npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

liquid-api-client

v2.0.0

Published

Client library and authentication helper for the Liquid API.

Downloads

28

Readme

liquid-api-client

Client library and token-based authentication helper for the Liquid API.

This library exposes two classes:

  • LiquidClient is the API client used to make HTTP requests, and
  • JWTService is the authentication helper used to queue requests and issue tokens.

Quick Start

TODO.

JWTService

The JWTService is responsible for queueing and orchestrating API requests, ensuring that tokens are issued and used with strictly sequential nonces.

withToken

The withToken function takes two arguments, a payload which will be merged into the body of the JWT and an async callback which receives the one-time-use token as its only argument. The callback must return a promise and the token must not be used after that promise resolves or rejects.

Calling withToken enqueues the callback and returns a promise that resolves once the callback has been resolved. Callers are responsible for handling any errors, so please ensure that you use a try/catch block or a .catch statement with your withToken call.

Do not try to acquire a token with withToken and use it later. Doing so will result in a failed request due to non-sequential nonce values.

const tokenId = 1234;
const tokenSecret = "1fhfhieoanieoncvnia";
const tokenAlg = "RS256";
const bodySecureToken = "1fhfhieoanieoncvnia";

const tokenService = new JWTService(
  tokenId,
  tokenSecret,
  tokenAlg,
  bodySecureToken
);

const getUser = () => {
  try {
    // This function will block here until all queued withToken callbacks in
    // the tokenService have been processed.
    const response = await tokenService.withToken({ path: "/user" }, token =>
      fetch("/user", {
        headers: {
          "X-Quoine-Auth": token,
        },
      })
    );

    return response.json();
  } catch (err) {
    console.log(err);
  }
};

LiquidClient

The client constructor requires the API hostname as a string and accepts an optional configuration object:

  • defaultVendorId is the numeric vendor ID sent in the vendor header with every request,
  • headers is an object containing optional custom headers to send with every request,
  • publicEndpoints is an array of regular expressions which whitelist known-public API endpoints,
  • semiPublicEndpoints is an array of regular expressions which identify API endpoints which can be called both with and without authentication, and
  • tokenService is an optional instance of the JWTService which is used to authenticate requests.

The configuration object is optional, however it is highly recommended to specify the default vendor ID as some endpoints have undefined behavior if the vendor is not set.

import { LiquidClient } from "liquid-api-client";

const client = new LiquidClient("https://api.liquid.com", {
  defaultVendorId: 3, // global (non-jp) vendor
  publicEndpoints: [/^\/products$/],
});

const products = await client.get("/products");

LiquidClient exposes functions for get, post, put, patch and delete operations which are fetch-like with some syntactic sugar for handling request bodies.

Public Endpoints

As a performance optimization LiquidClient will not send an auth token with any requests to paths that match at least one of the RegExes in the publicEndpoints array.

This permits non-authenticated requests to be sent immediately and in parallel, rather than being queued.

Some endpoints behave differently depending on whether the user is logged in or not. These should be checked by supplying a regex to the semiPublicEndpoints array. If a request path matches one of these endpoints and the user is logged in, an authenticated request will be made. If the user is logged out, a non-authenticated request will be made.

Requests made to a private endpoint (i.e. a path that does not match a publicEndpoints or semiPublicEndpoints regex) while there is no registered token service will immediately throw a synthetic 401 error.

Authentication

Users can authenticate with LiquidClient by passing in a token service. This project ships with the JWTService class that signs and issues tokens and sequences requests to prevent nonce conflicts.

Instantiate an instance of JWTService with a token ID and secret (from the Liquid authentication endpoint) and pass it into LiquidClient with your vendor ID via the authenticateWith function.

client.authenticateWith(tokenService, vendorId);

// client will now make authenticated requests

Calling deauthenticate will de-authenticate the user and reset vendor ID to the default value.

client.deauthenticate();

// client will now make unauthenticated requests and throw if a private endpoint is requested