hivewrite-sdk 1.1.45 → 1.1.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +72 -21
  2. package/bundle.min.js +1 -1
  3. package/index.d.ts +11 -10
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -50,7 +50,11 @@ const MyEditor = () => {
50
50
  useEffect(() => {
51
51
  if (containerRef.current) {
52
52
  hivewrite.init({
53
- apiKey: "your-api-key",
53
+ authorize: async () => {
54
+ // Best practice: Fetch from your backend to keep API key secure
55
+ const response = await fetch("/api/hivewrite/authorize");
56
+ return await response.json(); // Must return AuthData structure
57
+ },
54
58
  container: containerRef.current,
55
59
  mode: "FULL_EDITOR",
56
60
  theme: "dark",
@@ -75,7 +79,10 @@ const MyEditor = () => {
75
79
  <script src="https://cdn.jsdelivr.net/npm/hivewrite-sdk@latest/bundle.min.js"></script>
76
80
  <script>
77
81
  hivewrite.init({
78
- apiKey: "your-api-key",
82
+ authorize: async () => {
83
+ const response = await fetch("/api/hivewrite/authorize");
84
+ return await response.json();
85
+ },
79
86
  container: "#editor-container",
80
87
  mode: "FULL_EDITOR",
81
88
  theme: "dark",
@@ -100,14 +107,13 @@ Initializes and mounts the editor.
100
107
 
101
108
  | Parameter | Type | Required | Description |
102
109
  | :------------- | :---------------------- | :------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
103
- | `apiKey` | `string` | Yes | Your HiveWrite API Key |
110
+ | `authorize` | `() => Promise<AuthData>` | Yes | Callback function that returns authorization data (token and account info) |
104
111
  | `container` | `string \| HTMLElement` | Yes | CSS selector or DOM element to mount the editor |
105
112
  | `userId` | `string` | No | Unique identifier for the current user |
106
113
  | `mode` | `string` | Yes | `'FULL_EDITOR'`, `'DESIGN_ONLY'`, `'READ_ONLY'` |
107
114
  | `theme` | `string` | No | `'light'` (default) or `'dark'` |
108
115
  | `locale` | `string` | No | `'en'` (default), `'es'`, or `'fr'` |
109
116
  | `branding` | `object` | No | Custom white-labeling options (`primaryColor`, `secondaryColor`, `accentColor`, `logoUrl`, `customCSS`) |
110
- | `permissions` | `object` | No | Toggle features: `showExport`, `showAiMagic`, `showUploadImages`, `showSaveButton`, `showTemplateLibrary`, `showStarterTemplates`, `showHtmlImport` |
111
117
  | `mergeTags` | `array` | No | Array of `{ label, value }` for dynamic content |
112
118
  | `portalTarget` | `string` | No | `'window'` (default) or `'container'`. Controls where dialogs render. |
113
119
  | `callbacks` | `object` | No | Event hooks for SDK actions |
@@ -136,6 +142,68 @@ Initializes and mounts the editor.
136
142
 
137
143
  ---
138
144
 
145
+ ## 🔐 Authentication & Security
146
+
147
+ HiveWrite uses a callback-based authentication system to ensure your API keys are never exposed in the client-side code.
148
+
149
+ ### 1. The `authorize` Callback
150
+
151
+ You must provide an `authorize` function that returns a `Promise` resolving to `AuthData`.
152
+
153
+ ```javascript
154
+ import { EmailEditor } from "hivewrite-sdk";
155
+
156
+ EmailEditor.init({
157
+ authorize: async () => {
158
+ // Call your backend proxy
159
+ const res = await fetch("/api/hivewrite-auth");
160
+ return await res.json();
161
+ },
162
+ // ... other config
163
+ });
164
+ ```
165
+
166
+ ### 2. Backend Implementation (Recommended)
167
+
168
+ To keep your `pk_live_...` API key secure, implement a proxy endpoint on your server:
169
+
170
+ ```javascript
171
+ // Example Node.js/Express backend
172
+ app.get("/api/hivewrite-auth", async (req, res) => {
173
+ const response = await fetch("http://172.184.146.100/api/v1/authorize/", {
174
+ method: "POST",
175
+ headers: {
176
+ "Authorization": `Bearer ${process.env.HIVEWRITE_API_KEY}`,
177
+ "Content-Type": "application/json"
178
+ },
179
+ body: JSON.stringify({
180
+ origin: "http://your-app-domain.com" // Pass your app's origin for allowlisting
181
+ })
182
+ });
183
+
184
+ const authData = await response.json();
185
+ res.json(authData);
186
+ });
187
+ ```
188
+
189
+ ### 3. AuthData Structure
190
+
191
+ The `authorize` callback must return an object with the following structure:
192
+
193
+ ```typescript
194
+ {
195
+ access_token: string;
196
+ refresh_token: string;
197
+ expires_in: number;
198
+ account: {
199
+ id: string;
200
+ plan: string;
201
+ }
202
+ }
203
+ ```
204
+
205
+ ---
206
+
139
207
  ## 📤 Export Options
140
208
 
141
209
  ### Export to HTML
@@ -193,23 +261,6 @@ branding: {
193
261
 
194
262
  ---
195
263
 
196
- ## 🔐 Permissions
197
-
198
- Control what features are available:
199
-
200
- ```javascript
201
- permissions: {
202
- showExport: true, // Allow HTML export
203
- showUploadImages: true, // Enable image uploads
204
- showAiMagic: true, // Enable AI features
205
- showSaveButton: true, // Show the built-in save button
206
- showTemplateLibrary: true, // Show template library
207
- showStarterTemplates: true // Show starter templates
208
- }
209
- ```
210
-
211
- ---
212
-
213
264
  ## 🏷️ Merge Tags
214
265
 
215
266
  Add dynamic content placeholders: