Prove APIs: This specification describes the Prove API.
OpenAPI Spec - generated.
- SDK Installation
- Requirements
- SDK Example Usage
- Available Resources and Operations
- Standalone functions
- Retries
- Error Handling
- Server Selection
- Custom HTTP Client
- Authentication
- Debugging
The SDK can be installed with either npm, pnpm, bun or yarn package managers.
npm add @prove-identity/prove-apipnpm add @prove-identity/prove-apibun add @prove-identity/prove-apiyarn add @prove-identity/prove-api zod
# Note that Yarn does not install peer dependencies automatically. You will need
# to install zod as shown above.For supported JavaScript runtimes, please consult RUNTIMES.md.
import { ProveAPI } from "@prove-identity/prove-api";
async function run() {
// Get OAuth credentials from environment variables.
const oauthClientId = process.env.PROVE_CLIENT_ID;
const oauthClientSecret = process.env.PROVE_CLIENT_SECRET;
const proveEnv = "uat-us" // Use UAT in US region.
// Create client for the Prove API.
const sdk = new ProveAPI({
server: proveEnv,
security: {
clientID: oauthClientId,
clientSecret: oauthClientSecret,
},
});
let startReq = {
flowType: req.body.flowtype,
finalTargetUrl: 'https://example.com',
phoneNumber: req.body.mobilenumber,
}
// Send the start request.
const rspStart = await sdk.v3.v3StartRequest(startReq);
if (!rspStart) {
console.error("Start error.")
return
}
// Store the correlation ID.
// correlationId = rspStart.v3StartResponse.correlationId;
// Return the authToken back to the client SDK.
// let authToken = rspStart.v3StartResponse.authToken;
let reqBody = {
correlationId: correlationId,
}
// Wait for the client to return.
// Send the validate request.
const rspValidate = await sdk.v3.v3ValidateRequest(reqBody);
if (!rspValidate) {
console.error("Start SDK error.")
return
}
// If challenge is the next endpoint, return the user information.
if (next && 'v3-challenge' in next) {
const rspChallenge = await sdk.v3.v3ChallengeRequest({
correlationId: correlationId,
})
if (!rspChallenge) {
console.error("Challenge error.")
return
}
// Return the user information to the client.
// let individual = rspChallenge.v3ChallengeResponse.individual;
}
// Verify the user information.
const rspComplete = await sdk.v3.v3CompleteRequest({
correlationId: correlationId,
individual: {
firstName: 'Tod',
lastName: 'Weedall',
addresses: [{
address: '39 South Trail',
city: 'San Antonio',
region: 'TX',
postalCode: '78285',
}],
dob: '1984-12-10',
emailAddresses: [
'[email protected]',
],
ssn: '565228370',
},
});
if (!rspComplete) {
console.error("Complete error.")
return
}
}
run();Available methods
- v3TokenRequest - Request OAuth token.
- v3ChallengeRequest - Submit challenge.
- v3CompleteRequest - Complete flow.
- v3StartRequest - Start flow.
- v3ValidateRequest - Validate phone number.
All SDK methods return a response object or throw an error. If Error objects are specified in your OpenAPI Spec, the SDK will throw the appropriate Error type.
| Error Object | Status Code | Content Type |
|---|---|---|
| errors.Error400 | 400 | application/json |
| errors.ErrorT | 500 | application/json |
| errors.SDKError | 4xx-5xx | / |
Validation errors can also occur when either method arguments or data returned from the server do not match the expected format. The SDKValidationError that is thrown as a result will capture the raw value that failed validation in an attribute called rawValue. Additionally, a pretty() method is available on this error that can be used to log a nicely formatted string since validation errors can list many issues and the plain error string may be difficult read when debugging.
import { Proveapi } from "@prove-identity/prove-api";
import {
Error400,
ErrorT,
SDKValidationError,
} from "@prove-identity/prove-api/models/errors";
const proveapi = new Proveapi();
async function run() {
let result;
try {
result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
});
// Handle the result
console.log(result);
} catch (err) {
switch (true) {
case (err instanceof SDKValidationError): {
// Validation errors can be pretty-printed
console.error(err.pretty());
// Raw value may also be inspected
console.error(err.rawValue);
return;
}
case (err instanceof Error400): {
// Handle err.data$: Error400Data
console.error(err);
return;
}
case (err instanceof ErrorT): {
// Handle err.data$: ErrorTData
console.error(err);
return;
}
default: {
throw err;
}
}
}
}
run();You can override the default server globally by passing a server name to the server optional parameter when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the names associated with the available servers:
| Name | Server | Variables |
|---|---|---|
uat-us |
https://platform.uat.proveapis.com |
None |
prod-us |
https://platform.proveapis.com |
None |
import { Proveapi } from "@prove-identity/prove-api";
const proveapi = new Proveapi({
server: "prod-us",
});
async function run() {
const result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
});
// Handle the result
console.log(result);
}
run();The default server can also be overridden globally by passing a URL to the serverURL optional parameter when initializing the SDK client instance. For example:
import { Proveapi } from "@prove-identity/prove-api";
const proveapi = new Proveapi({
serverURL: "https://platform.uat.proveapis.com",
});
async function run() {
const result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
});
// Handle the result
console.log(result);
}
run();The TypeScript SDK makes API calls using an HTTPClient that wraps the native
Fetch API. This
client is a thin wrapper around fetch and provides the ability to attach hooks
around the request lifecycle that can be used to modify the request or handle
errors and response.
The HTTPClient constructor takes an optional fetcher argument that can be
used to integrate a third-party HTTP client or when writing tests to mock out
the HTTP client and feed in fixtures.
The following example shows how to use the "beforeRequest" hook to to add a
custom header and a timeout to requests and how to use the "requestError" hook
to log errors:
import { Proveapi } from "@prove-identity/prove-api";
import { HTTPClient } from "@prove-identity/prove-api/lib/http";
const httpClient = new HTTPClient({
// fetcher takes a function that has the same signature as native `fetch`.
fetcher: (request) => {
return fetch(request);
}
});
httpClient.addHook("beforeRequest", (request) => {
const nextRequest = new Request(request, {
signal: request.signal || AbortSignal.timeout(5000)
});
nextRequest.headers.set("x-custom-header", "custom value");
return nextRequest;
});
httpClient.addHook("requestError", (error, request) => {
console.group("Request Error");
console.log("Reason:", `${error}`);
console.log("Endpoint:", `${request.method} ${request.url}`);
console.groupEnd();
});
const sdk = new Proveapi({ httpClient });This SDK supports the following security scheme globally:
| Name | Type | Scheme |
|---|---|---|
clientID clientSecret |
oauth2 | OAuth2 Client Credentials Flow |
You can set the security parameters through the security optional parameter when initializing the SDK client instance. For example:
import { Proveapi } from "@prove-identity/prove-api";
const proveapi = new Proveapi({
security: {
clientID: "<YOUR_CLIENT_ID_HERE>",
clientSecret: "<YOUR_CLIENT_SECRET_HERE>",
},
});
async function run() {
const result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
});
// Handle the result
console.log(result);
}
run();Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.
To change the default retry strategy for a single API call, simply provide a retryConfig object to the call:
import { Proveapi } from "@prove-identity/prove-api";
const proveapi = new Proveapi();
async function run() {
const result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
}, {
retries: {
strategy: "backoff",
backoff: {
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
},
retryConnectionErrors: false,
},
});
// Handle the result
console.log(result);
}
run();If you'd like to override the default retry strategy for all operations that support retries, you can provide a retryConfig at SDK initialization:
import { Proveapi } from "@prove-identity/prove-api";
const proveapi = new Proveapi({
retryConfig: {
strategy: "backoff",
backoff: {
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
},
retryConnectionErrors: false,
},
});
async function run() {
const result = await proveapi.v3.v3TokenRequest({
clientId: "customer_id",
clientSecret: "secret",
grantType: "client_credentials",
});
// Handle the result
console.log(result);
}
run();All the methods listed above are available as standalone functions. These functions are ideal for use in applications running in the browser, serverless runtimes or other environments where application bundle size is a primary concern. When using a bundler to build your application, all unused functionality will be either excluded from the final bundle or tree-shaken away.
To read more about standalone functions, check FUNCTIONS.md.
Available standalone functions
You can setup your SDK to emit debug logs for SDK requests and responses.
You can pass a logger that matches console's interface as an SDK option.
Warning
Beware that debug logging will reveal secrets, like API tokens in headers, in log messages printed to a console or files. It's recommended to use this feature only during local development and not in production.
import { Proveapi } from "@prove-identity/prove-api";
const sdk = new Proveapi({ debugLogger: console });