@waffo/pancake-ts 0.1.3 → 0.1.7

package/dist/index.d.cts

@@ -7,6 +7,16 @@ interface WaffoPancakeConfig {
     baseUrl?: string;
     /** Custom fetch implementation (default: global fetch) */
     fetch?: typeof fetch;
+    /**
+     * Custom RSA public key(s) for webhook signature verification.
+     *
+     * - `string` — single key used for both test and prod environments
+     * - `{ test?, prod? }` — per-environment keys
+     *
+     * Resolution order per environment: config key → env var → built-in key.
+     * @see {@link VerifyWebhookOptions} for per-call overrides
+     */
+    webhookPublicKey?: WebhookPublicKeys;
 }
 /**
  * Single error object within the `errors` array.
@@ -239,7 +249,6 @@ interface CheckoutThemeSettings {
     checkoutColorBackground: string;
     checkoutColorCard: string;
     checkoutColorText: string;
-    checkoutColorTextSecondary: string;
     checkoutBorderRadius: string;
 }
 /**
@@ -247,6 +256,7 @@ interface CheckoutThemeSettings {
  * @see waffo-pancake-store-service/app/lib/types.ts
  */
 interface CheckoutSettings {
+    defaultDarkMode: boolean;
     light: CheckoutThemeSettings;
     dark: CheckoutThemeSettings;
 }
@@ -262,7 +272,6 @@ interface Store {
     supportEmail: string | null;
     website: string | null;
     slug: string | null;
-    isPublic: boolean;
     prodEnabled: boolean;
     webhookSettings: WebhookSettings | null;
     notificationSettings: NotificationSettings | null;
@@ -283,9 +292,6 @@ interface UpdateStoreParams {
     name?: string;
     status?: EntityStatus;
     logo?: string | null;
-    supportEmail?: string | null;
-    website?: string | null;
-    isPublic?: boolean;
     webhookSettings?: WebhookSettings | null;
     notificationSettings?: NotificationSettings | null;
     checkoutSettings?: CheckoutSettings | null;
@@ -343,17 +349,15 @@ interface UpdateRoleResult {
  *
  * @example
  * // USD $9.99
- * { amount: 999, taxIncluded: true, taxCategory: "saas" }
+ * { amount: 999, taxCategory: "saas" }
  *
  * @example
  * // JPY ¥1000
- * { amount: 1000, taxIncluded: false, taxCategory: "software" }
+ * { amount: 1000, taxCategory: "software" }
  */
 interface PriceInfo {
     /** Price amount in smallest currency unit */
     amount: number;
-    /** Whether the price is tax-inclusive */
-    taxIncluded: boolean;
     /** Tax category */
     taxCategory: TaxCategory;
 }
@@ -364,8 +368,8 @@ interface PriceInfo {
  *
  * @example
  * {
- *   "USD": { amount: 999, taxIncluded: true, taxCategory: "saas" },
- *   "EUR": { amount: 899, taxIncluded: true, taxCategory: "saas" }
+ *   "USD": { amount: 999, taxCategory: "saas" },
+ *   "EUR": { amount: 899, taxCategory: "saas" }
  * }
  */
 type Prices = Record<string, PriceInfo>;
@@ -576,13 +580,13 @@ interface BillingDetail {
     country: string;
     /** Whether this is a business purchase */
     isBusiness: boolean;
-    /** Postal / ZIP code */
+    /** Postal / ZIP code (required for US, at least one of postcode/state for CA) */
     postcode?: string;
-    /** State / province code (required for US/CA) */
+    /** State / province code (at least one of state/postcode for CA) */
     state?: string;
-    /** Business name (required when isBusiness=true) */
+    /** Business name (recommended for invoicing, does not affect tax calculation) */
     businessName?: string;
-    /** Tax ID (required for EU businesses) */
+    /** Tax ID / VAT number (EU businesses: triggers reverse charge 0% when provided) */
     taxId?: string;
 }
 /**
@@ -591,7 +595,7 @@ interface BillingDetail {
  */
 interface CreateCheckoutSessionParams {
     /** Store ID */
-    storeId?: string;
+    storeId: string;
     /** Product ID */
     productId: string;
     /** Product type */
@@ -608,8 +612,10 @@ interface CreateCheckoutSessionParams {
     billingDetail?: BillingDetail;
     /** Redirect URL after successful payment */
     successUrl?: string;
-    /** Session expiration in seconds (default: 7 days) */
+    /** Session expiration in seconds (default: 45 minutes) */
     expiresInSeconds?: number;
+    /** Dark mode override (true=dark, false=light, omit=use store default) */
+    darkMode?: boolean;
     /** Custom metadata */
     metadata?: Record<string, string>;
 }
@@ -713,11 +719,22 @@ interface WebhookEvent<T = WebhookEventData> {
     /** Event data */
     data: T;
 }
+/**
+ * Webhook public key configuration.
+ *
+ * - `string` — single key used for both test and prod environments
+ * - `{ test?, prod? }` — per-environment keys
+ */
+type WebhookPublicKeys = string | {
+    test?: string;
+    prod?: string;
+};
 /** Options for {@link verifyWebhook}. */
 interface VerifyWebhookOptions {
     /**
      * Specify which environment's public key to use for verification.
      * When omitted, both keys are tried automatically (prod first).
+     * Ignored when `publicKey` is provided.
      */
     environment?: `${Environment}`;
     /**
@@ -726,6 +743,24 @@ interface VerifyWebhookOptions {
      * @default 300000 (5 minutes)
      */
     toleranceMs?: number;
+    /**
+     * Per-call public key override (highest priority).
+     * When provided, skips all other key resolution (config, env vars, built-in).
+     */
+    publicKey?: string;
+    /**
+     * Config-level public key(s) for the resolution chain.
+     * When using `client.webhooks.verify()`, this is set automatically from `WaffoPancakeConfig.webhookPublicKey`.
+     * When using the standalone `verifyWebhook()`, you can pass this directly for config-level key injection.
+     *
+     * Resolution order per environment:
+     * 1. `publicKey` (per-call override)
+     * 2. `publicKeys[env]` or `publicKeys` (config)
+     * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` (env var)
+     * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` (env var)
+     * 5. Built-in hardcoded key
+     */
+    publicKeys?: WebhookPublicKeys;
 }
 
 /**
@@ -836,7 +871,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.create({
      *   storeId: "store_xxx",
      *   name: "E-Book",
-     *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
      * });
      */
     create(params: CreateOnetimeProductParams): Promise<{
@@ -852,7 +887,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.update({
      *   id: "prod_xxx",
      *   name: "E-Book v2",
-     *   prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
      * });
      */
     update(params: UpdateOnetimeProductParams): Promise<{
@@ -982,7 +1017,6 @@ declare class StoresResource {
      * const { store } = await client.stores.update({
      *   id: "store_xxx",
      *   name: "Updated Name",
-     *   supportEmail: "help@example.com",
      * });
      */
     update(params: UpdateStoreParams): Promise<{
@@ -1079,7 +1113,7 @@ declare class SubscriptionProductsResource {
      *   storeId: "store_xxx",
      *   name: "Pro Plan",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 999, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 999, taxCategory: "saas" } },
      * });
      */
     create(params: CreateSubscriptionProductParams): Promise<{
@@ -1096,7 +1130,7 @@ declare class SubscriptionProductsResource {
      *   id: "prod_xxx",
      *   name: "Pro Plan v2",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 1499, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 1499, taxCategory: "saas" } },
      * });
      */
     update(params: UpdateSubscriptionProductParams): Promise<{
@@ -1131,6 +1165,46 @@ declare class SubscriptionProductsResource {
     }>;
 }
 
+/**
+ * Webhook signature verification resource.
+ *
+ * Unlike other resources, this does not use HttpClient — webhook verification
+ * is a local cryptographic operation that does not require API calls.
+ */
+declare class WebhooksResource {
+    private readonly publicKeys;
+    /** @param publicKeys - Optional config-level public key(s) from WaffoPancakeConfig */
+    constructor(publicKeys: WebhookPublicKeys | undefined);
+    /**
+     * Verify and parse an incoming webhook event.
+     *
+     * Key resolution order:
+     * 1. `options.publicKey` — per-call override (highest priority)
+     * 2. `config.webhookPublicKey[env]` or `config.webhookPublicKey` (string)
+     * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` environment variable
+     * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` environment variable
+     * 5. Built-in hardcoded key
+     *
+     * @param payload - Raw request body string (must be unparsed)
+     * @param signatureHeader - Value of the `X-Waffo-Signature` header
+     * @param options - Verification options (optional)
+     * @returns Parsed webhook event
+     * @throws Error if signature is invalid, header is malformed, or timestamp is stale
+     *
+     * @example
+     * const event = client.webhooks.verify(rawBody, signatureHeader);
+     *
+     * @example
+     * // Specify environment
+     * const event = client.webhooks.verify(rawBody, sig, { environment: "test" });
+     *
+     * @example
+     * // Per-call key override
+     * const event = client.webhooks.verify(rawBody, sig, { publicKey: oneOffKey });
+     */
+    verify<T = Record<string, unknown>>(payload: string, signatureHeader: string | undefined | null, options?: VerifyWebhookOptions): WebhookEvent<T>;
+}
+
 /**
  * Waffo Pancake TypeScript SDK client.
  *
@@ -1152,7 +1226,7 @@ declare class SubscriptionProductsResource {
  * const { product } = await client.onetimeProducts.create({
  *   storeId: store.id,
  *   name: "E-Book",
- *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+ *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
  * });
  *
  * // Create a checkout session
@@ -1168,6 +1242,18 @@ declare class SubscriptionProductsResource {
  * const result = await client.graphql.query({
  *   query: `query { stores { id name status } }`,
  * });
+ *
+ * @example
+ * // Per-environment webhook public keys
+ * const client = new WaffoPancake({
+ *   merchantId: "...",
+ *   privateKey: "...",
+ *   webhookPublicKey: {
+ *     test: process.env.WAFFO_TEST_PUB_KEY!,
+ *     prod: process.env.WAFFO_PROD_PUB_KEY!,
+ *   },
+ * });
+ * const event = client.webhooks.verify(rawBody, signatureHeader);
  */
 declare class WaffoPancake {
     private readonly http;
@@ -1180,6 +1266,7 @@ declare class WaffoPancake {
     readonly orders: OrdersResource;
     readonly checkout: CheckoutResource;
     readonly graphql: GraphQLResource;
+    readonly webhooks: WebhooksResource;
     constructor(config: WaffoPancakeConfig);
 }
 
@@ -1205,8 +1292,12 @@ declare class WaffoPancakeError extends Error {
 /**
  * Verify and parse an incoming Waffo Pancake webhook event.
  *
- * Uses built-in Waffo public keys (RSA-SHA256) for signature verification.
- * Test and production environments use different key pairs; both are embedded in the SDK.
+ * Public key resolution (per environment):
+ * 1. `options.publicKey` — per-call override (highest priority, skips all other resolution)
+ * 2. `options.publicKeys[env]` or `options.publicKeys` (string) — config-level
+ * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` environment variable
+ * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` environment variable
+ * 5. Built-in hardcoded key
  *
  * Behavior:
  * - Parses the `X-Waffo-Signature` header (`t=<timestamp>,v1=<base64sig>`)
@@ -1255,4 +1346,4 @@ declare class WaffoPancakeError extends Error {
  */
 declare function verifyWebhook<T = Record<string, unknown>>(payload: string, signatureHeader: string | undefined | null, options?: VerifyWebhookOptions): WebhookEvent<T>;
 
-export { type AddMerchantParams, type AddMerchantResult, type ApiError, type ApiErrorResponse, type ApiResponse, type ApiSuccessResponse, type BillingDetail, BillingPeriod, type CancelSubscriptionParams, type CancelSubscriptionResult, CheckoutSessionProductType, type CheckoutSessionResult, type CheckoutSettings, type CheckoutThemeSettings, type CreateCheckoutSessionParams, type CreateOnetimeProductParams, type CreateStoreParams, type CreateSubscriptionProductGroupParams, type CreateSubscriptionProductParams, type DeleteStoreParams, type DeleteSubscriptionProductGroupParams, EntityStatus, Environment, ErrorLayer, type GraphQLParams, type GraphQLResponse, type GroupRules, type IssueSessionTokenParams, type MediaItem, MediaType, type NotificationSettings, OnetimeOrderStatus, type OnetimeProductDetail, PaymentStatus, type PriceInfo, type Prices, ProductVersionStatus, type PublishOnetimeProductParams, type PublishSubscriptionProductGroupParams, type PublishSubscriptionProductParams, RefundStatus, RefundTicketStatus, type RemoveMerchantParams, type RemoveMerchantResult, type SessionToken, type Store, StoreRole, SubscriptionOrderStatus, type SubscriptionProductDetail, type SubscriptionProductGroup, TaxCategory, type UpdateOnetimeProductParams, type UpdateOnetimeStatusParams, type UpdateRoleParams, type UpdateRoleResult, type UpdateStoreParams, type UpdateSubscriptionProductGroupParams, type UpdateSubscriptionProductParams, type UpdateSubscriptionStatusParams, type VerifyWebhookOptions, WaffoPancake, type WaffoPancakeConfig, WaffoPancakeError, type WebhookEvent, type WebhookEventData, WebhookEventType, type WebhookSettings, verifyWebhook };
+export { type AddMerchantParams, type AddMerchantResult, type ApiError, type ApiErrorResponse, type ApiResponse, type ApiSuccessResponse, type BillingDetail, BillingPeriod, type CancelSubscriptionParams, type CancelSubscriptionResult, CheckoutSessionProductType, type CheckoutSessionResult, type CheckoutSettings, type CheckoutThemeSettings, type CreateCheckoutSessionParams, type CreateOnetimeProductParams, type CreateStoreParams, type CreateSubscriptionProductGroupParams, type CreateSubscriptionProductParams, type DeleteStoreParams, type DeleteSubscriptionProductGroupParams, EntityStatus, Environment, ErrorLayer, type GraphQLParams, type GraphQLResponse, type GroupRules, type IssueSessionTokenParams, type MediaItem, MediaType, type NotificationSettings, OnetimeOrderStatus, type OnetimeProductDetail, PaymentStatus, type PriceInfo, type Prices, ProductVersionStatus, type PublishOnetimeProductParams, type PublishSubscriptionProductGroupParams, type PublishSubscriptionProductParams, RefundStatus, RefundTicketStatus, type RemoveMerchantParams, type RemoveMerchantResult, type SessionToken, type Store, StoreRole, SubscriptionOrderStatus, type SubscriptionProductDetail, type SubscriptionProductGroup, TaxCategory, type UpdateOnetimeProductParams, type UpdateOnetimeStatusParams, type UpdateRoleParams, type UpdateRoleResult, type UpdateStoreParams, type UpdateSubscriptionProductGroupParams, type UpdateSubscriptionProductParams, type UpdateSubscriptionStatusParams, type VerifyWebhookOptions, WaffoPancake, type WaffoPancakeConfig, WaffoPancakeError, type WebhookEvent, type WebhookEventData, WebhookEventType, type WebhookPublicKeys, type WebhookSettings, verifyWebhook };

package/dist/index.d.ts

@@ -7,6 +7,16 @@ interface WaffoPancakeConfig {
     baseUrl?: string;
     /** Custom fetch implementation (default: global fetch) */
     fetch?: typeof fetch;
+    /**
+     * Custom RSA public key(s) for webhook signature verification.
+     *
+     * - `string` — single key used for both test and prod environments
+     * - `{ test?, prod? }` — per-environment keys
+     *
+     * Resolution order per environment: config key → env var → built-in key.
+     * @see {@link VerifyWebhookOptions} for per-call overrides
+     */
+    webhookPublicKey?: WebhookPublicKeys;
 }
 /**
  * Single error object within the `errors` array.
@@ -239,7 +249,6 @@ interface CheckoutThemeSettings {
     checkoutColorBackground: string;
     checkoutColorCard: string;
     checkoutColorText: string;
-    checkoutColorTextSecondary: string;
     checkoutBorderRadius: string;
 }
 /**
@@ -247,6 +256,7 @@ interface CheckoutThemeSettings {
  * @see waffo-pancake-store-service/app/lib/types.ts
  */
 interface CheckoutSettings {
+    defaultDarkMode: boolean;
     light: CheckoutThemeSettings;
     dark: CheckoutThemeSettings;
 }
@@ -262,7 +272,6 @@ interface Store {
     supportEmail: string | null;
     website: string | null;
     slug: string | null;
-    isPublic: boolean;
     prodEnabled: boolean;
     webhookSettings: WebhookSettings | null;
     notificationSettings: NotificationSettings | null;
@@ -283,9 +292,6 @@ interface UpdateStoreParams {
     name?: string;
     status?: EntityStatus;
     logo?: string | null;
-    supportEmail?: string | null;
-    website?: string | null;
-    isPublic?: boolean;
     webhookSettings?: WebhookSettings | null;
     notificationSettings?: NotificationSettings | null;
     checkoutSettings?: CheckoutSettings | null;
@@ -343,17 +349,15 @@ interface UpdateRoleResult {
  *
  * @example
  * // USD $9.99
- * { amount: 999, taxIncluded: true, taxCategory: "saas" }
+ * { amount: 999, taxCategory: "saas" }
  *
  * @example
  * // JPY ¥1000
- * { amount: 1000, taxIncluded: false, taxCategory: "software" }
+ * { amount: 1000, taxCategory: "software" }
  */
 interface PriceInfo {
     /** Price amount in smallest currency unit */
     amount: number;
-    /** Whether the price is tax-inclusive */
-    taxIncluded: boolean;
     /** Tax category */
     taxCategory: TaxCategory;
 }
@@ -364,8 +368,8 @@ interface PriceInfo {
  *
  * @example
  * {
- *   "USD": { amount: 999, taxIncluded: true, taxCategory: "saas" },
- *   "EUR": { amount: 899, taxIncluded: true, taxCategory: "saas" }
+ *   "USD": { amount: 999, taxCategory: "saas" },
+ *   "EUR": { amount: 899, taxCategory: "saas" }
  * }
  */
 type Prices = Record<string, PriceInfo>;
@@ -576,13 +580,13 @@ interface BillingDetail {
     country: string;
     /** Whether this is a business purchase */
     isBusiness: boolean;
-    /** Postal / ZIP code */
+    /** Postal / ZIP code (required for US, at least one of postcode/state for CA) */
     postcode?: string;
-    /** State / province code (required for US/CA) */
+    /** State / province code (at least one of state/postcode for CA) */
     state?: string;
-    /** Business name (required when isBusiness=true) */
+    /** Business name (recommended for invoicing, does not affect tax calculation) */
     businessName?: string;
-    /** Tax ID (required for EU businesses) */
+    /** Tax ID / VAT number (EU businesses: triggers reverse charge 0% when provided) */
     taxId?: string;
 }
 /**
@@ -591,7 +595,7 @@ interface BillingDetail {
  */
 interface CreateCheckoutSessionParams {
     /** Store ID */
-    storeId?: string;
+    storeId: string;
     /** Product ID */
     productId: string;
     /** Product type */
@@ -608,8 +612,10 @@ interface CreateCheckoutSessionParams {
     billingDetail?: BillingDetail;
     /** Redirect URL after successful payment */
     successUrl?: string;
-    /** Session expiration in seconds (default: 7 days) */
+    /** Session expiration in seconds (default: 45 minutes) */
     expiresInSeconds?: number;
+    /** Dark mode override (true=dark, false=light, omit=use store default) */
+    darkMode?: boolean;
     /** Custom metadata */
     metadata?: Record<string, string>;
 }
@@ -713,11 +719,22 @@ interface WebhookEvent<T = WebhookEventData> {
     /** Event data */
     data: T;
 }
+/**
+ * Webhook public key configuration.
+ *
+ * - `string` — single key used for both test and prod environments
+ * - `{ test?, prod? }` — per-environment keys
+ */
+type WebhookPublicKeys = string | {
+    test?: string;
+    prod?: string;
+};
 /** Options for {@link verifyWebhook}. */
 interface VerifyWebhookOptions {
     /**
      * Specify which environment's public key to use for verification.
      * When omitted, both keys are tried automatically (prod first).
+     * Ignored when `publicKey` is provided.
      */
     environment?: `${Environment}`;
     /**
@@ -726,6 +743,24 @@ interface VerifyWebhookOptions {
      * @default 300000 (5 minutes)
      */
     toleranceMs?: number;
+    /**
+     * Per-call public key override (highest priority).
+     * When provided, skips all other key resolution (config, env vars, built-in).
+     */
+    publicKey?: string;
+    /**
+     * Config-level public key(s) for the resolution chain.
+     * When using `client.webhooks.verify()`, this is set automatically from `WaffoPancakeConfig.webhookPublicKey`.
+     * When using the standalone `verifyWebhook()`, you can pass this directly for config-level key injection.
+     *
+     * Resolution order per environment:
+     * 1. `publicKey` (per-call override)
+     * 2. `publicKeys[env]` or `publicKeys` (config)
+     * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` (env var)
+     * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` (env var)
+     * 5. Built-in hardcoded key
+     */
+    publicKeys?: WebhookPublicKeys;
 }
 
 /**
@@ -836,7 +871,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.create({
      *   storeId: "store_xxx",
      *   name: "E-Book",
-     *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
      * });
      */
     create(params: CreateOnetimeProductParams): Promise<{
@@ -852,7 +887,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.update({
      *   id: "prod_xxx",
      *   name: "E-Book v2",
-     *   prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
      * });
      */
     update(params: UpdateOnetimeProductParams): Promise<{
@@ -982,7 +1017,6 @@ declare class StoresResource {
      * const { store } = await client.stores.update({
      *   id: "store_xxx",
      *   name: "Updated Name",
-     *   supportEmail: "help@example.com",
      * });
      */
     update(params: UpdateStoreParams): Promise<{
@@ -1079,7 +1113,7 @@ declare class SubscriptionProductsResource {
      *   storeId: "store_xxx",
      *   name: "Pro Plan",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 999, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 999, taxCategory: "saas" } },
      * });
      */
     create(params: CreateSubscriptionProductParams): Promise<{
@@ -1096,7 +1130,7 @@ declare class SubscriptionProductsResource {
      *   id: "prod_xxx",
      *   name: "Pro Plan v2",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 1499, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 1499, taxCategory: "saas" } },
      * });
      */
     update(params: UpdateSubscriptionProductParams): Promise<{
@@ -1131,6 +1165,46 @@ declare class SubscriptionProductsResource {
     }>;
 }
 
+/**
+ * Webhook signature verification resource.
+ *
+ * Unlike other resources, this does not use HttpClient — webhook verification
+ * is a local cryptographic operation that does not require API calls.
+ */
+declare class WebhooksResource {
+    private readonly publicKeys;
+    /** @param publicKeys - Optional config-level public key(s) from WaffoPancakeConfig */
+    constructor(publicKeys: WebhookPublicKeys | undefined);
+    /**
+     * Verify and parse an incoming webhook event.
+     *
+     * Key resolution order:
+     * 1. `options.publicKey` — per-call override (highest priority)
+     * 2. `config.webhookPublicKey[env]` or `config.webhookPublicKey` (string)
+     * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` environment variable
+     * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` environment variable
+     * 5. Built-in hardcoded key
+     *
+     * @param payload - Raw request body string (must be unparsed)
+     * @param signatureHeader - Value of the `X-Waffo-Signature` header
+     * @param options - Verification options (optional)
+     * @returns Parsed webhook event
+     * @throws Error if signature is invalid, header is malformed, or timestamp is stale
+     *
+     * @example
+     * const event = client.webhooks.verify(rawBody, signatureHeader);
+     *
+     * @example
+     * // Specify environment
+     * const event = client.webhooks.verify(rawBody, sig, { environment: "test" });
+     *
+     * @example
+     * // Per-call key override
+     * const event = client.webhooks.verify(rawBody, sig, { publicKey: oneOffKey });
+     */
+    verify<T = Record<string, unknown>>(payload: string, signatureHeader: string | undefined | null, options?: VerifyWebhookOptions): WebhookEvent<T>;
+}
+
 /**
  * Waffo Pancake TypeScript SDK client.
  *
@@ -1152,7 +1226,7 @@ declare class SubscriptionProductsResource {
  * const { product } = await client.onetimeProducts.create({
  *   storeId: store.id,
  *   name: "E-Book",
- *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+ *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
  * });
  *
  * // Create a checkout session
@@ -1168,6 +1242,18 @@ declare class SubscriptionProductsResource {
  * const result = await client.graphql.query({
  *   query: `query { stores { id name status } }`,
  * });
+ *
+ * @example
+ * // Per-environment webhook public keys
+ * const client = new WaffoPancake({
+ *   merchantId: "...",
+ *   privateKey: "...",
+ *   webhookPublicKey: {
+ *     test: process.env.WAFFO_TEST_PUB_KEY!,
+ *     prod: process.env.WAFFO_PROD_PUB_KEY!,
+ *   },
+ * });
+ * const event = client.webhooks.verify(rawBody, signatureHeader);
  */
 declare class WaffoPancake {
     private readonly http;
@@ -1180,6 +1266,7 @@ declare class WaffoPancake {
     readonly orders: OrdersResource;
     readonly checkout: CheckoutResource;
     readonly graphql: GraphQLResource;
+    readonly webhooks: WebhooksResource;
     constructor(config: WaffoPancakeConfig);
 }
 
@@ -1205,8 +1292,12 @@ declare class WaffoPancakeError extends Error {
 /**
  * Verify and parse an incoming Waffo Pancake webhook event.
  *
- * Uses built-in Waffo public keys (RSA-SHA256) for signature verification.
- * Test and production environments use different key pairs; both are embedded in the SDK.
+ * Public key resolution (per environment):
+ * 1. `options.publicKey` — per-call override (highest priority, skips all other resolution)
+ * 2. `options.publicKeys[env]` or `options.publicKeys` (string) — config-level
+ * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` environment variable
+ * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` environment variable
+ * 5. Built-in hardcoded key
  *
  * Behavior:
  * - Parses the `X-Waffo-Signature` header (`t=<timestamp>,v1=<base64sig>`)
@@ -1255,4 +1346,4 @@ declare class WaffoPancakeError extends Error {
  */
 declare function verifyWebhook<T = Record<string, unknown>>(payload: string, signatureHeader: string | undefined | null, options?: VerifyWebhookOptions): WebhookEvent<T>;
 
-export { type AddMerchantParams, type AddMerchantResult, type ApiError, type ApiErrorResponse, type ApiResponse, type ApiSuccessResponse, type BillingDetail, BillingPeriod, type CancelSubscriptionParams, type CancelSubscriptionResult, CheckoutSessionProductType, type CheckoutSessionResult, type CheckoutSettings, type CheckoutThemeSettings, type CreateCheckoutSessionParams, type CreateOnetimeProductParams, type CreateStoreParams, type CreateSubscriptionProductGroupParams, type CreateSubscriptionProductParams, type DeleteStoreParams, type DeleteSubscriptionProductGroupParams, EntityStatus, Environment, ErrorLayer, type GraphQLParams, type GraphQLResponse, type GroupRules, type IssueSessionTokenParams, type MediaItem, MediaType, type NotificationSettings, OnetimeOrderStatus, type OnetimeProductDetail, PaymentStatus, type PriceInfo, type Prices, ProductVersionStatus, type PublishOnetimeProductParams, type PublishSubscriptionProductGroupParams, type PublishSubscriptionProductParams, RefundStatus, RefundTicketStatus, type RemoveMerchantParams, type RemoveMerchantResult, type SessionToken, type Store, StoreRole, SubscriptionOrderStatus, type SubscriptionProductDetail, type SubscriptionProductGroup, TaxCategory, type UpdateOnetimeProductParams, type UpdateOnetimeStatusParams, type UpdateRoleParams, type UpdateRoleResult, type UpdateStoreParams, type UpdateSubscriptionProductGroupParams, type UpdateSubscriptionProductParams, type UpdateSubscriptionStatusParams, type VerifyWebhookOptions, WaffoPancake, type WaffoPancakeConfig, WaffoPancakeError, type WebhookEvent, type WebhookEventData, WebhookEventType, type WebhookSettings, verifyWebhook };
+export { type AddMerchantParams, type AddMerchantResult, type ApiError, type ApiErrorResponse, type ApiResponse, type ApiSuccessResponse, type BillingDetail, BillingPeriod, type CancelSubscriptionParams, type CancelSubscriptionResult, CheckoutSessionProductType, type CheckoutSessionResult, type CheckoutSettings, type CheckoutThemeSettings, type CreateCheckoutSessionParams, type CreateOnetimeProductParams, type CreateStoreParams, type CreateSubscriptionProductGroupParams, type CreateSubscriptionProductParams, type DeleteStoreParams, type DeleteSubscriptionProductGroupParams, EntityStatus, Environment, ErrorLayer, type GraphQLParams, type GraphQLResponse, type GroupRules, type IssueSessionTokenParams, type MediaItem, MediaType, type NotificationSettings, OnetimeOrderStatus, type OnetimeProductDetail, PaymentStatus, type PriceInfo, type Prices, ProductVersionStatus, type PublishOnetimeProductParams, type PublishSubscriptionProductGroupParams, type PublishSubscriptionProductParams, RefundStatus, RefundTicketStatus, type RemoveMerchantParams, type RemoveMerchantResult, type SessionToken, type Store, StoreRole, SubscriptionOrderStatus, type SubscriptionProductDetail, type SubscriptionProductGroup, TaxCategory, type UpdateOnetimeProductParams, type UpdateOnetimeStatusParams, type UpdateRoleParams, type UpdateRoleResult, type UpdateStoreParams, type UpdateSubscriptionProductGroupParams, type UpdateSubscriptionProductParams, type UpdateSubscriptionStatusParams, type VerifyWebhookOptions, WaffoPancake, type WaffoPancakeConfig, WaffoPancakeError, type WebhookEvent, type WebhookEventData, WebhookEventType, type WebhookPublicKeys, type WebhookSettings, verifyWebhook };