * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
+ * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
+ * @apiBody TTemplateSender sender? Who may send envelopes using this template
+ * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
+ * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
+ * @apiSuccess ITemplate . The updated template
  */
-const updateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, params)
+const updateTemplate = (endpoint, templateId, params) => endpoint.api //
+    .patch(`/v2/templates/${templateId}`, params)
     .then((r) => r.data);
 /**
- * Send a reminder to a recipient. The recipient must still be an active member of the signing flow
- * (e.g. not declined, already submitted, etc.)
+ * Delete a template.
+ *
+ * ```typescript
+ * import {deleteTemplate} from '@verdocs/js-sdk/Templates';
+ *
+ * await deleteTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * ```
+ *
+ * @group Templates
+ * @api DELETE /v2/templates/:template_id Delete a template
+ * @apiSuccess string . Success
  */
-const remindRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'remind' })
+const deleteTemplate = (endpoint, templateId) => endpoint.api //
+    .delete(`/v2/templates/${templateId}`)
     .then((r) => r.data);
 /**
- * Fully reset a recipient. This allows the recipient to restart failed KBA flows, change
- * fields they may have filled in incorrectly while signing, etc. This cannot be used on a
- * canceled or completed envelope, but may be used to restart an envelope marked declined.
+ * Toggle the template star for a template.
+ *
+ * ```typescript
+ * import {toggleTemplateStar} from '@verdocs/js-sdk/Templates';
+ *
+ * await toggleTemplateStar((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * ```
+ *
+ * @group Templates
+ * @api POST /v2/templates/:template_id/star Star or unstar a template (toggle state)
+ * @apiSuccess ITemplate . Success
  */
-const resetRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
-    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'reset' })
+const toggleTemplateStar = (endpoint, templateId) => endpoint.api //
+    .post(`/v2/templates/${templateId}/stars/toggle`)
     .then((r) => r.data);
 
 /**
- * Various helpers to identify available operations for an envelope by a user.
+ * A TemplateDocument represents a PDF or other attachment in a Template.
  *
  * @module
  */
 /**
- * Check to see if the profile ID owns the envelope.
- */
-const isEnvelopeOwner = (profile_id, envelope) => envelope.profile_id === profile_id;
-/**
- * Check to see if the profile ID is a recipient within the envelope.
- */
-const isEnvelopeRecipient = (profile_id, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile_id);
-/**
- * Check to see if the profile ID is the envelope's sender or one of the recipients.
- */
-const canAccessEnvelope = (profile_id, envelope) => isEnvelopeOwner(profile_id, envelope) || isEnvelopeRecipient(profile_id, envelope);
-/**
- * Check to see if the user owns the envelope.
- */
-const userIsEnvelopeOwner = (profile, envelope) => envelope.profile_id === profile?.id;
-/**
- * Check to see if the user is a recipient within the envelope.
- */
-const userIsEnvelopeRecipient = (profile, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile?.id);
-/**
- * Check to see if the profile ID is the envelope's sender or one of the recipients.
+ * Create a Document for a particular Template.
+ *
+ * ```typescript
+ * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ *
+ * await TemplateDocument.createDocument((VerdocsEndpoint.getDefault(), templateID, params);
+ * ```
+ *
+ * @group Template Documents
+ * @api POST /v2/templates/:template_id/documents Attach a document to a template
+ * @apiBody string(format:binary) file Document file to attach. The file name will automatically be used as the document name.
+ * @apiBody string(format:uuid) template_id Template ID to attach the document to
+ * @apiSuccess ITemplateDocument . Template document
  */
-const useCanAccessEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) || userIsEnvelopeRecipient(profile, envelope);
+const createTemplateDocument = (endpoint, template_id, file, onUploadProgress) => {
+    const formData = new FormData();
+    formData.append('file', file, file.name);
+    formData.append('template_id', template_id);
+    return endpoint.api //
+        .post(`/v2/template-documents`, formData, {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    })
+        .then((r) => r.data);
+};
 /**
- * Check to see if the envelope has pending actions.
+ * Delete a specific Document.
+ *
+ * ```typescript
+ * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ *
+ * await TemplateDocument.deleteDocument((VerdocsEndpoint.getDefault(), templateID, documentID);
+ * ```
+ *
+ * @group Template Documents
+ * @api DELETE /v2/templates/:temlate_id/documents/:document_id Delete a template document
+ * @apiSuccess string . Success
  */
-const envelopeIsActive = (envelope) => envelope.status !== 'complete' && envelope.status !== 'declined' && envelope.status !== 'canceled';
+const deleteTemplateDocument = (endpoint, templateId, documentId) => endpoint.api //
+    .delete(`/v2/templates/${templateId}/documents/${documentId}`)
+    .then((r) => r.data);
 /**
- * Check to see if the envelope has been completed.
+ * Get all metadata for a template document. Note that when called by non-creators (e.g. Org Collaborators)
+ * this will return only the **metadata** the caller is allowed to view.
+ *
+ * @group Template Documents
+ * @api GET /v2/envelope-documents/:id Get envelope document
+ * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
+ * @apiSuccess IEnvelopeDocument . The detailed metadata for the document requested
  */
-const envelopeIsComplete = (envelope) => envelope.status !== 'complete';
+const getTemplateDocument = async (endpoint, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}`)
+    .then((r) => r.data);
 /**
- * Check to see if the user owns the envelope.
+ * Download a document directly.
  */
-const userCanCancelEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
-    envelope.status !== 'complete' &&
-    envelope.status !== 'declined' &&
-    envelope.status !== 'canceled';
+const downloadTemplateDocument = async (endpoint, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}?type=file`, { responseType: 'blob' })
+    .then((r) => r.data);
 /**
- * Check to see if the user owns the envelope.
+ * Get an envelope document's metadata, or the document itself. If no "type" parameter is specified,
+ * the document metadata is returned. If "type" is set to "file", the document binary content is
+ * returned with Content-Type set to the MIME type of the file. If "type" is set to "download", a
+ * string download link will be returned. If "type" is set to "preview" a string preview link will
+ * be returned. This link expires quickly, so it should be accessed immediately and never shared.
+ *
+ * @group Template Documents
+ * @api GET /v2/envelope-documents/:document_id Preview, Download, or Link to a Document
+ * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
+ * @apiQuery string(enum:'file'|'download'|'preview') type? Download the file directly, generate a download link, or generate a preview link.
+ * @apiSuccess string . The generated link.
  */
-const userCanFinishEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
-    envelope.status !== 'complete' &&
-    envelope.status !== 'declined' &&
-    envelope.status !== 'canceled';
+const getTemplateDocumentDownloadLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+    .get(`/v2/template-documents/${documentId}?type=download`)
+    .then((r) => r.data);
 /**
- * Returns true if the recipient has a pending action. Note that this does not necessarily mean the recipient can act (yet).
+ * Get a pre-signed preview link for an Envelope Document. This link expires quickly, so it should
+ * be accessed immediately and never shared. Content-Disposition will be set to "inline".
  */
-const recipientHasAction = (recipient) => !['submitted', 'canceled', 'declined'].includes(recipient.status);
+const getTemplateDocumentPreviewLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
+    .get(`/v2/envelope-documents/${documentId}?type=preview`)
+    .then((r) => r.data);
 /**
- * Returns the recipients who still have a pending action. Note that not all of these recipients may be able to act (yet).
+ * Get (binary download) a file attached to a Template. It is important to use this method
+ * rather than a direct A HREF or similar link to set the authorization headers for the
+ * request.
  */
-const getRecipientsWithActions = (envelope) => ['complete', 'declined', 'canceled'].includes(envelope.status) ? [] : (envelope?.recipients || []).filter(recipientHasAction);
+const getTemplateDocumentFile = async (endpoint, templateId, documentId) => endpoint.api //
+    .get(`/v2/templates/${templateId}/documents/${documentId}?file=true`, { responseType: 'blob' })
+    .then((r) => r.data);
 /**
- * Returns true if the recipient can act.
+ * Get (binary download) a file attached to a Template. It is important to use this method
+ * rather than a direct A HREF or similar link to set the authorization headers for the
+ * request.
  */
-const recipientCanAct = (recipient, recipientsWithActions) => recipient.sequence === recipientsWithActions?.[0]?.sequence;
+const getTemplateDocumentThumbnail = async (endpoint, templateId, documentId) => endpoint.api //
+    .get(`/v2/templates/${templateId}/documents/${documentId}?thumbnail=true`, { responseType: 'blob' })
+    .then((r) => r.data);
 /**
- * Returns true if the user can act.
+ * Get a display URI for a given page in a file attached to a template document. These pages are rendered server-side
+ * into PNG resources suitable for display in IMG tags although they may be used elsewhere. Note that these are intended
+ * for DISPLAY ONLY, are not legally binding documents, and do not contain any encoded metadata from participants. The
+ * original asset may be obtained by calling `getTemplateDocumentFile()` or similar.
  */
-const userCanAct = (email, recipientsWithActions) => {
-    const recipient = recipientsWithActions.find((r) => r.email === email);
-    return recipient && recipient.sequence === recipientsWithActions?.[0]?.sequence;
+const getTemplateDocumentPageDisplayUri = async (endpoint, documentId, page, variant = 'original') => endpoint.api.get(`/v2/template-documents/page-image/${documentId}/${variant}/${page}`, { timeout: 20000 }).then((r) => r.data);
+
+const EMAIL_REGEX = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+// @see https://www.regextester.com/1978
+const PHONE_REGEX = /((?:\+|00)[17](?: |\-)?|(?:\+|00)[1-9]\d{0,2}(?: |\-)?|(?:\+|00)1\-\d{3}(?: |\-)?)?(0\d|\([0-9]{3}\)|[1-9]{0,3})(?:((?: |\-)[0-9]{2}){4}|((?:[0-9]{2}){4})|((?: |\-)[0-9]{3}(?: |\-)[0-9]{4})|([0-9]{7}))/;
+const URL_REGEX = /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/;
+const POSTAL_CODE_REGEX = /^[A-Za-z0-9-\s]{3,10}$/;
+const NUMBER_REGEX = /^\d+$/;
+const DATE_REGEX = /^(\d{4}[-\/]\d{2}[-\/]\d{2})|(\d{2}[-\/]\d{2}[-\/]\d{4})$/;
+const VALIDATORS = {
+    email: { regex: EMAIL_REGEX, label: 'Email Address' },
+    phone: { regex: PHONE_REGEX, label: 'Phone Number' },
+    url: { regex: URL_REGEX, label: 'URL' },
+    postal_code: { regex: POSTAL_CODE_REGEX, label: 'Zip/Postal Code' },
+    number: { regex: NUMBER_REGEX, label: 'Number' },
+    date: { regex: DATE_REGEX, label: 'Date' },
 };
+const isValidInput = (value, validator) => Object.keys(VALIDATORS).includes(validator) && VALIDATORS[validator].regex.test(value);
 /**
- * Returns true if the user can act.
+ * Get a list of available validators for field inputs. Note that validators always check strings,
+ * because that is all a user can enter in an HTML input field. Numeric-format validators should
+ * perform any necessary conversions internally. Validators never throw - they just return a boolean.
+ * indicating whether the value is valid.
  */
-const userCanSignNow = (profile, envelope) => {
-    if (!profile) {
-        return false;
+const getValidators = () => Object.keys(VALIDATORS);
+const isValidEmail = (email) => !!email && EMAIL_REGEX.test(email);
+const isValidPhone = (phone) => !!phone && PHONE_REGEX.test(phone);
+const isValidRoleName = (value, roles) => roles.findIndex((role) => role.name === value) !== -1;
+const TagRegEx = /^[a-zA-Z0-9-]{0,32}$/;
+const isValidTag = (value, tags) => TagRegEx.test(value) || tags.findIndex((tag) => tag === value) !== -1;
+
+const isFieldFilled = (field, allRecipientFields) => {
+    const { value = '' } = field;
+    switch (field.type) {
+        case 'textarea':
+        case 'textbox':
+            switch (field.validator || '') {
+                case 'email':
+                    return value && isValidInput(value, 'email');
+                case 'phone':
+                    return value && isValidInput(value, 'phone');
+                default:
+                    return (value || '').trim() !== '';
+            }
+        case 'signature':
+            return value === 'signed';
+        case 'initial':
+            return value === 'initialed';
+        // Timestamp fields get automatically filled when the envelope is submitted.
+        case 'timestamp':
+            return true;
+        case 'date':
+            return !!value;
+        case 'attachment':
+            return value === 'attached';
+        case 'dropdown':
+            return value !== '';
+        case 'checkbox':
+            return value === 'true';
+        case 'radio':
+            if (!!field.group) {
+                return allRecipientFields.filter((f) => f.group === field.group).some((field) => field.value === 'true');
+            }
+            return field.value === 'true';
+        default:
+            return false;
     }
-    const recipientsWithActions = getRecipientsWithActions(envelope);
-    const myRecipient = recipientsWithActions.find((r) => r.profile_id === profile?.id || r.email === profile?.email);
-    return (myRecipient &&
-        envelopeIsActive(envelope) &&
-        userIsEnvelopeRecipient(profile, envelope) &&
-        recipientCanAct(myRecipient, recipientsWithActions));
 };
-const getNextRecipient = (envelope) => {
-    const recipientsWithActions = getRecipientsWithActions(envelope);
-    return recipientsWithActions?.[0];
+// TODO: Only allow !required to bypass validation if the field is empty.
+const isFieldValid = (field, allRecipientFields) => {
+    return !field.required || isFieldFilled(field, allRecipientFields);
 };
 
 /**
- * Create a signature block. In a typical signing workflow, the user is asked at the beginning of the process to
- * "adopt" a signature block to be used for all signature fields in the document. Thus, this is typically called one
- * time to create and store a signature block. Thereafter, the ID of the signature block may be re-used for each
- * signature field to be "stamped" by the user.
+ * Create an initials block. In a typical signing workflow, the user is asked at the beginning of the process to
+ * "adopt" an initials block to be used for all initials fields in the document. Thus, this is typically called
+ * one time to create and store an initials block. Thereafter, the ID of the initials block may be re-used for each
+ * initials field to be "stamped" by the user.
  *
  * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
  * typically only ever have one, tied to that session. But authenticated users can create more than
  * one, and can use them interchangeably.
  *
  * @group Signatures and Initials
- * @api POST /v2/profiles/signatures Create Signature Block
- * @apiBody string signature Blob containing signature image to store.
- * @apiSuccess ISignature . The newly-created signature block.
+ * @api POST /v2/profiles/initials Create Initial Block
+ * @apiBody string initial Blob containing initials image to store.
+ * @apiSuccess IInitial . The newly-created initial block.
  */
-const createSignature = (endpoint, name, signature) => {
+const createInitials = (endpoint, name, initials) => {
     const data = new FormData();
-    data.append('signature', signature, name);
+    data.append('initial', initials, name);
     return endpoint.api //
-        .post(`/v2/profiles/signatures`, data)
+        .post(`/v2/profiles/initials`, data)
         .then((r) => r.data);
 };
 
 /**
- * API keys are used to authenticate server-to-server calls. (API keys should **never** be used for client-to-server operations!)
- * To generate a key, either use the Verdocs admin interface and make note of the client_id and client_secret generated, or call
- * createKey as shown below. Then call {@link Users.Auth.authenticateApp} to obtain an access token using the provided ID and
- * secret. Note that server-to-server authentication requests return shorter-lived tokens, so it is important to check the `exp`
- * field and re-authenticate as needed for subsequent calls.
- *
- * API keys may be updated or rotated at any time. Regular rotation is recommended. Rotation will not expire or invalidate
- * existing server-to-server sessions, so it may be done at any time without disrupting your application.
- *
- * @module
- */
-/**
- * Get a list of keys for a given organization. The caller must have admin access to the organization.
- *
- * ```typescript
- * import {getApiKeys} from '@verdocs/js-sdk';
- *
- * const keys = await getApiKeys(ORGID);
- * ```
- *
- * @group API Keys
- * @api GET /v2/api-keys Get API keys
- * @apiSuccess array(items: IApiKey) . A list of the API keys for the caller's organization. Secrets will not be included.
- */
-const getApiKeys = (endpoint) => endpoint.api //
-    .get(`/v2/api-keys`)
-    .then((r) => r.data);
-/**
- * Create an API key.
- *
- * ```typescript
- * import {createApiKey} from '@verdocs/js-sdk';
- *
- * await createApiKey(ORGID, {name: NEWNAME});
- * ```
- *
- * @group API Keys
- * @api POST /v2/api-keys Create API key
- * @apiBody string name A name used to identify the key in the Verdocs Web App
- * @apiBody string(format:uuid) profile_id The profile ID that calls made using the key will act as
- * @apiBody array(items:string) permission An array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
- * @apiSuccess IApiKey . The newly-created API key, including its secret.
- */
-const createApiKey = (endpoint, params) => endpoint.api //
-    .post('/v2/api-keys', params)
+ * Get the current KBA status. Note that this may only be called by the recipient and requires a
+ * valid signing session to proceed. Although the Recipient object itself contains indications of
+ * whether KBA is required, it will not contain the current status of the process. If
+ * `recipient.auth_methods` is set (not empty), and `recipient.kba_completed` is false, this endpoint
+ * should be called to determine the next KBA step required.
+ */
+const getKbaStep = (endpoint, envelope_id, role_name) => endpoint.api //
+    .get(`/v2/kba/${envelope_id}/${encodeURIComponent(role_name)}`)
     .then((r) => r.data);
 /**
- * Rotate the secret for an API key. The caller must have admin access to the organization.
- *
- * ```typescript
- * import {rotateApiKey} from '@verdocs/js-sdk';
- *
- * const {client_secret: newSecret} = await rotateApiKey(ORGID, CLIENTID);
- * ```
- *
- * @group API Keys
- * @api POST /v2/api-keys/:client_id/rotate Rotate API key
- * @apiParam string(format:uuid) client_id The client ID of the key to rotate
- * @apiSuccess IApiKey . The updated API key with its new secret.
+ * Submit a response to a KBA PIN challenge.
  */
-const rotateApiKey = (endpoint, clientId) => endpoint.api //
-    .post(`/v2/api-keys/${clientId}/rotate`)
+const submitKbaPin = (endpoint, envelope_id, role_name, pin) => endpoint.api //
+    .post(`/v2/kba/pin`, { envelope_id, role_name, pin })
     .then((r) => r.data);
 /**
- * Update an API key to change its assigned Profile ID or Name.
- *
- * ```typescript
- * import {updateApiKey} from '@verdocs/js-sdk';
- *
- * await updateApiKey(ORGID, CLIENTID, {name: NEWNAME});
- * ```
- *
- * @group API Keys
- * @api PATCH /v2/api-keys/:client_id Update API key
- * @apiBody string name? New name for the API key
- * @apiBody array(items:string) permission New array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
- * @apiSuccess IApiKey . The updated API key. The secret will not be included.
+ * Submit an identity response to a KBA challenge.
  */
-const updateApiKey = (endpoint, clientId, params) => endpoint.api //
-    .patch(`/v2/api-keys/${clientId}`, params)
+const submitKbaIdentity = (endpoint, envelope_id, role_name, identity) => endpoint.api //
+    .post(`/v2/kba/identity`, { envelope_id, role_name, identity })
     .then((r) => r.data);
 /**
- * Delete an API key.
- *
- * ```typescript
- * import {deleteApiKey} from '@verdocs/js-sdk';
- *
- * await deleteApiKey(ORGID, CLIENTID);
- * ```
- *
- * @group API Keys
- * @api DELETE /v2/api-keys/:client_id Delete API key
- * @apiSuccess string . Success.
+ * Submit an identity response to a KBA challenge. Answers should be submitted in the same order as
+ * the challenges were listed in `IRecipientKbaStepChallenge.questions`.
  */
-const deleteApiKey = (endpoint, clientId) => endpoint.api //
-    .delete(`/v2/api-keys/${clientId}`)
+const submitKbaChallengeResponse = (endpoint, envelope_id, role_name, responses) => endpoint.api //
+    .post(`/v2/kba/response`, { envelope_id, role_name, responses })
     .then((r) => r.data);
 
 /**
- * An Organization Contact (aka Profile) is an individual user with no access to an organization. These entries
- * appear only in contact lists, usually to populate quick-search dropdowns when sending envelopes.
+ * Agree to electronic signing dislosures.
  *
- * @module
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/agree Agree to e-Signing Disclosures
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to operate on.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
+const envelopeRecipientAgree = (endpoint, envelopeId, roleName, disclosures) => endpoint.api //
+    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/agree`, { disclosures })
+    .then((r) => r.data);
 /**
- * Get a list of the contacts in the caller's organization.
- *
- * ```typescript
- * import {getOrganizationContacts} from '@verdocs/js-sdk';
- *
- * const members = await getOrganizationContacts(VerdocsEndpoint.getDefault()});
- * ```
+ * Decline electronic signing dislosures. Note that if any recipient declines, the entire envelope
+ * becomes non-viable and later recipients may no longer act. The creator will receive a notification
+ * when this occurs.
  *
- * @group Organization Contacts
- * @api GET /v2/organization-contacts Get a list of organization contacts
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/decline Decline e-Signing Disclosures
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to adjust.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const getOrganizationContacts = (endpoint) => endpoint.api //
-    .get(`/v2/organization-contacts`)
+const envelopeRecipientDecline = (endpoint, envelopeId, roleName) => endpoint.api //
+    .post(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}/decline`)
     .then((r) => r.data);
 /**
- * Delete a contact from the caller's organization. Note that the caller must be an admin or owner.
- *
- * ```typescript
- * import {deleteOrganizationContact} from '@verdocs/js-sdk';
- *
- * await deleteOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID'});
- * ```
+ * Submit an envelope (signing is finished). Note that all fields must be valid/completed for this to succeed.
  *
- * @group Organization Contacts
- * @api POST /v2/organization-invitations/decline GET a list of pending invitations
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * @group Recipients
+ * @api POST /envelopes/:envelope_id/recipients/:role_name/submit Submit envelope
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to submit.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const deleteOrganizationContact = (endpoint, profileId) => endpoint.api //
-    .delete(`/v2/organization-contacts/${profileId}`)
+const envelopeRecipientSubmit = (endpoint, envelopeId, roleName) => endpoint.api //
+    .put(`/v2/envelopes/${envelopeId}/recipients/${roleName}/submit`)
     .then((r) => r.data);
 /**
- * Update a member.
+ * Begin a signing session for an Envelope. This path requires an invite code, and should generally
+ * be called with a NON-default Endpoint to avoid conflicting with any active user session the user
+ * may have. To initiate in-person signing by an authenticated user (e.g. self-signing), call
+ * getInPersonLink() instead. The response from that call includes both a link for direct signing
+ * via a Web browser as well as an in-person access_key. That access_key.key may be used here as well.
  *
- * ```typescript
- * import {createOrganizationContact} from '@verdocs/js-sdk';
+ * @group Recipients
+ * @api POST /v2/sign/unauth/:envelope_id/:role_name/:key Start Signing Session
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to request.
+ * @apiParam string key Access key generated by the envelope creator or email/SMS invite.
+ * @apiSuccess ISignerTokenResponse . Signing session token and envelope/recipient metadata.
+ */
+const startSigningSession = async (endpoint, envelope_id, role_name, key) => {
+    return endpoint.api //
+        .post(`/v2/sign/unauth/${envelope_id}/${encodeURIComponent(role_name)}/${key}`)
+        .then((r) => {
+        endpoint.setToken(r.data.access_token, 'signing');
+        return r.data;
+    });
+};
+/**
+ * Get an in-person signing link. Must be called by the owner/creator of the envelope. The response
+ * also includes the raw access key that may be used to directly initiate a signing session (see
+ * `startSigningSession`) as well as an access token representing a valid signing session for
+ * immediate use in embeds or other applications. Note that in-person signing is considered a
+ * lower-security operation than authenticated signing, and the final envelope certificate will
+ * reflect this.
  *
- * const result = await createOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'First', last_name:'Last', email:'a@b.com'});
- * ```
+ * @group Recipients
+ * @api POST /v2/sign/in-person/:envelope_id/:role_name Get In-Person Signing Link
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to request.
+ * @apiSuccess IInPersonLinkResponse . Signing session token and envelope/recipient metadata.
  */
-const createOrganizationContact = (endpoint, params) => endpoint.api //
-    .post(`/v2/organization-contacts`, params)
+const getInPersonLink = (endpoint, envelope_id, role_name) => endpoint.api //
+    .post(`/v2/sign/in-person/${envelope_id}/${encodeURIComponent(role_name)}`)
     .then((r) => r.data);
 /**
- * Update a member.
- *
- * ```typescript
- * import {updateOrganizationContact} from '@verdocs/js-sdk';
+ * Verify a recipient within a signing session. All signing sessions use an invite code at a minimum,
+ * but many scenarios require more robust verification of recipients, so one or more verification
+ * methods may be attached to each recipient. If an authentication method is enabled, the
+ * signer must first accept the e-signature disclosures, then complete each verification step
+ * before attempting to view/display documents, complete any fields, or submit the envelope.
+ * This endpoint should be called to complete each step. If the call fails an error will be
+ * thrown.
  *
- * const result = await updateOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'NewFirst'});
- * ```
+ * @group Recipients
+ * @api POST /v2/sign/verify Verify recipient/signer
+ * @apiParam string(enum:'passcode'|'email'|'sms'|'kba'|'id') auth_method The authentication method being completed
+ * @apiParam string code? The passcode or OTP entered. Required for passcode, email, and SMS methods.
+ * @apiParam boolean resend? For SMS or email methods, set to send a new code.
+ * @apiParam boolean first_name? For KBA, the recipient's first name
+ * @apiParam boolean last_name? For KBA, the recipient's last name
+ * @apiParam boolean address? For KBA, the recipient's address
+ * @apiParam boolean city? For KBA, the recipient's city
+ * @apiParam boolean state? For KBA, the recipient's state
+ * @apiParam boolean zip? For KBA, the recipient's zip code
+ * @apiParam boolean ssn_last_4? For KBA, the last 4 digits of the recipient's SSN
+ * @apiParam boolean dob? For KBA, the recipient's date of birth
+ * @apiParam array(items:IKBAResponse) responses? For KBA, responses to any challenge questions presented
+ * @apiSuccess ISignerTokenResponse . Updated signing session.
  */
-const updateOrganizationContact = (endpoint, profileId, params) => endpoint.api //
-    .patch(`/v2/organization-contacts/${profileId}`, params)
+const verifySigner = (endpoint, params) => endpoint.api //
+    .post(`/v2/sign/verify`, params)
     .then((r) => r.data);
-
 /**
- * Organizations may contain "Groups" of user profiles, called Members. Groups may have permissions assigned that
- * apply to all Members, making it easy to configure role-based access control (RBAC) within an Organization. Note
- * that permissions are **additive**. A user may be a member of more than one group, and may also have permissions
- * assigned directly. In that case, the user will have the combined set of all permissions inherited from all
- * sources.
+ * Delegate a recipient's signing responsibility. The envelope sender must enable this before the
+ * recipient calls this endpoint, and only the recipient may call it, or the call will be rejected.
+ * The recipient's role will be renamed and configured to indicate to whom the delegation was made,
+ * and a new recipient entry with the updated details (e.g. name and email address) will be added
+ * to the flow with the same role_name, order, and sequence of the original recipient. Unless
+ * no_contact is set on the envelope, the delegation recipient and envelope creator will also be
+ * notified.
  *
- * @module
+ * @group Recipients
+ * @api PUT /v2/envelopes/:envelope_id/recipients/:role_name Delegate Recipient
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role to operate on.
+ * @apiBody string(enum:'delegate') action The operation to perform (delegate).
+ * @apiBody string first_name The first name of the new recipient.
+ * @apiBody string last_name The last name of the new recipient.
+ * @apiBody string email The email address of the new recipient.
+ * @apiBody string phone? Optional phone number for the new recipient.
+ * @apiBody string message? Optional phone number for the new recipient's invitation.
+ * @apiSuccess string . Success message.
  */
+const delegateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
+    .put(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'delegate', ...params })
+    .then((r) => r.data);
 /**
- * Get a list of groups for the caller's organization. NOTE: Any organization member may request
- * the list of groups, but only Owners and Admins may update them.
- *
- * ```typescript
- * import {getGroups} from '@verdocs/js-sdk';
+ * Update a recipient. NOTE: User interfaces should rate-limit this operation to avoid spamming recipients.
+ * Excessive use of this endpoint may result in Verdocs rate-limiting the calling application to prevent
+ * abuse. This endpoint will return a 200 OK even if the no_contact flag is set on the envelope (in which
+ * case the call will be silently ignored).
  *
- * const groups = await getGroups();
- * ```
+ * @group Recipients
+ * @api PATCH /envelopes/:envelope_id/recipients/:role_name Update Recipient
+ * @apiParam string(format:uuid) envelope_id The envelope to operate on.
+ * @apiParam string role_name The role name to update.
+ * @apiBody string(enum:'remind'|'reset') action? Trigger a reminder, or fully reset the recipient
+ * @apiBody string first_name? Update the recipient's first name.
+ * @apiBody string last_name? Update the recipient's last name.
+ * @apiBody string email? Update the recipient's email address.
+ * @apiBody string message? Update the recipient's invite message.
+ * @apiBody string phone? Update the recipient's phone number.
+ * @apiBody string passcode? If passcode authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed passcode-based auth.
+ * @apiBody string address? If KBA-based authentication is used, the recipient's address to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string city? If KBA-based authentication is used, the recipient's city to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string state? If KBA-based authentication is used, the recipient's state to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string zip? If KBA-based authentication is used, the recipient's zip code to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string dob? If KBA-based authentication is used, the recipient's date of birth to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiBody string ssn_last_4? If KBA-based authentication is used, the recipient's SSN-last-4 to prefill. May only be changed if the recipient has not already completed KBA-based auth.
+ * @apiSuccess IRecipient . The updated Recipient.
  */
-const getGroups = (endpoint) => endpoint.api //
-    .get(`/v2/organization-groups`)
+const updateRecipient = (endpoint, envelopeId, roleName, params) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, params)
     .then((r) => r.data);
 /**
- * Get the details for a group, including its member profiles and list of permissions.
- *
- * ```typescript
- * import {getGroup} from '@verdocs/js-sdk/v2/organization-groups';
- *
- * const group = await getGroup(GROUPID);
- * ```
+ * Send a reminder to a recipient. The recipient must still be an active member of the signing flow
+ * (e.g. not declined, already submitted, etc.)
  */
-const getGroup = (endpoint, groupId) => endpoint.api //
-    .get(`/v2/organization-groups/${groupId}`)
+const remindRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'remind' })
     .then((r) => r.data);
 /**
- * Create a group. Note that "everyone" is a reserved name and may not be created.
- *
- * ```typescript
- * import {createGroup} from '@verdocs/js-sdk';
- *
- * const group = await createGroup(VerdocsEndpoint.getDefault(), {name:'newgroup'});
- * ```
+ * Fully reset a recipient. This allows the recipient to restart failed KBA flows, change
+ * fields they may have filled in incorrectly while signing, etc. This cannot be used on a
+ * canceled or completed envelope, but may be used to restart an envelope marked declined.
  */
-const createGroup = (endpoint, params) => endpoint.api //
-    .post('/v2/organization-groups', params)
+const resetRecipient = (endpoint, envelopeId, roleName) => endpoint.api //
+    .patch(`/v2/envelopes/${envelopeId}/recipients/${encodeURIComponent(roleName)}`, { action: 'reset' })
     .then((r) => r.data);
+
 /**
- * Update a group. Note that "everyone" is a reserved name and may not be changed.
- *
- * ```typescript
- * import {updateGroup} from '@verdocs/js-sdk';
+ * Various helpers to identify available operations for an envelope by a user.
  *
- * const updated = await updateGroup(VerdocsEndpoint.getDefault(), {name:'newname'});
- * ```
+ * @module
  */
-const updateGroup = (endpoint, groupId, params) => endpoint.api //
-    .patch(`/v2/organization-groups/${groupId}`, params)
-    .then((r) => r.data);
 /**
- * Get an organization by ID. Note that the "everyone" group cannot be deleted.
- *
- * ```typescript
- * import {deleteGroup} from '@verdocs/js-sdk';
- *
- * await deleteGroup(VerdocsEndpoint.getDefault(), 'ORGID');
- * ```
+ * Check to see if the profile ID owns the envelope.
  */
-const deleteGroup = (endpoint, groupId) => endpoint.api //
-    .delete(`/v2/organization-groups/${groupId}`)
-    .then((r) => r.data);
+const isEnvelopeOwner = (profile_id, envelope) => envelope.profile_id === profile_id;
 /**
- * Add a member to a group.
- *
- * ```typescript
- * import {addGroupMember} from '@verdocs/js-sdk';
- *
- * await addGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
- * ```
+ * Check to see if the profile ID is a recipient within the envelope.
  */
-const addGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
-    .post(`/v2/organization-groups/${groupId}/members`, { profile_id })
-    .then((r) => r.data);
+const isEnvelopeRecipient = (profile_id, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile_id);
 /**
- * Remove a member from a group.
- *
- * ```typescript
- * import {deleteGroupMember} from '@verdocs/js-sdk';
- *
- * await deleteGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
- * ```
+ * Check to see if the profile ID is the envelope's sender or one of the recipients.
  */
-const deleteGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
-    .delete(`/v2/organization-groups/${groupId}/members/${profile_id}`)
-    .then((r) => r.data);
-
+const canAccessEnvelope = (profile_id, envelope) => isEnvelopeOwner(profile_id, envelope) || isEnvelopeRecipient(profile_id, envelope);
 /**
- * An invitation represents an opportunity for a Member to join an Organization.
- *
- * @module
+ * Check to see if the user owns the envelope.
  */
+const userIsEnvelopeOwner = (profile, envelope) => envelope.profile_id === profile?.id;
 /**
- * Get a list of invitations pending for the caller's organization. The caller must be an admin or owner.
- *
- * @group Organization Invitations
- * @api GET /v2/organization-invitations Get a list of pending invitations
- * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * Check to see if the user is a recipient within the envelope.
  */
-const getOrganizationInvitations = (endpoint) => endpoint.api //
-    .get(`/v2/organization-invitations`)
-    .then((r) => r.data);
+const userIsEnvelopeRecipient = (profile, envelope) => (envelope.recipients || []).some((recipient) => recipient.profile_id === profile?.id);
 /**
- * Invite a new user to join the organization.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations Invite a new user to join the organization
- * @apiBody string email Email address to send the invitation to
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiBody TRole role Initial role to assign to the user once they accept.
- * @apiSuccess IOrganizationInvitation . The newly-created invitation.
+ * Check to see if the profile ID is the envelope's sender or one of the recipients.
  */
-const createOrganizationInvitation = (endpoint, params) => endpoint.api //
-    .post(`/v2/organization-invitations`, params)
-    .then((r) => r.data);
+const useCanAccessEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) || userIsEnvelopeRecipient(profile, envelope);
 /**
- * Delete an invitation. Note that no cancellation message will be sent. Invitations are also one-time-use.
- * If the invitee attempts to join after the invitation is deleted, accepted, or decline, they will be
- * shown an error.
- *
- * @group Organization Invitations
- * @api DELETE /v2/organization-invitations/:email Delete a pending invitation
- * @apiSuccess string . Success
+ * Check to see if the envelope has pending actions.
  */
-const deleteOrganizationInvitation = (endpoint, email) => endpoint.api //
-    .delete(`/v2/organization-invitations/${email}`)
-    .then((r) => r.data);
+const envelopeIsActive = (envelope) => envelope.status !== 'complete' && envelope.status !== 'declined' && envelope.status !== 'canceled';
 /**
- * Update an invitation. Note that email may not be changed after the invite is sent. To change
- * an invitee's email, delete the incorrect entry and create one with the correct value.
- *
- * @group Organization Invitations
- * @api PATCH /v2/organization-invitations/:email Update a pending invitation
- * @apiBody string first_name First name. The user may override this after accepting the invitation.
- * @apiBody string last_name Last name. The user may override this after accepting the invitation.
- * @apiBody TRole role Initial role to assign to the user once they accept.
- * @apiSuccess IOrganizationInvitation . The updated invitation.
+ * Check to see if the envelope has been completed.
  */
-const updateOrganizationInvitation = (endpoint, email, params) => endpoint.api //
-    .patch(`/v2/organization-invitations/${email}`, params)
-    .then((r) => r.data);
+const envelopeIsComplete = (envelope) => envelope.status !== 'complete';
 /**
- * Send a reminder to the invitee to join the organization.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/resend Send a reminder to a pending invitee
- * @apiBody string email The recipient to send the reminder to
- * @apiSuccess IOrganizationInvitation . The updated invitation
+ * Check to see if the user owns the envelope.
  */
-const resendOrganizationInvitation = (endpoint, email) => endpoint.api //
-    .post('/v2/organization-invitations/resend', { email })
-    .then((r) => r.data);
+const userCanCancelEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
+    envelope.status !== 'complete' &&
+    envelope.status !== 'declined' &&
+    envelope.status !== 'canceled';
 /**
- * Get an invitation's details. This is generally used as the first step of accepting the invite.
- * A successful response will indicate that the invite token is still valid, and include some
- * metadata for the organization to style the acceptance screen.
- *
- * @group Organization Invitations
- * @api GET /v2/organization-invitations/:email/:token Get a pending invitation (_Authenticated via invite token, not an active session._). Intended to be called by the invitee to get details about the invitation they are about to accept.
- * @apiSuccess IOrganizationInvitation . Requested invitation's details. Will always include summary details for the organization, to be used for branding the accept-invite view.
+ * Check to see if the user owns the envelope.
  */
-const getOrganizationInvitation = (endpoint, email, token) => endpoint.api //
-    .get(`/v2/organization-invitations/${email}/${token}`)
-    .then((r) => r.data);
+const userCanFinishEnvelope = (profile, envelope) => userIsEnvelopeOwner(profile, envelope) &&
+    envelope.status !== 'complete' &&
+    envelope.status !== 'declined' &&
+    envelope.status !== 'canceled';
 /**
- * Accept an invitation. This will automatically create a user record for the caller as well as a profile
- * with the appropriate role as specified in the invite. The profile will be set as "current" for the caller,
- * and session tokens will be returned to access the new profile. The profile's email_verified flag will
- * also be set to true.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/accept Accept an invitation
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiBody string first_name First name
- * @apiBody string last_name Last name
- * @apiBody string password Password
- * @apiSuccess IAuthenticateResponse . Session credentials for the newly-created user's profile. If the user already had a profile for another organization, the new profile will be made "current" automatically.
+ * Returns true if the recipient has a pending action. Note that this does not necessarily mean the recipient can act (yet).
  */
-const acceptOrganizationInvitation = (endpoint, params) => endpoint.api //
-    .post('/v2/organization-invitations/accept', params)
-    .then((r) => r.data);
+const recipientHasAction = (recipient) => !['submitted', 'canceled', 'declined'].includes(recipient.status);
 /**
- * Decline an invitation. This will mark the status "declined," providing a visual indication to the
- * organization's admins that the invite was declined, preventing further invites from being created
- * to the same email address, and also preventing the invitee from receiving reminders to join.
- *
- * @group Organization Invitations
- * @api POST /v2/organization-invitations/decline Decline an invitation
- * @apiDescription Mark the status "declined," providing a visual indication to the organization's admins that the invite was declined, preventing further invites from being created to the same email address, and also preventing the invitee from receiving reminders to join.
- * @apiBody string email Email address for the invitee
- * @apiBody string token Invite token for the invitee
- * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
+ * Returns the recipients who still have a pending action. Note that not all of these recipients may be able to act (yet).
  */
-const declineOrganizationInvitation = (endpoint, email, token) => endpoint.api //
-    .post('/v2/organization-invitations/decline', { email, token })
-    .then((r) => r.data);
-
+const getRecipientsWithActions = (envelope) => ['complete', 'declined', 'canceled'].includes(envelope.status) ? [] : (envelope?.recipients || []).filter(recipientHasAction);
 /**
- * An Organization Member (aka Profile) is an individual user with access to an organization.
- *
- * @module
+ * Returns true if the recipient can act.
  */
+const recipientCanAct = (recipient, recipientsWithActions) => recipient.sequence === recipientsWithActions?.[0]?.sequence;
 /**
- * Get a list of the members in the caller's organization.
- *
- * ```typescript
- * import {getOrganizationMembers} from '@verdocs/js-sdk';
- *
- * const members = await getOrganizationMembers(VerdocsEndpoint.getDefault()});
- * ```
- *
- * @group Organization Members
- * @api GET /v2/organization-members List current organization's members
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * Returns true if the user can act.
  */
-const getOrganizationMembers = (endpoint) => endpoint.api //
-    .get(`/v2/organization-members`)
-    .then((r) => r.data);
+const userCanAct = (email, recipientsWithActions) => {
+    const recipient = recipientsWithActions.find((r) => r.email === email);
+    return recipient && recipient.sequence === recipientsWithActions?.[0]?.sequence;
+};
 /**
- * Delete a member from the caller's organization. Note that the caller must be an admin or owner,
- * may not delete him/herself.
- *
- * ```typescript
- * import {deleteOrganizationMember} from '@verdocs/js-sdk';
- *
- * await deleteOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID'});
- * ```
- *
- * @group Organization Members
- * @api DELETE /v2/organization-members/:profile_id Delete a member from the organization
- * @apiSuccess string . Success
+ * Returns true if the user can act.
  */
-const deleteOrganizationMember = (endpoint, profileId) => endpoint.api //
-    .delete(`/v2/organization-members/${profileId}`)
-    .then((r) => r.data);
+const userCanSignNow = (profile, envelope) => {
+    if (!profile) {
+        return false;
+    }
+    const recipientsWithActions = getRecipientsWithActions(envelope);
+    const myRecipient = recipientsWithActions.find((r) => r.profile_id === profile?.id || r.email === profile?.email);
+    return (myRecipient &&
+        envelopeIsActive(envelope) &&
+        userIsEnvelopeRecipient(profile, envelope) &&
+        recipientCanAct(myRecipient, recipientsWithActions));
+};
+const getNextRecipient = (envelope) => {
+    const recipientsWithActions = getRecipientsWithActions(envelope);
+    return recipientsWithActions?.[0];
+};
+
 /**
- * Update a member.
- *
- * ```typescript
- * import {updateOrganizationMember} from '@verdocs/js-sdk';
+ * Create a signature block. In a typical signing workflow, the user is asked at the beginning of the process to
+ * "adopt" a signature block to be used for all signature fields in the document. Thus, this is typically called one
+ * time to create and store a signature block. Thereafter, the ID of the signature block may be re-used for each
+ * signature field to be "stamped" by the user.
  *
- * const result = await updateOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID', {roles:['member']});
- * ```
+ * Note: Both "guest" signers and authenticated users can create initials blocks. Guest signers
+ * typically only ever have one, tied to that session. But authenticated users can create more than
+ * one, and can use them interchangeably.
  *
- * @group Organization Members
- * @api PATCH /v2/organization-members/:profile_id Update an organization member.
- * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody string first_name Set to true to enable Webhooks calls.
- * @apiBody string last_name Record<TWebhookEvent, boolean> map of events to enable/disable.
- * @apiSuccess array(items:IProfile) . List of caller's current organization's members
+ * @group Signatures and Initials
+ * @api POST /v2/profiles/signatures Create Signature Block
+ * @apiBody string signature Blob containing signature image to store.
+ * @apiSuccess ISignature . The newly-created signature block.
  */
-const updateOrganizationMember = (endpoint, profileId, params) => endpoint.api //
-    .patch(`/v2/organization-members/${profileId}`, params)
-    .then((r) => r.data);
+const createSignature = (endpoint, name, signature) => {
+    const data = new FormData();
+    data.append('signature', signature, name);
+    return endpoint.api //
+        .post(`/v2/profiles/signatures`, data)
+        .then((r) => r.data);
+};
 
 /**
- * An Organization is the top level object for ownership for Members, Documents, and Templates.
- *
- * NOTE: There is no call specifically to create an organization. Every organization must have
- * at least one "owner" type member. To create a new organization, call createProfile() with
- * the desired new orgName to create. The caller will become the first owner of the new org, and
- * can then invite new members to join as well.
+ * These disclosures will be used if no overrides are supplied by the caller. Overrides must
+ * be applied at the Organization level before creating an envelope.
+ */
+const DEFAULT_DISCLOSURES = `
+<ul>
+  <li>
+    Agree to use electronic records and signatures, and confirm you have read the
+    <a href="https://verdocs.com/en/electronic-record-signature-disclosure/" target="_blank">
+      Electronic Record and Signatures Disclosure</a>.</li>
+  <li>
+    Agree to Verdocs'
+    <a href="https://verdocs.com/en/eula" target="_blank">
+      End User License Agreement</a>
+    and confirm you have read Verdocs'
+    <a href="https://verdocs.com/en/privacy-policy/" target="_blank">
+      Privacy Policy</a>.
+  </li>
+</ul>`;
+
+/**
+ * API keys are used to authenticate server-to-server calls. (API keys should **never** be used for client-to-server operations!)
+ * To generate a key, either use the Verdocs admin interface and make note of the client_id and client_secret generated, or call
+ * createKey as shown below. Then call {@link Users.Auth.authenticateApp} to obtain an access token using the provided ID and
+ * secret. Note that server-to-server authentication requests return shorter-lived tokens, so it is important to check the `exp`
+ * field and re-authenticate as needed for subsequent calls.
  *
- * NOTE: There is no call to delete an organization. For safety, this is a manual process. Please
- * contact support@verdocs.com if you wish to completely delete an organization and all its records.
+ * API keys may be updated or rotated at any time. Regular rotation is recommended. Rotation will not expire or invalidate
+ * existing server-to-server sessions, so it may be done at any time without disrupting your application.
  *
  * @module
  */
 /**
- * Get an organization by ID. Note that this endpoint will return only a subset of fields
- * if the caller is not a member of the organization (the public fields).
+ * Get a list of keys for a given organization. The caller must have admin access to the organization.
  *
  * ```typescript
- * import {getOrganization} from '@verdocs/js-sdk';
+ * import {getApiKeys} from '@verdocs/js-sdk';
  *
- * const organizations = await getOrganization(VerdocsEndpoint.getDefault(), 'ORGID');
+ * const keys = await getApiKeys(ORGID);
  * ```
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id Get organization
- * @apiSuccess IOrganization . The requested organization. The caller must be a member.
+ * @group API Keys
+ * @api GET /v2/api-keys Get API keys
+ * @apiSuccess array(items: IApiKey) . A list of the API keys for the caller's organization. Secrets will not be included.
  */
-const getOrganization = (endpoint, organizationId) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}`)
+const getApiKeys = (endpoint) => endpoint.api //
+    .get(`/v2/api-keys`)
     .then((r) => r.data);
 /**
- * Get an organization's "children".
+ * Create an API key.
  *
  * ```typescript
- * import {getOrganizationChildren} from '@verdocs/js-sdk';
+ * import {createApiKey} from '@verdocs/js-sdk';
  *
- * const children = await getOrganizationChildren(VerdocsEndpoint.getDefault(), 'ORGID');
+ * await createApiKey(ORGID, {name: NEWNAME});
  * ```
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id/children Get an organization's children
- * @apiSuccess IOrganization[] . Any child organizations found.
+ * @group API Keys
+ * @api POST /v2/api-keys Create API key
+ * @apiBody string name A name used to identify the key in the Verdocs Web App
+ * @apiBody string(format:uuid) profile_id The profile ID that calls made using the key will act as
+ * @apiBody array(items:string) permission An array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
+ * @apiSuccess IApiKey . The newly-created API key, including its secret.
  */
-const getOrganizationChildren = (endpoint, organizationId) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}/children`)
+const createApiKey = (endpoint, params) => endpoint.api //
+    .post('/v2/api-keys', params)
     .then((r) => r.data);
 /**
- * Get an organization's usage data. If the organization is a parent, usage data for children
- * will be included as well. The response will be a nested object keyed by organization ID,
- * with each entry being a dictionary of usageType:count entries.
+ * Rotate the secret for an API key. The caller must have admin access to the organization.
  *
  * ```typescript
- * import {getOrganizationUsage} from '@verdocs/js-sdk';
+ * import {rotateApiKey} from '@verdocs/js-sdk';
  *
- * const usage = await getOrganizationUsage(VerdocsEndpoint.getDefault(), 'ORGID');
+ * const {client_secret: newSecret} = await rotateApiKey(ORGID, CLIENTID);
  * ```
  *
- * @group Organizations
- * @api GET /v2/organizations/:organization_id/usage Get an organization's usage metrics
- * @apiSuccess TOrganizationUsage . Usage data grouped by organization ID
+ * @group API Keys
+ * @api POST /v2/api-keys/:client_id/rotate Rotate API key
+ * @apiParam string(format:uuid) client_id The client ID of the key to rotate
+ * @apiSuccess IApiKey . The updated API key with its new secret.
  */
-const getOrganizationUsage = (endpoint, organizationId, params) => endpoint.api //
-    .get(`/v2/organizations/${organizationId}/usage`, { params })
+const rotateApiKey = (endpoint, clientId) => endpoint.api //
+    .post(`/v2/api-keys/${clientId}/rotate`)
     .then((r) => r.data);
 /**
- * Create an organization. The caller will be assigned an "Owner" profile in the new organization,
- * and it will be set to "current" automatically. A new set of session tokens will be issued to
- * the caller, and the caller should update their endpoint to use the new tokens.
+ * Update an API key to change its assigned Profile ID or Name.
  *
  * ```typescript
- * import {createOrganization} from '@verdocs/js-sdk';
+ * import {updateApiKey} from '@verdocs/js-sdk';
  *
- * const organization = await createOrganization(VerdocsEndpoint.getDefault(), {name: 'NewOrg'});
+ * await updateApiKey(ORGID, CLIENTID, {name: NEWNAME});
  * ```
  *
- * @group Organizations
- * @api POST /v2/organizations Create organization
- * @apiDescription The caller will be assigned an "Owner" profile in the new organization, and it will be set to "current" automatically. A new set of session tokens will be issued to  the caller, and the caller should update their endpoint to use the new tokens.
- * @apiBody string name The name of the new organization
- * @apiBody string parent_id? If set, the new organization will be created as a child of the specified parent organization. The caller must be an admin of the parent organization.
- * @apiBody string contact_email? Contact email for the new organization
- * @apiBody string url? URL for the new organization
- * @apiBody string full_logo_url? URL of a large-format PNG logo
- * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
- * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
- * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
- * @apiSuccess IAuthenticateResponse . Authentication credentials for user in the new organization. The user will be made an Owner automatically.
+ * @group API Keys
+ * @api PATCH /v2/api-keys/:client_id Update API key
+ * @apiBody string name? New name for the API key
+ * @apiBody array(items:string) permission New array of permissions to assign to the new key. Extends (but does not override) the API key's profile permissions.
+ * @apiSuccess IApiKey . The updated API key. The secret will not be included.
  */
-const createOrganization = (endpoint, params) => endpoint.api //
-    .post(`/v2/organizations`, params)
+const updateApiKey = (endpoint, clientId, params) => endpoint.api //
+    .patch(`/v2/api-keys/${clientId}`, params)
     .then((r) => r.data);
 /**
- * Update an organization. This can only be called by an admin or owner.
+ * Delete an API key.
  *
  * ```typescript
- * import {updateOrganization} from '@verdocs/js-sdk';
+ * import {deleteApiKey} from '@verdocs/js-sdk';
  *
- * const organizations = await updateOrganization(VerdocsEndpoint.getDefault(), organizationId, {name:'ORGNAME'});
+ * await deleteApiKey(ORGID, CLIENTID);
  * ```
  *
- * @group Organizations
- * @api PATCH /v2/organizations/:organization_id Update organization
- * @apiBody string name The name of the new organization
- * @apiBody string contact_email? Contact email for the new organization
- * @apiBody string url? URL for the new organization
- * @apiBody string full_logo_url? URL of a large-format PNG logo
- * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
- * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
- * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
- * @apiSuccess IOrganization . The details for the updated organization
+ * @group API Keys
+ * @api DELETE /v2/api-keys/:client_id Delete API key
+ * @apiSuccess string . Success.
  */
-const updateOrganization = (endpoint, organizationId, params) => endpoint.api //
-    .patch(`/v2/organizations/${organizationId}`, params)
+const deleteApiKey = (endpoint, clientId) => endpoint.api //
+    .delete(`/v2/api-keys/${clientId}`)
     .then((r) => r.data);
+
 /**
- * Delete an organization. This can only be called by an owner. Inclusion of the organization ID to delete
- * is just a safety check. The caller may only delete the organization they have currently selected.
+ * An Organization Contact (aka Profile) is an individual user with no access to an organization. These entries
+ * appear only in contact lists, usually to populate quick-search dropdowns when sending envelopes.
+ *
+ * @module
+ */
+/**
+ * Get a list of the contacts in the caller's organization.
  *
  * ```typescript
- * import {deleteOrganization} from '@verdocs/js-sdk';
+ * import {getOrganizationContacts} from '@verdocs/js-sdk';
  *
- * const newSession = await deleteOrganization(VerdocsEndpoint.getDefault(), organizationId);
+ * const members = await getOrganizationContacts(VerdocsEndpoint.getDefault()});
  * ```
  *
- * @group Organizations
- * @api DELETE /v2/organizations/:organization_id Delete organization
- * @apiSuccess IAuthenticateResponse . If the caller is a member of another organization, authentication credentials for the next organization available. If not, this will be null and the caller will be logged out.
+ * @group Organization Contacts
+ * @api GET /v2/organization-contacts Get a list of organization contacts
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const deleteOrganization = (endpoint, organizationId) => endpoint.api //
-    .delete(`/v2/organizations/${organizationId}`)
+const getOrganizationContacts = (endpoint) => endpoint.api //
+    .get(`/v2/organization-contacts`)
     .then((r) => r.data);
 /**
- * Update the organization's full or thumbnail logo. This can only be called by an admin or owner.
+ * Delete a contact from the caller's organization. Note that the caller must be an admin or owner.
  *
  * ```typescript
- * import {updateOrganizationLogo} from '@verdocs/js-sdk';
+ * import {deleteOrganizationContact} from '@verdocs/js-sdk';
  *
- * await updateOrganizationLogo((VerdocsEndpoint.getDefault(), organizationId, file);
+ * await deleteOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID'});
  * ```
  *
- * @group Organizations
- * @api PATCH /v2/organizations/:organization_id Update organization full or thumbnail logo.
- * @apiBody image/png logo? Form-url-encoded file to upload
- * @apiBody image/png thumbnail? Form-url-encoded file to upload
- * @apiSuccess IOrganization . The updated organization.
+ * @group Organization Contacts
+ * @api POST /v2/organization-invitations/decline GET a list of pending invitations
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const updateOrganizationLogo = (endpoint, organizationId, file, onUploadProgress) => {
-    const formData = new FormData();
-    formData.append('logo', file, file.name);
-    return endpoint.api //
-        .patch(`/v2/organizations/${organizationId}`, formData, {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    })
-        .then((r) => r.data);
-};
+const deleteOrganizationContact = (endpoint, profileId) => endpoint.api //
+    .delete(`/v2/organization-contacts/${profileId}`)
+    .then((r) => r.data);
 /**
- * Update the organization's thumbnail. This can only be called by an admin or owner.
+ * Update a member.
  *
  * ```typescript
- * import {updateOrganizationThumbnail} from '@verdocs/js-sdk';
+ * import {createOrganizationContact} from '@verdocs/js-sdk';
  *
- * await updateOrganizationThumbnail((VerdocsEndpoint.getDefault(), organizationId, file);
+ * const result = await createOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'First', last_name:'Last', email:'a@b.com'});
  * ```
  */
-const updateOrganizationThumbnail = (endpoint, organizationId, file, onUploadProgress) => {
-    const formData = new FormData();
-    formData.append('thumbnail', file, file.name);
-    return endpoint.api //
-        .patch(`/v2/organizations/${organizationId}`, formData, {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    })
-        .then((r) => r.data);
-};
-const getEntitlements = async (endpoint) => endpoint.api.get(`/v2/organizations/entitlements`).then((r) => r.data);
+const createOrganizationContact = (endpoint, params) => endpoint.api //
+    .post(`/v2/organization-contacts`, params)
+    .then((r) => r.data);
 /**
- * Largely intended to be used internally by Web SDK components but may be informative for other cases.
- * Entitlements are feature grants such as "ID-based KBA" that require paid contracts to enable, typically
- * because the underlying services that support them are fee-based. Entitlements may run concurrently,
- * and may have different start/end dates e.g. "ID-based KBA" may run 1/1/2026-12/31/2026 while
- * "SMS Authentication" may be added later and run 6/1/2026-5/31/2027. The entitlements list is a simple
- * array of enablements and may include entries that are not YET enabled or have now expired.
- *
- * In client code it is helpful to simply know "is XYZ feature currently enabled?" This function collapses
- * the entitlements list to a simplified dictionary of current/active entitlements. Note that it is async
- * because it calls the server to obtain the "most current" entitlements list. Existence of an entry in the
- * resulting dictionary implies the feature is active. Metadata inside each entry can be used to determine
- * limits, etc.
+ * Update a member.
  *
  * ```typescript
- * import {getActiveEntitlements} from '@verdocs/js-sdk';
- *
- * const activeEntitlements = await getActiveEntitlements((VerdocsEndpoint.getDefault());
- * const isSMSEnabled = !!activeEntitlements.sms_auth;
- * const monthlyKBALimit = activeEntitlements.kba_auth?.monthly_max;
- * ```
- */
-const getActiveEntitlements = async (endpoint) => {
-    if (!endpoint.session) {
-        throw new Error('No active session');
-    }
-    const entitlements = await getEntitlements(endpoint);
-    return collapseEntitlements(entitlements);
-};
+ * import {updateOrganizationContact} from '@verdocs/js-sdk';
+ *
+ * const result = await updateOrganizationContact(VerdocsEndpoint.getDefault(), 'PROFILEID', {first_name:'NewFirst'});
+ * ```
+ */
+const updateOrganizationContact = (endpoint, profileId, params) => endpoint.api //
+    .patch(`/v2/organization-contacts/${profileId}`, params)
+    .then((r) => r.data);
 
 /**
- * Webhooks are callback triggers from Verdocs to your servers that notify your applications
- * of various events, such as signing operations.
+ * Organizations may contain "Groups" of user profiles, called Members. Groups may have permissions assigned that
+ * apply to all Members, making it easy to configure role-based access control (RBAC) within an Organization. Note
+ * that permissions are **additive**. A user may be a member of more than one group, and may also have permissions
+ * assigned directly. In that case, the user will have the combined set of all permissions inherited from all
+ * sources.
  *
  * @module
  */
 /**
- * Get the registered Webhook configuration for the caller's organization.
+ * Get a list of groups for the caller's organization. NOTE: Any organization member may request
+ * the list of groups, but only Owners and Admins may update them.
  *
  * ```typescript
- * import {getWebhooks} from '@verdocs/js-sdk';
+ * import {getGroups} from '@verdocs/js-sdk';
  *
- * await getWebhooks(ORGID, params);
+ * const groups = await getGroups();
  * ```
- *
- * @group Webhooks
- * @api GET /v2/webhooks Get organization Webhooks config
- * @apiSuccess IWebhook . The current Webhooks config for the caller's organization.
  */
-const getWebhooks = (endpoint) => endpoint.api //
-    .get(`/v2/webhooks`)
+const getGroups = (endpoint) => endpoint.api //
+    .get(`/v2/organization-groups`)
     .then((r) => r.data);
 /**
- * Update the registered Webhook configuration for the caller's organization. Note that
- * Webhooks cannot currently be deleted, but may be easily disabled by setting `active`
- * to `false` and/or setting the `url` to an empty string.
+ * Get the details for a group, including its member profiles and list of permissions.
  *
  * ```typescript
- * import {setWebhooks} from '@verdocs/js-sdk';
+ * import {getGroup} from '@verdocs/js-sdk/v2/organization-groups';
  *
- * await setWebhooks(ORGID, params);
+ * const group = await getGroup(GROUPID);
  * ```
- *
- * @group Webhooks
- * @api PATCH /v2/webhooks Update organization Webhooks config
- * @apiDescription Note that Webhooks cannot currently be deleted, but may be easily disabled by setting `active` to `false` and/or setting the `url` to an empty string.
- * @apiBody string url URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
- * @apiBody boolean active Set to true to enable Webhooks calls.
- * @apiBody object events Record<TWebhookEvent, boolean> map of events to enable/disable.
- * @apiSuccess IWebhook . The updated Webhooks config for the caller's organization.
  */
-const setWebhooks = (endpoint, params) => endpoint.api //
-    .patch(`/v2/webhooks`, params)
+const getGroup = (endpoint, groupId) => endpoint.api //
+    .get(`/v2/organization-groups/${groupId}`)
     .then((r) => r.data);
-
-/**
- * A map of the permissions each role confers.
- */
-const RolePermissions = {
-    owner: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'template:member:visibility',
-        'owner:add',
-        'owner:remove',
-        'admin:add',
-        'admin:remove',
-        'member:view',
-        'member:add',
-        'member:remove',
-        'org:create',
-        'org:view',
-        'org:update',
-        'org:delete',
-        'org:transfer',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    admin: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'template:member:visibility',
-        'admin:add',
-        'admin:remove',
-        'member:view',
-        'member:add',
-        'member:remove',
-        'org:create',
-        'org:view',
-        'org:update',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    member: [
-        'template:creator:create:public',
-        'template:creator:create:org',
-        'template:creator:create:personal',
-        'template:creator:delete',
-        'template:creator:visibility',
-        'template:member:read',
-        'template:member:write',
-        'template:member:delete',
-        'member:view',
-        'org:create',
-        'org:view',
-        'org:list',
-        'envelope:create',
-        'envelope:cancel',
-        'envelope:view',
-    ],
-    basic_user: ['template:member:read', 'member:view', 'org:view', 'org:list'],
-    contact: ['org:view', 'org:list', 'org:create'],
-};
 /**
- * Confirm whether the user has all of the specified permissions.
+ * Create a group. Note that "everyone" is a reserved name and may not be created.
+ *
+ * ```typescript
+ * import {createGroup} from '@verdocs/js-sdk';
+ *
+ * const group = await createGroup(VerdocsEndpoint.getDefault(), {name:'newgroup'});
+ * ```
  */
-const userHasPermissions = (profile, permissions) => {
-    // No need to de-dupe here, we're just checking present-at-least-once set membership.
-    const netPermissions = [...(profile?.permissions || [])];
-    (profile?.roles || []).forEach((role) => {
-        netPermissions.push(...(RolePermissions[role] || []));
-    });
-    (profile?.group_profiles || []).forEach((groupProfile) => {
-        netPermissions.push(...(groupProfile.group?.permissions || []));
-    });
-    return permissions.every((perm) => netPermissions.includes(perm));
-};
-
-const canPerformTemplateAction = (profile, action, template) => {
-    if (!template && !action.includes('create')) {
-        return { canPerform: false, message: 'Missing required template object' };
-    }
-    // We use BOGUS here to force the option-chain in things like template?.profile_id to NOT match profile?.profile_id because if both
-    // were undefined, they would actually match.
-    const profile_id = profile?.id || 'BOGUS';
-    const organization_id = profile?.organization_id || 'BOGUS';
-    const isCreator = template?.profile_id === profile_id;
-    const isSameOrg = template?.organization_id === organization_id;
-    const isPersonal = template?.is_personal ?? false;
-    const isPublic = template?.is_public ?? false;
-    const permissionsRequired = [];
-    switch (action) {
-        case 'create_personal':
-            permissionsRequired.push('template:creator:create:personal');
-            break;
-        case 'create_org':
-            permissionsRequired.push('template:creator:create:org');
-            break;
-        case 'create_public':
-            permissionsRequired.push('template:creator:create:public');
-            break;
-        case 'read':
-            if (!isCreator) {
-                if ((!isPersonal && isSameOrg) || !isPublic) {
-                    permissionsRequired.push('template:member:read');
-                }
-            }
-            break;
-        case 'write':
-            if (!isCreator) {
-                permissionsRequired.push('template:member:read');
-                permissionsRequired.push('template:member:write');
-            }
-            break;
-        case 'change_visibility_personal':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:personal');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'change_visibility_org':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:org');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'change_visibility_public':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:create:public');
-                permissionsRequired.push('template:creator:visibility');
-            }
-            else {
-                permissionsRequired.push('template:member:visibility');
-            }
-            break;
-        case 'delete':
-            if (isCreator) {
-                permissionsRequired.push('template:creator:delete');
-            }
-            else {
-                permissionsRequired.push('template:member:delete');
-            }
-            break;
-        default:
-            return { canPerform: false, message: 'Action is not defined' };
-    }
-    if (hasRequiredPermissions(profile, permissionsRequired)) {
-        return { canPerform: true, message: '' };
-    }
-    return { canPerform: false, message: `Insufficient access to perform '${action}'. Needed permissions: ${permissionsRequired.toString()}` };
-};
-const hasRequiredPermissions = (profile, permissions) => permissions.every((perm) => (profile?.permissions || []).includes(perm));
-
+const createGroup = (endpoint, params) => endpoint.api //
+    .post('/v2/organization-groups', params)
+    .then((r) => r.data);
 /**
- * Add a field to a template.
+ * Update a group. Note that "everyone" is a reserved name and may not be changed.
  *
  * ```typescript
- * import {createField} from '@verdocs/js-sdk/Templates';
+ * import {updateGroup} from '@verdocs/js-sdk';
  *
- * await createField((VerdocsEndpoint.getDefault(), template_id, { ... });
+ * const updated = await updateGroup(VerdocsEndpoint.getDefault(), {name:'newname'});
  * ```
+ */
+const updateGroup = (endpoint, groupId, params) => endpoint.api //
+    .patch(`/v2/organization-groups/${groupId}`, params)
+    .then((r) => r.data);
+/**
+ * Get an organization by ID. Note that the "everyone" group cannot be deleted.
  *
- * @group Fields
- * @api POST /v2/fields/:template_id Add a field to a template
- * @apiBody string name Name for the new field. Field names must be unique within a template. Although special characters are allowed, they must be URL-encoded in subsequent requests, so it is recommended to use only alphanumeric characters and hyphens if possible.
- * @apiBody string role_name Role to assign to the field. Role names must be valid, so it is recommended to create roles before fields.
- * @apiBody string document_id ID of the document upon which to place the field.
- * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type Type of field to create
- * @apiBody boolean(default: false) required Whether the field is required
- * @apiBody integer(min: 0) page 0-based page number upon which to place the field
- * @apiBody integer(min: 0) x X position for the field (left to right)
- * @apiBody integer(min: 0) y Y position for the field (_bottom to top!_)
- * @apiBody string label? Optional label to display above the field
- * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody string placeholder? Optional placeholder to display in text fields
- * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
- * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
- * @apiBody string value? Optional default value to set on the field
- * @apiSuccess ITemplateField . Template field
+ * ```typescript
+ * import {deleteGroup} from '@verdocs/js-sdk';
+ *
+ * await deleteGroup(VerdocsEndpoint.getDefault(), 'ORGID');
+ * ```
  */
-const createField = (endpoint, templateId, params) => endpoint.api //
-    .post(`/v2/fields/${templateId}`, params)
+const deleteGroup = (endpoint, groupId) => endpoint.api //
+    .delete(`/v2/organization-groups/${groupId}`)
     .then((r) => r.data);
 /**
- * Update a template field.
+ * Add a member to a group.
  *
  * ```typescript
- * import {updateField} from '@verdocs/js-sdk/Templates';
+ * import {addGroupMember} from '@verdocs/js-sdk';
  *
- * await updateField((VerdocsEndpoint.getDefault(), template_id, field_name, { ... });
+ * await addGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
  * ```
- *
- * @group Fields
- * @api PATCH /v2/fields/:template_id/:field_name Update a field. See createField for additional details on the supported parameters.
- * @apiBody string name? Rename the field. Note that template field names must be unique within a template.
- * @apiBody string role_name Role to assign to the field.
- * @apiBody string document_id ID of the document upon which to place the field.
- * @apiBody string(enum: 'signature' | 'initial' | 'checkbox' | 'radio' | 'textbox' | 'timestamp' | 'date' | 'dropdown' | 'textarea' | 'attachment' | 'payment') type? Change the field type. Note that while this is technically allowed, fields have different behaviors, validators, default sizes, etc. It is usually easier to add a new field and delete the old one.
- * @apiBody boolean(default: false) required? Whether the field is required
- * @apiBody integer(min: 0) page? 0-based page number upon which to place the field
- * @apiBody integer(min: 0) x? X position for the field (left to right)
- * @apiBody integer(min: 0) y? Y position for the field (_bottom to top!_)
- * @apiBody string label? Optional label to display above the field
- * @apiBody integer(min: 50) width? Width of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody integer(min: 15) height? Height of the field. Note that all fields have built-in defaults, and it is recommended that this only be set on text fields.
- * @apiBody string placeholder? Optional placeholder to display in text fields
- * @apiBody string group? For fields that support grouping (radio buttons and check boxes) the value selected will be stored under this name
- * @apiBody array(items:IDropdownOption) options? For dropdown fields, the options to display
- * @apiBody string value? Optional default value to set on the field
- * @apiSuccess ITemplateField . Updated template field
  */
-const updateField = (endpoint, templateId, name, params) => endpoint.api //
-    .patch(`/v2/fields/${templateId}/${encodeURIComponent(name)}`, params)
+const addGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
+    .post(`/v2/organization-groups/${groupId}/members`, { profile_id })
     .then((r) => r.data);
 /**
- * Remove a field from a template.
+ * Remove a member from a group.
  *
  * ```typescript
- * import {deleteField} from '@verdocs/js-sdk/Templates';
+ * import {deleteGroupMember} from '@verdocs/js-sdk';
  *
- * await deleteField((VerdocsEndpoint.getDefault(), template_id, field_name);
+ * await deleteGroupMember(VerdocsEndpoint.getDefault(), 'GROUPID', 'PROFILEID');
  * ```
- *
- * @group Fields
- * @api DELETE /v2/fields/:template_id/:field_name Delete a field
- * @apiSuccess string . Success
  */
-const deleteField = (endpoint, templateId, name) => endpoint.api //
-    .delete(`/v2/fields/${templateId}/${encodeURIComponent(name)}`)
+const deleteGroupMember = (endpoint, groupId, profile_id) => endpoint.api //
+    .delete(`/v2/organization-groups/${groupId}/members/${profile_id}`)
     .then((r) => r.data);
 
 /**
- * Various helpers to identify available operations for a template by a user.
+ * An invitation represents an opportunity for a Member to join an Organization.
  *
  * @module
  */
 /**
- * Check to see if the user created the template.
- */
-const userIsTemplateCreator = (profile, template) => profile && template && profile.id === template.profile_id;
-/**
- * Check to see if a template is "shared" with the user.
- */
-const userHasSharedTemplate = (profile, template) => profile && template && !template.is_personal && profile.organization_id === template.organization_id;
-/**
- * Check to see if the user can create a personal/private template.
- */
-const userCanCreatePersonalTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:personal']);
-/**
- * Check to see if the user can create an org-shared template.
- */
-const userCanCreateOrgTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:org']);
-/**
- * Check to see if the user can create a public template.
- */
-const userCanCreatePublicTemplate = (profile) => userHasPermissions(profile, ['template:creator:create:public']);
-/**
- * Check to see if the user can read/view a template.
- */
-const userCanReadTemplate = (profile, template) => template.is_public ||
-    userIsTemplateCreator(profile, template) ||
-    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read']));
-/**
- * Check to see if the user can update a tempate.
- */
-const userCanUpdateTemplate = (profile, template) => userIsTemplateCreator(profile, template) ||
-    (userHasSharedTemplate(profile, template) && userHasPermissions(profile, ['template:member:read', 'template:member:write']));
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
- */
-const userCanMakeTemplatePrivate = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:personal'])
-    : userHasPermissions(profile, ['template:member:visibility']);
-/**
- * Check to see if the user can change whether a template is personal vs org-shared.
+ * Get a list of invitations pending for the caller's organization. The caller must be an admin or owner.
+ *
+ * @group Organization Invitations
+ * @api GET /v2/organization-invitations Get a list of pending invitations
+ * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const userCanMakeTemplateShared = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:org'])
-    : userHasPermissions(profile, ['template:member:visibility']);
+const getOrganizationInvitations = (endpoint) => endpoint.api //
+    .get(`/v2/organization-invitations`)
+    .then((r) => r.data);
 /**
- * Check to see if the user can change whether a template is personal vs org-shared.
+ * Invite a new user to join the organization.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations Invite a new user to join the organization
+ * @apiBody string email Email address to send the invitation to
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiBody TRole role Initial role to assign to the user once they accept.
+ * @apiSuccess IOrganizationInvitation . The newly-created invitation.
  */
-const userCanMakeTemplatePublic = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:create:public'])
-    : userHasPermissions(profile, ['template:member:visibility']);
+const createOrganizationInvitation = (endpoint, params) => endpoint.api //
+    .post(`/v2/organization-invitations`, params)
+    .then((r) => r.data);
 /**
- * Check to see if the user can change whether a template is personal vs org-shared.
+ * Delete an invitation. Note that no cancellation message will be sent. Invitations are also one-time-use.
+ * If the invitee attempts to join after the invitation is deleted, accepted, or decline, they will be
+ * shown an error.
+ *
+ * @group Organization Invitations
+ * @api DELETE /v2/organization-invitations/:email Delete a pending invitation
+ * @apiSuccess string . Success
  */
-const userCanChangeOrgVisibility = (profile, template) => userIsTemplateCreator(profile, template) && userHasPermissions(profile, ['template:creator:create:personal']);
+const deleteOrganizationInvitation = (endpoint, email) => endpoint.api //
+    .delete(`/v2/organization-invitations/${email}`)
+    .then((r) => r.data);
 /**
- * Check to see if the user can change whether a template is personal vs org-shared.
+ * Update an invitation. Note that email may not be changed after the invite is sent. To change
+ * an invitee's email, delete the incorrect entry and create one with the correct value.
+ *
+ * @group Organization Invitations
+ * @api PATCH /v2/organization-invitations/:email Update a pending invitation
+ * @apiBody string first_name First name. The user may override this after accepting the invitation.
+ * @apiBody string last_name Last name. The user may override this after accepting the invitation.
+ * @apiBody TRole role Initial role to assign to the user once they accept.
+ * @apiSuccess IOrganizationInvitation . The updated invitation.
  */
-const userCanDeleteTemplate = (profile, template) => userIsTemplateCreator(profile, template)
-    ? userHasPermissions(profile, ['template:creator:delete'])
-    : userHasPermissions(profile, ['template:member:delete']);
+const updateOrganizationInvitation = (endpoint, email, params) => endpoint.api //
+    .patch(`/v2/organization-invitations/${email}`, params)
+    .then((r) => r.data);
 /**
- * Confirm whether the user can create an envelope using the specified template.
+ * Send a reminder to the invitee to join the organization.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/resend Send a reminder to a pending invitee
+ * @apiBody string email The recipient to send the reminder to
+ * @apiSuccess IOrganizationInvitation . The updated invitation
  */
-const userCanSendTemplate = (profile, template) => {
-    switch (template.visibility) {
-        case 'private':
-            return userIsTemplateCreator(profile, template);
-        case 'shared':
-            return userIsTemplateCreator(profile, template) || template.organization_id === profile?.organization_id;
-        case 'public':
-            return true;
-    }
-};
+const resendOrganizationInvitation = (endpoint, email) => endpoint.api //
+    .post('/v2/organization-invitations/resend', { email })
+    .then((r) => r.data);
 /**
- * Confirm whether the user can create a new template.
+ * Get an invitation's details. This is generally used as the first step of accepting the invite.
+ * A successful response will indicate that the invite token is still valid, and include some
+ * metadata for the organization to style the acceptance screen.
+ *
+ * @group Organization Invitations
+ * @api GET /v2/organization-invitations/:email/:token Get a pending invitation (_Authenticated via invite token, not an active session._). Intended to be called by the invitee to get details about the invitation they are about to accept.
+ * @apiSuccess IOrganizationInvitation . Requested invitation's details. Will always include summary details for the organization, to be used for branding the accept-invite view.
  */
-const userCanCreateTemplate = (profile) => userCanCreatePersonalTemplate(profile) || userCanCreateOrgTemplate(profile) || userCanCreatePublicTemplate(profile);
+const getOrganizationInvitation = (endpoint, email, token) => endpoint.api //
+    .get(`/v2/organization-invitations/${email}/${token}`)
+    .then((r) => r.data);
 /**
- * Check to see if the user can "build" the template (use the field builder). The user must have write access to the
- * template, and the template must have at least one signer role.
+ * Accept an invitation. This will automatically create a user record for the caller as well as a profile
+ * with the appropriate role as specified in the invite. The profile will be set as "current" for the caller,
+ * and session tokens will be returned to access the new profile. The profile's email_verified flag will
+ * also be set to true.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/accept Accept an invitation
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiBody string first_name First name
+ * @apiBody string last_name Last name
+ * @apiBody string password Password
+ * @apiSuccess IAuthenticateResponse . Session credentials for the newly-created user's profile. If the user already had a profile for another organization, the new profile will be made "current" automatically.
  */
-const userCanBuildTemplate = (profile, template) => userCanUpdateTemplate(profile, template) && (template.roles || []).filter((role) => role.type === 'signer').length > 0;
-const getFieldsForRole = (template, role_name) => (template.fields || []).filter((field) => field.role_name === role_name);
+const acceptOrganizationInvitation = (endpoint, params) => endpoint.api //
+    .post('/v2/organization-invitations/accept', params)
+    .then((r) => r.data);
 /**
- * Check to see if the user can preview the template. The user must have read access to the template, the template must
- * have at least one signer, and every signer must have at least one field.
+ * Decline an invitation. This will mark the status "declined," providing a visual indication to the
+ * organization's admins that the invite was declined, preventing further invites from being created
+ * to the same email address, and also preventing the invitee from receiving reminders to join.
+ *
+ * @group Organization Invitations
+ * @api POST /v2/organization-invitations/decline Decline an invitation
+ * @apiDescription Mark the status "declined," providing a visual indication to the organization's admins that the invite was declined, preventing further invites from being created to the same email address, and also preventing the invitee from receiving reminders to join.
+ * @apiBody string email Email address for the invitee
+ * @apiBody string token Invite token for the invitee
+ * @apiSuccess string . Success. The invitation will be marked declined and the token will be invalidated.
  */
-const userCanPreviewTemplate = (profile, template) => {
-    const hasPermission = userCanReadTemplate(profile, template);
-    const signers = (template.roles || []).filter((role) => role.type === 'signer');
-    return hasPermission && signers.length > 0 && signers.every((signer) => getFieldsForRole(template, signer.name).length > 0);
-};
+const declineOrganizationInvitation = (endpoint, email, token) => endpoint.api //
+    .post('/v2/organization-invitations/decline', { email, token })
+    .then((r) => r.data);
 
 /**
- * A "role" is an individual participant in a signing flow, such as a signer or CC contact.
- * A role is a placeholder that will eventually become a named recipient. For example, "Tenant 1"
- * might be replaced with "John Smith" when the document is sent out for signature.
- *
- * Role names must be unique within a template, e.g. 'Recipient 1'. They may contain any [a-zA-Z0-9_- ]
- * characters, although it is recommended to keep them simple and human-readable, and to avoid
- * spaces (although they are allowed). If spaces are used in role names, be sure to URL-encode them
- * when calling endpoints like `updateRole()` e.g. 'Recipient%201'.
- *
- * NOTE: Roles are always enumerated under Template objects, so there are no "list" or "get" endpoints
- * for them. To get a template's latest role list, simply call `getTemplate()`.
+ * An Organization Member (aka Profile) is an individual user with access to an organization.
  *
  * @module
  */
 /**
- * Create a role.
- *
- * ```typescript
- * import {createTemplateRole} from '@verdocs/js-sdk';
- *
- * const role = await createTemplateRole(VerdocsEndpoint.getDefault(), template_id, params...);
- * ```
- *
- * @group Roles
- * @api POST /v2/roles/:template_id Add a role to a template
- * @apiBody string name Name for the new role. Must be unique within the template. May include spaces, but later calls must URL-encode any references to this role, so it is recomended that special characters be avoided.
- * @apiBody string(enum:'signer' | 'cc' | 'approver') type Type of role to create. Signers act on documents by filling and signing fields. CC recipients receive a copy but do not act on the document. Approvers control the final submission of a document, but do not have fields of their own to fill out.
- * @apiBody string full_name? Default full name for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string email? Default email address for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string phone? Default (SMS-capable) phone number for the role. May be completed/overridden later, when envelopes are made from the template.
- * @apiBody string message? Optional message to include in email and SMS signing invitations.
- * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role. Roles that share the same sequence number act in parallel, and will receive invitations at the same time.
- * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role. Controls the left-to-right display order of roles at the same sequence number in the UI components e.g. `<verdocs-template-roles />`.
- * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
- * @apiSuccess IRole . The newly-created role
- */
-const createTemplateRole = (endpoint, template_id, params) => endpoint.api //
-    .post(`/v2/roles/${template_id}`, params)
-    .then((r) => r.data);
-/**
- * Update a role.
+ * Get a list of the members in the caller's organization.
  *
  * ```typescript
- * import {updateTemplateRole} from '@verdocs/js-sdk';
+ * import {getOrganizationMembers} from '@verdocs/js-sdk';
  *
- * const role = await updateTemplateRole(VerdocsEndpoint.getDefault(), template_id, name, params...);
+ * const members = await getOrganizationMembers(VerdocsEndpoint.getDefault()});
  * ```
  *
- * @group Roles
- * @api PATCH /v2/roles/:template_id/:role_id Update a role. See createRole for additional details on the parameters available.
- * @apiBody string name? Rename the role. Note that role names must be unique within a template, so this may fail if the new name is already in use.
- * @apiBody string(enum:'signer' | 'cc' | 'approver') type? Type of role.
- * @apiBody string full_name? Default full name for the role.
- * @apiBody string email? Default email address for the role.
- * @apiBody string phone? Default (SMS-capable) phone number for the role.
- * @apiBody string message? Optional message to include in email and SMS signing invitations.
- * @apiBody integer(min: 1, default: 1) sequence? Optional 1-based sequence number for the role.
- * @apiBody integer(min: 1, default: 1) order? Optional 1-based order number for the role.
- * @apiBody boolean delegator? If true, the role may delegate their signing responsibility to another party.
- * @apiBody string(enum:'pin'|'identity'|'') kba_method? Active PIN- or Identity-based KBA for the role.
- * @apiSuccess IRole . The newly-created role
+ * @group Organization Members
+ * @api GET /v2/organization-members List current organization's members
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const updateTemplateRole = (endpoint, template_id, name, params) => endpoint.api //
-    .patch(`/v2/roles/${template_id}/${encodeURIComponent(name)}`, params)
+const getOrganizationMembers = (endpoint) => endpoint.api //
+    .get(`/v2/organization-members`)
     .then((r) => r.data);
 /**
- * Delete a role.
+ * Delete a member from the caller's organization. Note that the caller must be an admin or owner,
+ * may not delete him/herself.
  *
  * ```typescript
- * import {deleteTemplateRole} from '@verdocs/js-sdk';
+ * import {deleteOrganizationMember} from '@verdocs/js-sdk';
  *
- * const profiles = await deleteTemplateRole(VerdocsEndpoint.getDefault(), template_id, name);
+ * await deleteOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID'});
  * ```
  *
- * @group Roles
- * @api DELETE /v2/roles/:template_id/:role_id Delete a role.
+ * @group Organization Members
+ * @api DELETE /v2/organization-members/:profile_id Delete a member from the organization
  * @apiSuccess string . Success
  */
-const deleteTemplateRole = (endpoint, template_id, name) => endpoint.api //
-    .delete(`/v2/roles/${template_id}/${encodeURIComponent(name)}`)
+const deleteOrganizationMember = (endpoint, profileId) => endpoint.api //
+    .delete(`/v2/organization-members/${profileId}`)
     .then((r) => r.data);
-
-/**
- * A Template defines how a Verdocs signing flow will be performed, including attachments, signing fields, and
- * recipients.
- *
- * @module
- */
 /**
- * Get all templates accessible by the caller, with optional filters.
+ * Update a member.
  *
  * ```typescript
- * import {getTemplates} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationMember} from '@verdocs/js-sdk';
  *
- * await getTemplates((VerdocsEndpoint.getDefault());
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_starred: true });
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_creator: true });
- * await getTemplates((VerdocsEndpoint.getDefault(), { is_organization: true });
+ * const result = await updateOrganizationMember(VerdocsEndpoint.getDefault(), 'PROFILEID', {roles:['member']});
  * ```
  *
- * @group Templates
- * @api GET /v2/templates Get Templates
- * @apiQuery string q? Find templates whose names/descriptions contain the specified query string
- * @apiQuery boolean is_starred? If true, returns only templates with at least one "star".
- * @apiQuery boolean is_creator? If true, returns only templates that the caller created.
- * @apiQuery string(enum: 'private_shared' | 'private' | 'shared' | 'public') visibility? Return only templates with the specified visibility.
- * @apiQuery string(enum: 'created_at' | 'updated_at' | 'name' | 'last_used_at' | 'counter' | 'star_counter') sort_by? Return results sorted by this criteria
- * @apiQuery boolean ascending? Set true/false to override the sort direction. Note that the default depends on `sort_by`. Date-based sorts default to descending, while name defaults to ascending.
- * @apiQuery integer(default: 20) rows? Limit the number of rows returned
- * @apiQuery integer(default: 0) page? Specify which page of results to return
- * @apiSuccess integer(format: int32) count The total number of records matching the query, helpful for pagination
- * @apiSuccess integer(format: int32) rows The number of rows returned in this response page
- * @apiSuccess integer(format: int32) page The page number of this response
- * @apiSuccess array(items: ITemplate) templates List of templates found
+ * @group Organization Members
+ * @api PATCH /v2/organization-members/:profile_id Update an organization member.
+ * @apiBody array(items:TRole) roles URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody string first_name Set to true to enable Webhooks calls.
+ * @apiBody string last_name Record<TWebhookEvent, boolean> map of events to enable/disable.
+ * @apiSuccess array(items:IProfile) . List of caller's current organization's members
  */
-const getTemplates = (endpoint, params) => endpoint.api //
-    .get('/v2/templates', { params })
+const updateOrganizationMember = (endpoint, profileId, params) => endpoint.api //
+    .patch(`/v2/organization-members/${profileId}`, params)
     .then((r) => r.data);
+
 /**
- * Get one template by its ID.
+ * An Organization is the top level object for ownership for Members, Documents, and Templates.
+ *
+ * NOTE: There is no call specifically to create an organization. Every organization must have
+ * at least one "owner" type member. To create a new organization, call createProfile() with
+ * the desired new orgName to create. The caller will become the first owner of the new org, and
+ * can then invite new members to join as well.
+ *
+ * NOTE: There is no call to delete an organization. For safety, this is a manual process. Please
+ * contact support@verdocs.com if you wish to completely delete an organization and all its records.
+ *
+ * @module
+ */
+/**
+ * Get an organization by ID. Note that this endpoint will return only a subset of fields
+ * if the caller is not a member of the organization (the public fields).
  *
  * ```typescript
- * import {getTemplate} from '@verdocs/js-sdk/Templates';
+ * import {getOrganization} from '@verdocs/js-sdk';
  *
- * const template = await getTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * const organizations = await getOrganization(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api GET /v2/templates/:template_id Get a template. Note that the caller must have at least View access to the template.
- * @apiSuccess ITemplate . The requested template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id Get organization
+ * @apiSuccess IOrganization . The requested organization. The caller must be a member.
  */
-const getTemplate = (endpoint, templateId) => {
-    return endpoint.api //
-        .get(`/v2/templates/${templateId}`)
-        .then((r) => {
-        const template = r.data;
-        // Post-process the template to upgrade to new data fields
-        if (!template.documents && template.template_documents) {
-            template.documents = template.template_documents;
-        }
-        template.documents?.forEach((document) => {
-            if (!document.order) {
-                document.order = 0;
-            }
-            if (document.page_numbers) {
-                document.pages = document.page_numbers;
-            }
-        });
-        // Temporary upgrade from legacy app
-        template.fields?.forEach((field) => {
-            if (field.setting) {
-                field.settings = field.setting;
-            }
-        });
-        return template;
-    });
-};
-const ALLOWED_CREATE_FIELDS = [
-    'name',
-    'is_personal',
-    'is_public',
-    'sender',
-    'description',
-    'roles',
-    'fields',
-];
+const getOrganization = (endpoint, organizationId) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}`)
+    .then((r) => r.data);
 /**
- * Create a template.
+ * Get an organization's "children".
  *
  * ```typescript
- * import {createTemplate} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationChildren} from '@verdocs/js-sdk';
  *
- * const newTemplate = await createTemplate((VerdocsEndpoint.getDefault(), {...});
+ * const children = await getOrganizationChildren(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api POST /v2/templates Create a template
- * @apiBody string name Template name
- * @apiBody string description? Optional description
- * @apiBody TTemplateVisibility visibility? Visibility setting
- * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
- * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
- * @apiBody TTemplateSender sender? Who may send envelopes using this template
- * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
- * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
- * @apiBody array(items:object) documents? Optional list of documents to attach to the template
- * @apiBody array(items:IRole) roles? Optional list of roles to create. Note that if roles are not included in the request, fields will be ignored.
- * @apiBody array(fields:ITemplateField) fields? Optional list of fields to create. Note that if fields that do not match a role will be ignored.
- * @apiSuccess ITemplate . The newly-created template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id/children Get an organization's children
+ * @apiSuccess IOrganization[] . Any child organizations found.
  */
-const createTemplate = (endpoint, params, onUploadProgress) => {
-    const options = {
-        timeout: 120000,
-        onUploadProgress: (event) => {
-            const total = event.total || 1;
-            const loaded = event.loaded || 0;
-            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
-        },
-    };
-    if (params.documents && params.documents[0] instanceof File) {
-        const formData = new FormData();
-        ALLOWED_CREATE_FIELDS.forEach((allowedKey) => {
-            if (params[allowedKey] !== undefined) {
-                formData.append(allowedKey, params[allowedKey]);
-            }
-        });
-        params.documents.forEach((file) => {
-            formData.append('documents', file, file.name);
-        });
-        return endpoint.api.post('/v2/templates', formData, options).then((r) => r.data);
-    }
-    else {
-        return endpoint.api.post('/v2/templates', params, options).then((r) => r.data);
-    }
-};
+const getOrganizationChildren = (endpoint, organizationId) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}/children`)
+    .then((r) => r.data);
 /**
- * Duplicate a template. Creates a complete clone, including all settings (e.g. reminders), fields,
- * roles, and documents.
+ * Get an organization's usage data. If the organization is a parent, usage data for children
+ * will be included as well. The response will be a nested object keyed by organization ID,
+ * with each entry being a dictionary of usageType:count entries.
  *
  * ```typescript
- * import {duplicateTemplate} from '@verdocs/js-sdk/Templates';
+ * import {getOrganizationUsage} from '@verdocs/js-sdk';
  *
- * const newTemplate = await duplicateTemplate((VerdocsEndpoint.getDefault(), originalTemplateId, 'My Template Copy');
+ * const usage = await getOrganizationUsage(VerdocsEndpoint.getDefault(), 'ORGID');
  * ```
  *
- * @group Templates
- * @api PUT /v2/templates/:template_id Perform an operation on a template
- * @apiBody string(enum:'duplicate') action Action to perform
- * @apiBody string name? If duplicating the template, a name for the new copy
- * @apiSuccess ITemplate . The newly-copied template
+ * @group Organizations
+ * @api GET /v2/organizations/:organization_id/usage Get an organization's usage metrics
+ * @apiSuccess TOrganizationUsage . Usage data grouped by organization ID
  */
-const duplicateTemplate = (endpoint, templateId, name) => endpoint.api //
-    .put(`/v2/templates/${templateId}`, { action: 'duplicate', name })
+const getOrganizationUsage = (endpoint, organizationId, params) => endpoint.api //
+    .get(`/v2/organizations/${organizationId}/usage`, { params })
     .then((r) => r.data);
 /**
- * Create a template from a Sharepoint asset.
+ * Create an organization. The caller will be assigned an "Owner" profile in the new organization,
+ * and it will be set to "current" automatically. A new set of session tokens will be issued to
+ * the caller, and the caller should update their endpoint to use the new tokens.
  *
  * ```typescript
- * import {createTemplateFromSharepoint} from '@verdocs/js-sdk/Templates';
+ * import {createOrganization} from '@verdocs/js-sdk';
  *
- * const newTemplate = await createTemplateFromSharepoint((VerdocsEndpoint.getDefault(), {...});
+ * const organization = await createOrganization(VerdocsEndpoint.getDefault(), {name: 'NewOrg'});
  * ```
  *
- * @group Templates
- * @api POST /v2/templates/from-sharepoint Create a template from an asset in Sharepoint
- * @apiBody string name Name for the new template
- * @apiBody string siteId Name for the new template
- * @apiBody string itemId Name for the new template
- * @apiBody string oboToken On-Behalf-Of token for calls to Sharepoint. Should be generated as a short-expiration token with at least Read privileges to the siteId/itemId. This token will be discarded after being used.
- * @apiSuccess ITemplate . The newly-created template
+ * @group Organizations
+ * @api POST /v2/organizations Create organization
+ * @apiDescription The caller will be assigned an "Owner" profile in the new organization, and it will be set to "current" automatically. A new set of session tokens will be issued to  the caller, and the caller should update their endpoint to use the new tokens.
+ * @apiBody string name The name of the new organization
+ * @apiBody string parent_id? If set, the new organization will be created as a child of the specified parent organization. The caller must be an admin of the parent organization.
+ * @apiBody string contact_email? Contact email for the new organization
+ * @apiBody string url? URL for the new organization
+ * @apiBody string full_logo_url? URL of a large-format PNG logo
+ * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiSuccess IAuthenticateResponse . Authentication credentials for user in the new organization. The user will be made an Owner automatically.
  */
-const createTemplateFromSharepoint = (endpoint, params) => {
-    const options = {
-        timeout: 120000,
-    };
-    return endpoint.api.post('/v2/templates/from-sharepoint', params, options).then((r) => r.data);
-};
+const createOrganization = (endpoint, params) => endpoint.api //
+    .post(`/v2/organizations`, params)
+    .then((r) => r.data);
 /**
- * Update a template.
+ * Update an organization. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {updateTemplate} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganization} from '@verdocs/js-sdk';
  *
- * const updatedTemplate = await updateTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9', { name: 'New Name' });
+ * const organizations = await updateOrganization(VerdocsEndpoint.getDefault(), organizationId, {name:'ORGNAME'});
  * ```
  *
- * @group Templates
- * @api PATCH /v2/templates/:template_id Update a template
- * @apiBody string name? Template name
- * @apiBody string description? Optional description
- * @apiBody TTemplateVisibility visibility? Visibility setting
- * @apiBody boolean is_personal? Deprecated. If true, the template is personal and can only be seen by the caller. (Use "visibility" for new calls.)
- * @apiBody boolean is_public? Deprecated. If true, the template is public and can be seen by anybody. (Use "visibility" for new calls.)
- * @apiBody TTemplateSender sender? Who may send envelopes using this template
- * @apiBody number initial_reminder? Delay (in seconds) before the first reminder is sent (min: 4hrs). Set to 0 or null to disable.
- * @apiBody number followup_reminders? Delay (in seconds) before the subsequent reminders are sent (min: 12hrs). Set to 0 or null to disable.
- * @apiSuccess ITemplate . The updated template
+ * @group Organizations
+ * @api PATCH /v2/organizations/:organization_id Update organization
+ * @apiBody string name The name of the new organization
+ * @apiBody string contact_email? Contact email for the new organization
+ * @apiBody string url? URL for the new organization
+ * @apiBody string full_logo_url? URL of a large-format PNG logo
+ * @apiBody string thumbnail_url? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string primary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiBody string secondary_color? URL of a small-format (square is recommended) PNG logo
+ * @apiSuccess IOrganization . The details for the updated organization
  */
-const updateTemplate = (endpoint, templateId, params) => endpoint.api //
-    .patch(`/v2/templates/${templateId}`, params)
+const updateOrganization = (endpoint, organizationId, params) => endpoint.api //
+    .patch(`/v2/organizations/${organizationId}`, params)
     .then((r) => r.data);
 /**
- * Delete a template.
+ * Delete an organization. This can only be called by an owner. Inclusion of the organization ID to delete
+ * is just a safety check. The caller may only delete the organization they have currently selected.
  *
  * ```typescript
- * import {deleteTemplate} from '@verdocs/js-sdk/Templates';
+ * import {deleteOrganization} from '@verdocs/js-sdk';
  *
- * await deleteTemplate((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * const newSession = await deleteOrganization(VerdocsEndpoint.getDefault(), organizationId);
  * ```
  *
- * @group Templates
- * @api DELETE /v2/templates/:template_id Delete a template
- * @apiSuccess string . Success
+ * @group Organizations
+ * @api DELETE /v2/organizations/:organization_id Delete organization
+ * @apiSuccess IAuthenticateResponse . If the caller is a member of another organization, authentication credentials for the next organization available. If not, this will be null and the caller will be logged out.
  */
-const deleteTemplate = (endpoint, templateId) => endpoint.api //
-    .delete(`/v2/templates/${templateId}`)
+const deleteOrganization = (endpoint, organizationId) => endpoint.api //
+    .delete(`/v2/organizations/${organizationId}`)
     .then((r) => r.data);
 /**
- * Toggle the template star for a template.
+ * Update the organization's full or thumbnail logo. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {toggleTemplateStar} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationLogo} from '@verdocs/js-sdk';
  *
- * await toggleTemplateStar((VerdocsEndpoint.getDefault(), '83da3d70-7857-4392-b876-c4592a304bc9');
+ * await updateOrganizationLogo((VerdocsEndpoint.getDefault(), organizationId, file);
  * ```
  *
- * @group Templates
- * @api POST /v2/templates/:template_id/star Star or unstar a template (toggle state)
- * @apiSuccess ITemplate . Success
- */
-const toggleTemplateStar = (endpoint, templateId) => endpoint.api //
-    .post(`/v2/templates/${templateId}/stars/toggle`)
-    .then((r) => r.data);
-
-/**
- * A TemplateDocument represents a PDF or other attachment in a Template.
- *
- * @module
+ * @group Organizations
+ * @api PATCH /v2/organizations/:organization_id Update organization full or thumbnail logo.
+ * @apiBody image/png logo? Form-url-encoded file to upload
+ * @apiBody image/png thumbnail? Form-url-encoded file to upload
+ * @apiSuccess IOrganization . The updated organization.
  */
+const updateOrganizationLogo = (endpoint, organizationId, file, onUploadProgress) => {
+    const formData = new FormData();
+    formData.append('logo', file, file.name);
+    return endpoint.api //
+        .patch(`/v2/organizations/${organizationId}`, formData, {
+        timeout: 120000,
+        onUploadProgress: (event) => {
+            const total = event.total || 1;
+            const loaded = event.loaded || 0;
+            onUploadProgress?.(Math.floor((loaded * 100) / (total)), loaded, total);
+        },
+    })
+        .then((r) => r.data);
+};
 /**
- * Create a Document for a particular Template.
+ * Update the organization's thumbnail. This can only be called by an admin or owner.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {updateOrganizationThumbnail} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.createDocument((VerdocsEndpoint.getDefault(), templateID, params);
+ * await updateOrganizationThumbnail((VerdocsEndpoint.getDefault(), organizationId, file);
  * ```
- *
- * @group Template Documents
- * @api POST /v2/templates/:template_id/documents Attach a document to a template
- * @apiBody string(format:binary) file Document file to attach. The file name will automatically be used as the document name.
- * @apiSuccess ITemplateDocument . Template document
  */
-const createTemplateDocument = (endpoint, template_id, file, onUploadProgress) => {
+const updateOrganizationThumbnail = (endpoint, organizationId, file, onUploadProgress) => {
     const formData = new FormData();
-    formData.append('document', file, file.name);
-    formData.append('template_id', template_id);
+    formData.append('thumbnail', file, file.name);
     return endpoint.api //
-        .post(`/v2/template-documents`, formData, {
+        .patch(`/v2/organizations/${organizationId}`, formData, {
         timeout: 120000,
         onUploadProgress: (event) => {
             const total = event.total || 1;
@@ -3494,119 +3591,86 @@ const createTemplateDocument = (endpoint, template_id, file, onUploadProgress) =
     })
         .then((r) => r.data);
 };
+const getEntitlements = async (endpoint) => endpoint.api.get(`/v2/organizations/entitlements`).then((r) => r.data);
 /**
- * Delete a specific Document.
+ * Largely intended to be used internally by Web SDK components but may be informative for other cases.
+ * Entitlements are feature grants such as "ID-based KBA" that require paid contracts to enable, typically
+ * because the underlying services that support them are fee-based. Entitlements may run concurrently,
+ * and may have different start/end dates e.g. "ID-based KBA" may run 1/1/2026-12/31/2026 while
+ * "SMS Authentication" may be added later and run 6/1/2026-5/31/2027. The entitlements list is a simple
+ * array of enablements and may include entries that are not YET enabled or have now expired.
+ *
+ * In client code it is helpful to simply know "is XYZ feature currently enabled?" This function collapses
+ * the entitlements list to a simplified dictionary of current/active entitlements. Note that it is async
+ * because it calls the server to obtain the "most current" entitlements list. Existence of an entry in the
+ * resulting dictionary implies the feature is active. Metadata inside each entry can be used to determine
+ * limits, etc.
  *
  * ```typescript
- * import {TemplateDocument} from '@verdocs/js-sdk/Templates';
+ * import {getActiveEntitlements} from '@verdocs/js-sdk';
  *
- * await TemplateDocument.deleteDocument((VerdocsEndpoint.getDefault(), templateID, documentID);
+ * const activeEntitlements = await getActiveEntitlements((VerdocsEndpoint.getDefault());
+ * const isSMSEnabled = !!activeEntitlements.sms_auth;
+ * const monthlyKBALimit = activeEntitlements.kba_auth?.monthly_max;
  * ```
- *
- * @group Template Documents
- * @api DELETE /v2/templates/:temlate_id/documents/:document_id Delete a template document
- * @apiSuccess string . Success
  */
-const deleteTemplateDocument = (endpoint, templateId, documentId) => endpoint.api //
-    .delete(`/v2/templates/${templateId}/documents/${documentId}`)
-    .then((r) => r.data);
+const getActiveEntitlements = async (endpoint) => {
+    if (!endpoint.session) {
+        throw new Error('No active session');
+    }
+    const entitlements = await getEntitlements(endpoint);
+    return collapseEntitlements(entitlements);
+};
+
 /**
- * Get all metadata for a template document. Note that when called by non-creators (e.g. Org Collaborators)
- * this will return only the **metadata** the caller is allowed to view.
+ * Webhooks are callback triggers from Verdocs to your servers that notify your applications
+ * of various events, such as signing operations.
  *
- * @group Template Documents
- * @api GET /v2/envelope-documents/:id Get envelope document
- * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
- * @apiSuccess IEnvelopeDocument . The detailed metadata for the document requested
- */
-const getTemplateDocument = async (endpoint, documentId) => endpoint.api //
-    .get(`/v2/template-documents/${documentId}`)
-    .then((r) => r.data);
-/**
- * Download a document directly.
+ * @module
  */
-const downloadTemplateDocument = async (endpoint, documentId) => endpoint.api //
-    .get(`/v2/template-documents/${documentId}?type=file`, { responseType: 'blob' })
-    .then((r) => r.data);
 /**
- * Get an envelope document's metadata, or the document itself. If no "type" parameter is specified,
- * the document metadata is returned. If "type" is set to "file", the document binary content is
- * returned with Content-Type set to the MIME type of the file. If "type" is set to "download", a
- * string download link will be returned. If "type" is set to "preview" a string preview link will
- * be returned. This link expires quickly, so it should be accessed immediately and never shared.
+ * Get the registered Webhook configuration for the caller's organization.
  *
- * @group Template Documents
- * @api GET /v2/envelope-documents/:document_id Preview, Download, or Link to a Document
- * @apiParam string(format: 'uuid') document_id The ID of the document to retrieve.
- * @apiQuery string(enum:'file'|'download'|'preview') type? Download the file directly, generate a download link, or generate a preview link.
- * @apiSuccess string . The generated link.
- */
-const getTemplateDocumentDownloadLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
-    .get(`/v2/template-documents/${documentId}?type=download`)
-    .then((r) => r.data);
-/**
- * Get a pre-signed preview link for an Envelope Document. This link expires quickly, so it should
- * be accessed immediately and never shared. Content-Disposition will be set to "inline".
- */
-const getTemplateDocumentPreviewLink = async (endpoint, _envelopeId, documentId) => endpoint.api //
-    .get(`/v2/envelope-documents/${documentId}?type=preview`)
-    .then((r) => r.data);
-/**
- * Get (binary download) a file attached to a Template. It is important to use this method
- * rather than a direct A HREF or similar link to set the authorization headers for the
- * request.
+ * ```typescript
+ * import {getWebhooks} from '@verdocs/js-sdk';
+ *
+ * await getWebhooks(ORGID, params);
+ * ```
+ *
+ * @group Webhooks
+ * @api GET /v2/webhooks Get organization Webhooks config
+ * @apiSuccess IWebhook . The current Webhooks config for the caller's organization.
  */
-const getTemplateDocumentFile = async (endpoint, templateId, documentId) => endpoint.api //
-    .get(`/v2/templates/${templateId}/documents/${documentId}?file=true`, { responseType: 'blob' })
+const getWebhooks = (endpoint) => endpoint.api //
+    .get(`/v2/webhooks`)
     .then((r) => r.data);
 /**
- * Get (binary download) a file attached to a Template. It is important to use this method
- * rather than a direct A HREF or similar link to set the authorization headers for the
- * request.
+ * Update the registered Webhook configuration for the caller's organization. Note that
+ * Webhooks cannot currently be deleted, but may be easily disabled by setting `active`
+ * to `false` and/or setting the `url` to an empty string.
+ *
+ * ```typescript
+ * import {setWebhooks} from '@verdocs/js-sdk';
+ *
+ * await setWebhooks(ORGID, params);
+ * ```
+ *
+ * @group Webhooks
+ * @api PATCH /v2/webhooks Update organization Webhooks config
+ * @apiDescription Note that Webhooks cannot currently be deleted, but may be easily disabled by setting `active` to `false` and/or setting the `url` to an empty string.
+ * @apiBody string url URL to send Webhook events to. An empty or invalid URL will disable Webhook calls.
+ * @apiBody boolean active Set to true to enable Webhooks calls.
+ * @apiBody object events Record<TWebhookEvent, boolean> map of events to enable/disable.
+ * @apiSuccess IWebhook . The updated Webhooks config for the caller's organization.
  */
-const getTemplateDocumentThumbnail = async (endpoint, templateId, documentId) => endpoint.api //
-    .get(`/v2/templates/${templateId}/documents/${documentId}?thumbnail=true`, { responseType: 'blob' })
+const setWebhooks = (endpoint, params) => endpoint.api //
+    .patch(`/v2/webhooks`, params)
     .then((r) => r.data);
-/**
- * Get a display URI for a given page in a file attached to a template document. These pages are rendered server-side
- * into PNG resources suitable for display in IMG tags although they may be used elsewhere. Note that these are intended
- * for DISPLAY ONLY, are not legally binding documents, and do not contain any encoded metadata from participants. The
- * original asset may be obtained by calling `getTemplateDocumentFile()` or similar.
- */
-const getTemplateDocumentPageDisplayUri = async (endpoint, documentId, page, variant = 'original') => endpoint.api.get(`/v2/template-documents/page-image/${documentId}/${variant}/${page}`, { timeout: 20000 }).then((r) => r.data);
-
-const EMAIL_REGEX = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-// @see https://www.regextester.com/1978
-const PHONE_REGEX = /((?:\+|00)[17](?: |\-)?|(?:\+|00)[1-9]\d{0,2}(?: |\-)?|(?:\+|00)1\-\d{3}(?: |\-)?)?(0\d|\([0-9]{3}\)|[1-9]{0,3})(?:((?: |\-)[0-9]{2}){4}|((?:[0-9]{2}){4})|((?: |\-)[0-9]{3}(?: |\-)[0-9]{4})|([0-9]{7}))/;
-const URL_REGEX = /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/;
-const POSTAL_CODE_REGEX = /^[A-Za-z0-9-\s]{3,10}$/;
-const NUMBER_REGEX = /^\d+$/;
-const DATE_REGEX = /^(\d{4}[-\/]\d{2}[-\/]\d{2})|(\d{2}[-\/]\d{2}[-\/]\d{4})$/;
-const VALIDATORS = {
-    email: { regex: EMAIL_REGEX, label: 'Email Address' },
-    phone: { regex: PHONE_REGEX, label: 'Phone Number' },
-    url: { regex: URL_REGEX, label: 'URL' },
-    postal_code: { regex: POSTAL_CODE_REGEX, label: 'Zip/Postal Code' },
-    number: { regex: NUMBER_REGEX, label: 'Number' },
-    date: { regex: DATE_REGEX, label: 'Date' },
-};
-const isValidInput = (value, validator) => Object.keys(VALIDATORS).includes(validator) && VALIDATORS[validator].regex.test(value);
-/**
- * Get a list of available validators for field inputs. Note that validators always check strings,
- * because that is all a user can enter in an HTML input field. Numeric-format validators should
- * perform any necessary conversions internally. Validators never throw - they just return a boolean.
- * indicating whether the value is valid.
- */
-const getValidators = () => Object.keys(VALIDATORS);
-const isValidEmail = (email) => !!email && EMAIL_REGEX.test(email);
-const isValidPhone = (phone) => !!phone && PHONE_REGEX.test(phone);
-const isValidRoleName = (value, roles) => roles.findIndex((role) => role.name === value) !== -1;
-const TagRegEx = /^[a-zA-Z0-9-]{0,32}$/;
-const isValidTag = (value, tags) => TagRegEx.test(value) || tags.findIndex((tag) => tag === value) !== -1;
 
 exports.ALL_PERMISSIONS = ALL_PERMISSIONS;
 exports.AtoB = AtoB;
 exports.Countries = Countries;
+exports.DEFAULT_DISCLOSURES = DEFAULT_DISCLOSURES;
 exports.DEFAULT_FIELD_HEIGHTS = DEFAULT_FIELD_HEIGHTS;
 exports.DEFAULT_FIELD_WIDTHS = DEFAULT_FIELD_WIDTHS;
 exports.FIELD_TYPES = FIELD_TYPES;
@@ -3724,6 +3788,8 @@ exports.isCanada = isCanada;
 exports.isDominicanRepublic = isDominicanRepublic;
 exports.isEnvelopeOwner = isEnvelopeOwner;
 exports.isEnvelopeRecipient = isEnvelopeRecipient;
+exports.isFieldFilled = isFieldFilled;
+exports.isFieldValid = isFieldValid;
 exports.isFrenchGuiana = isFrenchGuiana;
 exports.isGuadeloupe = isGuadeloupe;
 exports.isMartinique = isMartinique;