@tryfinch/finch-api
v6.12.0
Published
The official TypeScript library for the Finch API
Downloads
9,882
Readme
Finch Node API Library
This library provides convenient access to the Finch REST API from server-side TypeScript or JavaScript.
The REST API documentation can be found on developer.tryfinch.com. The full API of this library can be found in api.md.
It is generated with Stainless.
Installation
npm install @tryfinch/finch-api
Usage
The full API of this library can be found in api.md.
import Finch from '@tryfinch/finch-api';
const client = new Finch({
accessToken: 'My Access Token',
});
async function main() {
const page = await client.hris.directory.list();
const individualInDirectory = page.individuals[0];
console.log(individualInDirectory.id);
}
main();
Request & Response types
This library includes TypeScript definitions for all request params and response fields. You may import and use them like so:
import Finch from '@tryfinch/finch-api';
const client = new Finch({
accessToken: 'My Access Token',
});
async function main() {
const [individualInDirectory]: [Finch.HRIS.IndividualInDirectory] = await client.hris.directory.list();
}
main();
Documentation for each method, request param, and response field are available in docstrings and will appear on hover in most modern editors.
Handling errors
When the library is unable to connect to the API,
or if the API returns a non-success status code (i.e., 4xx or 5xx response),
a subclass of APIError
will be thrown:
async function main() {
const company = await client.hris.company.retrieve().catch(async (err) => {
if (err instanceof Finch.APIError) {
console.log(err.status); // 400
console.log(err.name); // BadRequestError
console.log(err.headers); // {server: 'nginx', ...}
} else {
throw err;
}
});
}
main();
Error codes are as followed:
| Status Code | Error Type |
| ----------- | -------------------------- |
| 400 | BadRequestError
|
| 401 | AuthenticationError
|
| 403 | PermissionDeniedError
|
| 404 | NotFoundError
|
| 422 | UnprocessableEntityError
|
| 429 | RateLimitError
|
| >=500 | InternalServerError
|
| N/A | APIConnectionError
|
Retries
Certain errors will be automatically retried 2 times by default, with a short exponential backoff. Connection errors (for example, due to a network connectivity problem), 408 Request Timeout, 409 Conflict, 429 Rate Limit, and >=500 Internal errors will all be retried by default.
You can use the maxRetries
option to configure or disable this:
// Configure the default for all requests:
const client = new Finch({
maxRetries: 0, // default is 2
});
// Or, configure per-request:
await client.hris.directory.list({
maxRetries: 5,
});
Timeouts
Requests time out after 1 minute by default. You can configure this with a timeout
option:
// Configure the default for all requests:
const client = new Finch({
timeout: 20 * 1000, // 20 seconds (default is 1 minute)
});
// Override per-request:
await client.hris.directory.list({
timeout: 5 * 1000,
});
On timeout, an APIConnectionTimeoutError
is thrown.
Note that requests which time out will be retried twice by default.
Auto-pagination
List methods in the Finch API are paginated.
You can use the for await … of
syntax to iterate through items across all pages:
async function fetchAllHRISDirectories(params) {
const allHRISDirectories = [];
// Automatically fetches more pages as needed.
for await (const individualInDirectory of client.hris.directory.list()) {
allHRISDirectories.push(individualInDirectory);
}
return allHRISDirectories;
}
Alternatively, you can request a single page at a time:
let page = await client.hris.directory.list();
for (const individualInDirectory of page.individuals) {
console.log(individualInDirectory);
}
// Convenience methods are provided for manually paginating:
while (page.hasNextPage()) {
page = await page.getNextPage();
// ...
}
Default Headers
We automatically send the Finch-API-Version
header set to 2020-09-17
.
If you need to, you can override it by setting default headers on a per-request basis.
Be aware that doing so may result in incorrect types and other unexpected or undefined behavior in the SDK.
import Finch from '@tryfinch/finch-api';
const client = new Finch();
const page = await client.hris.directory.list({ headers: { 'Finch-API-Version': 'My-Custom-Value' } });
const individualInDirectory = page.individuals[0];
Webhook Verification
We provide helper methods for verifying that a webhook request came from Finch, and not a malicious third party.
You can use finch.webhooks.verifySignature(body: string, headers, secret?) -> void
or finch.webhooks.unwrap(body: string, headers, secret?) -> Payload
,
both of which will raise an error if the signature is invalid.
Note that the "body" parameter must be the raw JSON string sent from the server (do not parse and re-stringify it).
The .unwrap()
method will automatically parse this JSON for you into a typed Payload
.
For example:
// with Express:
app.use('/webhooks/finch', bodyParser.text({ type: '*/*' }), function (req, res) {
const payload = finch.webhooks.unwrap(req.body, req.headers, process.env['FINCH_WEBHOOK_SECRET']); // env var used by default; explicit here.
console.log(payload);
res.json({ ok: true });
});
// with Next.js (app router):
export default async function POST(req) {
const body = await req.text(); // if you're using the pages router, you will need this trick: https://vancelucas.com/blog/how-to-access-raw-body-data-with-next-js/
const payload = finch.webhooks.unwrap(body, req.headers, process.env['FINCH_WEBHOOK_SECRET']); // env var used by default; explicit here.
console.log(payload);
return NextResponse.json({ ok: true });
}
Advanced Usage
Accessing raw Response data (e.g., headers)
The "raw" Response
returned by fetch()
can be accessed through the .asResponse()
method on the APIPromise
type that all methods return.
You can also use the .withResponse()
method to get the raw Response
along with the parsed data.
const client = new Finch();
const response = await client.hris.directory.list().asResponse();
console.log(response.headers.get('X-My-Header'));
console.log(response.statusText); // access the underlying Response object
const { data: page, response: raw } = await client.hris.directory.list().withResponse();
console.log(raw.headers.get('X-My-Header'));
for await (const individualInDirectory of page) {
console.log(individualInDirectory.id);
}
Making custom/undocumented requests
This library is typed for convenient access to the documented API. If you need to access undocumented endpoints, params, or response properties, the library can still be used.
Undocumented endpoints
To make requests to undocumented endpoints, you can use client.get
, client.post
, and other HTTP verbs.
Options on the client, such as retries, will be respected when making these requests.
await client.post('/some/path', {
body: { some_prop: 'foo' },
query: { some_query_arg: 'bar' },
});
Undocumented params
To make requests using undocumented parameters, you may use // @ts-expect-error
on the undocumented
parameter. This library doesn't validate at runtime that the request matches the type, so any extra values you
send will be sent as-is.
client.foo.create({
foo: 'my_param',
bar: 12,
// @ts-expect-error baz is not yet public
baz: 'undocumented option',
});
For requests with the GET
verb, any extra params will be in the query, all other requests will send the
extra param in the body.
If you want to explicitly send an extra argument, you can do so with the query
, body
, and headers
request
options.
Undocumented properties
To access undocumented response properties, you may access the response object with // @ts-expect-error
on
the response object, or cast the response object to the requisite type. Like the request params, we do not
validate or strip extra properties from the response from the API.
Customizing the fetch client
By default, this library uses node-fetch
in Node, and expects a global fetch
function in other environments.
If you would prefer to use a global, web-standards-compliant fetch
function even in a Node environment,
(for example, if you are running Node with --experimental-fetch
or using NextJS which polyfills with undici
),
add the following import before your first import from "Finch"
:
// Tell TypeScript and the package to use the global web fetch instead of node-fetch.
// Note, despite the name, this does not add any polyfills, but expects them to be provided if needed.
import '@tryfinch/finch-api/shims/web';
import Finch from '@tryfinch/finch-api';
To do the inverse, add import "@tryfinch/finch-api/shims/node"
(which does import polyfills).
This can also be useful if you are getting the wrong TypeScript types for Response
(more details).
Logging and middleware
You may also provide a custom fetch
function when instantiating the client,
which can be used to inspect or alter the Request
or Response
before/after each request:
import { fetch } from 'undici'; // as one example
import Finch from '@tryfinch/finch-api';
const client = new Finch({
fetch: async (url: RequestInfo, init?: RequestInit): Promise<Response> => {
console.log('About to make a request', url, init);
const response = await fetch(url, init);
console.log('Got response', response);
return response;
},
});
Note that if given a DEBUG=true
environment variable, this library will log all requests and responses automatically.
This is intended for debugging purposes only and may change in the future without notice.
Configuring an HTTP(S) Agent (e.g., for proxies)
By default, this library uses a stable agent for all http/https requests to reuse TCP connections, eliminating many TCP & TLS handshakes and shaving around 100ms off most requests.
If you would like to disable or customize this behavior, for example to use the API behind a proxy, you can pass an httpAgent
which is used for all requests (be they http or https), for example:
import http from 'http';
import { HttpsProxyAgent } from 'https-proxy-agent';
// Configure the default for all requests:
const client = new Finch({
httpAgent: new HttpsProxyAgent(process.env.PROXY_URL),
});
// Override per-request:
await client.hris.directory.list({
httpAgent: new http.Agent({ keepAlive: false }),
});
Semantic versioning
This package generally follows SemVer conventions, though certain backwards-incompatible changes may be released as minor versions:
- Changes that only affect static types, without breaking runtime behavior.
- Changes to library internals which are technically public but not intended or documented for external use. (Please open a GitHub issue to let us know if you are relying on such internals).
- Changes that we do not expect to impact the vast majority of users in practice.
We take backwards-compatibility seriously and work hard to ensure you can rely on a smooth upgrade experience.
We are keen for your feedback; please open an issue with questions, bugs, or suggestions.
Requirements
TypeScript >= 4.5 is supported.
The following runtimes are supported:
Node.js 18 LTS or later (non-EOL) versions.
Deno v1.28.0 or higher.
Bun 1.0 or later.
Cloudflare Workers.
Vercel Edge Runtime.
Jest 28 or greater with the
"node"
environment ("jsdom"
is not supported at this time).Nitro v2.6 or greater.
Web browsers: disabled by default to avoid exposing your secret API credentials. Enable browser support by explicitly setting
dangerouslyAllowBrowser
to true'.Why is this dangerous?
Enabling the
dangerouslyAllowBrowser
option can be dangerous because it exposes your secret API credentials in the client-side code. Web browsers are inherently less secure than server environments, any user with access to the browser can potentially inspect, extract, and misuse these credentials. This could lead to unauthorized access using your credentials and potentially compromise sensitive data or functionality.When might this not be dangerous?
In certain scenarios where enabling browser support might not pose significant risks:
- Internal Tools: If the application is used solely within a controlled internal environment where the users are trusted, the risk of credential exposure can be mitigated.
- Public APIs with Limited Scope: If your API has very limited scope and the exposed credentials do not grant access to sensitive data or critical operations, the potential impact of exposure is reduced.
- Development or debugging purpose: Enabling this feature temporarily might be acceptable, provided the credentials are short-lived, aren't also used in production environments, or are frequently rotated.
Note that React Native is not supported at this time.
If you are interested in other runtime environments, please open or upvote an issue on GitHub.