@zkp2p/sdk 0.0.12 → 0.0.13

package/README.md

@@ -136,7 +136,8 @@ const walletClient = createWalletClient({
 const client = new OfframpClient({
   walletClient,
   chainId: base.id,
-  apiKey: 'YOUR_API_KEY', // Optional for API operations
+  apiKey: 'YOUR_CURATOR_API_KEY', // For curator API (createDeposit, signalIntent, etc.)
+  indexerApiKey: 'YOUR_INDEXER_KEY', // For indexer proxy (x-api-key header)
 });
 
 // Optional: keep indexer auth fresh in long-lived clients
@@ -147,16 +148,19 @@ const getFreshAuthToken = async () => {
 const clientWithTokenProvider = new OfframpClient({
   walletClient,
   chainId: base.id,
-  getAuthorizationToken: getFreshAuthToken,
+  getAuthorizationToken: getFreshAuthToken, // Bearer token per indexer request
 });
 ```
 
 ### Authentication Behavior
 
 - Indexer authentication is optional. `client.indexer.*` works without auth unless your backend policy requires it.
-- `authorizationToken` is used by API adapter methods like `getQuote()`, `getTakerTier()`, and API-backed deposit flows.
+- The indexer accepts two auth methods:
+  - **Bearer token** — set via `authorizationToken` (static) or `getAuthorizationToken` (per-request). Sent as `Authorization: Bearer <token>`.
+  - **Indexer API key** — set via `indexerApiKey`. Sent as `x-api-key: <key>`. Separate from the curator `apiKey`.
+- `authorizationToken` is also used by API adapter methods like `getQuote()`, `getTakerTier()`, and API-backed deposit flows.
 - `getAuthorizationToken` is used by indexer requests (`client.indexer.*`) and is called per request.
-- If both are provided, `getAuthorizationToken` is used for indexer requests while `authorizationToken` remains available for API adapter methods.
+- If both bearer and indexer API key are provided, both headers are sent.
 - If `getAuthorizationToken` throws, indexer requests continue without an `Authorization` header.
 - Authenticated requests may receive different limits or entitlements depending on backend policy.
 

package/dist/{Zkp2pClient-D-5XTy87.d.mts → Zkp2pClient-B0l_kPQB.d.mts}

@@ -344,6 +344,7 @@ type IndexerClientOptions = {
     authorizationToken?: string;
     getAuthorizationToken?: IndexerAuthTokenProvider;
     onAuthorizationTokenError?: (error: unknown) => void;
+    apiKey?: string;
 };
 declare class IndexerClient {
     private endpoint;
@@ -1107,7 +1108,8 @@ type PaymentPlatformType = (typeof PAYMENT_PLATFORMS)[number];
  *   walletClient,
  *   chainId: 8453, // Base mainnet
  *   runtimeEnv: 'production',
- *   apiKey: 'your-api-key',
+ *   apiKey: 'your-curator-api-key',
+ *   indexerApiKey: 'your-indexer-key',
  * };
  * ```
  */
@@ -1124,12 +1126,14 @@ type Zkp2pNextOptions = {
     indexerUrl?: string;
     /** Base API URL for ZKP2P services (defaults to https://api.zkp2p.xyz) */
     baseApiUrl?: string;
-    /** API key for authenticated endpoints (required for createDeposit, signalIntent) */
+    /** Curator API key for authenticated endpoints like createDeposit, signalIntent (sent as x-api-key to curator) */
     apiKey?: string;
     /** Optional bearer token for hybrid authentication */
     authorizationToken?: string;
     /** Optional async token provider for indexer auth in long-lived clients */
     getAuthorizationToken?: IndexerAuthTokenProvider;
+    /** Optional API key for indexer proxy authentication (sent as x-api-key header) */
+    indexerApiKey?: string;
     /** Timeout configuration */
     timeouts?: {
         /** API call timeout in milliseconds (default: 15000) */

package/dist/{Zkp2pClient-D-5XTy87.d.ts → Zkp2pClient-B0l_kPQB.d.ts}

@@ -344,6 +344,7 @@ type IndexerClientOptions = {
     authorizationToken?: string;
     getAuthorizationToken?: IndexerAuthTokenProvider;
     onAuthorizationTokenError?: (error: unknown) => void;
+    apiKey?: string;
 };
 declare class IndexerClient {
     private endpoint;
@@ -1107,7 +1108,8 @@ type PaymentPlatformType = (typeof PAYMENT_PLATFORMS)[number];
  *   walletClient,
  *   chainId: 8453, // Base mainnet
  *   runtimeEnv: 'production',
- *   apiKey: 'your-api-key',
+ *   apiKey: 'your-curator-api-key',
+ *   indexerApiKey: 'your-indexer-key',
  * };
  * ```
  */
@@ -1124,12 +1126,14 @@ type Zkp2pNextOptions = {
     indexerUrl?: string;
     /** Base API URL for ZKP2P services (defaults to https://api.zkp2p.xyz) */
     baseApiUrl?: string;
-    /** API key for authenticated endpoints (required for createDeposit, signalIntent) */
+    /** Curator API key for authenticated endpoints like createDeposit, signalIntent (sent as x-api-key to curator) */
     apiKey?: string;
     /** Optional bearer token for hybrid authentication */
     authorizationToken?: string;
     /** Optional async token provider for indexer auth in long-lived clients */
     getAuthorizationToken?: IndexerAuthTokenProvider;
+    /** Optional API key for indexer proxy authentication (sent as x-api-key header) */
+    indexerApiKey?: string;
     /** Timeout configuration */
     timeouts?: {
         /** API call timeout in milliseconds (default: 15000) */

package/dist/index.cjs

@@ -3263,6 +3263,9 @@ var IndexerClient = class {
     if (token && !headers2.has("Authorization")) {
       headers2.set("Authorization", token.startsWith("Bearer ") ? token : `Bearer ${token}`);
     }
+    if (this.options.apiKey && !headers2.has("x-api-key")) {
+      headers2.set("x-api-key", this.options.apiKey);
+    }
     const res = await fetch(this.endpoint, {
       method: "POST",
       headers: headers2,
@@ -4702,7 +4705,8 @@ var Zkp2pClient = class {
     const indexerEndpoint = opts.indexerUrl ?? defaultIndexerEndpoint(this.runtimeEnv === "staging" ? "STAGING" : "PRODUCTION");
     this._indexerClient = new IndexerClient(indexerEndpoint, {
       authorizationToken: opts.authorizationToken,
-      getAuthorizationToken: opts.getAuthorizationToken
+      getAuthorizationToken: opts.getAuthorizationToken,
+      apiKey: opts.indexerApiKey
     });
     this._indexerService = new IndexerDepositService(this._indexerClient);
     this.baseApiUrl = opts.baseApiUrl;