npm - shieldpay-api-sdkjs - Versions diffs - 2.0.0 → 2.0.2 - Mend

shieldpay-api-sdkjs 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,22 +1,22 @@
-# shieldpay-sdk
+# shieldpay-api-sdkjs
-Official JavaScript/TypeScript SDK for the [ShieldPay API](https://hnow.info).
+Official JavaScript/TypeScript SDK for the [ShieldPay API](https://fixle.ch/shieldpay/).
 Anti-spam, VPN blocking, email authentication, and PayPal payments — all in one package.
 ## Install
 ```bash
-npm install shieldpay-sdk
+npm install shieldpay-api-sdkjs
 ```
 ## Quick Start
 ```js
-import { ShieldPay } from 'shieldpay-sdk'
+import { ShieldPay } from 'shieldpay-api-sdkjs'
 const sp = new ShieldPay({ apiKey: 'sk_live_YOUR_KEY' })
-// All calls go to: https://hnow.info/api/worker=sk_live_YOUR_KEY/...
+// All calls go to: https://fixle.ch/shieldpay/api/worker=sk_live_YOUR_KEY/...
 // Create a PayPal payment
 const order = await sp.payment.create({
@@ -43,9 +43,9 @@ const { verified } = await sp.auth.verifyToken(token)
 Your API key is embedded in the URL — no headers needed:
 ```
-https://hnow.info/api/worker=sk_live_YOUR_KEY/payment/create
-https://hnow.info/api/worker=sk_live_YOUR_KEY/security/check-ip
-https://hnow.info/api/worker=sk_live_YOUR_KEY/me
+https://fixle.ch/shieldpay/api/worker=sk_live_YOUR_KEY/payment/create
+https://fixle.ch/shieldpay/api/worker=sk_live_YOUR_KEY/security/check-ip
+https://fixle.ch/shieldpay/api/worker=sk_live_YOUR_KEY/me
 ```
 ## Plans
@@ -60,4 +60,4 @@ https://hnow.info/api/worker=sk_live_YOUR_KEY/me
 ## Docs
-Full documentation: [https://hnow.info/SDK/docs/](https://hnow.info/SDK/docs/)
+Full documentation: [https://fixle.ch/shieldpay/SDK/docs/](https://fixle.ch/shieldpay/SDK/docs/)

package/index.js CHANGED Viewed

@@ -1,18 +1,18 @@
 /**
- * shieldpay-sdk v2.0.0
+ * shieldpay-api-sdkjs v1.1.0
  * Official SDK for the ShieldPay API
  *
- * Install:  npm install shieldpay-sdk
- * Docs:     https://hnow.info/SDK/docs/
+ * Install:  npm i shieldpay-api-sdkjs
+ * Docs:     https://fixle.ch/shieldpay/SDK/docs/
  *
  * Usage:
- *   import { ShieldPay } from 'shieldpay-sdk'
+ *   import { ShieldPay } from 'shieldpay-api-sdkjs'
  *   const sp = new ShieldPay({ apiKey: 'sk_live_xxx' })
- *   // SDK calls: https://hnow.info/api/worker=sk_live_xxx/{endpoint}
+ *   // SDK calls: https://fixle.ch/shieldpay/api/worker=sk_live_xxx/{endpoint}
  */
-const SDK_VERSION  = '2.0.0'
-const DEFAULT_BASE = 'https://hnow.info'
+const SDK_VERSION  = '1.1.0'
+const DEFAULT_BASE = 'https://fixle.ch/shieldpay'
 // ─── Main class ───────────────────────────────────────────────────────────────
@@ -42,7 +42,7 @@ export class ShieldPay {
   /**
    * Get the full API endpoint URL for a path.
-   * Format: https://hnow.info/api/worker={KEY}/{path}
+   * Format: https://fixle.ch/shieldpay/api/worker={KEY}/{path}
    */
   endpoint(path = '') {
     return `${this.#baseUrl}/api/worker=${encodeURIComponent(this.#apiKey)}${path}`
@@ -65,7 +65,7 @@ export class ShieldPay {
         ...options,
         headers: {
           'Content-Type':   'application/json',
-          'X-SDK-Version':  `shieldpay-sdk/${SDK_VERSION}`,
+          'X-SDK-Version':  `shieldpay-api-sdkjs/${SDK_VERSION}`,
           ...(options.headers || {}),
         },
         signal: controller.signal,
@@ -274,7 +274,7 @@ ShieldPay.register = async function(params, baseUrl = DEFAULT_BASE) {
   const url = `${baseUrl}/api/auth/register`
   const res = await fetch(url, {
     method:  'POST',
-    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-sdk/${SDK_VERSION}` },
+    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-api-sdkjs/${SDK_VERSION}` },
     body:    JSON.stringify({ company, email, password }),
   })
   const data = await res.json()
@@ -286,7 +286,7 @@ ShieldPay.verifyEmail = async function(token, baseUrl = DEFAULT_BASE) {
   const url = `${baseUrl}/api/auth/verify`
   const res = await fetch(url, {
     method:  'POST',
-    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-sdk/${SDK_VERSION}` },
+    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-api-sdkjs/${SDK_VERSION}` },
     body:    JSON.stringify({ token }),
   })
   const data = await res.json()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shieldpay-api-sdkjs",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "FIXLE SDK for the ShieldPay API — payments, anti-spam, VPN blocking and email auth",
   "main": "index.js",
   "module": "index.js",
@@ -14,13 +14,20 @@
   "scripts": {
     "test": "node test.js"
   },
-  "keywords": ["paypal", "payments", "anti-spam", "vpn-detection", "cloudflare-workers", "shieldpay"],
+  "keywords": [
+    "paypal",
+    "payments",
+    "anti-spam",
+    "vpn-detection",
+    "cloudflare-workers",
+    "shieldpay"
+  ],
   "author": "Fixle",
   "license": "MIT",
   "homepage": "https://fixle.ch/shieldpay/SDK/docs/",
   "repository": {
     "type": "git",
-    "url": "https://github.com/FixleCH/shieldpay-sdk"
+    "url": "https://github.com/FixleCH/shieldpay-api-sdkjs"
   },
   "engines": {
     "node": ">=18.0.0"

package/docs/index.html DELETED Viewed

@@ -1,412 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
-<title>ShieldPay SDK v2 — Docs</title>
-<link href="https://fonts.googleapis.com/css2?family=Syne:wght@700;800&family=DM+Mono:wght@400;500&family=DM+Sans:wght@300;400;500&display=swap" rel="stylesheet">
-<style>
-:root{--bg:#0a0a0f;--surface:#111118;--border:#1e1e2e;--accent:#7c6aff;--accent2:#00e5c0;--danger:#ff4e6a;--warn:#ffb347;--text:#e8e8f0;--muted:#6b6b80;--card:#13131f}
-*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
-body{background:var(--bg);color:var(--text);font-family:'DM Sans',sans-serif;display:flex;min-height:100vh;line-height:1.6}
-.sidebar{width:265px;border-right:1px solid var(--border);padding:0;flex-shrink:0;position:sticky;top:0;height:100vh;overflow-y:auto;background:var(--surface)}
-.sidebar-top{padding:1.5rem 1.5rem 1rem;border-bottom:1px solid var(--border)}
-.logo{font-family:'Syne',sans-serif;font-weight:800;font-size:1.15rem;color:var(--text);text-decoration:none;display:block;margin-bottom:.4rem}.logo span{color:var(--accent)}
-.version-chip{font-family:'DM Mono',monospace;font-size:.68rem;background:rgba(124,106,255,.12);border:1px solid rgba(124,106,255,.25);color:var(--accent);padding:.15rem .55rem;border-radius:100px}
-.nav-section{padding:.5rem 1.5rem .2rem;font-family:'DM Mono',monospace;font-size:.65rem;color:var(--muted);text-transform:uppercase;letter-spacing:.12em;margin-top:.5rem}
-.sidebar nav a{display:block;padding:.45rem 1.5rem;color:var(--muted);text-decoration:none;font-size:.84rem;border-left:2px solid transparent;transition:all .15s}
-.sidebar nav a:hover{color:var(--text);background:rgba(124,106,255,.04);text-decoration:none}
-.sidebar nav a.active{color:var(--text);border-left-color:var(--accent);background:rgba(124,106,255,.07)}
-.main{flex:1;padding:3.5rem 4rem;max-width:860px}
-h1{font-family:'Syne',sans-serif;font-size:2.3rem;font-weight:800;letter-spacing:-.04em;margin-bottom:.5rem}
-h2{font-family:'Syne',sans-serif;font-size:1.45rem;font-weight:800;letter-spacing:-.03em;margin:3rem 0 .9rem;padding-top:3rem;border-top:1px solid var(--border)}
-h2:first-of-type{border:none;padding:0;margin-top:1rem}
-h3{font-family:'Syne',sans-serif;font-size:1rem;font-weight:700;margin:1.6rem 0 .5rem;color:var(--accent2)}
-h4{font-family:'DM Mono',monospace;font-size:.85rem;font-weight:500;color:var(--text);margin:.8rem 0 .3rem}
-p{color:var(--muted);line-height:1.75;margin-bottom:.9rem;font-size:.93rem}
-a{color:var(--accent);text-decoration:none}a:hover{text-decoration:underline}
-pre{background:var(--card);border:1px solid var(--border);border-radius:10px;padding:1.25rem 1.5rem;overflow-x:auto;margin:1rem 0;font-family:'DM Mono',monospace;font-size:.81rem;line-height:1.75;position:relative}
-code{font-family:'DM Mono',monospace;font-size:.83rem;background:rgba(124,106,255,.1);padding:.12rem .38rem;border-radius:4px;color:var(--accent)}
-pre code{background:none;padding:0;color:inherit;font-size:inherit}
-.kw{color:var(--accent2)}.st{color:#ffcb6b}.nm{color:#f78c6c}.cm{color:#4a5568;font-style:italic}.prop{color:#82aaff}.type{color:#c792ea}
-.badge{display:inline-flex;align-items:center;padding:.18rem .55rem;border-radius:100px;font-family:'DM Mono',monospace;font-size:.7rem;font-weight:700;margin-left:.4rem;vertical-align:middle}
-.b-get{background:rgba(0,229,192,.08);color:var(--accent2);border:1px solid rgba(0,229,192,.25)}
-.b-post{background:rgba(124,106,255,.1);color:var(--accent);border:1px solid rgba(124,106,255,.25)}
-.b-pro{background:rgba(255,179,71,.08);color:var(--warn);border:1px solid rgba(255,179,71,.25)}
-.b-free{background:rgba(107,107,128,.1);color:var(--muted);border:1px solid var(--border)}
-table{width:100%;border-collapse:collapse;margin:1rem 0;font-size:.86rem}
-th{text-align:left;padding:.55rem .75rem;color:var(--muted);font-size:.72rem;font-family:'DM Mono',monospace;text-transform:uppercase;letter-spacing:.06em;border-bottom:1px solid var(--border)}
-td{padding:.6rem .75rem;border-bottom:1px solid rgba(30,30,46,.5);color:var(--text);vertical-align:top}
-tr:last-child td{border:none}
-.param-name{font-family:'DM Mono',monospace;font-size:.82rem;color:var(--accent2)}
-.param-type{font-family:'DM Mono',monospace;font-size:.78rem;color:var(--type, #c792ea)}
-.param-req{color:var(--danger);font-size:.75rem}
-.alert{padding:.8rem 1rem;border-radius:8px;font-size:.86rem;margin:1rem 0;line-height:1.6}
-.alert-info{background:rgba(124,106,255,.07);border:1px solid rgba(124,106,255,.2);color:var(--accent)}
-.alert-warn{background:rgba(255,179,71,.07);border:1px solid rgba(255,179,71,.2);color:var(--warn)}
-.alert-success{background:rgba(0,229,192,.07);border:1px solid rgba(0,229,192,.2);color:var(--accent2)}
-.endpoint-line{display:flex;align-items:center;gap:.6rem;margin:.4rem 0;font-family:'DM Mono',monospace;font-size:.8rem}
-.plan-grid{display:grid;grid-template-columns:1fr 1fr;gap:1rem;margin:1rem 0}
-.plan-box{background:var(--card);border:1px solid var(--border);border-radius:11px;padding:1.2rem}
-.plan-box.pro{border-color:rgba(124,106,255,.4)}
-.plan-box h4{font-family:'Syne',sans-serif;font-weight:700;font-size:.95rem;margin-bottom:.7rem}
-.plan-box ul{list-style:none;font-size:.85rem;color:var(--muted)}
-.plan-box li{padding:.25rem 0;display:flex;gap:.5rem}.ck{color:var(--accent2)}.cx{color:var(--danger)}
-hr{border:none;border-top:1px solid var(--border);margin:2rem 0}
-@media(max-width:768px){.sidebar{display:none}.main{padding:2rem 1.5rem}}
-</style>
-</head>
-<body>
-<aside class="sidebar">
-  <div class="sidebar-top">
-    <a href="/" class="logo">Shield<span>Pay</span></a>
-    <span class="version-chip">v2.0.0</span>
-  </div>
-  <nav>
-    <div class="nav-section">Getting Started</div>
-    <a href="#install">Installation</a>
-    <a href="#quickstart">Quick Start</a>
-    <a href="#endpoint">API Endpoint</a>
-    <a href="#register">Registration</a>
-    <div class="nav-section">SDK Modules</div>
-    <a href="#payment">payment</a>
-    <a href="#auth">auth</a>
-    <a href="#security">security</a>
-    <a href="#account">account</a>
-    <div class="nav-section">REST API</div>
-    <a href="#endpoints">All Endpoints</a>
-    <a href="#errors">Errors & Codes</a>
-    <a href="#ratelimits">Rate Limits</a>
-    <div class="nav-section">Plans</div>
-    <a href="#plans">Free vs Pro</a>
-    <a href="#fees">Fee Calculation</a>
-    <div class="nav-section">Integration</div>
-    <a href="#webhooks">Webhooks</a>
-    <a href="#fallback">Auto-Fallback</a>
-    <div class="nav-section">Links</div>
-    <a href="/panel.php">Dashboard ↗</a>
-    <a href="/admin.php">Admin ↗</a>
-    <a href="/">Home ↗</a>
-  </nav>
-</aside>
-<main class="main">
-<h1>ShieldPay SDK</h1>
-<p>The official JavaScript/TypeScript SDK for the ShieldPay API — payments, anti-spam, VPN blocking, and email authentication in one package.</p>
-<div class="alert alert-info">
-  <strong>Base URL:</strong> <code>https://hnow.info/api/worker={YOUR_API_KEY}/{endpoint}</code><br>
-  Your API key is embedded directly in the URL path — no separate Authorization header needed.
-</div>
-<!-- INSTALL -->
-<h2 id="install">Installation</h2>
-<pre><span class="cm"># npm</span>
-npm install shieldpay-sdk
-<span class="cm"># yarn</span>
-yarn add shieldpay-sdk
-<span class="cm"># pnpm</span>
-pnpm add shieldpay-sdk</pre>
-<p>Works in Node.js ≥18, Deno, Bun, Cloudflare Workers, and all modern browsers. Uses the native <code>fetch</code> API — no dependencies.</p>
-<!-- QUICKSTART -->
-<h2 id="quickstart">Quick Start</h2>
-<pre><span class="kw">import</span> { ShieldPay } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
-<span class="cm">// 1. Initialize with your API key from the dashboard</span>
-<span class="kw">const</span> sp = <span class="kw">new</span> ShieldPay({ apiKey: <span class="st">'sk_live_YOUR_KEY'</span> })
-<span class="cm">// → All calls go to: https://hnow.info/api/worker=sk_live_YOUR_KEY/...</span>
-<span class="cm">// 2. Create a PayPal order</span>
-<span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({
-  amount:      <span class="nm">49.99</span>,
-  currency:    <span class="st">'CHF'</span>,
-  description: <span class="st">'Premium subscription'</span>,
-  return_url:  <span class="st">'https://yoursite.com/payment/success'</span>,
-  cancel_url:  <span class="st">'https://yoursite.com/payment/cancel'</span>,
-})
-<span class="cm">// 3. Redirect user to PayPal for approval</span>
-window.location.href = order.approve_url
-<span class="cm">// 4. After PayPal redirects back, capture the payment</span>
-<span class="cm">// (in your return_url handler)</span>
-<span class="kw">const</span> captured = <span class="kw">await</span> sp.payment.capture(orderId)
-console.log(captured.status) <span class="cm">// "COMPLETED"</span></pre>
-<!-- ENDPOINT -->
-<h2 id="endpoint">API Endpoint Format</h2>
-<p>ShieldPay uses a custom URL pattern that embeds your API key directly in the path. This makes it easy to call from any HTTP client without custom headers:</p>
-<pre><span class="cm"># Pattern</span>
-https://hnow.info/api/worker=<span class="nm">{API_KEY}</span>/<span class="nm">{endpoint}</span>
-<span class="cm"># Examples</span>
-GET  https://hnow.info/api/worker=sk_live_abc/me
-POST https://hnow.info/api/worker=sk_live_abc/payment/create
-GET  https://hnow.info/api/worker=sk_live_abc/payment/status?order_id=XYZ
-POST https://hnow.info/api/worker=sk_live_abc/security/check-ip</pre>
-<p>The <code>X-API-Key</code> header is also accepted for clients that prefer header-based auth. The SDK handles both automatically.</p>
-<pre><span class="cm">// Get your full endpoint URL</span>
-<span class="kw">const</span> sp  = <span class="kw">new</span> ShieldPay({ apiKey: <span class="st">'sk_live_abc'</span> })
-<span class="kw">const</span> url = sp.endpoint(<span class="st">'/payment/create'</span>)
-<span class="cm">// → "https://hnow.info/api/worker=sk_live_abc/payment/create"</span></pre>
-<!-- REGISTER -->
-<h2 id="register">Registration & Email Verification</h2>
-<p>Register a company and verify their email to receive an API key. These are <strong>static methods</strong> — no API key instance needed.</p>
-<pre><span class="kw">import</span> { ShieldPay } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
-<span class="cm">// 1. Register (anti-spam + VPN check runs automatically)</span>
-<span class="kw">const</span> reg = <span class="kw">await</span> ShieldPay.register({
-  company:  <span class="st">'Acme Corp'</span>,
-  email:    <span class="st">'hello@acme.com'</span>,
-  password: <span class="st">'securepassword123'</span>,
-})
-<span class="cm">// → { ok: true, message: "Account created. Check your email to verify." }</span>
-<span class="cm">// 2. User clicks the link in their email, which contains the token.
-//    Your app then calls:</span>
-<span class="kw">const</span> verified = <span class="kw">await</span> ShieldPay.verifyEmail(<span class="st">'TOKEN_FROM_EMAIL_LINK'</span>)
-<span class="cm">// → {
-//     ok:           true,
-//     api_key:      "sk_live_abc123...",
-//     api_endpoint: "https://hnow.info/api/worker=sk_live_abc123",
-//     message:      "Email verified! Use your API key to authenticate."
-//   }</span>
-<span class="cm">// 3. Store api_key securely and initialize</span>
-<span class="kw">const</span> sp = <span class="kw">new</span> ShieldPay({ apiKey: verified.api_key })</pre>
-<!-- PAYMENT -->
-<h2 id="payment">payment module</h2>
-<p>All PayPal order operations. Free plan: 2% fee deducted per transaction. Pro plan: 0% fee.</p>
-<h3>payment.create(params) <span class="badge b-post">POST</span></h3>
-<table>
-  <tr><th>Param</th><th>Type</th><th>Required</th><th>Default</th><th>Description</th></tr>
-  <tr><td class="param-name">amount</td><td class="param-type">number</td><td class="param-req">✓</td><td>—</td><td>Amount to charge (e.g. <code>49.99</code>)</td></tr>
-  <tr><td class="param-name">currency</td><td class="param-type">string</td><td></td><td><code>'CHF'</code></td><td>ISO 4217 currency code</td></tr>
-  <tr><td class="param-name">description</td><td class="param-type">string</td><td></td><td>—</td><td>Order description shown on PayPal</td></tr>
-  <tr><td class="param-name">return_url</td><td class="param-type">string</td><td></td><td>Dashboard</td><td>Redirect URL after successful payment</td></tr>
-  <tr><td class="param-name">cancel_url</td><td class="param-type">string</td><td></td><td>Dashboard</td><td>Redirect URL if user cancels</td></tr>
-</table>
-<pre><span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({
-  amount:   <span class="nm">25.00</span>,
-  currency: <span class="st">'CHF'</span>,
-})
-<span class="cm">// Response (Free plan):</span>
-<span class="cm">// {</span>
-<span class="cm">//   ok:          true,</span>
-<span class="cm">//   order_id:    "9XW12345AB",</span>
-<span class="cm">//   approve_url: "https://www.paypal.com/checkoutnow?token=...",</span>
-<span class="cm">//   amount:      25.00,</span>
-<span class="cm">//   fee:         0.50,    // 2% — 0 on Pro</span>
-<span class="cm">//   net_amount:  24.50,</span>
-<span class="cm">//   currency:    "CHF",</span>
-<span class="cm">//   plan:        "free",</span>
-<span class="cm">//   fee_note:    "2% ShieldPay fee: CHF 0.50. Upgrade to Pro for 0% fees."</span>
-<span class="cm">// }</span></pre>
-<h3>payment.capture(orderId) <span class="badge b-post">POST</span></h3>
-<p>Finalizes a payment after the user approves it on PayPal. Call this in your <code>return_url</code> handler. On Pro plan, if this fails, auto-fallback is triggered automatically.</p>
-<pre><span class="kw">const</span> result = <span class="kw">await</span> sp.payment.capture(<span class="st">'9XW12345AB'</span>)
-<span class="cm">// → { ok: true, captured: true, order_id: "...", status: "COMPLETED", payer: {...} }</span></pre>
-<h3>payment.status(orderId) <span class="badge b-get">GET</span></h3>
-<pre><span class="kw">const</span> s = <span class="kw">await</span> sp.payment.status(<span class="st">'9XW12345AB'</span>)
-<span class="cm">// → { ok: true, order_id: "...", status: "CREATED|APPROVED|COMPLETED", amount: {...} }</span></pre>
-<h3>payment.refund(captureId, amount?, note?) <span class="badge b-post">POST</span></h3>
-<pre><span class="cm">// Full refund</span>
-<span class="kw">await</span> sp.payment.refund(<span class="st">'CAPTURE_ID'</span>)
-<span class="cm">// Partial refund</span>
-<span class="kw">await</span> sp.payment.refund(<span class="st">'CAPTURE_ID'</span>, <span class="nm">10.00</span>, <span class="st">'Partial refund for returned item'</span>)</pre>
-<h3>payment.list(options?) <span class="badge b-get">GET</span></h3>
-<pre><span class="kw">const</span> { transactions } = <span class="kw">await</span> sp.payment.list({ limit: <span class="nm">50</span>, status: <span class="st">'completed'</span> })</pre>
-<!-- AUTH MODULE -->
-<h2 id="auth">auth module</h2>
-<p>Passwordless email token authentication for your end users. Issue a one-time token, send it by email, verify it on return.</p>
-<h3>auth.createToken(email) <span class="badge b-post">POST</span></h3>
-<pre><span class="kw">const</span> { token, expires_at } = <span class="kw">await</span> sp.auth.createToken(<span class="st">'user@email.com'</span>)
-<span class="cm">// Token expires in 15 minutes. Single-use.</span>
-<span class="cm">// Send this token to the user's email in a magic link.</span>
-<span class="cm">// Example magic link: https://yourapp.com/auth?token=TOKEN</span></pre>
-<h3>auth.verifyToken(token) <span class="badge b-post">POST</span></h3>
-<pre><span class="kw">const</span> result = <span class="kw">await</span> sp.auth.verifyToken(req.query.token)
-<span class="cm">// → { ok: true, verified: true, email: "user@email.com" }</span>
-<span class="cm">// If expired or already used:</span>
-<span class="cm">// throws ShieldPayError: "Invalid or expired token" (status 410)</span></pre>
-<!-- SECURITY MODULE -->
-<h2 id="security">security module</h2>
-<h3>security.checkIp(ip) <span class="badge b-post">POST</span> <span class="badge b-pro">Pro: IPQS</span></h3>
-<p>Free plan: checks manual blocklist and Cloudflare threat score. Pro plan: real-time IPQS reputation check (VPN, Tor, fraud score).</p>
-<pre><span class="kw">const</span> check = <span class="kw">await</span> sp.security.checkIp(<span class="st">'1.2.3.4'</span>)
-<span class="cm">// Clean IP:</span>
-<span class="cm">// → { ok: true, blocked: false, reason: null, country: "CH" }</span>
-<span class="cm">// VPN detected (Pro):</span>
-<span class="cm">// → { ok: true, blocked: true, reason: "Active VPN connection detected.", score: 92 }</span>
-<span class="cm">// Tor exit node:</span>
-<span class="cm">// → { ok: true, blocked: true, reason: "Tor exit node detected." }</span></pre>
-<h3>security.checkEmail(email) <span class="badge b-post">POST</span></h3>
-<pre><span class="kw">const</span> r = <span class="kw">await</span> sp.security.checkEmail(<span class="st">'test@mailinator.com'</span>)
-<span class="cm">// → { ok: true, blocked: true, reason: 'Disposable email domain "mailinator.com" is not allowed.' }</span></pre>
-<!-- ACCOUNT MODULE -->
-<h2 id="account">account module</h2>
-<h3>account.me() <span class="badge b-get">GET</span></h3>
-<pre><span class="kw">const</span> { user, plan, api_endpoint } = <span class="kw">await</span> sp.account.me()
-<span class="cm">// → { ok: true, user: { id, company, email, plan, ... }, plan: "pro",</span>
-<span class="cm">//     api_endpoint: "https://hnow.info/api/worker=sk_live_xxx" }</span></pre>
-<h3>account.health() <span class="badge b-get">GET</span></h3>
-<pre><span class="kw">const</span> status = <span class="kw">await</span> sp.account.health()
-<span class="cm">// → { ok: true, ts: 1735000000000, region: "ZRH" }</span></pre>
-<!-- ALL ENDPOINTS -->
-<h2 id="endpoints">All Endpoints</h2>
-<p>Base: <code>https://hnow.info/api/worker={KEY}</code></p>
-<table>
-  <tr><th>Method</th><th>Path</th><th>Auth</th><th>Plan</th><th>Description</th></tr>
-  <tr><td><span class="badge b-get">GET</span></td><td><code>/health</code></td><td>—</td><td>Any</td><td>Health check + region</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/register</code></td><td>—</td><td>Any</td><td>Register company (anti-spam check)</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/verify</code></td><td>—</td><td>Any</td><td>Verify email token → get API key</td></tr>
-  <tr><td><span class="badge b-get">GET</span></td><td><code>/me</code></td><td>✓</td><td>Any</td><td>Account info + plan</td></tr>
-  <tr><td><span class="badge b-get">GET</span></td><td><code>/transactions</code></td><td>✓</td><td>Any</td><td>Transaction list (paginated)</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/create</code></td><td>✓</td><td>Any</td><td>Create PayPal order</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/capture</code></td><td>✓</td><td>Any</td><td>Capture approved order</td></tr>
-  <tr><td><span class="badge b-get">GET</span></td><td><code>/payment/status</code></td><td>✓</td><td>Any</td><td>Order status from PayPal</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/refund</code></td><td>✓</td><td>Any</td><td>Refund a capture</td></tr>
-  <tr><td><span class="badge b-get">GET</span></td><td><code>/payment/list</code></td><td>✓</td><td>Any</td><td>List transactions</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/token</code></td><td>✓</td><td>Any</td><td>Create email auth token for user</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/token/verify</code></td><td>✓</td><td>Any</td><td>Verify email auth token</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/security/check-ip</code></td><td>✓</td><td>Pro+</td><td>IP reputation (IPQS on Pro)</td></tr>
-  <tr><td><span class="badge b-post">POST</span></td><td><code>/security/check-email</code></td><td>✓</td><td>Any</td><td>Disposable email check</td></tr>
-</table>
-<!-- ERRORS -->
-<h2 id="errors">Errors & Codes</h2>
-<p>All errors throw a <code>ShieldPayError</code> with <code>.message</code>, <code>.code</code>, and <code>.status</code>.</p>
-<pre><span class="kw">import</span> { ShieldPay, ShieldPayError } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
-<span class="kw">try</span> {
-  <span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({ amount: <span class="nm">-1</span> })
-} <span class="kw">catch</span> (e) {
-  <span class="kw">if</span> (e <span class="kw">instanceof</span> ShieldPayError) {
-    console.error(e.message) <span class="cm">// "Invalid amount"</span>
-    console.error(e.code)    <span class="cm">// "INVALID_AMOUNT"</span>
-    console.error(e.status)  <span class="cm">// 400</span>
-  }
-}</pre>
-<table>
-  <tr><th>HTTP</th><th>Code</th><th>Meaning</th></tr>
-  <tr><td><code>400</code></td><td><code>INVALID_*</code></td><td>Bad request / missing or invalid parameters</td></tr>
-  <tr><td><code>401</code></td><td><code>INVALID_KEY</code></td><td>API key missing, invalid, or revoked</td></tr>
-  <tr><td><code>403</code></td><td><code>BLOCKED</code></td><td>Spam/VPN/rate limit blocked</td></tr>
-  <tr><td><code>404</code></td><td><code>NOT_FOUND</code></td><td>Endpoint or resource not found</td></tr>
-  <tr><td><code>409</code></td><td><code>CONFLICT</code></td><td>Email already registered</td></tr>
-  <tr><td><code>410</code></td><td><code>TOKEN_EXPIRED</code></td><td>Token expired or already used</td></tr>
-  <tr><td><code>429</code></td><td><code>RATE_LIMITED</code></td><td>Rate limit exceeded — check <code>Retry-After</code> header</td></tr>
-  <tr><td><code>502</code></td><td><code>UPSTREAM_ERROR</code></td><td>PayPal API error</td></tr>
-  <tr><td><code>TIMEOUT</code></td><td><code>TIMEOUT</code></td><td>Request timed out (default: 15s)</td></tr>
-  <tr><td><code>NETWORK</code></td><td><code>NETWORK_ERROR</code></td><td>Network unreachable</td></tr>
-</table>
-<!-- RATE LIMITS -->
-<h2 id="ratelimits">Rate Limits</h2>
-<table>
-  <tr><th>Scope</th><th>Limit</th><th>Window</th></tr>
-  <tr><td>API calls per key</td><td>1,000</td><td>1 hour (sliding)</td></tr>
-  <tr><td>Registrations per IP</td><td>5</td><td>1 hour</td></tr>
-  <tr><td>Login attempts per IP</td><td>10</td><td>15 minutes</td></tr>
-  <tr><td>Admin login per IP</td><td>5</td><td>15 minutes</td></tr>
-</table>
-<p>Rate limit headers are included on every response:</p>
-<pre>X-RateLimit-Limit: 1000
-X-RateLimit-Remaining: 994
-Retry-After: 3142    <span class="cm"># seconds until reset (only on 429)</span></pre>
-<!-- PLANS -->
-<h2 id="plans">Free vs Pro</h2>
-<div class="plan-grid">
-  <div class="plan-box">
-    <h4>Free — 0 CHF/mo</h4>
-    <ul>
-      <li><span class="ck">✓</span> Full API access</li>
-      <li><span class="ck">✓</span> PayPal payments</li>
-      <li><span class="ck">✓</span> Basic anti-spam</li>
-      <li><span class="ck">✓</span> Email token auth</li>
-      <li><span class="ck">✓</span> 1,000 req/hour</li>
-      <li style="color:var(--danger)"><span class="cx">✗</span> <strong>2% fee per transaction</strong></li>
-      <li style="color:var(--danger)"><span class="cx">✗</span> VPN/IPQS blocking</li>
-      <li style="color:var(--danger)"><span class="cx">✗</span> Auto-fallback</li>
-    </ul>
-  </div>
-  <div class="plan-box pro">
-    <h4>Pro — 1 CHF/mo</h4>
-    <ul>
-      <li><span class="ck">✓</span> Everything in Free</li>
-      <li><span class="ck">✓</span> <strong>0% transaction fee</strong></li>
-      <li><span class="ck">✓</span> Real-time IPQS VPN/Tor detection</li>
-      <li><span class="ck">✓</span> ASN datacenter blocking</li>
-      <li><span class="ck">✓</span> Automatic payment fallback</li>
-      <li><span class="ck">✓</span> Retry queue (5min → 15min → 1h)</li>
-      <li><span class="ck">✓</span> Email alert on fallback</li>
-    </ul>
-  </div>
-</div>
-<!-- FEE CALCULATION -->
-<h2 id="fees">Fee Calculation</h2>
-<table>
-  <tr><th>Plan</th><th>Amount</th><th>Fee</th><th>Net to you</th></tr>
-  <tr><td>Free</td><td>100.00 CHF</td><td style="color:var(--warn)">2.00 CHF</td><td>98.00 CHF</td></tr>
-  <tr><td>Free</td><td>49.99 CHF</td><td style="color:var(--warn)">1.00 CHF</td><td>48.99 CHF</td></tr>
-  <tr><td>Pro</td><td>100.00 CHF</td><td style="color:var(--accent2)">0.00 CHF</td><td>100.00 CHF</td></tr>
-  <tr><td>Pro</td><td>1,000.00 CHF</td><td style="color:var(--accent2)">0.00 CHF</td><td>1,000.00 CHF</td></tr>
-</table>
-<p>The fee is calculated server-side and visible in the <code>payment.create()</code> response as <code>fee</code> and <code>net_amount</code>.</p>
-<!-- WEBHOOKS -->
-<h2 id="webhooks">PayPal Webhooks</h2>
-<p>Register this URL in your PayPal Developer Dashboard → your app → Webhooks:</p>
-<pre>https://hnow.info/api/webhook/paypal.php</pre>
-<p>Required events: <code>PAYMENT.CAPTURE.COMPLETED</code>, <code>PAYMENT.CAPTURE.DENIED</code>, <code>PAYMENT.SALE.REFUNDED</code></p>
-<p>ShieldPay verifies the PayPal webhook signature automatically on live mode.</p>
-<!-- FALLBACK -->
-<h2 id="fallback">Auto-Fallback (Pro)</h2>
-<p>When a payment capture fails on a Pro account, ShieldPay automatically:</p>
-<ol style="color:var(--muted);font-size:.9rem;padding-left:1.5rem;line-height:2.2">
-  <li>Logs a fallback event with <code>status: pending</code></li>
-  <li>Sends an email alert to the account's registered email</li>
-  <li>Enqueues a retry via Cloudflare Queues (after 5 minutes)</li>
-  <li>Retries up to 3 times (5min → 15min → 1 hour)</li>
-  <li>Admin can view and resolve fallbacks at <code>/admin.php?page=fallbacks</code></li>
-</ol>
-<p>Fallback is <strong>not available on the Free plan</strong>. Failed payments on Free simply return an error.</p>
-</main>
-</body>
-</html>