tonder-web-sdk 1.16.6-beta.DEV-1433.2 → 1.16.7-beta.DEV-1463.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +116 -16
  2. package/package.json +1 -1
  3. package/types/checkout.d.ts +2 -0
  4. package/types/common.d.ts +2 -2
  5. package/types/mercado_pago.d.ts +62 -0
  6. package/v1/bundle.min.js +1 -1
package/README.md CHANGED
@@ -14,9 +14,10 @@ Tonder SDK helps to integrate the services Tonder offers in your own website
14
14
  4. [Styling InlineCheckout](#styling-inlinecheckout)
15
15
  5. [Payment Data Structure](#payment-data-structure)
16
16
  6. [Field Validation Functions](#field-validation-functions)
17
- 7. [API Reference](#api-reference)
18
- 8. [Examples](#examples)
19
- 9. [License](#license)
17
+ 7. [HMAC Signature Validation](#hmac-signature-validation)
18
+ 8. [API Reference](#api-reference)
19
+ 9. [Examples](#examples)
20
+ 10. [License](#license)
20
21
 
21
22
  ## Installation
22
23
 
@@ -74,6 +75,10 @@ const inlineCheckout = new InlineCheckout({
74
75
  apiKey: "your-api-key",
75
76
  returnUrl: "https://your-website.com/checkout",
76
77
  styles: customStyles, // Optional, see Styling section
78
+ signatures: {
79
+ transaction: "nA6nQXxQ....=", // Optional HMAC signature for transaction
80
+ customer: "2EVYDI0H5l5v4....=" // Optional HMAC signature for card-related ops
81
+ }
77
82
  });
78
83
 
79
84
  // The configureCheckout function allows you to set initial information,
@@ -110,6 +115,10 @@ import { LiteCheckout } from "tonder-web-sdk";
110
115
  const liteCheckout = new LiteCheckout({
111
116
  apiKey: "your-api-key", // Your api key getted from Tonder Dashboard
112
117
  returnUrl: "http://your-website.com/checkout",
118
+ signatures: {
119
+ transaction: "nA6nQXxQ....=", // Optional HMAC signature for transaction
120
+ customer: "2EVYDI0H5l5v4....=" // Optional HMAC signature for card-related ops
121
+ }
113
122
  });
114
123
 
115
124
  // The configureCheckout function allows you to set initial information,
@@ -153,14 +162,15 @@ const verificationResult = await liteCheckout.verify3dsTransaction();
153
162
  ## Configuration
154
163
  ### Inline Options
155
164
 
156
- | Property | Type | Required | Description | Default | Description |
157
- |:-------------:|:--------------------:|----------|------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------:|
158
- | mode | string | Yes | Environment mode for the SDK | stage | Environment mode. Options: 'stage', 'production', 'sandbox'. Default: 'stage' |
159
- | apiKey | string | Yes | Your Tonder Public API key | | Your API key from the Tonder Dashboard |
160
- | returnUrl | string | Yes | URL for 3DS redirect completion | | URL where the checkout form is mounted (used for 3DS) |
161
- | styles | object | No | | | (InlineCheckout only) Custom styles for the checkout interface |
162
- | customization | CustomizationOptions | No | UI customization options | `{displayMode: 'light',saveCards: {showSaveCardOption: false,showSaved: false,autoSave: false,},paymentButton: {show: false,text: "Pagar",showAmount: true,},cancelButton: {show: false,text: "Cancelar",},paymentMethods: {show: true,},cardForm: {show: true,},showMessages: true,}` | Object to customize the checkout behavior and UI. |
163
- | callbacks | IInlineCallbacks | No | Payment process callback functions |
165
+ | Property | Type | Required | Description | Default | Description |
166
+ |:-------------:|:--------------------:|----------|-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------:|
167
+ | mode | string | Yes | Environment mode for the SDK | stage | Environment mode. Options: 'stage', 'production', 'sandbox'. Default: 'stage' |
168
+ | apiKey | string | Yes | Your Tonder Public API key | | Your API key from the Tonder Dashboard |
169
+ | returnUrl | string | Yes | URL for 3DS redirect completion | | URL where the checkout form is mounted (used for 3DS) |
170
+ | styles | object | No | | | (InlineCheckout only) Custom styles for the checkout interface |
171
+ | customization | CustomizationOptions | No | UI customization options | `{displayMode: 'light',saveCards: {showSaveCardOption: false,showSaved: false,autoSave: false,},paymentButton: {show: false,text: "Pagar",showAmount: true,},cancelButton: {show: false,text: "Cancelar",},paymentMethods: {show: true,},cardForm: {show: true,},showMessages: true,}` | Object to customize the checkout behavior and UI. |
172
+ | callbacks | IInlineCallbacks | No | Payment process callback functions |
173
+ | signatures | object | No | HMAC signatures for transaction and customer fields |
164
174
  <details>
165
175
  <summary>View Interface Definition</summary>
166
176
 
@@ -170,6 +180,10 @@ interface IInlineCheckoutBaseOptions {
170
180
  apiKey: string;
171
181
  returnUrl: string;
172
182
  callBack?: (response: any) => void;
183
+ signatures?:{
184
+ transaction?: string;
185
+ customer?: string;
186
+ }
173
187
  }
174
188
  interface IInlineCheckoutOptions extends IInlineCheckoutBaseOptions {
175
189
  styles?: Record<string, string>;
@@ -250,11 +264,12 @@ export type CustomizationOptions = {
250
264
 
251
265
  ## Lite Options
252
266
 
253
- | Property | Type | Required | Description | Default | Description |
254
- |:---------:|:------:|----------|---------------------------------|---------|:-----------------------------------------------------------------------------:|
255
- | mode | string | Yes | Environment mode for the SDK | stage | Environment mode. Options: 'stage', 'production', 'sandbox'. Default: 'stage' |
256
- | apiKey | string | Yes | Your Tonder Public API key | | Your API key from the Tonder Dashboard |
257
- | returnUrl | string | Yes | URL for 3DS redirect completion | | URL where the checkout form is mounted (used for 3DS) |
267
+ | Property | Type | Required | Description | Default | Description |
268
+ |:----------:|:------:|----------|---------------------------------|---------|:-----------------------------------------------------------------------------:|
269
+ | mode | string | Yes | Environment mode for the SDK | stage | Environment mode. Options: 'stage', 'production', 'sandbox'. Default: 'stage' |
270
+ | apiKey | string | Yes | Your Tonder Public API key | | Your API key from the Tonder Dashboard |
271
+ | returnUrl | string | Yes | URL for 3DS redirect completion | | URL where the checkout form is mounted (used for 3DS) |
272
+ | signatures | object | No | HMAC signatures | | Provide transaction/customer HMAC if your merchant configuration requires it. |
258
273
 
259
274
 
260
275
  ## Styling InlineCheckout
@@ -442,6 +457,91 @@ if (
442
457
  }
443
458
  ```
444
459
 
460
+ ## HMAC Signature Validation
461
+
462
+ Tonder supports **HMAC** validation to ensure the data sent from your application to Tonder is not tampered with.
463
+
464
+ ### Overview
465
+
466
+ - **HMAC**: A cryptographic method used to validate the integrity of transmitted data.
467
+ - You receive an **API Secret Key** from Tonder.
468
+ - You generate the HMAC signature locally (SHA-256, Base64) based on certain fields.
469
+ - Tonder compares your signature with its own calculation.
470
+ - If invalid, Tonder returns a **403**.
471
+
472
+ ### Generating the HMAC Signature (JavaScript Example)
473
+ > **Important**: This HMAC generation should be done on your **backend** server, not in client-side code, to keep your secret key secure.
474
+ ```javascript
475
+ const crypto = require('crypto');
476
+
477
+ function generateHMAC(secretKey, requestBody) {
478
+ // Convert the payload to a JSON string.
479
+ // Ensure the fields are in alphabetical order if required by your config.
480
+ const dataString = JSON.stringify(requestBody);
481
+
482
+ // Create HMAC using SHA-256, then Base64-encode it.
483
+ return crypto
484
+ .createHmac('sha256', secretKey)
485
+ .update(dataString)
486
+ .digest('base64');
487
+ }
488
+
489
+ // Example usage.
490
+ const secretKey = "<MERCHANT_SECRET_KEY>";
491
+ const requestBody = {
492
+ customer: {
493
+ email: "user@example.com",
494
+ firstName: "John",
495
+ lastName: "Doe",
496
+ },
497
+ currency: "mxn",
498
+ cart: {
499
+ total: 100,
500
+ items: [
501
+ {
502
+ amount_total: 100,
503
+ description: "Sample Item",
504
+ },
505
+ ],
506
+ },
507
+ };
508
+
509
+ const signature = generateHMAC(secretKey, requestBody);
510
+ console.log("Generated HMAC:", signature);
511
+ ```
512
+
513
+ ### Providing the Signature in the SDK
514
+
515
+ If using the Tonder SDK, include your generated signature in the `signatures` field:
516
+
517
+ ```javascript
518
+ const inlineCheckout = new InlineCheckout({
519
+ mode: "development",
520
+ apiKey: "<YOUR_API_KEY>",
521
+ returnUrl: "https://your-website.com/checkout",
522
+ signatures: {
523
+ transaction: "<Base64 HMAC>", // For payment
524
+ customer: "<Base64 HMAC>" // For card ops
525
+ }
526
+ });
527
+ ```
528
+
529
+ The SDK will handle attaching the signature to outgoing requests. If the signature does not match Tonder’s validation, the request will be rejected.
530
+
531
+ ### Providing the Signature in Direct Calls (Without the SDK)
532
+
533
+ If you call Tonder’s REST endpoints directly, add headers:
534
+
535
+ - `X-Signature-Transaction: <Base64 HMAC>`
536
+ - `X-Client-Source: <merchant>-sdk` (the agreed-upon source)
537
+
538
+ ### Important Notes
539
+
540
+ - Always ensure your JSON structure matches what Tonder expects.
541
+ - If you are required to sign specific fields, confirm you’re only signing those fields **in alphabetical order**.
542
+ - A mismatch results in a **403**.
543
+
544
+
445
545
  ## API Reference
446
546
 
447
547
  ### InlineCheckout Methods
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "tonder-web-sdk",
3
- "version": "1.16.6-beta.DEV-1433.2",
3
+ "version": "1.16.7-beta.DEV-1463.1",
4
4
  "description": "tonder sdk for integrations",
5
5
  "scripts": {
6
6
  "start": "webpack-dev-server",
package/types/checkout.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import { ICustomer } from "./customer";
2
+ import { IMPConfigRequest } from "./mercado_pago";
2
3
 
3
4
  export interface IStartCheckoutRequestBase {
4
5
  name: any;
@@ -105,6 +106,7 @@ export interface IProcessPaymentRequest {
105
106
  currency?: string;
106
107
  payment_method?: string;
107
108
  card?: ICardFields | string;
109
+ apm_config?: IMPConfigRequest | Record<string, any>;
108
110
  }
109
111
 
110
112
  export interface ICardFields {
package/types/common.d.ts CHANGED
@@ -6,10 +6,10 @@ export interface IInlineCheckoutBaseOptions {
6
6
  apiKey: string;
7
7
  returnUrl: string;
8
8
  callBack?: (response: any) => void;
9
- signatures?:{
9
+ signatures?: {
10
10
  transaction?: string;
11
11
  customer?: string;
12
- }
12
+ };
13
13
  }
14
14
 
15
15
  export interface IConfigureCheckout extends Partial<IProcessPaymentRequest> {
package/types/mercado_pago.d.ts ADDED
@@ -0,0 +1,62 @@
1
+ export interface IMPConfigRequest {
2
+ payment_methods?: IMPPreferencePaymentMethod;
3
+ binary_mode?: boolean;
4
+ shipments?: IMPPreferenceShipment;
5
+ back_urls?: IMPPreferenceBackUrl;
6
+ statement_descriptor?: string;
7
+ additional_info?: string;
8
+ auto_return?: "approved" | "all";
9
+ expires?: boolean;
10
+ expiration_date_from?: string;
11
+ expiration_date_to?: string;
12
+ marketplace?: string;
13
+ marketplace_fee?: number;
14
+ differential_pricing?: {
15
+ id: number;
16
+ };
17
+ tracks?: {
18
+ type: "google_ad" | "facebook_ad";
19
+ values: {
20
+ conversion_id?: string;
21
+ conversion_label?: string;
22
+ pixel_id?: string;
23
+ };
24
+ }[];
25
+ }
26
+ export interface IMPPreferencePaymentMethod {
27
+ excluded_payment_methods?: {
28
+ id: string;
29
+ }[];
30
+ excluded_payment_types?: {
31
+ id: string;
32
+ }[];
33
+ default_payment_method_id?: string;
34
+ installments?: number;
35
+ default_installments?: number;
36
+ }
37
+ export interface IMPPreferenceShipment {
38
+ mode?: "customer" | "me2" | "not_specified";
39
+ local_pickup?: boolean;
40
+ dimensions?: string;
41
+ default_shipping_method?: number;
42
+ free_methods?: {
43
+ id: number;
44
+ }[];
45
+ cost?: number;
46
+ free_shipping?: boolean;
47
+ receiver_address?: {
48
+ zip_code?: string;
49
+ street_name?: string;
50
+ city_name?: string;
51
+ state_name?: string;
52
+ street_number?: number;
53
+ floor?: string;
54
+ apartment?: string;
55
+ country_name?: string;
56
+ };
57
+ }
58
+ export interface IMPPreferenceBackUrl {
59
+ success?: string;
60
+ pending?: string;
61
+ failure?: string;
62
+ }