UNPKG

@humanmark/sdk-js

Version:

Browser-native JavaScript SDK for Humanmark human verification challenges

github.com/humanmark/sdk-js

humanmark/sdk-js

190 lines (141 loc) 7.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
<img src="./LogoWordmarkLightBG.svg" width="300" alt="Humanmark Logo"> ![npm version](https://img.shields.io/npm/v/@humanmark/sdk-js/beta.svg) ![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg) ![npm bundle size](https://img.shields.io/bundlephobia/minzip/@humanmark/sdk-js) ![npm downloads](https://img.shields.io/npm/dm/@humanmark/sdk-js.svg) # Humanmark JavaScript SDK A browser-native JavaScript SDK for integrating Humanmark human verification challenges into web applications. Complete documentation can be found at https://humanmark.dev. > **Beta Notice:** Humanmark SDK is currently in beta. While the API is stable, minor changes may occur before the 1.0 release. To get started, email sales@humanmark.io for API credentials. ## What is Humanmark? Humanmark is a privacy-first human verification service that helps protect your applications from automation and automated abuse. Unlike traditional CAPTCHAs, Humanmark provides a seamless verification experience through mobile app integration - users simply tap a button on their phone to prove they're human. This SDK enables you to integrate Humanmark verification into your web applications with just a few lines of code. When verification is needed, users see a QR code (on desktop) or a button (on mobile) that connects to the Humanmark mobile app for instant, frictionless verification. ## Why Humanmark? - **Real Privacy** - We verify users are human, not who they are. No behavior tracking, no personal data collection, no profiles. - **Actually Works** - CAPTCHAs don't work anymore. AI solves them faster than humans. Humanmark uses device security that AI can't fake. - **User Friendly** - No puzzles to solve or distorted text to decipher. Just a quick tap using their phone's built-in security. - **Developer Friendly** - Simple integration, comprehensive TypeScript support, and no complex backend infrastructure needed. ## Features - **Zero Backend Dependencies** - Pure browser JavaScript with no Node.js requirements - **Secure Architecture** - Pre-created challenge tokens prevent API secret exposure in client code - **TypeScript Native** - Full type definitions with strict mode for enhanced developer experience - **Universal Compatibility** - ESM, UMD, and IIFE bundles for any JavaScript environment - **Mobile Optimized** - Automatic device detection with native app deep linking - **Privacy by Design** - No user data collection, no cookies, no tracking - **Minimal Footprint** - ~21KB gzipped with lazy loading and code splitting for optimal performance - **Theme Flexibility** - Dark, light, and auto themes that respect system preferences ## Prerequisites - **HTTPS Required** - The SDK requires your site to be served over HTTPS for security - **Modern Browser** - See [Browser Support](#browser-support) section for minimum versions - **API Credentials** - Currently in beta, email sales@humanmark.io to get started ## Installation ### NPM ```bash npm install @humanmark/sdk-js ``` ### CDN Use our pre-built bundles from a CDN with Subresource Integrity (SRI) for security. The SRI hashes shown below are automatically updated for each published version: ```html <!-- Browser bundle (IIFE) --> <script src="https://cdn.jsdelivr.net/npm/@humanmark/sdk-js@1.0.2/dist/browser/index.js" integrity="sha384-0X+O8B+znBFKudTV6ZldU8DdDPyqttKh1MfLeDizFcPjgItGj3X1TSQHaoUxbUA6" crossorigin="anonymous"> </script> <!-- Or UMD bundle --> <script src="https://cdn.jsdelivr.net/npm/@humanmark/sdk-js@1.0.2/dist/umd/index.js" integrity="sha384-orJMcRxyJ5CKKjVY47b3lIpy9jeCGLQdwgBu7uz3k3DDDJPQzrdj112JM3xBUhtu" crossorigin="anonymous"> </script> ``` ## Quick Start The SDK requires a pre-created challenge token from your backend: ```javascript // 1. Get challenge token from your backend const response = await fetch('/api/create-challenge'); const { challengeToken } = await response.json(); // 2. Initialize the SDK const sdk = new HumanmarkSdk({ apiKey: 'your-api-key', challengeToken: challengeToken }); // 3. Start verification try { const receipt = await sdk.verify(); // Send receipt to your backend for verification console.log('Receipt:', receipt); } catch (error) { if (error.code === 'USER_CANCELLED') { console.log('User cancelled verification'); } else { console.error('Verification failed:', error); } } ``` ### Backend Integration Your backend should create challenge tokens using your API key and secret. For complete integration examples, see our [Getting Started Guide](https://humanmark.dev/getting-started). ```javascript // Backend example (Node.js) app.post('/api/create-challenge', async (req, res) => { const response = await fetch('https://humanmark.io/api/v1/challenge/create', { method: 'POST', headers: { 'hm-api-key': API_KEY, 'hm-api-secret': API_SECRET, 'Content-Type': 'application/json' }, body: JSON.stringify({ domain: 'your-domain.com' }) }); const { token } = await response.json(); res.json({ challengeToken: token }); }); ``` ## Configuration Options | Option | Type | Required | Description | |--------|------|----------|-------------| | `apiKey` | string | Yes | Your Humanmark API key | | `challengeToken` | string | Yes | Pre-created challenge token from your backend | | `baseUrl` | string | No | Base URL for API requests (default: 'https://humanmark.io') | | `theme` | 'light' \| 'dark' \| 'auto' | No | Modal theme (default: 'auto'). 'auto' follows system preference | For a complete API reference, visit [https://humanmark.dev/api](https://humanmark.dev/api). ## Error Handling The SDK provides specific error codes to help handle different scenarios: ```javascript import { HumanmarkSdk, ErrorCode, isHumanmarkError } from '@humanmark/sdk-js'; try { const receipt = await sdk.verify(); } catch (error) { // Handle specific error codes if (isHumanmarkError(error)) { switch (error.code) { case ErrorCode.USER_CANCELLED: console.log('User cancelled verification'); return; case ErrorCode.CHALLENGE_EXPIRED: console.error('Challenge expired. Please try again.'); break; default: console.error(`Verification failed: ${error.message}`); } } } ``` ## Browser Support - Chrome 80+ - Firefox 78+ - Safari 13.1+ - Edge 80+ ## Security The SDK implements defense-in-depth security principles to protect your application and users: **Token-Based Architecture** - The SDK requires pre-created challenge tokens from your backend, ensuring API secrets never leave your server. This prevents credential exposure in client-side code. **Content Security Policy (CSP) Compliance** - No use of `eval()`, `innerHTML`, or other dynamic code execution. The SDK works seamlessly with strict CSP policies. **Network Security** - All API communications require HTTPS. The SDK includes built-in timeout protection and validates all server responses. **Subresource Integrity (SRI)** - When using CDN delivery, SRI hashes are automatically generated for each release to prevent tampering. **DOM Isolation** - All styles are scoped to prevent CSS conflicts. The SDK makes minimal DOM modifications and properly cleans up all elements and event listeners. ## License MIT License - see [LICENSE](LICENSE) file for details. ## Support - Documentation: https://humanmark.dev - GitHub: https://github.com/humanmark/sdk-js - Email: support@humanmark.io - Security issues: security@humanmark.io