@whatalo/plugin-sdk 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/dist/bridge/index.cjs +190 -4
  2. package/dist/bridge/index.cjs.map +1 -1
  3. package/dist/bridge/index.d.cts +109 -2
  4. package/dist/bridge/index.d.ts +109 -2
  5. package/dist/bridge/index.mjs +185 -3
  6. package/dist/bridge/index.mjs.map +1 -1
  7. package/dist/client/index.cjs +5 -0
  8. package/dist/client/index.cjs.map +1 -1
  9. package/dist/client/index.mjs +5 -0
  10. package/dist/client/index.mjs.map +1 -1
  11. package/dist/index.cjs +193 -2
  12. package/dist/index.cjs.map +1 -1
  13. package/dist/index.d.cts +1 -1
  14. package/dist/index.d.ts +1 -1
  15. package/dist/index.mjs +189 -2
  16. package/dist/index.mjs.map +1 -1
  17. package/dist/server/verify-session-token.cjs +103 -0
  18. package/dist/server/verify-session-token.cjs.map +1 -0
  19. package/dist/server/verify-session-token.d.cts +1 -0
  20. package/dist/server/verify-session-token.d.ts +1 -0
  21. package/dist/server/verify-session-token.mjs +76 -0
  22. package/dist/server/verify-session-token.mjs.map +1 -0
  23. package/dist/session-token.cjs +134 -0
  24. package/dist/session-token.cjs.map +1 -0
  25. package/dist/session-token.d.cts +77 -0
  26. package/dist/session-token.d.ts +77 -0
  27. package/dist/session-token.mjs +108 -0
  28. package/dist/session-token.mjs.map +1 -0
  29. package/package.json +26 -30
package/dist/client/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/client/whatalo-client.ts","../../src/client/errors.ts"],"sourcesContent":["import type {\n WhataloClientOptions,\n RateLimitInfo,\n PaginatedResponse,\n SingleResponse,\n Product,\n Order,\n Customer,\n Category,\n Discount,\n Store,\n InventoryItem,\n Webhook,\n ListProductsParams,\n CreateProductParams,\n UpdateProductParams,\n ListOrdersParams,\n ListCustomersParams,\n ListCategoriesParams,\n CreateCategoryParams,\n UpdateCategoryParams,\n ListDiscountsParams,\n CreateDiscountParams,\n UpdateDiscountParams,\n UpsertWebhookParams,\n UpdateWebhookParams,\n AdjustInventoryParams,\n} from \"./types.js\";\nimport {\n WhataloAPIError,\n AuthenticationError,\n AuthorizationError,\n InsufficientScopeError,\n RateLimitError,\n InternalError,\n NotFoundError,\n ValidationError,\n} from \"./errors.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.whatalo.com/v1\";\nconst DEFAULT_TIMEOUT = 30_000;\n\n/**\n * Official TypeScript client for the Whatalo REST API.\n * Zero runtime dependencies — uses native fetch.\n */\nexport class WhataloClient {\n private readonly apiKey: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly maxRetries: number;\n private readonly fetchFn: typeof globalThis.fetch;\n private readonly onRequest?: (url: string, init: RequestInit) => void;\n private readonly onResponse?: (response: Response, durationMs: number) => void;\n\n /** Rate limit info from the most recent API response */\n rateLimit: RateLimitInfo = { limit: 0, remaining: 0, reset: 0 };\n\n /** Product resource methods */\n readonly products: ProductResource;\n /** Order resource methods */\n readonly orders: OrderResource;\n /** Customer resource methods */\n readonly customers: CustomerResource;\n /** Category resource methods */\n readonly categories: CategoryResource;\n /** Discount resource methods */\n readonly discounts: DiscountResource;\n /** Store resource methods */\n readonly store: StoreResource;\n /** Inventory resource methods */\n readonly inventory: InventoryResource;\n /** Webhook resource methods */\n readonly webhooks: WebhookResource;\n\n constructor(options: WhataloClientOptions) {\n this.apiKey = options.apiKey;\n this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/$/, \"\");\n this.timeout = options.timeout ?? DEFAULT_TIMEOUT;\n this.maxRetries = Math.min(options.retries ?? 0, 3);\n this.fetchFn = options.fetch ?? globalThis.fetch;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n\n this.products = new ProductResource(this);\n this.orders = new OrderResource(this);\n this.customers = new CustomerResource(this);\n this.categories = new CategoryResource(this);\n this.discounts = new DiscountResource(this);\n this.store = new StoreResource(this);\n this.inventory = new InventoryResource(this);\n this.webhooks = new WebhookResource(this);\n }\n\n /**\n * Internal request method shared by all resource namespaces.\n * Handles headers, timeout, error parsing, and rate limit extraction.\n */\n async request<T>(\n method: string,\n path: string,\n options?: {\n body?: unknown;\n params?: Record<string, string | number | boolean | undefined>;\n }\n ): Promise<T> {\n let url = `${this.baseUrl}${path}`;\n\n // Add query params\n if (options?.params) {\n const searchParams = new URLSearchParams();\n for (const [key, value] of Object.entries(options.params)) {\n if (value !== undefined) {\n searchParams.set(key, String(value));\n }\n }\n const qs = searchParams.toString();\n if (qs) url += `?${qs}`;\n }\n\n const headers: Record<string, string> = {\n \"X-API-Key\": this.apiKey,\n \"Content-Type\": \"application/json\",\n };\n\n let lastError: Error | null = null;\n\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n const requestInit: RequestInit = {\n method,\n headers,\n body: options?.body ? JSON.stringify(options.body) : undefined,\n signal: controller.signal,\n };\n const startedAt = Date.now();\n this.onRequest?.(url, requestInit);\n\n try {\n const response = await this.fetchFn(url, requestInit);\n\n clearTimeout(timeoutId);\n this.onResponse?.(response, Date.now() - startedAt);\n\n // Extract rate limit headers\n this.rateLimit = {\n limit: Number(response.headers.get(\"X-RateLimit-Limit\") ?? 0),\n remaining: Number(\n response.headers.get(\"X-RateLimit-Remaining\") ?? 0\n ),\n reset: Number(response.headers.get(\"X-RateLimit-Reset\") ?? 0),\n };\n\n const requestId =\n response.headers.get(\"X-Request-Id\") ?? undefined;\n\n if (response.ok) {\n return (await response.json()) as T;\n }\n\n // Handle error responses\n const errorBody = await response.json().catch(() => ({\n error: { code: \"unknown\", message: response.statusText },\n }));\n const errData = (errorBody as { error?: { code?: string; message?: string; details?: Array<{ field: string; message: string }> } }).error;\n\n switch (response.status) {\n case 401:\n throw new AuthenticationError(errData?.message, requestId);\n case 403:\n // Distinguish between a specific scope denial and a generic 403.\n // insufficient_scope means the merchant never granted this permission.\n if (errData?.code === \"insufficient_scope\") {\n const details = errorBody as {\n error?: { required?: string; granted?: string[] };\n };\n throw new InsufficientScopeError(\n errData.message ?? \"Insufficient scope\",\n details.error?.required ?? \"\",\n details.error?.granted ?? [],\n requestId\n );\n }\n throw new AuthorizationError(\n errData?.message ?? \"Forbidden\",\n errData?.code ?? \"unknown_scope\",\n requestId\n );\n case 404:\n throw new NotFoundError(\"Resource\", path, requestId);\n case 422:\n throw new ValidationError(\n errData?.details ?? [\n { field: \"unknown\", message: errData?.message ?? \"Validation failed\" },\n ],\n requestId\n );\n case 429: {\n const retryAfter = Number(\n response.headers.get(\"Retry-After\") ?? 60\n );\n throw new RateLimitError(retryAfter, requestId);\n }\n default:\n if (response.status >= 500 && attempt < this.maxRetries) {\n // Retry on 5xx\n lastError = new InternalError(errData?.message, requestId);\n await this.sleep(Math.pow(2, attempt) * 1000);\n continue;\n }\n throw new WhataloAPIError(\n errData?.message ?? \"API error\",\n response.status,\n errData?.code ?? \"unknown\",\n requestId\n );\n }\n } catch (err) {\n clearTimeout(timeoutId);\n if (err instanceof WhataloAPIError) throw err;\n if ((err as Error).name === \"AbortError\") {\n throw new WhataloAPIError(\n \"Request timed out\",\n 408,\n \"timeout\"\n );\n }\n throw err;\n }\n }\n\n throw lastError ?? new InternalError(\"Request failed after retries\");\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n }\n}\n\n/** Products API namespace */\nclass ProductResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListProductsParams\n ): Promise<PaginatedResponse<Product>> {\n return this.client.request(\"GET\", \"/products\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Product>> {\n return this.client.request(\"GET\", `/products/${id}`);\n }\n\n async create(\n data: CreateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"POST\", \"/products\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"PATCH\", `/products/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/products/${id}`);\n }\n\n async count(\n status?: \"active\" | \"inactive\" | \"all\"\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/products/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Orders API namespace */\nclass OrderResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListOrdersParams\n ): Promise<PaginatedResponse<Order>> {\n return this.client.request(\"GET\", \"/orders\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Order>> {\n return this.client.request(\"GET\", `/orders/${id}`);\n }\n\n async updateStatus(\n id: string,\n data: { status: string }\n ): Promise<SingleResponse<Order>> {\n return this.client.request(\"PATCH\", `/orders/${id}`, { body: data });\n }\n\n async count(\n status?: string\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/orders/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Customers API namespace */\nclass CustomerResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(params?: ListCustomersParams): Promise<PaginatedResponse<Customer>> {\n return this.client.request(\"GET\", \"/customers\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Customer>> {\n return this.client.request(\"GET\", `/customers/${id}`);\n }\n}\n\n/** Categories API namespace */\nclass CategoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListCategoriesParams\n ): Promise<PaginatedResponse<Category>> {\n return this.client.request(\"GET\", \"/categories\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Category>> {\n return this.client.request(\"GET\", `/categories/${id}`);\n }\n\n async create(\n data: CreateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"POST\", \"/categories\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"PATCH\", `/categories/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/categories/${id}`);\n }\n\n async count(): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/categories/count\");\n }\n}\n\n/** Discounts API namespace */\nclass DiscountResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListDiscountsParams\n ): Promise<PaginatedResponse<Discount>> {\n return this.client.request(\"GET\", \"/discounts\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Discount>> {\n return this.client.request(\"GET\", `/discounts/${id}`);\n }\n\n async create(\n data: CreateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"POST\", \"/discounts\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"PATCH\", `/discounts/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/discounts/${id}`);\n }\n}\n\n/** Store API namespace */\nclass StoreResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(): Promise<SingleResponse<Store>> {\n return this.client.request(\"GET\", \"/store\");\n }\n}\n\n/** Inventory API namespace */\nclass InventoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(productId: string): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"GET\", `/products/${productId}/inventory`);\n }\n\n async adjust(\n productId: string,\n data: AdjustInventoryParams\n ): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"PATCH\", `/products/${productId}/inventory`, {\n body: data,\n });\n }\n}\n\n/** Webhooks API namespace */\nclass WebhookResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(): Promise<PaginatedResponse<Webhook>> {\n return this.client.request(\"GET\", \"/webhooks\");\n }\n\n async create(data: UpsertWebhookParams): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"POST\", \"/webhooks\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateWebhookParams\n ): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"PATCH\", `/webhooks/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/webhooks/${id}`);\n }\n}\n","/**\n * Base error for all SDK errors.\n * Contains the HTTP status code and a machine-readable error code.\n */\nexport class WhataloAPIError extends Error {\n readonly statusCode: number;\n readonly code: string;\n readonly requestId?: string;\n\n constructor(\n message: string,\n statusCode: number,\n code: string,\n requestId?: string\n ) {\n super(message);\n this.name = \"WhataloAPIError\";\n this.statusCode = statusCode;\n this.code = code;\n this.requestId = requestId;\n }\n}\n\n/** 401 — Invalid or missing API key */\nexport class AuthenticationError extends WhataloAPIError {\n constructor(\n message = \"Invalid or missing API key\",\n requestId?: string\n ) {\n super(message, 401, \"authentication_error\", requestId);\n this.name = \"AuthenticationError\";\n }\n}\n\n/** 403 — API key lacks required permission scope */\nexport class AuthorizationError extends WhataloAPIError {\n readonly requiredScope: string;\n\n constructor(\n message: string,\n requiredScope: string,\n requestId?: string\n ) {\n super(message, 403, \"authorization_error\", requestId);\n this.name = \"AuthorizationError\";\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * 403 — Installation does not have the required permission scope.\n *\n * Thrown when the merchant has not granted a scope that the current\n * API call requires. This is distinct from AuthorizationError:\n * - AuthorizationError = generic 403 (could be any auth reason)\n * - InsufficientScopeError = specific scope missing from granted_scopes\n *\n * The `requiredScope` field tells the developer exactly which scope to add\n * to their plugin manifest so they can request merchant re-consent.\n *\n * Example:\n * try {\n * await client.customers.list()\n * } catch (err) {\n * if (err instanceof InsufficientScopeError) {\n * console.error(`Add \"${err.requiredScope}\" to your manifest.`)\n * }\n * }\n */\nexport class InsufficientScopeError extends WhataloAPIError {\n /** The exact scope string missing from the installation's granted_scopes */\n readonly requiredScope: string;\n /** The scopes currently granted to this installation */\n readonly grantedScopes: string[];\n\n constructor(\n message: string,\n requiredScope: string,\n grantedScopes: string[],\n requestId?: string\n ) {\n super(message, 403, \"insufficient_scope\", requestId);\n this.name = \"InsufficientScopeError\";\n this.requiredScope = requiredScope;\n this.grantedScopes = grantedScopes;\n }\n}\n\n/** 404 — Resource not found */\nexport class NotFoundError extends WhataloAPIError {\n readonly resourceType: string;\n readonly resourceId: string;\n\n constructor(\n resourceType: string,\n resourceId: string,\n requestId?: string\n ) {\n super(\n `${resourceType} '${resourceId}' not found`,\n 404,\n \"not_found\",\n requestId\n );\n this.name = \"NotFoundError\";\n this.resourceType = resourceType;\n this.resourceId = resourceId;\n }\n}\n\n/** 422 — Request body validation failed */\nexport class ValidationError extends WhataloAPIError {\n readonly fieldErrors: Array<{ field: string; message: string }>;\n\n constructor(\n fieldErrors: Array<{ field: string; message: string }>,\n requestId?: string\n ) {\n const message = `Validation failed: ${fieldErrors\n .map((e) => `${e.field} — ${e.message}`)\n .join(\", \")}`;\n super(message, 422, \"validation_error\", requestId);\n this.name = \"ValidationError\";\n this.fieldErrors = fieldErrors;\n }\n}\n\n/** 429 — Rate limit exceeded */\nexport class RateLimitError extends WhataloAPIError {\n /** Seconds until the rate limit resets */\n readonly retryAfter: number;\n\n constructor(retryAfter: number, requestId?: string) {\n super(\n `Rate limit exceeded. Retry after ${retryAfter} seconds.`,\n 429,\n \"rate_limit_exceeded\",\n requestId\n );\n this.name = \"RateLimitError\";\n this.retryAfter = retryAfter;\n }\n}\n\n/** 500 — Server-side error */\nexport class InternalError extends WhataloAPIError {\n constructor(\n message = \"An internal error occurred\",\n requestId?: string\n ) {\n super(message, 500, \"internal_error\", requestId);\n this.name = \"InternalError\";\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,SACA,YACA,MACA,WACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AACF;AAGO,IAAM,sBAAN,cAAkC,gBAAgB;AAAA,EACvD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,wBAAwB,SAAS;AACrD,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,qBAAN,cAAiC,gBAAgB;AAAA,EAC7C;AAAA,EAET,YACE,SACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,uBAAuB,SAAS;AACpD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AAAA,EACvB;AACF;AAsBO,IAAM,yBAAN,cAAqC,gBAAgB;AAAA;AAAA,EAEjD;AAAA;AAAA,EAEA;AAAA,EAET,YACE,SACA,eACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,sBAAsB,SAAS;AACnD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AACrB,SAAK,gBAAgB;AAAA,EACvB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACxC;AAAA,EACA;AAAA,EAET,YACE,cACA,YACA,WACA;AACA;AAAA,MACE,GAAG,YAAY,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,eAAe;AACpB,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,kBAAN,cAA8B,gBAAgB;AAAA,EAC1C;AAAA,EAET,YACE,aACA,WACA;AACA,UAAM,UAAU,sBAAsB,YACnC,IAAI,CAAC,MAAM,GAAG,EAAE,KAAK,WAAM,EAAE,OAAO,EAAE,EACtC,KAAK,IAAI,CAAC;AACb,UAAM,SAAS,KAAK,oBAAoB,SAAS;AACjD,SAAK,OAAO;AACZ,SAAK,cAAc;AAAA,EACrB;AACF;AAGO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA;AAAA,EAEzC;AAAA,EAET,YAAY,YAAoB,WAAoB;AAClD;AAAA,MACE,oCAAoC,UAAU;AAAA,MAC9C;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,kBAAkB,SAAS;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ADlHA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAMjB,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGjB,YAA2B,EAAE,OAAO,GAAG,WAAW,GAAG,OAAO,EAAE;AAAA;AAAA,EAGrD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAET,YAAY,SAA+B;AACzC,SAAK,SAAS,QAAQ;AACtB,SAAK,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,OAAO,EAAE;AACtE,SAAK,UAAU,QAAQ,WAAW;AAClC,SAAK,aAAa,KAAK,IAAI,QAAQ,WAAW,GAAG,CAAC;AAClD,SAAK,UAAU,QAAQ,SAAS,WAAW;AAC3C,SAAK,YAAY,QAAQ;AACzB,SAAK,aAAa,QAAQ;AAE1B,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,SAAS,IAAI,cAAc,IAAI;AACpC,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,aAAa,IAAI,iBAAiB,IAAI;AAC3C,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,gBAAgB,IAAI;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QACJ,QACA,MACA,SAIY;AACZ,QAAI,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAGhC,QAAI,SAAS,QAAQ;AACnB,YAAM,eAAe,IAAI,gBAAgB;AACzC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACzD,YAAI,UAAU,QAAW;AACvB,uBAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,QACrC;AAAA,MACF;AACA,YAAM,KAAK,aAAa,SAAS;AACjC,UAAI,GAAI,QAAO,IAAI,EAAE;AAAA,IACvB;AAEA,UAAM,UAAkC;AAAA,MACtC,aAAa,KAAK;AAAA,MAClB,gBAAgB;AAAA,IAClB;AAEA,QAAI,YAA0B;AAE9B,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AACnE,YAAM,cAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,MAAM,SAAS,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,QACrD,QAAQ,WAAW;AAAA,MACrB;AACA,YAAM,YAAY,KAAK,IAAI;AAC3B,WAAK,YAAY,KAAK,WAAW;AAEjC,UAAI;AACF,cAAM,WAAW,MAAM,KAAK,QAAQ,KAAK,WAAW;AAEpD,qBAAa,SAAS;AACtB,aAAK,aAAa,UAAU,KAAK,IAAI,IAAI,SAAS;AAGlD,aAAK,YAAY;AAAA,UACf,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,UAC5D,WAAW;AAAA,YACT,SAAS,QAAQ,IAAI,uBAAuB,KAAK;AAAA,UACnD;AAAA,UACA,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,QAC9D;AAEA,cAAM,YACJ,SAAS,QAAQ,IAAI,cAAc,KAAK;AAE1C,YAAI,SAAS,IAAI;AACf,iBAAQ,MAAM,SAAS,KAAK;AAAA,QAC9B;AAGA,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO;AAAA,UACnD,OAAO,EAAE,MAAM,WAAW,SAAS,SAAS,WAAW;AAAA,QACzD,EAAE;AACF,cAAM,UAAW,UAAmH;AAEpI,gBAAQ,SAAS,QAAQ;AAAA,UACvB,KAAK;AACH,kBAAM,IAAI,oBAAoB,SAAS,SAAS,SAAS;AAAA,UAC3D,KAAK;AAGH,gBAAI,SAAS,SAAS,sBAAsB;AAC1C,oBAAM,UAAU;AAGhB,oBAAM,IAAI;AAAA,gBACR,QAAQ,WAAW;AAAA,gBACnB,QAAQ,OAAO,YAAY;AAAA,gBAC3B,QAAQ,OAAO,WAAW,CAAC;AAAA,gBAC3B;AAAA,cACF;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,UACF,KAAK;AACH,kBAAM,IAAI,cAAc,YAAY,MAAM,SAAS;AAAA,UACrD,KAAK;AACH,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,gBAClB,EAAE,OAAO,WAAW,SAAS,SAAS,WAAW,oBAAoB;AAAA,cACvE;AAAA,cACA;AAAA,YACF;AAAA,UACF,KAAK,KAAK;AACR,kBAAM,aAAa;AAAA,cACjB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAAA,YACzC;AACA,kBAAM,IAAI,eAAe,YAAY,SAAS;AAAA,UAChD;AAAA,UACA;AACE,gBAAI,SAAS,UAAU,OAAO,UAAU,KAAK,YAAY;AAEvD,0BAAY,IAAI,cAAc,SAAS,SAAS,SAAS;AACzD,oBAAM,KAAK,MAAM,KAAK,IAAI,GAAG,OAAO,IAAI,GAAI;AAC5C;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS;AAAA,cACT,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,QACJ;AAAA,MACF,SAAS,KAAK;AACZ,qBAAa,SAAS;AACtB,YAAI,eAAe,gBAAiB,OAAM;AAC1C,YAAK,IAAc,SAAS,cAAc;AACxC,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,cAAc,8BAA8B;AAAA,EACrE;AAAA,EAEQ,MAAM,IAA2B;AACvC,WAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA,EACzD;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACqC;AACrC,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa;AAAA,MAC7C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA8C;AACtD,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,EAAE,EAAE;AAAA,EACrD;AAAA,EAEA,MAAM,OACJ,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,MACnD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA4C;AACpD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW,EAAE,EAAE;AAAA,EACnD;AAAA,EAEA,MAAM,aACJ,IACA,MACgC;AAChC,WAAO,KAAK,OAAO,QAAQ,SAAS,WAAW,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACrE;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,iBAAiB;AAAA,MACjD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KAAK,QAAoE;AAC7E,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,eAAe,EAAE,MAAM,KAAK,CAAC;AAAA,EAClE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,eAAe,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,eAAe,EAAE,EAAE;AAAA,EAC1D;AAAA,EAEA,MAAM,QAAoD;AACxD,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,EACvD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,cAAc,EAAE,MAAM,KAAK,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,cAAc,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACxE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,cAAc,EAAE,EAAE;AAAA,EACzD;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,MAAsC;AAC1C,WAAO,KAAK,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAC5C;AACF;AAGA,IAAM,oBAAN,MAAwB;AAAA,EACtB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,IAAI,WAA2D;AACnE,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,SAAS,YAAY;AAAA,EACtE;AAAA,EAEA,MAAM,OACJ,WACA,MACwC;AACxC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,SAAS,cAAc;AAAA,MACtE,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,OAA4C;AAChD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,MAA6D;AACxE,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/client/whatalo-client.ts","../../src/client/errors.ts"],"sourcesContent":["import type {\n WhataloClientOptions,\n RateLimitInfo,\n PaginatedResponse,\n SingleResponse,\n Product,\n Order,\n Customer,\n Category,\n Discount,\n Store,\n InventoryItem,\n Webhook,\n ListProductsParams,\n CreateProductParams,\n UpdateProductParams,\n ListOrdersParams,\n ListCustomersParams,\n ListCategoriesParams,\n CreateCategoryParams,\n UpdateCategoryParams,\n ListDiscountsParams,\n CreateDiscountParams,\n UpdateDiscountParams,\n UpsertWebhookParams,\n UpdateWebhookParams,\n AdjustInventoryParams,\n} from \"./types.js\";\nimport {\n WhataloAPIError,\n AuthenticationError,\n AuthorizationError,\n InsufficientScopeError,\n RateLimitError,\n InternalError,\n NotFoundError,\n ValidationError,\n} from \"./errors.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.whatalo.com/v1\";\nconst DEFAULT_TIMEOUT = 30_000;\n\n/**\n * Official TypeScript client for the Whatalo REST API.\n * Zero runtime dependencies — uses native fetch.\n */\nexport class WhataloClient {\n private readonly apiKey: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly maxRetries: number;\n private readonly fetchFn: typeof globalThis.fetch;\n private readonly onRequest?: (url: string, init: RequestInit) => void;\n private readonly onResponse?: (response: Response, durationMs: number) => void;\n\n /** Rate limit info from the most recent API response */\n rateLimit: RateLimitInfo = { limit: 0, remaining: 0, reset: 0 };\n\n /** Product resource methods */\n readonly products: ProductResource;\n /** Order resource methods */\n readonly orders: OrderResource;\n /** Customer resource methods */\n readonly customers: CustomerResource;\n /** Category resource methods */\n readonly categories: CategoryResource;\n /** Discount resource methods */\n readonly discounts: DiscountResource;\n /** Store resource methods */\n readonly store: StoreResource;\n /** Inventory resource methods */\n readonly inventory: InventoryResource;\n /** Webhook resource methods */\n readonly webhooks: WebhookResource;\n\n constructor(options: WhataloClientOptions) {\n // Guard against accidental browser-side instantiation.\n // WhataloClient embeds the API key in every request — exposing it in\n // client-side JavaScript would allow any visitor to make authenticated\n // API calls on behalf of the merchant. Use sessionToken() on the frontend\n // and validate on the backend instead.\n if (typeof window !== \"undefined\" && typeof process === \"undefined\") {\n console.warn(\n \"[WhataloClient] WARNING: WhataloClient should only be used in server-side code. \" +\n \"Exposing your API key in browser JavaScript is a security risk. \" +\n \"Use whatalo.sessionToken() in your frontend and validate it on your backend.\"\n );\n }\n\n this.apiKey = options.apiKey;\n this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/$/, \"\");\n this.timeout = options.timeout ?? DEFAULT_TIMEOUT;\n this.maxRetries = Math.min(options.retries ?? 0, 3);\n this.fetchFn = options.fetch ?? globalThis.fetch;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n\n this.products = new ProductResource(this);\n this.orders = new OrderResource(this);\n this.customers = new CustomerResource(this);\n this.categories = new CategoryResource(this);\n this.discounts = new DiscountResource(this);\n this.store = new StoreResource(this);\n this.inventory = new InventoryResource(this);\n this.webhooks = new WebhookResource(this);\n }\n\n /**\n * Internal request method shared by all resource namespaces.\n * Handles headers, timeout, error parsing, and rate limit extraction.\n */\n async request<T>(\n method: string,\n path: string,\n options?: {\n body?: unknown;\n params?: Record<string, string | number | boolean | undefined>;\n }\n ): Promise<T> {\n let url = `${this.baseUrl}${path}`;\n\n // Add query params\n if (options?.params) {\n const searchParams = new URLSearchParams();\n for (const [key, value] of Object.entries(options.params)) {\n if (value !== undefined) {\n searchParams.set(key, String(value));\n }\n }\n const qs = searchParams.toString();\n if (qs) url += `?${qs}`;\n }\n\n const headers: Record<string, string> = {\n \"X-API-Key\": this.apiKey,\n \"Content-Type\": \"application/json\",\n };\n\n let lastError: Error | null = null;\n\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n const requestInit: RequestInit = {\n method,\n headers,\n body: options?.body ? JSON.stringify(options.body) : undefined,\n signal: controller.signal,\n };\n const startedAt = Date.now();\n this.onRequest?.(url, requestInit);\n\n try {\n const response = await this.fetchFn(url, requestInit);\n\n clearTimeout(timeoutId);\n this.onResponse?.(response, Date.now() - startedAt);\n\n // Extract rate limit headers\n this.rateLimit = {\n limit: Number(response.headers.get(\"X-RateLimit-Limit\") ?? 0),\n remaining: Number(\n response.headers.get(\"X-RateLimit-Remaining\") ?? 0\n ),\n reset: Number(response.headers.get(\"X-RateLimit-Reset\") ?? 0),\n };\n\n const requestId =\n response.headers.get(\"X-Request-Id\") ?? undefined;\n\n if (response.ok) {\n return (await response.json()) as T;\n }\n\n // Handle error responses\n const errorBody = await response.json().catch(() => ({\n error: { code: \"unknown\", message: response.statusText },\n }));\n const errData = (errorBody as { error?: { code?: string; message?: string; details?: Array<{ field: string; message: string }> } }).error;\n\n switch (response.status) {\n case 401:\n throw new AuthenticationError(errData?.message, requestId);\n case 403:\n // Distinguish between a specific scope denial and a generic 403.\n // insufficient_scope means the merchant never granted this permission.\n if (errData?.code === \"insufficient_scope\") {\n const details = errorBody as {\n error?: { required?: string; granted?: string[] };\n };\n throw new InsufficientScopeError(\n errData.message ?? \"Insufficient scope\",\n details.error?.required ?? \"\",\n details.error?.granted ?? [],\n requestId\n );\n }\n throw new AuthorizationError(\n errData?.message ?? \"Forbidden\",\n errData?.code ?? \"unknown_scope\",\n requestId\n );\n case 404:\n throw new NotFoundError(\"Resource\", path, requestId);\n case 422:\n throw new ValidationError(\n errData?.details ?? [\n { field: \"unknown\", message: errData?.message ?? \"Validation failed\" },\n ],\n requestId\n );\n case 429: {\n const retryAfter = Number(\n response.headers.get(\"Retry-After\") ?? 60\n );\n throw new RateLimitError(retryAfter, requestId);\n }\n default:\n if (response.status >= 500 && attempt < this.maxRetries) {\n // Retry on 5xx\n lastError = new InternalError(errData?.message, requestId);\n await this.sleep(Math.pow(2, attempt) * 1000);\n continue;\n }\n throw new WhataloAPIError(\n errData?.message ?? \"API error\",\n response.status,\n errData?.code ?? \"unknown\",\n requestId\n );\n }\n } catch (err) {\n clearTimeout(timeoutId);\n if (err instanceof WhataloAPIError) throw err;\n if ((err as Error).name === \"AbortError\") {\n throw new WhataloAPIError(\n \"Request timed out\",\n 408,\n \"timeout\"\n );\n }\n throw err;\n }\n }\n\n throw lastError ?? new InternalError(\"Request failed after retries\");\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n }\n}\n\n/** Products API namespace */\nclass ProductResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListProductsParams\n ): Promise<PaginatedResponse<Product>> {\n return this.client.request(\"GET\", \"/products\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Product>> {\n return this.client.request(\"GET\", `/products/${id}`);\n }\n\n async create(\n data: CreateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"POST\", \"/products\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"PATCH\", `/products/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/products/${id}`);\n }\n\n async count(\n status?: \"active\" | \"inactive\" | \"all\"\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/products/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Orders API namespace */\nclass OrderResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListOrdersParams\n ): Promise<PaginatedResponse<Order>> {\n return this.client.request(\"GET\", \"/orders\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Order>> {\n return this.client.request(\"GET\", `/orders/${id}`);\n }\n\n async updateStatus(\n id: string,\n data: { status: string }\n ): Promise<SingleResponse<Order>> {\n return this.client.request(\"PATCH\", `/orders/${id}`, { body: data });\n }\n\n async count(\n status?: string\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/orders/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Customers API namespace */\nclass CustomerResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(params?: ListCustomersParams): Promise<PaginatedResponse<Customer>> {\n return this.client.request(\"GET\", \"/customers\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Customer>> {\n return this.client.request(\"GET\", `/customers/${id}`);\n }\n}\n\n/** Categories API namespace */\nclass CategoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListCategoriesParams\n ): Promise<PaginatedResponse<Category>> {\n return this.client.request(\"GET\", \"/categories\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Category>> {\n return this.client.request(\"GET\", `/categories/${id}`);\n }\n\n async create(\n data: CreateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"POST\", \"/categories\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"PATCH\", `/categories/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/categories/${id}`);\n }\n\n async count(): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/categories/count\");\n }\n}\n\n/** Discounts API namespace */\nclass DiscountResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListDiscountsParams\n ): Promise<PaginatedResponse<Discount>> {\n return this.client.request(\"GET\", \"/discounts\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Discount>> {\n return this.client.request(\"GET\", `/discounts/${id}`);\n }\n\n async create(\n data: CreateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"POST\", \"/discounts\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"PATCH\", `/discounts/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/discounts/${id}`);\n }\n}\n\n/** Store API namespace */\nclass StoreResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(): Promise<SingleResponse<Store>> {\n return this.client.request(\"GET\", \"/store\");\n }\n}\n\n/** Inventory API namespace */\nclass InventoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(productId: string): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"GET\", `/products/${productId}/inventory`);\n }\n\n async adjust(\n productId: string,\n data: AdjustInventoryParams\n ): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"PATCH\", `/products/${productId}/inventory`, {\n body: data,\n });\n }\n}\n\n/** Webhooks API namespace */\nclass WebhookResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(): Promise<PaginatedResponse<Webhook>> {\n return this.client.request(\"GET\", \"/webhooks\");\n }\n\n async create(data: UpsertWebhookParams): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"POST\", \"/webhooks\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateWebhookParams\n ): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"PATCH\", `/webhooks/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/webhooks/${id}`);\n }\n}\n","/**\n * Base error for all SDK errors.\n * Contains the HTTP status code and a machine-readable error code.\n */\nexport class WhataloAPIError extends Error {\n readonly statusCode: number;\n readonly code: string;\n readonly requestId?: string;\n\n constructor(\n message: string,\n statusCode: number,\n code: string,\n requestId?: string\n ) {\n super(message);\n this.name = \"WhataloAPIError\";\n this.statusCode = statusCode;\n this.code = code;\n this.requestId = requestId;\n }\n}\n\n/** 401 — Invalid or missing API key */\nexport class AuthenticationError extends WhataloAPIError {\n constructor(\n message = \"Invalid or missing API key\",\n requestId?: string\n ) {\n super(message, 401, \"authentication_error\", requestId);\n this.name = \"AuthenticationError\";\n }\n}\n\n/** 403 — API key lacks required permission scope */\nexport class AuthorizationError extends WhataloAPIError {\n readonly requiredScope: string;\n\n constructor(\n message: string,\n requiredScope: string,\n requestId?: string\n ) {\n super(message, 403, \"authorization_error\", requestId);\n this.name = \"AuthorizationError\";\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * 403 — Installation does not have the required permission scope.\n *\n * Thrown when the merchant has not granted a scope that the current\n * API call requires. This is distinct from AuthorizationError:\n * - AuthorizationError = generic 403 (could be any auth reason)\n * - InsufficientScopeError = specific scope missing from granted_scopes\n *\n * The `requiredScope` field tells the developer exactly which scope to add\n * to their plugin manifest so they can request merchant re-consent.\n *\n * Example:\n * try {\n * await client.customers.list()\n * } catch (err) {\n * if (err instanceof InsufficientScopeError) {\n * console.error(`Add \"${err.requiredScope}\" to your manifest.`)\n * }\n * }\n */\nexport class InsufficientScopeError extends WhataloAPIError {\n /** The exact scope string missing from the installation's granted_scopes */\n readonly requiredScope: string;\n /** The scopes currently granted to this installation */\n readonly grantedScopes: string[];\n\n constructor(\n message: string,\n requiredScope: string,\n grantedScopes: string[],\n requestId?: string\n ) {\n super(message, 403, \"insufficient_scope\", requestId);\n this.name = \"InsufficientScopeError\";\n this.requiredScope = requiredScope;\n this.grantedScopes = grantedScopes;\n }\n}\n\n/** 404 — Resource not found */\nexport class NotFoundError extends WhataloAPIError {\n readonly resourceType: string;\n readonly resourceId: string;\n\n constructor(\n resourceType: string,\n resourceId: string,\n requestId?: string\n ) {\n super(\n `${resourceType} '${resourceId}' not found`,\n 404,\n \"not_found\",\n requestId\n );\n this.name = \"NotFoundError\";\n this.resourceType = resourceType;\n this.resourceId = resourceId;\n }\n}\n\n/** 422 — Request body validation failed */\nexport class ValidationError extends WhataloAPIError {\n readonly fieldErrors: Array<{ field: string; message: string }>;\n\n constructor(\n fieldErrors: Array<{ field: string; message: string }>,\n requestId?: string\n ) {\n const message = `Validation failed: ${fieldErrors\n .map((e) => `${e.field} — ${e.message}`)\n .join(\", \")}`;\n super(message, 422, \"validation_error\", requestId);\n this.name = \"ValidationError\";\n this.fieldErrors = fieldErrors;\n }\n}\n\n/** 429 — Rate limit exceeded */\nexport class RateLimitError extends WhataloAPIError {\n /** Seconds until the rate limit resets */\n readonly retryAfter: number;\n\n constructor(retryAfter: number, requestId?: string) {\n super(\n `Rate limit exceeded. Retry after ${retryAfter} seconds.`,\n 429,\n \"rate_limit_exceeded\",\n requestId\n );\n this.name = \"RateLimitError\";\n this.retryAfter = retryAfter;\n }\n}\n\n/** 500 — Server-side error */\nexport class InternalError extends WhataloAPIError {\n constructor(\n message = \"An internal error occurred\",\n requestId?: string\n ) {\n super(message, 500, \"internal_error\", requestId);\n this.name = \"InternalError\";\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,SACA,YACA,MACA,WACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AACF;AAGO,IAAM,sBAAN,cAAkC,gBAAgB;AAAA,EACvD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,wBAAwB,SAAS;AACrD,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,qBAAN,cAAiC,gBAAgB;AAAA,EAC7C;AAAA,EAET,YACE,SACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,uBAAuB,SAAS;AACpD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AAAA,EACvB;AACF;AAsBO,IAAM,yBAAN,cAAqC,gBAAgB;AAAA;AAAA,EAEjD;AAAA;AAAA,EAEA;AAAA,EAET,YACE,SACA,eACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,sBAAsB,SAAS;AACnD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AACrB,SAAK,gBAAgB;AAAA,EACvB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACxC;AAAA,EACA;AAAA,EAET,YACE,cACA,YACA,WACA;AACA;AAAA,MACE,GAAG,YAAY,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,eAAe;AACpB,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,kBAAN,cAA8B,gBAAgB;AAAA,EAC1C;AAAA,EAET,YACE,aACA,WACA;AACA,UAAM,UAAU,sBAAsB,YACnC,IAAI,CAAC,MAAM,GAAG,EAAE,KAAK,WAAM,EAAE,OAAO,EAAE,EACtC,KAAK,IAAI,CAAC;AACb,UAAM,SAAS,KAAK,oBAAoB,SAAS;AACjD,SAAK,OAAO;AACZ,SAAK,cAAc;AAAA,EACrB;AACF;AAGO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA;AAAA,EAEzC;AAAA,EAET,YAAY,YAAoB,WAAoB;AAClD;AAAA,MACE,oCAAoC,UAAU;AAAA,MAC9C;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,kBAAkB,SAAS;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ADlHA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAMjB,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGjB,YAA2B,EAAE,OAAO,GAAG,WAAW,GAAG,OAAO,EAAE;AAAA;AAAA,EAGrD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAET,YAAY,SAA+B;AAMzC,QAAI,OAAO,WAAW,eAAe,OAAO,YAAY,aAAa;AACnE,cAAQ;AAAA,QACN;AAAA,MAGF;AAAA,IACF;AAEA,SAAK,SAAS,QAAQ;AACtB,SAAK,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,OAAO,EAAE;AACtE,SAAK,UAAU,QAAQ,WAAW;AAClC,SAAK,aAAa,KAAK,IAAI,QAAQ,WAAW,GAAG,CAAC;AAClD,SAAK,UAAU,QAAQ,SAAS,WAAW;AAC3C,SAAK,YAAY,QAAQ;AACzB,SAAK,aAAa,QAAQ;AAE1B,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,SAAS,IAAI,cAAc,IAAI;AACpC,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,aAAa,IAAI,iBAAiB,IAAI;AAC3C,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,gBAAgB,IAAI;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QACJ,QACA,MACA,SAIY;AACZ,QAAI,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAGhC,QAAI,SAAS,QAAQ;AACnB,YAAM,eAAe,IAAI,gBAAgB;AACzC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACzD,YAAI,UAAU,QAAW;AACvB,uBAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,QACrC;AAAA,MACF;AACA,YAAM,KAAK,aAAa,SAAS;AACjC,UAAI,GAAI,QAAO,IAAI,EAAE;AAAA,IACvB;AAEA,UAAM,UAAkC;AAAA,MACtC,aAAa,KAAK;AAAA,MAClB,gBAAgB;AAAA,IAClB;AAEA,QAAI,YAA0B;AAE9B,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AACnE,YAAM,cAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,MAAM,SAAS,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,QACrD,QAAQ,WAAW;AAAA,MACrB;AACA,YAAM,YAAY,KAAK,IAAI;AAC3B,WAAK,YAAY,KAAK,WAAW;AAEjC,UAAI;AACF,cAAM,WAAW,MAAM,KAAK,QAAQ,KAAK,WAAW;AAEpD,qBAAa,SAAS;AACtB,aAAK,aAAa,UAAU,KAAK,IAAI,IAAI,SAAS;AAGlD,aAAK,YAAY;AAAA,UACf,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,UAC5D,WAAW;AAAA,YACT,SAAS,QAAQ,IAAI,uBAAuB,KAAK;AAAA,UACnD;AAAA,UACA,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,QAC9D;AAEA,cAAM,YACJ,SAAS,QAAQ,IAAI,cAAc,KAAK;AAE1C,YAAI,SAAS,IAAI;AACf,iBAAQ,MAAM,SAAS,KAAK;AAAA,QAC9B;AAGA,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO;AAAA,UACnD,OAAO,EAAE,MAAM,WAAW,SAAS,SAAS,WAAW;AAAA,QACzD,EAAE;AACF,cAAM,UAAW,UAAmH;AAEpI,gBAAQ,SAAS,QAAQ;AAAA,UACvB,KAAK;AACH,kBAAM,IAAI,oBAAoB,SAAS,SAAS,SAAS;AAAA,UAC3D,KAAK;AAGH,gBAAI,SAAS,SAAS,sBAAsB;AAC1C,oBAAM,UAAU;AAGhB,oBAAM,IAAI;AAAA,gBACR,QAAQ,WAAW;AAAA,gBACnB,QAAQ,OAAO,YAAY;AAAA,gBAC3B,QAAQ,OAAO,WAAW,CAAC;AAAA,gBAC3B;AAAA,cACF;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,UACF,KAAK;AACH,kBAAM,IAAI,cAAc,YAAY,MAAM,SAAS;AAAA,UACrD,KAAK;AACH,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,gBAClB,EAAE,OAAO,WAAW,SAAS,SAAS,WAAW,oBAAoB;AAAA,cACvE;AAAA,cACA;AAAA,YACF;AAAA,UACF,KAAK,KAAK;AACR,kBAAM,aAAa;AAAA,cACjB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAAA,YACzC;AACA,kBAAM,IAAI,eAAe,YAAY,SAAS;AAAA,UAChD;AAAA,UACA;AACE,gBAAI,SAAS,UAAU,OAAO,UAAU,KAAK,YAAY;AAEvD,0BAAY,IAAI,cAAc,SAAS,SAAS,SAAS;AACzD,oBAAM,KAAK,MAAM,KAAK,IAAI,GAAG,OAAO,IAAI,GAAI;AAC5C;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS;AAAA,cACT,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,QACJ;AAAA,MACF,SAAS,KAAK;AACZ,qBAAa,SAAS;AACtB,YAAI,eAAe,gBAAiB,OAAM;AAC1C,YAAK,IAAc,SAAS,cAAc;AACxC,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,cAAc,8BAA8B;AAAA,EACrE;AAAA,EAEQ,MAAM,IAA2B;AACvC,WAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA,EACzD;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACqC;AACrC,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa;AAAA,MAC7C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA8C;AACtD,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,EAAE,EAAE;AAAA,EACrD;AAAA,EAEA,MAAM,OACJ,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,MACnD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA4C;AACpD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW,EAAE,EAAE;AAAA,EACnD;AAAA,EAEA,MAAM,aACJ,IACA,MACgC;AAChC,WAAO,KAAK,OAAO,QAAQ,SAAS,WAAW,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACrE;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,iBAAiB;AAAA,MACjD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KAAK,QAAoE;AAC7E,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,eAAe,EAAE,MAAM,KAAK,CAAC;AAAA,EAClE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,eAAe,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,eAAe,EAAE,EAAE;AAAA,EAC1D;AAAA,EAEA,MAAM,QAAoD;AACxD,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,EACvD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,cAAc,EAAE,MAAM,KAAK,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,cAAc,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACxE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,cAAc,EAAE,EAAE;AAAA,EACzD;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,MAAsC;AAC1C,WAAO,KAAK,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAC5C;AACF;AAGA,IAAM,oBAAN,MAAwB;AAAA,EACtB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,IAAI,WAA2D;AACnE,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,SAAS,YAAY;AAAA,EACtE;AAAA,EAEA,MAAM,OACJ,WACA,MACwC;AACxC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,SAAS,cAAc;AAAA,MACtE,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,OAA4C;AAChD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,MAA6D;AACxE,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AACF;","names":[]}
package/dist/client/index.mjs CHANGED
@@ -112,6 +112,11 @@ var WhataloClient = class {
112
112
  /** Webhook resource methods */
113
113
  webhooks;
114
114
  constructor(options) {
115
+ if (typeof window !== "undefined" && typeof process === "undefined") {
116
+ console.warn(
117
+ "[WhataloClient] WARNING: WhataloClient should only be used in server-side code. Exposing your API key in browser JavaScript is a security risk. Use whatalo.sessionToken() in your frontend and validate it on your backend."
118
+ );
119
+ }
115
120
  this.apiKey = options.apiKey;
116
121
  this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
117
122
  this.timeout = options.timeout ?? DEFAULT_TIMEOUT;
package/dist/client/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/client/errors.ts","../../src/client/whatalo-client.ts"],"sourcesContent":["/**\n * Base error for all SDK errors.\n * Contains the HTTP status code and a machine-readable error code.\n */\nexport class WhataloAPIError extends Error {\n readonly statusCode: number;\n readonly code: string;\n readonly requestId?: string;\n\n constructor(\n message: string,\n statusCode: number,\n code: string,\n requestId?: string\n ) {\n super(message);\n this.name = \"WhataloAPIError\";\n this.statusCode = statusCode;\n this.code = code;\n this.requestId = requestId;\n }\n}\n\n/** 401 — Invalid or missing API key */\nexport class AuthenticationError extends WhataloAPIError {\n constructor(\n message = \"Invalid or missing API key\",\n requestId?: string\n ) {\n super(message, 401, \"authentication_error\", requestId);\n this.name = \"AuthenticationError\";\n }\n}\n\n/** 403 — API key lacks required permission scope */\nexport class AuthorizationError extends WhataloAPIError {\n readonly requiredScope: string;\n\n constructor(\n message: string,\n requiredScope: string,\n requestId?: string\n ) {\n super(message, 403, \"authorization_error\", requestId);\n this.name = \"AuthorizationError\";\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * 403 — Installation does not have the required permission scope.\n *\n * Thrown when the merchant has not granted a scope that the current\n * API call requires. This is distinct from AuthorizationError:\n * - AuthorizationError = generic 403 (could be any auth reason)\n * - InsufficientScopeError = specific scope missing from granted_scopes\n *\n * The `requiredScope` field tells the developer exactly which scope to add\n * to their plugin manifest so they can request merchant re-consent.\n *\n * Example:\n * try {\n * await client.customers.list()\n * } catch (err) {\n * if (err instanceof InsufficientScopeError) {\n * console.error(`Add \"${err.requiredScope}\" to your manifest.`)\n * }\n * }\n */\nexport class InsufficientScopeError extends WhataloAPIError {\n /** The exact scope string missing from the installation's granted_scopes */\n readonly requiredScope: string;\n /** The scopes currently granted to this installation */\n readonly grantedScopes: string[];\n\n constructor(\n message: string,\n requiredScope: string,\n grantedScopes: string[],\n requestId?: string\n ) {\n super(message, 403, \"insufficient_scope\", requestId);\n this.name = \"InsufficientScopeError\";\n this.requiredScope = requiredScope;\n this.grantedScopes = grantedScopes;\n }\n}\n\n/** 404 — Resource not found */\nexport class NotFoundError extends WhataloAPIError {\n readonly resourceType: string;\n readonly resourceId: string;\n\n constructor(\n resourceType: string,\n resourceId: string,\n requestId?: string\n ) {\n super(\n `${resourceType} '${resourceId}' not found`,\n 404,\n \"not_found\",\n requestId\n );\n this.name = \"NotFoundError\";\n this.resourceType = resourceType;\n this.resourceId = resourceId;\n }\n}\n\n/** 422 — Request body validation failed */\nexport class ValidationError extends WhataloAPIError {\n readonly fieldErrors: Array<{ field: string; message: string }>;\n\n constructor(\n fieldErrors: Array<{ field: string; message: string }>,\n requestId?: string\n ) {\n const message = `Validation failed: ${fieldErrors\n .map((e) => `${e.field} — ${e.message}`)\n .join(\", \")}`;\n super(message, 422, \"validation_error\", requestId);\n this.name = \"ValidationError\";\n this.fieldErrors = fieldErrors;\n }\n}\n\n/** 429 — Rate limit exceeded */\nexport class RateLimitError extends WhataloAPIError {\n /** Seconds until the rate limit resets */\n readonly retryAfter: number;\n\n constructor(retryAfter: number, requestId?: string) {\n super(\n `Rate limit exceeded. Retry after ${retryAfter} seconds.`,\n 429,\n \"rate_limit_exceeded\",\n requestId\n );\n this.name = \"RateLimitError\";\n this.retryAfter = retryAfter;\n }\n}\n\n/** 500 — Server-side error */\nexport class InternalError extends WhataloAPIError {\n constructor(\n message = \"An internal error occurred\",\n requestId?: string\n ) {\n super(message, 500, \"internal_error\", requestId);\n this.name = \"InternalError\";\n }\n}\n","import type {\n WhataloClientOptions,\n RateLimitInfo,\n PaginatedResponse,\n SingleResponse,\n Product,\n Order,\n Customer,\n Category,\n Discount,\n Store,\n InventoryItem,\n Webhook,\n ListProductsParams,\n CreateProductParams,\n UpdateProductParams,\n ListOrdersParams,\n ListCustomersParams,\n ListCategoriesParams,\n CreateCategoryParams,\n UpdateCategoryParams,\n ListDiscountsParams,\n CreateDiscountParams,\n UpdateDiscountParams,\n UpsertWebhookParams,\n UpdateWebhookParams,\n AdjustInventoryParams,\n} from \"./types.js\";\nimport {\n WhataloAPIError,\n AuthenticationError,\n AuthorizationError,\n InsufficientScopeError,\n RateLimitError,\n InternalError,\n NotFoundError,\n ValidationError,\n} from \"./errors.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.whatalo.com/v1\";\nconst DEFAULT_TIMEOUT = 30_000;\n\n/**\n * Official TypeScript client for the Whatalo REST API.\n * Zero runtime dependencies — uses native fetch.\n */\nexport class WhataloClient {\n private readonly apiKey: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly maxRetries: number;\n private readonly fetchFn: typeof globalThis.fetch;\n private readonly onRequest?: (url: string, init: RequestInit) => void;\n private readonly onResponse?: (response: Response, durationMs: number) => void;\n\n /** Rate limit info from the most recent API response */\n rateLimit: RateLimitInfo = { limit: 0, remaining: 0, reset: 0 };\n\n /** Product resource methods */\n readonly products: ProductResource;\n /** Order resource methods */\n readonly orders: OrderResource;\n /** Customer resource methods */\n readonly customers: CustomerResource;\n /** Category resource methods */\n readonly categories: CategoryResource;\n /** Discount resource methods */\n readonly discounts: DiscountResource;\n /** Store resource methods */\n readonly store: StoreResource;\n /** Inventory resource methods */\n readonly inventory: InventoryResource;\n /** Webhook resource methods */\n readonly webhooks: WebhookResource;\n\n constructor(options: WhataloClientOptions) {\n this.apiKey = options.apiKey;\n this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/$/, \"\");\n this.timeout = options.timeout ?? DEFAULT_TIMEOUT;\n this.maxRetries = Math.min(options.retries ?? 0, 3);\n this.fetchFn = options.fetch ?? globalThis.fetch;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n\n this.products = new ProductResource(this);\n this.orders = new OrderResource(this);\n this.customers = new CustomerResource(this);\n this.categories = new CategoryResource(this);\n this.discounts = new DiscountResource(this);\n this.store = new StoreResource(this);\n this.inventory = new InventoryResource(this);\n this.webhooks = new WebhookResource(this);\n }\n\n /**\n * Internal request method shared by all resource namespaces.\n * Handles headers, timeout, error parsing, and rate limit extraction.\n */\n async request<T>(\n method: string,\n path: string,\n options?: {\n body?: unknown;\n params?: Record<string, string | number | boolean | undefined>;\n }\n ): Promise<T> {\n let url = `${this.baseUrl}${path}`;\n\n // Add query params\n if (options?.params) {\n const searchParams = new URLSearchParams();\n for (const [key, value] of Object.entries(options.params)) {\n if (value !== undefined) {\n searchParams.set(key, String(value));\n }\n }\n const qs = searchParams.toString();\n if (qs) url += `?${qs}`;\n }\n\n const headers: Record<string, string> = {\n \"X-API-Key\": this.apiKey,\n \"Content-Type\": \"application/json\",\n };\n\n let lastError: Error | null = null;\n\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n const requestInit: RequestInit = {\n method,\n headers,\n body: options?.body ? JSON.stringify(options.body) : undefined,\n signal: controller.signal,\n };\n const startedAt = Date.now();\n this.onRequest?.(url, requestInit);\n\n try {\n const response = await this.fetchFn(url, requestInit);\n\n clearTimeout(timeoutId);\n this.onResponse?.(response, Date.now() - startedAt);\n\n // Extract rate limit headers\n this.rateLimit = {\n limit: Number(response.headers.get(\"X-RateLimit-Limit\") ?? 0),\n remaining: Number(\n response.headers.get(\"X-RateLimit-Remaining\") ?? 0\n ),\n reset: Number(response.headers.get(\"X-RateLimit-Reset\") ?? 0),\n };\n\n const requestId =\n response.headers.get(\"X-Request-Id\") ?? undefined;\n\n if (response.ok) {\n return (await response.json()) as T;\n }\n\n // Handle error responses\n const errorBody = await response.json().catch(() => ({\n error: { code: \"unknown\", message: response.statusText },\n }));\n const errData = (errorBody as { error?: { code?: string; message?: string; details?: Array<{ field: string; message: string }> } }).error;\n\n switch (response.status) {\n case 401:\n throw new AuthenticationError(errData?.message, requestId);\n case 403:\n // Distinguish between a specific scope denial and a generic 403.\n // insufficient_scope means the merchant never granted this permission.\n if (errData?.code === \"insufficient_scope\") {\n const details = errorBody as {\n error?: { required?: string; granted?: string[] };\n };\n throw new InsufficientScopeError(\n errData.message ?? \"Insufficient scope\",\n details.error?.required ?? \"\",\n details.error?.granted ?? [],\n requestId\n );\n }\n throw new AuthorizationError(\n errData?.message ?? \"Forbidden\",\n errData?.code ?? \"unknown_scope\",\n requestId\n );\n case 404:\n throw new NotFoundError(\"Resource\", path, requestId);\n case 422:\n throw new ValidationError(\n errData?.details ?? [\n { field: \"unknown\", message: errData?.message ?? \"Validation failed\" },\n ],\n requestId\n );\n case 429: {\n const retryAfter = Number(\n response.headers.get(\"Retry-After\") ?? 60\n );\n throw new RateLimitError(retryAfter, requestId);\n }\n default:\n if (response.status >= 500 && attempt < this.maxRetries) {\n // Retry on 5xx\n lastError = new InternalError(errData?.message, requestId);\n await this.sleep(Math.pow(2, attempt) * 1000);\n continue;\n }\n throw new WhataloAPIError(\n errData?.message ?? \"API error\",\n response.status,\n errData?.code ?? \"unknown\",\n requestId\n );\n }\n } catch (err) {\n clearTimeout(timeoutId);\n if (err instanceof WhataloAPIError) throw err;\n if ((err as Error).name === \"AbortError\") {\n throw new WhataloAPIError(\n \"Request timed out\",\n 408,\n \"timeout\"\n );\n }\n throw err;\n }\n }\n\n throw lastError ?? new InternalError(\"Request failed after retries\");\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n }\n}\n\n/** Products API namespace */\nclass ProductResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListProductsParams\n ): Promise<PaginatedResponse<Product>> {\n return this.client.request(\"GET\", \"/products\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Product>> {\n return this.client.request(\"GET\", `/products/${id}`);\n }\n\n async create(\n data: CreateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"POST\", \"/products\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"PATCH\", `/products/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/products/${id}`);\n }\n\n async count(\n status?: \"active\" | \"inactive\" | \"all\"\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/products/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Orders API namespace */\nclass OrderResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListOrdersParams\n ): Promise<PaginatedResponse<Order>> {\n return this.client.request(\"GET\", \"/orders\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Order>> {\n return this.client.request(\"GET\", `/orders/${id}`);\n }\n\n async updateStatus(\n id: string,\n data: { status: string }\n ): Promise<SingleResponse<Order>> {\n return this.client.request(\"PATCH\", `/orders/${id}`, { body: data });\n }\n\n async count(\n status?: string\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/orders/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Customers API namespace */\nclass CustomerResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(params?: ListCustomersParams): Promise<PaginatedResponse<Customer>> {\n return this.client.request(\"GET\", \"/customers\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Customer>> {\n return this.client.request(\"GET\", `/customers/${id}`);\n }\n}\n\n/** Categories API namespace */\nclass CategoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListCategoriesParams\n ): Promise<PaginatedResponse<Category>> {\n return this.client.request(\"GET\", \"/categories\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Category>> {\n return this.client.request(\"GET\", `/categories/${id}`);\n }\n\n async create(\n data: CreateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"POST\", \"/categories\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"PATCH\", `/categories/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/categories/${id}`);\n }\n\n async count(): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/categories/count\");\n }\n}\n\n/** Discounts API namespace */\nclass DiscountResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListDiscountsParams\n ): Promise<PaginatedResponse<Discount>> {\n return this.client.request(\"GET\", \"/discounts\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Discount>> {\n return this.client.request(\"GET\", `/discounts/${id}`);\n }\n\n async create(\n data: CreateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"POST\", \"/discounts\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"PATCH\", `/discounts/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/discounts/${id}`);\n }\n}\n\n/** Store API namespace */\nclass StoreResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(): Promise<SingleResponse<Store>> {\n return this.client.request(\"GET\", \"/store\");\n }\n}\n\n/** Inventory API namespace */\nclass InventoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(productId: string): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"GET\", `/products/${productId}/inventory`);\n }\n\n async adjust(\n productId: string,\n data: AdjustInventoryParams\n ): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"PATCH\", `/products/${productId}/inventory`, {\n body: data,\n });\n }\n}\n\n/** Webhooks API namespace */\nclass WebhookResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(): Promise<PaginatedResponse<Webhook>> {\n return this.client.request(\"GET\", \"/webhooks\");\n }\n\n async create(data: UpsertWebhookParams): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"POST\", \"/webhooks\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateWebhookParams\n ): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"PATCH\", `/webhooks/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/webhooks/${id}`);\n }\n}\n"],"mappings":";AAIO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,SACA,YACA,MACA,WACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AACF;AAGO,IAAM,sBAAN,cAAkC,gBAAgB;AAAA,EACvD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,wBAAwB,SAAS;AACrD,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,qBAAN,cAAiC,gBAAgB;AAAA,EAC7C;AAAA,EAET,YACE,SACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,uBAAuB,SAAS;AACpD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AAAA,EACvB;AACF;AAsBO,IAAM,yBAAN,cAAqC,gBAAgB;AAAA;AAAA,EAEjD;AAAA;AAAA,EAEA;AAAA,EAET,YACE,SACA,eACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,sBAAsB,SAAS;AACnD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AACrB,SAAK,gBAAgB;AAAA,EACvB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACxC;AAAA,EACA;AAAA,EAET,YACE,cACA,YACA,WACA;AACA;AAAA,MACE,GAAG,YAAY,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,eAAe;AACpB,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,kBAAN,cAA8B,gBAAgB;AAAA,EAC1C;AAAA,EAET,YACE,aACA,WACA;AACA,UAAM,UAAU,sBAAsB,YACnC,IAAI,CAAC,MAAM,GAAG,EAAE,KAAK,WAAM,EAAE,OAAO,EAAE,EACtC,KAAK,IAAI,CAAC;AACb,UAAM,SAAS,KAAK,oBAAoB,SAAS;AACjD,SAAK,OAAO;AACZ,SAAK,cAAc;AAAA,EACrB;AACF;AAGO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA;AAAA,EAEzC;AAAA,EAET,YAAY,YAAoB,WAAoB;AAClD;AAAA,MACE,oCAAoC,UAAU;AAAA,MAC9C;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,kBAAkB,SAAS;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;AClHA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAMjB,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGjB,YAA2B,EAAE,OAAO,GAAG,WAAW,GAAG,OAAO,EAAE;AAAA;AAAA,EAGrD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAET,YAAY,SAA+B;AACzC,SAAK,SAAS,QAAQ;AACtB,SAAK,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,OAAO,EAAE;AACtE,SAAK,UAAU,QAAQ,WAAW;AAClC,SAAK,aAAa,KAAK,IAAI,QAAQ,WAAW,GAAG,CAAC;AAClD,SAAK,UAAU,QAAQ,SAAS,WAAW;AAC3C,SAAK,YAAY,QAAQ;AACzB,SAAK,aAAa,QAAQ;AAE1B,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,SAAS,IAAI,cAAc,IAAI;AACpC,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,aAAa,IAAI,iBAAiB,IAAI;AAC3C,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,gBAAgB,IAAI;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QACJ,QACA,MACA,SAIY;AACZ,QAAI,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAGhC,QAAI,SAAS,QAAQ;AACnB,YAAM,eAAe,IAAI,gBAAgB;AACzC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACzD,YAAI,UAAU,QAAW;AACvB,uBAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,QACrC;AAAA,MACF;AACA,YAAM,KAAK,aAAa,SAAS;AACjC,UAAI,GAAI,QAAO,IAAI,EAAE;AAAA,IACvB;AAEA,UAAM,UAAkC;AAAA,MACtC,aAAa,KAAK;AAAA,MAClB,gBAAgB;AAAA,IAClB;AAEA,QAAI,YAA0B;AAE9B,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AACnE,YAAM,cAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,MAAM,SAAS,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,QACrD,QAAQ,WAAW;AAAA,MACrB;AACA,YAAM,YAAY,KAAK,IAAI;AAC3B,WAAK,YAAY,KAAK,WAAW;AAEjC,UAAI;AACF,cAAM,WAAW,MAAM,KAAK,QAAQ,KAAK,WAAW;AAEpD,qBAAa,SAAS;AACtB,aAAK,aAAa,UAAU,KAAK,IAAI,IAAI,SAAS;AAGlD,aAAK,YAAY;AAAA,UACf,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,UAC5D,WAAW;AAAA,YACT,SAAS,QAAQ,IAAI,uBAAuB,KAAK;AAAA,UACnD;AAAA,UACA,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,QAC9D;AAEA,cAAM,YACJ,SAAS,QAAQ,IAAI,cAAc,KAAK;AAE1C,YAAI,SAAS,IAAI;AACf,iBAAQ,MAAM,SAAS,KAAK;AAAA,QAC9B;AAGA,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO;AAAA,UACnD,OAAO,EAAE,MAAM,WAAW,SAAS,SAAS,WAAW;AAAA,QACzD,EAAE;AACF,cAAM,UAAW,UAAmH;AAEpI,gBAAQ,SAAS,QAAQ;AAAA,UACvB,KAAK;AACH,kBAAM,IAAI,oBAAoB,SAAS,SAAS,SAAS;AAAA,UAC3D,KAAK;AAGH,gBAAI,SAAS,SAAS,sBAAsB;AAC1C,oBAAM,UAAU;AAGhB,oBAAM,IAAI;AAAA,gBACR,QAAQ,WAAW;AAAA,gBACnB,QAAQ,OAAO,YAAY;AAAA,gBAC3B,QAAQ,OAAO,WAAW,CAAC;AAAA,gBAC3B;AAAA,cACF;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,UACF,KAAK;AACH,kBAAM,IAAI,cAAc,YAAY,MAAM,SAAS;AAAA,UACrD,KAAK;AACH,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,gBAClB,EAAE,OAAO,WAAW,SAAS,SAAS,WAAW,oBAAoB;AAAA,cACvE;AAAA,cACA;AAAA,YACF;AAAA,UACF,KAAK,KAAK;AACR,kBAAM,aAAa;AAAA,cACjB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAAA,YACzC;AACA,kBAAM,IAAI,eAAe,YAAY,SAAS;AAAA,UAChD;AAAA,UACA;AACE,gBAAI,SAAS,UAAU,OAAO,UAAU,KAAK,YAAY;AAEvD,0BAAY,IAAI,cAAc,SAAS,SAAS,SAAS;AACzD,oBAAM,KAAK,MAAM,KAAK,IAAI,GAAG,OAAO,IAAI,GAAI;AAC5C;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS;AAAA,cACT,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,QACJ;AAAA,MACF,SAAS,KAAK;AACZ,qBAAa,SAAS;AACtB,YAAI,eAAe,gBAAiB,OAAM;AAC1C,YAAK,IAAc,SAAS,cAAc;AACxC,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,cAAc,8BAA8B;AAAA,EACrE;AAAA,EAEQ,MAAM,IAA2B;AACvC,WAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA,EACzD;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACqC;AACrC,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa;AAAA,MAC7C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA8C;AACtD,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,EAAE,EAAE;AAAA,EACrD;AAAA,EAEA,MAAM,OACJ,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,MACnD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA4C;AACpD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW,EAAE,EAAE;AAAA,EACnD;AAAA,EAEA,MAAM,aACJ,IACA,MACgC;AAChC,WAAO,KAAK,OAAO,QAAQ,SAAS,WAAW,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACrE;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,iBAAiB;AAAA,MACjD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KAAK,QAAoE;AAC7E,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,eAAe,EAAE,MAAM,KAAK,CAAC;AAAA,EAClE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,eAAe,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,eAAe,EAAE,EAAE;AAAA,EAC1D;AAAA,EAEA,MAAM,QAAoD;AACxD,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,EACvD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,cAAc,EAAE,MAAM,KAAK,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,cAAc,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACxE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,cAAc,EAAE,EAAE;AAAA,EACzD;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,MAAsC;AAC1C,WAAO,KAAK,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAC5C;AACF;AAGA,IAAM,oBAAN,MAAwB;AAAA,EACtB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,IAAI,WAA2D;AACnE,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,SAAS,YAAY;AAAA,EACtE;AAAA,EAEA,MAAM,OACJ,WACA,MACwC;AACxC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,SAAS,cAAc;AAAA,MACtE,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,OAA4C;AAChD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,MAA6D;AACxE,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/client/errors.ts","../../src/client/whatalo-client.ts"],"sourcesContent":["/**\n * Base error for all SDK errors.\n * Contains the HTTP status code and a machine-readable error code.\n */\nexport class WhataloAPIError extends Error {\n readonly statusCode: number;\n readonly code: string;\n readonly requestId?: string;\n\n constructor(\n message: string,\n statusCode: number,\n code: string,\n requestId?: string\n ) {\n super(message);\n this.name = \"WhataloAPIError\";\n this.statusCode = statusCode;\n this.code = code;\n this.requestId = requestId;\n }\n}\n\n/** 401 — Invalid or missing API key */\nexport class AuthenticationError extends WhataloAPIError {\n constructor(\n message = \"Invalid or missing API key\",\n requestId?: string\n ) {\n super(message, 401, \"authentication_error\", requestId);\n this.name = \"AuthenticationError\";\n }\n}\n\n/** 403 — API key lacks required permission scope */\nexport class AuthorizationError extends WhataloAPIError {\n readonly requiredScope: string;\n\n constructor(\n message: string,\n requiredScope: string,\n requestId?: string\n ) {\n super(message, 403, \"authorization_error\", requestId);\n this.name = \"AuthorizationError\";\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * 403 — Installation does not have the required permission scope.\n *\n * Thrown when the merchant has not granted a scope that the current\n * API call requires. This is distinct from AuthorizationError:\n * - AuthorizationError = generic 403 (could be any auth reason)\n * - InsufficientScopeError = specific scope missing from granted_scopes\n *\n * The `requiredScope` field tells the developer exactly which scope to add\n * to their plugin manifest so they can request merchant re-consent.\n *\n * Example:\n * try {\n * await client.customers.list()\n * } catch (err) {\n * if (err instanceof InsufficientScopeError) {\n * console.error(`Add \"${err.requiredScope}\" to your manifest.`)\n * }\n * }\n */\nexport class InsufficientScopeError extends WhataloAPIError {\n /** The exact scope string missing from the installation's granted_scopes */\n readonly requiredScope: string;\n /** The scopes currently granted to this installation */\n readonly grantedScopes: string[];\n\n constructor(\n message: string,\n requiredScope: string,\n grantedScopes: string[],\n requestId?: string\n ) {\n super(message, 403, \"insufficient_scope\", requestId);\n this.name = \"InsufficientScopeError\";\n this.requiredScope = requiredScope;\n this.grantedScopes = grantedScopes;\n }\n}\n\n/** 404 — Resource not found */\nexport class NotFoundError extends WhataloAPIError {\n readonly resourceType: string;\n readonly resourceId: string;\n\n constructor(\n resourceType: string,\n resourceId: string,\n requestId?: string\n ) {\n super(\n `${resourceType} '${resourceId}' not found`,\n 404,\n \"not_found\",\n requestId\n );\n this.name = \"NotFoundError\";\n this.resourceType = resourceType;\n this.resourceId = resourceId;\n }\n}\n\n/** 422 — Request body validation failed */\nexport class ValidationError extends WhataloAPIError {\n readonly fieldErrors: Array<{ field: string; message: string }>;\n\n constructor(\n fieldErrors: Array<{ field: string; message: string }>,\n requestId?: string\n ) {\n const message = `Validation failed: ${fieldErrors\n .map((e) => `${e.field} — ${e.message}`)\n .join(\", \")}`;\n super(message, 422, \"validation_error\", requestId);\n this.name = \"ValidationError\";\n this.fieldErrors = fieldErrors;\n }\n}\n\n/** 429 — Rate limit exceeded */\nexport class RateLimitError extends WhataloAPIError {\n /** Seconds until the rate limit resets */\n readonly retryAfter: number;\n\n constructor(retryAfter: number, requestId?: string) {\n super(\n `Rate limit exceeded. Retry after ${retryAfter} seconds.`,\n 429,\n \"rate_limit_exceeded\",\n requestId\n );\n this.name = \"RateLimitError\";\n this.retryAfter = retryAfter;\n }\n}\n\n/** 500 — Server-side error */\nexport class InternalError extends WhataloAPIError {\n constructor(\n message = \"An internal error occurred\",\n requestId?: string\n ) {\n super(message, 500, \"internal_error\", requestId);\n this.name = \"InternalError\";\n }\n}\n","import type {\n WhataloClientOptions,\n RateLimitInfo,\n PaginatedResponse,\n SingleResponse,\n Product,\n Order,\n Customer,\n Category,\n Discount,\n Store,\n InventoryItem,\n Webhook,\n ListProductsParams,\n CreateProductParams,\n UpdateProductParams,\n ListOrdersParams,\n ListCustomersParams,\n ListCategoriesParams,\n CreateCategoryParams,\n UpdateCategoryParams,\n ListDiscountsParams,\n CreateDiscountParams,\n UpdateDiscountParams,\n UpsertWebhookParams,\n UpdateWebhookParams,\n AdjustInventoryParams,\n} from \"./types.js\";\nimport {\n WhataloAPIError,\n AuthenticationError,\n AuthorizationError,\n InsufficientScopeError,\n RateLimitError,\n InternalError,\n NotFoundError,\n ValidationError,\n} from \"./errors.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.whatalo.com/v1\";\nconst DEFAULT_TIMEOUT = 30_000;\n\n/**\n * Official TypeScript client for the Whatalo REST API.\n * Zero runtime dependencies — uses native fetch.\n */\nexport class WhataloClient {\n private readonly apiKey: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly maxRetries: number;\n private readonly fetchFn: typeof globalThis.fetch;\n private readonly onRequest?: (url: string, init: RequestInit) => void;\n private readonly onResponse?: (response: Response, durationMs: number) => void;\n\n /** Rate limit info from the most recent API response */\n rateLimit: RateLimitInfo = { limit: 0, remaining: 0, reset: 0 };\n\n /** Product resource methods */\n readonly products: ProductResource;\n /** Order resource methods */\n readonly orders: OrderResource;\n /** Customer resource methods */\n readonly customers: CustomerResource;\n /** Category resource methods */\n readonly categories: CategoryResource;\n /** Discount resource methods */\n readonly discounts: DiscountResource;\n /** Store resource methods */\n readonly store: StoreResource;\n /** Inventory resource methods */\n readonly inventory: InventoryResource;\n /** Webhook resource methods */\n readonly webhooks: WebhookResource;\n\n constructor(options: WhataloClientOptions) {\n // Guard against accidental browser-side instantiation.\n // WhataloClient embeds the API key in every request — exposing it in\n // client-side JavaScript would allow any visitor to make authenticated\n // API calls on behalf of the merchant. Use sessionToken() on the frontend\n // and validate on the backend instead.\n if (typeof window !== \"undefined\" && typeof process === \"undefined\") {\n console.warn(\n \"[WhataloClient] WARNING: WhataloClient should only be used in server-side code. \" +\n \"Exposing your API key in browser JavaScript is a security risk. \" +\n \"Use whatalo.sessionToken() in your frontend and validate it on your backend.\"\n );\n }\n\n this.apiKey = options.apiKey;\n this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/$/, \"\");\n this.timeout = options.timeout ?? DEFAULT_TIMEOUT;\n this.maxRetries = Math.min(options.retries ?? 0, 3);\n this.fetchFn = options.fetch ?? globalThis.fetch;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n\n this.products = new ProductResource(this);\n this.orders = new OrderResource(this);\n this.customers = new CustomerResource(this);\n this.categories = new CategoryResource(this);\n this.discounts = new DiscountResource(this);\n this.store = new StoreResource(this);\n this.inventory = new InventoryResource(this);\n this.webhooks = new WebhookResource(this);\n }\n\n /**\n * Internal request method shared by all resource namespaces.\n * Handles headers, timeout, error parsing, and rate limit extraction.\n */\n async request<T>(\n method: string,\n path: string,\n options?: {\n body?: unknown;\n params?: Record<string, string | number | boolean | undefined>;\n }\n ): Promise<T> {\n let url = `${this.baseUrl}${path}`;\n\n // Add query params\n if (options?.params) {\n const searchParams = new URLSearchParams();\n for (const [key, value] of Object.entries(options.params)) {\n if (value !== undefined) {\n searchParams.set(key, String(value));\n }\n }\n const qs = searchParams.toString();\n if (qs) url += `?${qs}`;\n }\n\n const headers: Record<string, string> = {\n \"X-API-Key\": this.apiKey,\n \"Content-Type\": \"application/json\",\n };\n\n let lastError: Error | null = null;\n\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n const requestInit: RequestInit = {\n method,\n headers,\n body: options?.body ? JSON.stringify(options.body) : undefined,\n signal: controller.signal,\n };\n const startedAt = Date.now();\n this.onRequest?.(url, requestInit);\n\n try {\n const response = await this.fetchFn(url, requestInit);\n\n clearTimeout(timeoutId);\n this.onResponse?.(response, Date.now() - startedAt);\n\n // Extract rate limit headers\n this.rateLimit = {\n limit: Number(response.headers.get(\"X-RateLimit-Limit\") ?? 0),\n remaining: Number(\n response.headers.get(\"X-RateLimit-Remaining\") ?? 0\n ),\n reset: Number(response.headers.get(\"X-RateLimit-Reset\") ?? 0),\n };\n\n const requestId =\n response.headers.get(\"X-Request-Id\") ?? undefined;\n\n if (response.ok) {\n return (await response.json()) as T;\n }\n\n // Handle error responses\n const errorBody = await response.json().catch(() => ({\n error: { code: \"unknown\", message: response.statusText },\n }));\n const errData = (errorBody as { error?: { code?: string; message?: string; details?: Array<{ field: string; message: string }> } }).error;\n\n switch (response.status) {\n case 401:\n throw new AuthenticationError(errData?.message, requestId);\n case 403:\n // Distinguish between a specific scope denial and a generic 403.\n // insufficient_scope means the merchant never granted this permission.\n if (errData?.code === \"insufficient_scope\") {\n const details = errorBody as {\n error?: { required?: string; granted?: string[] };\n };\n throw new InsufficientScopeError(\n errData.message ?? \"Insufficient scope\",\n details.error?.required ?? \"\",\n details.error?.granted ?? [],\n requestId\n );\n }\n throw new AuthorizationError(\n errData?.message ?? \"Forbidden\",\n errData?.code ?? \"unknown_scope\",\n requestId\n );\n case 404:\n throw new NotFoundError(\"Resource\", path, requestId);\n case 422:\n throw new ValidationError(\n errData?.details ?? [\n { field: \"unknown\", message: errData?.message ?? \"Validation failed\" },\n ],\n requestId\n );\n case 429: {\n const retryAfter = Number(\n response.headers.get(\"Retry-After\") ?? 60\n );\n throw new RateLimitError(retryAfter, requestId);\n }\n default:\n if (response.status >= 500 && attempt < this.maxRetries) {\n // Retry on 5xx\n lastError = new InternalError(errData?.message, requestId);\n await this.sleep(Math.pow(2, attempt) * 1000);\n continue;\n }\n throw new WhataloAPIError(\n errData?.message ?? \"API error\",\n response.status,\n errData?.code ?? \"unknown\",\n requestId\n );\n }\n } catch (err) {\n clearTimeout(timeoutId);\n if (err instanceof WhataloAPIError) throw err;\n if ((err as Error).name === \"AbortError\") {\n throw new WhataloAPIError(\n \"Request timed out\",\n 408,\n \"timeout\"\n );\n }\n throw err;\n }\n }\n\n throw lastError ?? new InternalError(\"Request failed after retries\");\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n }\n}\n\n/** Products API namespace */\nclass ProductResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListProductsParams\n ): Promise<PaginatedResponse<Product>> {\n return this.client.request(\"GET\", \"/products\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Product>> {\n return this.client.request(\"GET\", `/products/${id}`);\n }\n\n async create(\n data: CreateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"POST\", \"/products\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateProductParams\n ): Promise<SingleResponse<Product>> {\n return this.client.request(\"PATCH\", `/products/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/products/${id}`);\n }\n\n async count(\n status?: \"active\" | \"inactive\" | \"all\"\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/products/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Orders API namespace */\nclass OrderResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListOrdersParams\n ): Promise<PaginatedResponse<Order>> {\n return this.client.request(\"GET\", \"/orders\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Order>> {\n return this.client.request(\"GET\", `/orders/${id}`);\n }\n\n async updateStatus(\n id: string,\n data: { status: string }\n ): Promise<SingleResponse<Order>> {\n return this.client.request(\"PATCH\", `/orders/${id}`, { body: data });\n }\n\n async count(\n status?: string\n ): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/orders/count\", {\n params: status ? { status } : undefined,\n });\n }\n}\n\n/** Customers API namespace */\nclass CustomerResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(params?: ListCustomersParams): Promise<PaginatedResponse<Customer>> {\n return this.client.request(\"GET\", \"/customers\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Customer>> {\n return this.client.request(\"GET\", `/customers/${id}`);\n }\n}\n\n/** Categories API namespace */\nclass CategoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListCategoriesParams\n ): Promise<PaginatedResponse<Category>> {\n return this.client.request(\"GET\", \"/categories\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Category>> {\n return this.client.request(\"GET\", `/categories/${id}`);\n }\n\n async create(\n data: CreateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"POST\", \"/categories\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateCategoryParams\n ): Promise<SingleResponse<Category>> {\n return this.client.request(\"PATCH\", `/categories/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/categories/${id}`);\n }\n\n async count(): Promise<SingleResponse<{ count: number }>> {\n return this.client.request(\"GET\", \"/categories/count\");\n }\n}\n\n/** Discounts API namespace */\nclass DiscountResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(\n params?: ListDiscountsParams\n ): Promise<PaginatedResponse<Discount>> {\n return this.client.request(\"GET\", \"/discounts\", {\n params: params as Record<string, string | number | boolean | undefined>,\n });\n }\n\n async get(id: string): Promise<SingleResponse<Discount>> {\n return this.client.request(\"GET\", `/discounts/${id}`);\n }\n\n async create(\n data: CreateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"POST\", \"/discounts\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateDiscountParams\n ): Promise<SingleResponse<Discount>> {\n return this.client.request(\"PATCH\", `/discounts/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/discounts/${id}`);\n }\n}\n\n/** Store API namespace */\nclass StoreResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(): Promise<SingleResponse<Store>> {\n return this.client.request(\"GET\", \"/store\");\n }\n}\n\n/** Inventory API namespace */\nclass InventoryResource {\n constructor(private readonly client: WhataloClient) {}\n\n async get(productId: string): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"GET\", `/products/${productId}/inventory`);\n }\n\n async adjust(\n productId: string,\n data: AdjustInventoryParams\n ): Promise<SingleResponse<InventoryItem>> {\n return this.client.request(\"PATCH\", `/products/${productId}/inventory`, {\n body: data,\n });\n }\n}\n\n/** Webhooks API namespace */\nclass WebhookResource {\n constructor(private readonly client: WhataloClient) {}\n\n async list(): Promise<PaginatedResponse<Webhook>> {\n return this.client.request(\"GET\", \"/webhooks\");\n }\n\n async create(data: UpsertWebhookParams): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"POST\", \"/webhooks\", { body: data });\n }\n\n async update(\n id: string,\n data: UpdateWebhookParams\n ): Promise<SingleResponse<Webhook>> {\n return this.client.request(\"PATCH\", `/webhooks/${id}`, { body: data });\n }\n\n async delete(id: string): Promise<SingleResponse<{ deleted: boolean }>> {\n return this.client.request(\"DELETE\", `/webhooks/${id}`);\n }\n}\n"],"mappings":";AAIO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,SACA,YACA,MACA,WACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AACF;AAGO,IAAM,sBAAN,cAAkC,gBAAgB;AAAA,EACvD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,wBAAwB,SAAS;AACrD,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,qBAAN,cAAiC,gBAAgB;AAAA,EAC7C;AAAA,EAET,YACE,SACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,uBAAuB,SAAS;AACpD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AAAA,EACvB;AACF;AAsBO,IAAM,yBAAN,cAAqC,gBAAgB;AAAA;AAAA,EAEjD;AAAA;AAAA,EAEA;AAAA,EAET,YACE,SACA,eACA,eACA,WACA;AACA,UAAM,SAAS,KAAK,sBAAsB,SAAS;AACnD,SAAK,OAAO;AACZ,SAAK,gBAAgB;AACrB,SAAK,gBAAgB;AAAA,EACvB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACxC;AAAA,EACA;AAAA,EAET,YACE,cACA,YACA,WACA;AACA;AAAA,MACE,GAAG,YAAY,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,eAAe;AACpB,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,kBAAN,cAA8B,gBAAgB;AAAA,EAC1C;AAAA,EAET,YACE,aACA,WACA;AACA,UAAM,UAAU,sBAAsB,YACnC,IAAI,CAAC,MAAM,GAAG,EAAE,KAAK,WAAM,EAAE,OAAO,EAAE,EACtC,KAAK,IAAI,CAAC;AACb,UAAM,SAAS,KAAK,oBAAoB,SAAS;AACjD,SAAK,OAAO;AACZ,SAAK,cAAc;AAAA,EACrB;AACF;AAGO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA;AAAA,EAEzC;AAAA,EAET,YAAY,YAAoB,WAAoB;AAClD;AAAA,MACE,oCAAoC,UAAU;AAAA,MAC9C;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YACE,UAAU,8BACV,WACA;AACA,UAAM,SAAS,KAAK,kBAAkB,SAAS;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;AClHA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAMjB,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGjB,YAA2B,EAAE,OAAO,GAAG,WAAW,GAAG,OAAO,EAAE;AAAA;AAAA,EAGrD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAET,YAAY,SAA+B;AAMzC,QAAI,OAAO,WAAW,eAAe,OAAO,YAAY,aAAa;AACnE,cAAQ;AAAA,QACN;AAAA,MAGF;AAAA,IACF;AAEA,SAAK,SAAS,QAAQ;AACtB,SAAK,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,OAAO,EAAE;AACtE,SAAK,UAAU,QAAQ,WAAW;AAClC,SAAK,aAAa,KAAK,IAAI,QAAQ,WAAW,GAAG,CAAC;AAClD,SAAK,UAAU,QAAQ,SAAS,WAAW;AAC3C,SAAK,YAAY,QAAQ;AACzB,SAAK,aAAa,QAAQ;AAE1B,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,SAAS,IAAI,cAAc,IAAI;AACpC,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,aAAa,IAAI,iBAAiB,IAAI;AAC3C,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,gBAAgB,IAAI;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QACJ,QACA,MACA,SAIY;AACZ,QAAI,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAGhC,QAAI,SAAS,QAAQ;AACnB,YAAM,eAAe,IAAI,gBAAgB;AACzC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACzD,YAAI,UAAU,QAAW;AACvB,uBAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,QACrC;AAAA,MACF;AACA,YAAM,KAAK,aAAa,SAAS;AACjC,UAAI,GAAI,QAAO,IAAI,EAAE;AAAA,IACvB;AAEA,UAAM,UAAkC;AAAA,MACtC,aAAa,KAAK;AAAA,MAClB,gBAAgB;AAAA,IAClB;AAEA,QAAI,YAA0B;AAE9B,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AACnE,YAAM,cAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,MAAM,SAAS,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,QACrD,QAAQ,WAAW;AAAA,MACrB;AACA,YAAM,YAAY,KAAK,IAAI;AAC3B,WAAK,YAAY,KAAK,WAAW;AAEjC,UAAI;AACF,cAAM,WAAW,MAAM,KAAK,QAAQ,KAAK,WAAW;AAEpD,qBAAa,SAAS;AACtB,aAAK,aAAa,UAAU,KAAK,IAAI,IAAI,SAAS;AAGlD,aAAK,YAAY;AAAA,UACf,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,UAC5D,WAAW;AAAA,YACT,SAAS,QAAQ,IAAI,uBAAuB,KAAK;AAAA,UACnD;AAAA,UACA,OAAO,OAAO,SAAS,QAAQ,IAAI,mBAAmB,KAAK,CAAC;AAAA,QAC9D;AAEA,cAAM,YACJ,SAAS,QAAQ,IAAI,cAAc,KAAK;AAE1C,YAAI,SAAS,IAAI;AACf,iBAAQ,MAAM,SAAS,KAAK;AAAA,QAC9B;AAGA,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO;AAAA,UACnD,OAAO,EAAE,MAAM,WAAW,SAAS,SAAS,WAAW;AAAA,QACzD,EAAE;AACF,cAAM,UAAW,UAAmH;AAEpI,gBAAQ,SAAS,QAAQ;AAAA,UACvB,KAAK;AACH,kBAAM,IAAI,oBAAoB,SAAS,SAAS,SAAS;AAAA,UAC3D,KAAK;AAGH,gBAAI,SAAS,SAAS,sBAAsB;AAC1C,oBAAM,UAAU;AAGhB,oBAAM,IAAI;AAAA,gBACR,QAAQ,WAAW;AAAA,gBACnB,QAAQ,OAAO,YAAY;AAAA,gBAC3B,QAAQ,OAAO,WAAW,CAAC;AAAA,gBAC3B;AAAA,cACF;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,UACF,KAAK;AACH,kBAAM,IAAI,cAAc,YAAY,MAAM,SAAS;AAAA,UACrD,KAAK;AACH,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,gBAClB,EAAE,OAAO,WAAW,SAAS,SAAS,WAAW,oBAAoB;AAAA,cACvE;AAAA,cACA;AAAA,YACF;AAAA,UACF,KAAK,KAAK;AACR,kBAAM,aAAa;AAAA,cACjB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAAA,YACzC;AACA,kBAAM,IAAI,eAAe,YAAY,SAAS;AAAA,UAChD;AAAA,UACA;AACE,gBAAI,SAAS,UAAU,OAAO,UAAU,KAAK,YAAY;AAEvD,0BAAY,IAAI,cAAc,SAAS,SAAS,SAAS;AACzD,oBAAM,KAAK,MAAM,KAAK,IAAI,GAAG,OAAO,IAAI,GAAI;AAC5C;AAAA,YACF;AACA,kBAAM,IAAI;AAAA,cACR,SAAS,WAAW;AAAA,cACpB,SAAS;AAAA,cACT,SAAS,QAAQ;AAAA,cACjB;AAAA,YACF;AAAA,QACJ;AAAA,MACF,SAAS,KAAK;AACZ,qBAAa,SAAS;AACtB,YAAI,eAAe,gBAAiB,OAAM;AAC1C,YAAK,IAAc,SAAS,cAAc;AACxC,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,cAAc,8BAA8B;AAAA,EACrE;AAAA,EAEQ,MAAM,IAA2B;AACvC,WAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA,EACzD;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACqC;AACrC,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa;AAAA,MAC7C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA8C;AACtD,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,EAAE,EAAE;AAAA,EACrD;AAAA,EAEA,MAAM,OACJ,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,MACnD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA4C;AACpD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW,EAAE,EAAE;AAAA,EACnD;AAAA,EAEA,MAAM,aACJ,IACA,MACgC;AAChC,WAAO,KAAK,OAAO,QAAQ,SAAS,WAAW,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACrE;AAAA,EAEA,MAAM,MACJ,QAC4C;AAC5C,WAAO,KAAK,OAAO,QAAQ,OAAO,iBAAiB;AAAA,MACjD,QAAQ,SAAS,EAAE,OAAO,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KAAK,QAAoE;AAC7E,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,eAAe,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,eAAe,EAAE,MAAM,KAAK,CAAC;AAAA,EAClE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,eAAe,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,eAAe,EAAE,EAAE;AAAA,EAC1D;AAAA,EAEA,MAAM,QAAoD;AACxD,WAAO,KAAK,OAAO,QAAQ,OAAO,mBAAmB;AAAA,EACvD;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,KACJ,QACsC;AACtC,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc;AAAA,MAC9C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,IAA+C;AACvD,WAAO,KAAK,OAAO,QAAQ,OAAO,cAAc,EAAE,EAAE;AAAA,EACtD;AAAA,EAEA,MAAM,OACJ,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,QAAQ,cAAc,EAAE,MAAM,KAAK,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,OACJ,IACA,MACmC;AACnC,WAAO,KAAK,OAAO,QAAQ,SAAS,cAAc,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACxE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,cAAc,EAAE,EAAE;AAAA,EACzD;AACF;AAGA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,MAAsC;AAC1C,WAAO,KAAK,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAC5C;AACF;AAGA,IAAM,oBAAN,MAAwB;AAAA,EACtB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,IAAI,WAA2D;AACnE,WAAO,KAAK,OAAO,QAAQ,OAAO,aAAa,SAAS,YAAY;AAAA,EACtE;AAAA,EAEA,MAAM,OACJ,WACA,MACwC;AACxC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,SAAS,cAAc;AAAA,MACtE,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAGA,IAAM,kBAAN,MAAsB;AAAA,EACpB,YAA6B,QAAuB;AAAvB;AAAA,EAAwB;AAAA,EAErD,MAAM,OAA4C;AAChD,WAAO,KAAK,OAAO,QAAQ,OAAO,WAAW;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,MAA6D;AACxE,WAAO,KAAK,OAAO,QAAQ,QAAQ,aAAa,EAAE,MAAM,KAAK,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,OACJ,IACA,MACkC;AAClC,WAAO,KAAK,OAAO,QAAQ,SAAS,aAAa,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,OAAO,IAA2D;AACtE,WAAO,KAAK,OAAO,QAAQ,UAAU,aAAa,EAAE,EAAE;AAAA,EACxD;AACF;","names":[]}
package/dist/index.cjs CHANGED
@@ -23,6 +23,7 @@ __export(src_exports, {
23
23
  AuthenticationError: () => AuthenticationError,
24
24
  AuthorizationError: () => AuthorizationError,
25
25
  BILLING_OPERATION: () => BILLING_OPERATION,
26
+ DATA_RESOURCE_SCOPE: () => DATA_RESOURCE_SCOPE,
26
27
  InternalError: () => InternalError,
27
28
  ManifestValidationError: () => ManifestValidationError,
28
29
  NotFoundError: () => NotFoundError,
@@ -31,10 +32,13 @@ __export(src_exports, {
31
32
  ValidationError: () => ValidationError,
32
33
  WhataloAPIError: () => WhataloAPIError,
33
34
  WhataloClient: () => WhataloClient,
35
+ clearSessionTokenCache: () => clearSessionTokenCache,
34
36
  defineApp: () => defineApp,
37
+ sessionToken: () => sessionToken,
35
38
  useAppBridge: () => useAppBridge,
36
39
  useWhataloAction: () => useWhataloAction,
37
40
  useWhataloContext: () => useWhataloContext,
41
+ useWhataloData: () => useWhataloData,
38
42
  verifyWebhook: () => verifyWebhook
39
43
  });
40
44
  module.exports = __toCommonJS(src_exports);
@@ -153,6 +157,11 @@ var WhataloClient = class {
153
157
  /** Webhook resource methods */
154
158
  webhooks;
155
159
  constructor(options) {
160
+ if (typeof window !== "undefined" && typeof process === "undefined") {
161
+ console.warn(
162
+ "[WhataloClient] WARNING: WhataloClient should only be used in server-side code. Exposing your API key in browser JavaScript is a security risk. Use whatalo.sessionToken() in your frontend and validate it on your backend."
163
+ );
164
+ }
156
165
  this.apiKey = options.apiKey;
157
166
  this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
158
167
  this.timeout = options.timeout ?? DEFAULT_TIMEOUT;
@@ -572,6 +581,13 @@ var import_react2 = require("react");
572
581
  var import_react = require("react");
573
582
 
574
583
  // src/bridge/types.ts
584
+ var DATA_RESOURCE_SCOPE = {
585
+ products: "read:products",
586
+ orders: "read:orders",
587
+ customers: "read:customers",
588
+ categories: "read:products"
589
+ // categories share the products scope
590
+ };
575
591
  var BILLING_OPERATION = {
576
592
  GET_PLANS: "getPlans",
577
593
  GET_SUBSCRIPTION: "getSubscription",
@@ -602,8 +618,9 @@ function attachInitListener() {
602
618
  if (event.source !== window.parent) return;
603
619
  if (!event.data || typeof event.data !== "object") return;
604
620
  if (event.data.type !== "whatalo:init") return;
605
- const origin = event.data.origin;
606
- if (typeof origin !== "string" || !origin) return;
621
+ const origin = event.origin;
622
+ if (typeof origin !== "string" || !origin || origin === "null") return;
623
+ if (parentOrigin !== null) return;
607
624
  parentOrigin = origin;
608
625
  for (const resolve of originResolvers) {
609
626
  resolve(origin);
@@ -611,6 +628,9 @@ function attachInitListener() {
611
628
  originResolvers.length = 0;
612
629
  });
613
630
  }
631
+ if (typeof window !== "undefined") {
632
+ attachInitListener();
633
+ }
614
634
  function useWhataloAction() {
615
635
  const pendingAcks = (0, import_react.useRef)(
616
636
  /* @__PURE__ */ new Map()
@@ -618,6 +638,7 @@ function useWhataloAction() {
618
638
  (0, import_react.useEffect)(() => {
619
639
  attachInitListener();
620
640
  const handleMessage = (event) => {
641
+ if (parentOrigin && event.origin !== parentOrigin) return;
621
642
  if (!event.data || typeof event.data !== "object") return;
622
643
  const msg = event.data;
623
644
  if (msg.type !== "whatalo:ack") return;
@@ -819,6 +840,172 @@ function useAppBridge() {
819
840
  };
820
841
  }
821
842
 
843
+ // src/bridge/session-token.ts
844
+ var cachedToken = null;
845
+ var inFlightRequest = null;
846
+ var REFRESH_BUFFER_SECONDS = 60;
847
+ var REQUEST_TIMEOUT_MS = 1e4;
848
+ function isCacheValid(cached) {
849
+ const nowSeconds = Math.floor(Date.now() / 1e3);
850
+ return cached.expiresAt - nowSeconds > REFRESH_BUFFER_SECONDS;
851
+ }
852
+ async function requestFromHost() {
853
+ const requestId = crypto.randomUUID();
854
+ const parentOrigin2 = await waitForParentOrigin();
855
+ return new Promise((resolve, reject) => {
856
+ const timeout = setTimeout(() => {
857
+ window.removeEventListener("message", handler);
858
+ reject(new Error("whatalo.sessionToken() timed out: no response from host"));
859
+ }, REQUEST_TIMEOUT_MS);
860
+ function handler(event) {
861
+ if (event.origin !== parentOrigin2) return;
862
+ if (!event.data || typeof event.data !== "object") return;
863
+ const msg = event.data;
864
+ if (msg.type !== "whatalo:session_token_response" || msg.requestId !== requestId) {
865
+ return;
866
+ }
867
+ clearTimeout(timeout);
868
+ window.removeEventListener("message", handler);
869
+ if (msg.error) {
870
+ reject(new Error(`Session token error: ${msg.error}`));
871
+ return;
872
+ }
873
+ if (typeof msg.token !== "string" || typeof msg.expiresAt !== "number") {
874
+ reject(new Error("Session token response missing token or expiresAt"));
875
+ return;
876
+ }
877
+ const nowSeconds = Math.floor(Date.now() / 1e3);
878
+ if (msg.expiresAt <= nowSeconds) {
879
+ reject(new Error("Host returned an already-expired session token"));
880
+ return;
881
+ }
882
+ resolve({ token: msg.token, expiresAt: msg.expiresAt });
883
+ }
884
+ window.addEventListener("message", handler);
885
+ window.parent.postMessage(
886
+ { type: "whatalo:session_token_request", requestId },
887
+ parentOrigin2
888
+ );
889
+ });
890
+ }
891
+ async function sessionToken() {
892
+ if (cachedToken && isCacheValid(cachedToken)) {
893
+ return cachedToken;
894
+ }
895
+ if (inFlightRequest) {
896
+ return inFlightRequest;
897
+ }
898
+ inFlightRequest = requestFromHost().then((result) => {
899
+ cachedToken = result;
900
+ return result;
901
+ }).finally(() => {
902
+ inFlightRequest = null;
903
+ });
904
+ return inFlightRequest;
905
+ }
906
+ function clearSessionTokenCache() {
907
+ cachedToken = null;
908
+ }
909
+
910
+ // src/bridge/use-whatalo-data.ts
911
+ var import_react3 = require("react");
912
+ function extractAckData(ack) {
913
+ if (!ack.success) {
914
+ throw new Error(ack.error ?? "Data request failed");
915
+ }
916
+ return ack.data;
917
+ }
918
+ function useWhataloData() {
919
+ const { sendAction } = useWhataloAction();
920
+ const fetchResource = (0, import_react3.useCallback)(
921
+ (resource, operation, params, id) => sendAction("data", {
922
+ resource,
923
+ operation,
924
+ ...id ? { id } : {},
925
+ ...params && Object.keys(params).length > 0 ? { params } : {}
926
+ }),
927
+ [sendAction]
928
+ );
929
+ const productsList = (0, import_react3.useCallback)(
930
+ async (params) => {
931
+ const ack = await fetchResource(
932
+ "products",
933
+ "list",
934
+ params
935
+ );
936
+ return extractAckData(ack);
937
+ },
938
+ [fetchResource]
939
+ );
940
+ const productsGet = (0, import_react3.useCallback)(
941
+ async (id) => {
942
+ const ack = await fetchResource("products", "get", void 0, id);
943
+ return extractAckData(ack);
944
+ },
945
+ [fetchResource]
946
+ );
947
+ const ordersList = (0, import_react3.useCallback)(
948
+ async (params) => {
949
+ const ack = await fetchResource(
950
+ "orders",
951
+ "list",
952
+ params
953
+ );
954
+ return extractAckData(ack);
955
+ },
956
+ [fetchResource]
957
+ );
958
+ const ordersGet = (0, import_react3.useCallback)(
959
+ async (id) => {
960
+ const ack = await fetchResource("orders", "get", void 0, id);
961
+ return extractAckData(ack);
962
+ },
963
+ [fetchResource]
964
+ );
965
+ const customersList = (0, import_react3.useCallback)(
966
+ async (params) => {
967
+ const ack = await fetchResource(
968
+ "customers",
969
+ "list",
970
+ params
971
+ );
972
+ return extractAckData(ack);
973
+ },
974
+ [fetchResource]
975
+ );
976
+ const customersGet = (0, import_react3.useCallback)(
977
+ async (id) => {
978
+ const ack = await fetchResource("customers", "get", void 0, id);
979
+ return extractAckData(ack);
980
+ },
981
+ [fetchResource]
982
+ );
983
+ const categoriesList = (0, import_react3.useCallback)(
984
+ async (params) => {
985
+ const ack = await fetchResource(
986
+ "categories",
987
+ "list",
988
+ params
989
+ );
990
+ return extractAckData(ack);
991
+ },
992
+ [fetchResource]
993
+ );
994
+ const categoriesGet = (0, import_react3.useCallback)(
995
+ async (id) => {
996
+ const ack = await fetchResource("categories", "get", void 0, id);
997
+ return extractAckData(ack);
998
+ },
999
+ [fetchResource]
1000
+ );
1001
+ return {
1002
+ products: { list: productsList, get: productsGet },
1003
+ orders: { list: ordersList, get: ordersGet },
1004
+ customers: { list: customersList, get: customersGet },
1005
+ categories: { list: categoriesList, get: categoriesGet }
1006
+ };
1007
+ }
1008
+
822
1009
  // src/index.ts
823
1010
  var SDK_VERSION = "0.0.1";
824
1011
  // Annotate the CommonJS export names for ESM import in node:
@@ -826,6 +1013,7 @@ var SDK_VERSION = "0.0.1";
826
1013
  AuthenticationError,
827
1014
  AuthorizationError,
828
1015
  BILLING_OPERATION,
1016
+ DATA_RESOURCE_SCOPE,
829
1017
  InternalError,
830
1018
  ManifestValidationError,
831
1019
  NotFoundError,
@@ -834,10 +1022,13 @@ var SDK_VERSION = "0.0.1";
834
1022
  ValidationError,
835
1023
  WhataloAPIError,
836
1024
  WhataloClient,
1025
+ clearSessionTokenCache,
837
1026
  defineApp,
1027
+ sessionToken,
838
1028
  useAppBridge,
839
1029
  useWhataloAction,
840
1030
  useWhataloContext,
1031
+ useWhataloData,
841
1032
  verifyWebhook
842
1033
  });
843
1034
  //# sourceMappingURL=index.cjs.map