UNPKG

@safepassage/sdk

Version:

SafePassage SDK - Lightweight redirect-based age verification

safepassageapp.com/docs/sdk

safepassage/safepassage-monorepo

267 lines (214 loc) 7.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# SafePassage SDK v3.0.0 - Redirect Implementation A lightweight SDK for integrating SafePassage age verification using a simple redirect flow. ## Features - **Ultra-lightweight**: Only 4.9KB minified (1.9KB gzipped) - **Simple integration**: Just 10 lines of code - **Two modes**: Same-tab redirect or new-tab popup - **TypeScript support**: Full type definitions included - **Auto-environment detection**: Works seamlessly in development - **Secure**: Merchant-generated session IDs prevent attacks - **Compliant**: Enforces minimum age of 25 ## Installation ```bash npm install @safepassage/sdk ``` ## Quick Start ```javascript // Initialize SDK const safePassage = new SafePassage({ apiKey: 'sk_live_xxxxx', // Your API key returnUrl: 'https://yoursite.com/verified', cancelUrl: 'https://yoursite.com/cancelled' }); // Generate a session ID (must be UUID v4) const sessionId = crypto.randomUUID(); // Trigger verification safePassage.verify({ sessionId: sessionId, // Required: merchant-generated UUID challengeAge: 25, // Optional: minimum age (25 or higher) verificationMode: 'L1' // Optional: 'L1' or 'L2' }); ``` ## Configuration | Option | Type | Required | Description | |--------|------|----------|-------------| | apiKey | string | Yes | Your API key (sk_live_xxx or sk_test_xxx) | | returnUrl | string | Yes | URL to redirect after successful verification | | cancelUrl | string | Yes | URL to redirect if user cancels | | environment | string | No | 'production', 'staging', or 'development' (auto-detected) | | mode | string | No | 'redirect' (default) or 'new-tab' | | onComplete | function | No | Callback for new-tab mode completion | | onCancel | function | No | Callback for new-tab mode cancellation | | onError | function | No | Error handler | ## Verification Options ```javascript safePassage.verify({ sessionId: 'uuid-v4', // Required: merchant-generated UUID challengeAge: 30, // Optional: min 25 (overrides dashboard setting) verificationMode: 'L2' // Optional: 'L1' or 'L2' (overrides dashboard setting) }); ``` ### Configuration Override Behavior When you pass `challengeAge` or `verificationMode` to the `verify()` method, these values take precedence over your dashboard configuration for that specific verification session: - **No overrides**: Uses your current dashboard settings - **With overrides**: SDK values are used instead of dashboard settings - **Challenge age**: Must be 25 or higher (lower values will be rejected) - **Verification mode**: - `'L1'`: Age estimation with computer vision - `'L2'`: Always requires ID verification Example use cases: ```javascript // Use dashboard defaults safePassage.verify({ sessionId: crypto.randomUUID() }); // Override just challenge age safePassage.verify({ sessionId: crypto.randomUUID(), challengeAge: 30 // Require age 30+ for this session }); // Override just verification mode safePassage.verify({ sessionId: crypto.randomUUID(), verificationMode: 'L2' // Force ID check for this session }); // Override both safePassage.verify({ sessionId: crypto.randomUUID(), challengeAge: 30, verificationMode: 'L2' // ID required for 30+ verification }); ``` ## Modes ### Same-Tab Redirect (Default) User is redirected to SafePassage, then back to your site: ```javascript const safePassage = new SafePassage({ apiKey: 'sk_live_xxxxx', returnUrl: '/age-verified', cancelUrl: '/age-gate' }); safePassage.verify({ sessionId: crypto.randomUUID() }); ``` ### New-Tab Mode Verification opens in a popup window: ```javascript const safePassage = new SafePassage({ apiKey: 'sk_live_xxxxx', returnUrl: '/age-verified', cancelUrl: '/age-gate', mode: 'new-tab', onComplete: (result) => { console.log('Verified:', result.sessionId); // Validate on your server! }, onCancel: () => { console.log('User cancelled'); } }); safePassage.verify({ sessionId: crypto.randomUUID() }); ``` ## Server-Side Validation (Required!) Always validate the session on your server: ```javascript // Node.js example const response = await fetch('https://api.safepassageapp.com/v1/sessions/validate', { method: 'POST', headers: { 'Authorization': 'Bearer sk_live_xxxxx', // Secret key 'Content-Type': 'application/json' }, body: JSON.stringify({ sessionId }) }); const result = await response.json(); if (result.verified && result.estimatedAge >= result.challengeAge) { // Grant access } ``` ## UUID Generation You must generate session IDs on your end. Use the built-in crypto.randomUUID() when available: ```javascript // Modern browsers and Node.js 16+ const sessionId = crypto.randomUUID(); // Fallback for older environments function generateUUID() { return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { const r = Math.random() * 16 | 0; const v = c === 'x' ? r : (r & 0x3 | 0x8); return v.toString(16); }); } ``` ## Complete Example ```html <!DOCTYPE html> <html> <head> <!-- Install via NPM: npm install @safepassage/sdk --> <script src="node_modules/@safepassage/sdk/dist/safepassage.min.js"></script> </head> <body> <button onclick="verifyAge()">Verify Your Age</button> <script> const safePassage = new SafePassage({ apiKey: 'sk_live_xxxxx', returnUrl: window.location.href + '?verified=true', cancelUrl: window.location.href }); function verifyAge() { // Use crypto.randomUUID() if available, otherwise fallback const sessionId = typeof crypto.randomUUID === 'function' ? crypto.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { const r = Math.random() * 16 | 0; const v = c === 'x' ? r : (r & 0x3 | 0x8); return v.toString(16); }); sessionStorage.setItem('pendingVerification', sessionId); safePassage.verify({ sessionId }); } // Check if returning from verification const urlParams = new URLSearchParams(window.location.search); if (urlParams.get('verified') === 'true') { const sessionId = sessionStorage.getItem('pendingVerification'); // Validate session server-side here console.log('Validate session:', sessionId); } </script> </body> </html> ``` ## TypeScript Full TypeScript support included: ```typescript import { SafePassage, SafePassageConfig } from '@safepassage/sdk'; const config: SafePassageConfig = { apiKey: process.env.SAFEPASSAGE_PUBLIC_KEY!, returnUrl: '/verified', cancelUrl: '/cancelled' }; const safePassage = new SafePassage(config); ``` ## Migration from v2 (iframe) Old iframe approach (1000+ lines): ```javascript // Complex iframe setup... ``` New redirect approach (10 lines): ```javascript const safePassage = new SafePassage({ apiKey: 'sk_live_xxxxx', returnUrl: '/verified', cancelUrl: '/cancelled' }); safePassage.verify({ sessionId: crypto.randomUUID() }); ``` ## Browser Support - Chrome 60+ - Firefox 60+ - Safari 12+ - Edge 79+ - Mobile browsers ## Security Notes 1. Always generate session IDs on the merchant side 2. Validate sessions server-side before granting access 3. Pre-register callback URLs in your dashboard 4. Never expose your secret key (sk_live_xxx)