@turnkey/core
Version:
A core JavaScript web and React Native package for interfacing with Turnkey's infrastructure.
762 lines • 73.6 kB
TypeScript
import { TurnkeySDKClientBase } from "../__generated__/sdk-client-base";
import { TDeleteSubOrganizationResponse, Session, TStampLoginResponse, v1AddressFormat, v1Attestation, v1Pagination, v1SignRawPayloadResult, v1TransactionType, v1User, ProxyTGetWalletKitConfigResponse, v1WalletAccountParams, v1PayloadEncoding, v1HashFunction, v1Curve } from "@turnkey/sdk-types";
import { ExportBundle, StamperType, TurnkeySDKClientConfig, WalletAccount, Wallet, OtpType, CreateSubOrgParams, Chain, WalletManagerBase, WalletProvider, SwitchableChain } from "../__types__/base";
import { CrossPlatformApiKeyStamper } from "../__stampers__/api/base";
import { CrossPlatformPasskeyStamper } from "../__stampers__/passkey/base";
type PublicMethods<T> = {
[K in keyof T as K extends string | number | symbol ? K extends "init" | "constructor" | "config" | "httpClient" | "user" | "wallets" ? never : K : never]: T[K] extends (...args: any[]) => any ? T[K] : never;
};
/**@internal */
export type TurnkeyClientMethods = PublicMethods<TurnkeyClient>;
export declare class TurnkeyClient {
config: TurnkeySDKClientConfig;
httpClient: TurnkeySDKClientBase;
private apiKeyStamper?;
private passkeyStamper?;
private walletManager?;
private storageManager;
constructor(config: TurnkeySDKClientConfig, apiKeyStamper?: CrossPlatformApiKeyStamper, passkeyStamper?: CrossPlatformPasskeyStamper, walletManager?: WalletManagerBase);
init(): Promise<void>;
/**
* Creates a new passkey authenticator for the user.
*
* - This function generates a new passkey attestation and challenge, suitable for registration with the user's device.
* - Handles both web and React Native environments, automatically selecting the appropriate passkey creation flow.
* - The resulting attestation and challenge can be used to register the passkey with Turnkey.
*
* @param params.name - name of the passkey. If not provided, defaults to "A Passkey".
* @param params.displayName - display name for the passkey. If not provided, defaults to "A Passkey".
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an object containing:
* - attestation: attestation object returned from the passkey creation process.
* - encodedChallenge: encoded challenge string used for passkey registration.
* @throws {TurnkeyError} If there is an error during passkey creation, or if the platform is unsupported.
*/
createPasskey: (params?: {
name?: string;
displayName?: string;
stampWith?: StamperType | undefined;
}) => Promise<{
attestation: v1Attestation;
encodedChallenge: string;
}>;
/**
* Logs out the current client session.
*
* - This function clears the specified session and removes any associated key pairs from storage.
* - If a sessionKey is provided, it logs out from that session; otherwise, it logs out from the active session.
* - Cleans up any api keys associated with the session.
*
* @param params.sessionKey - session key to specify which session to log out from (defaults to the active session).
* @returns A promise that resolves when the logout process is complete.
* @throws {TurnkeyError} If there is no active session or if there is an error during the logout process.
*/
logout: (params?: {
sessionKey?: string;
}) => Promise<void>;
/**
* Logs in a user using a passkey, optionally specifying the public key, session key, and session expiration.
*
* - This function initiates the login process with a passkey and handles session creation and storage.
* - If a public key is not provided, a new key pair will be generated for authentication.
* - If a session key is not provided, the default session key will be used.
* - The session expiration can be customized via the expirationSeconds parameter.
* - Handles cleanup of unused key pairs if login fails.
*
* @param params.publicKey - public key to use for authentication. If not provided, a new key pair will be generated.
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
* @returns A promise that resolves to a signed JWT session token.
* @throws {TurnkeyError} If there is an error during the passkey login process or if the user cancels the passkey prompt.
*/
loginWithPasskey: (params?: {
publicKey?: string;
sessionKey?: string;
expirationSeconds?: string;
}) => Promise<string>;
/**
* Signs up a user using a passkey, creating a new sub-organization and session.
*
* - This function creates a new passkey authenticator and uses it to register a new sub-organization for the user.
* - Handles both passkey creation and sub-organization creation in a single flow.
* - Optionally accepts additional sub-organization parameters, a custom session key, a custom passkey display name, and a custom session expiration.
* - Automatically generates a new API key pair for authentication and session management.
* - Stores the resulting session token and manages cleanup of unused key pairs.
*
* @param params.createSubOrgParams - parameters for creating a sub-organization (e.g., authenticators, user metadata).
* @param params.sessionKey - session key to use for storing the session (defaults to the default session key).
* @param params.passkeyDisplayName - display name for the passkey (defaults to a generated name based on the current timestamp).
* @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
* @returns A promise that resolves to a signed JWT session token for the new sub-organization.
* @throws {TurnkeyError} If there is an error during passkey creation, sub-organization creation, or session storage.
*/
signUpWithPasskey: (params?: {
createSubOrgParams?: CreateSubOrgParams;
sessionKey?: string;
passkeyDisplayName?: string;
expirationSeconds?: string;
}) => Promise<string>;
/**
* Retrieves wallet providers from the initialized wallet manager.
*
* - Optionally filters providers by the specified blockchain chain.
* - Throws an error if the wallet manager is not initialized.
*
* @param chain - optional blockchain chain to filter the returned providers.
* @returns A promise that resolves to an array of wallet providers.
* @throws {TurnkeyError} If the wallet manager is uninitialized or provider retrieval fails.
*/
getWalletProviders: (chain?: Chain) => Promise<WalletProvider[]>;
/**
* Connects the specified wallet account.
*
* - Requires the wallet manager and its connector to be initialized.
*
* @param walletProvider - wallet provider to connect.
* @returns A promise that resolves once the wallet account is connected.
* @throws {TurnkeyError} If the wallet manager is uninitialized or the connection fails.
*/
connectWalletAccount: (walletProvider: WalletProvider) => Promise<void>;
/**
* Disconnects the specified wallet account.
*
* - Requires the wallet manager and its connector to be initialized.
*
* @param walletProvider - wallet provider to disconnect.
* @returns A promise that resolves once the wallet account is disconnected.
* @throws {TurnkeyError} If the wallet manager is uninitialized or the disconnection fails.
*/
disconnectWalletAccount: (walletProvider: WalletProvider) => Promise<void>;
/**
* Switches the wallet provider associated with a given wallet account
* to a different chain.
*
* - Requires the wallet manager and its connector to be initialized
* - Only works for connected wallet accounts
* - Looks up the provider for the given account address
* - Does nothing if the provider is already on the desired chain.
*
* @param params.walletAccount - The wallet account whose provider should be switched.
* @param params.chainOrId - The target chain, specified as a chain ID string or a SwitchableChain object.
* @param params.walletProviders - Optional list of wallet providers to search; falls back to `getWalletProviders()` if omitted.
* @returns A promise that resolves once the chain switch is complete.
*
* @throws {TurnkeyError} If the wallet manager is uninitialized, the provider is not connected, or the switch fails.
*/
switchWalletAccountChain: (params: {
walletAccount: WalletAccount;
chainOrId: string | SwitchableChain;
walletProviders?: WalletProvider[] | undefined;
}) => Promise<void>;
/**
* Logs in a user using the specified wallet provider.
*
* - This function logs in a user by authenticating with the provided wallet provider via a wallet-based signature.
* - If a public key is not provided, a new one will be generated for authentication.
* - Optionally accepts a custom session key and session expiration time.
* - Stores the resulting session token under the specified session key, or the default session key if not provided.
* - Throws an error if a public key cannot be found or generated, or if the login process fails.
*
* @param params.walletProvider - wallet provider to use for authentication.
* @param params.publicKey - optional public key to associate with the session (generated if not provided).
* @param params.sessionKey - optional key to store the session under (defaults to the default session key).
* @param params.expirationSeconds - optional session expiration time in seconds (defaults to the configured default).
* @returns A promise that resolves to the created session token.
* @throws {TurnkeyError} If the wallet stamper is uninitialized, a public key cannot be found or generated, or login fails.
*/
loginWithWallet: (params: {
walletProvider: WalletProvider;
publicKey?: string;
sessionKey?: string;
expirationSeconds?: string;
}) => Promise<string>;
/**
* Signs up a user using a wallet, creating a new sub-organization and session.
*
* - This function creates a new wallet authenticator and uses it to register a new sub-organization for the user.
* - Handles both wallet authentication and sub-organization creation in a single flow.
* - Optionally accepts additional sub-organization parameters, a custom session key, and a custom session expiration.
* - Automatically generates additional API key pairs for authentication and session management.
* - Stores the resulting session token under the specified session key, or the default session key if not provided, and manages cleanup of unused key pairs.
*
* @param params.walletProvider - wallet provider to use for authentication.
* @param params.createSubOrgParams - parameters for creating a sub-organization (e.g., authenticators, user metadata).
* @param params.sessionKey - session key to use for storing the session (defaults to the default session key).
* @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
* @returns A promise that resolves to a signed JWT session token for the new sub-organization.
* @throws {TurnkeyError} If there is an error during wallet authentication, sub-organization creation, session storage, or cleanup.
*/
signUpWithWallet: (params: {
walletProvider: WalletProvider;
createSubOrgParams?: CreateSubOrgParams;
sessionKey?: string;
expirationSeconds?: string;
}) => Promise<string>;
/**
* Logs in an existing user or signs up a new user using a wallet, creating a new sub-organization if needed.
*
* - This function attempts to log in the user by stamping a login request with the provided wallet.
* - If the wallet’s public key is not associated with an existing sub-organization, a new one is created.
* - Handles both wallet authentication and sub-organization creation in a single flow.
* - For Ethereum wallets, derives the public key from the signed request header; for Solana wallets, retrieves it directly from the wallet.
* - Optionally accepts additional sub-organization parameters, a custom session key, and a custom session expiration.
* - Stores the resulting session token under the specified session key, or the default session key if not provided.
*
* @param params.walletProvider - wallet provider to use for authentication.
* @param params.createSubOrgParams - optional parameters for creating a sub-organization (e.g., authenticators, user metadata).
* @param params.sessionKey - session key to use for storing the session (defaults to the default session key).
* @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
* @returns A promise that resolves to a signed JWT session token for the sub-organization (new or existing).
* @throws {TurnkeyError} If there is an error during wallet authentication, sub-organization creation, or session storage.
*/
loginOrSignupWithWallet: (params: {
walletProvider: WalletProvider;
createSubOrgParams?: CreateSubOrgParams;
sessionKey?: string;
expirationSeconds?: string;
}) => Promise<string>;
/**
* Initializes the OTP process by sending an OTP code to the provided contact.
*
* - This function initiates the OTP flow by sending a one-time password (OTP) code to the user's contact information (email address or phone number) via the auth proxy.
* - Supports both email and SMS OTP types.
* - Returns an OTP ID that is required for subsequent OTP verification.
*
* @param params.otpType - type of OTP to initialize (OtpType.Email or OtpType.Sms).
* @param params.contact - contact information for the user (e.g., email address or phone number).
* @returns A promise that resolves to the OTP ID required for verification.
* @throws {TurnkeyError} If there is an error during the OTP initialization process or if the maximum number of OTPs has been reached.
*/
initOtp: (params: {
otpType: OtpType;
contact: string;
}) => Promise<string>;
/**
* Verifies the OTP code sent to the user.
*
* - This function verifies the OTP code entered by the user against the OTP sent to their contact information (email or phone) using the auth proxy.
* - If verification is successful, it returns the sub-organization ID associated with the contact (if it exists) and a verification token.
* - The verification token can be used for subsequent login or sign-up flows.
* - Handles both email and SMS OTP types.
*
* @param params.otpId - ID of the OTP to verify (returned from `initOtp`).
* @param params.otpCode - OTP code entered by the user.
* @param params.contact - contact information for the user (e.g., email address or phone number).
* @param params.otpType - type of OTP being verified (OtpType.Email or OtpType.Sms).
* @returns A promise that resolves to an object containing:
* - subOrganizationId: sub-organization ID if the contact is already associated with a sub-organization, or an empty string if not.
* - verificationToken: verification token to be used for login or sign-up.
* @throws {TurnkeyError} If there is an error during the OTP verification process, such as an invalid code or network failure.
*/
verifyOtp: (params: {
otpId: string;
otpCode: string;
contact: string;
otpType: OtpType;
}) => Promise<{
subOrganizationId: string;
verificationToken: string;
}>;
/**
* Logs in a user using an OTP verification token.
*
* - This function logs in a user using the verification token received after OTP verification (from email or SMS).
* - If a public key is not provided, a new API key pair will be generated for authentication.
* - Optionally invalidates any existing sessions for the user if `invalidateExisting` is set to true.
* - Stores the resulting session token under the specified session key, or the default session key if not provided.
* - Handles cleanup of unused key pairs if login fails.
*
* @param params.verificationToken - verification token received after OTP verification.
* @param params.publicKey - public key to use for authentication. If not provided, a new key pair will be generated.
* @param params.invalidateExisting - flag to invalidate existing session for the user.
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @returns A promise that resolves to a signed JWT session token.
* @throws {TurnkeyError} If there is an error during the OTP login process or if key pair cleanup fails.
*/
loginWithOtp: (params: {
verificationToken: string;
publicKey?: string;
invalidateExisting?: boolean;
sessionKey?: string;
}) => Promise<string>;
/**
* Signs up a user using an OTP verification token.
*
* - This function signs up a user using the verification token received after OTP verification (from email or SMS).
* - Creates a new sub-organization for the user with the provided parameters and associates the contact (email or phone) with the sub-organization.
* - Automatically generates a new API key pair for authentication and session management.
* - Stores the resulting session token under the specified session key, or the default session key if not provided.
* - Handles both email and SMS OTP types, and supports additional sub-organization creation parameters.
*
* @param params.verificationToken - verification token received after OTP verification.
* @param params.contact - contact information for the user (e.g., email address or phone number).
* @param params.otpType - type of OTP being used (OtpType.Email or OtpType.Sms).
* @param params.createSubOrgParams - parameters for creating a sub-organization (e.g., authenticators, user metadata).
* @param params.invalidateExisting - flag to invalidate existing session for the user.
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @returns A promise that resolves to a signed JWT session token for the new sub-organization.
* @throws {TurnkeyError} If there is an error during the OTP sign-up process or session storage.
*/
signUpWithOtp: (params: {
verificationToken: string;
contact: string;
otpType: OtpType;
createSubOrgParams?: CreateSubOrgParams;
invalidateExisting?: boolean;
sessionKey?: string;
}) => Promise<string>;
/**
* Completes the OTP authentication flow by verifying the OTP code and then either signing up or logging in the user.
*
* - This function first verifies the OTP code for the provided contact and OTP type.
* - If the contact is not associated with an existing sub-organization, it will automatically create a new sub-organization and complete the sign-up flow.
* - If the contact is already associated with a sub-organization, it will complete the login flow.
* - Supports passing a custom public key for authentication, invalidating existing session, specifying a session key, and providing additional sub-organization creation parameters.
* - Handles both email and SMS OTP types.
*
* @param params.otpId - ID of the OTP to complete (returned from `initOtp`).
* @param params.otpCode - OTP code entered by the user.
* @param params.contact - contact information for the user (e.g., email address or phone number).
* @param params.otpType - type of OTP being completed (OtpType.Email or OtpType.Sms).
* @param params.publicKey - public key to use for authentication. If not provided, a new key pair may be generated.
* @param params.invalidateExisting - flag to invalidate existing sessions for the user.
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @param params.createSubOrgParams - parameters for sub-organization creation (e.g., authenticators, user metadata).
* @returns A promise that resolves to a signed JWT session token for the user.
* @throws {TurnkeyError} If there is an error during OTP verification, sign-up, or login.
*/
completeOtp: (params: {
otpId: string;
otpCode: string;
contact: string;
otpType: OtpType;
publicKey?: string;
invalidateExisting?: boolean;
sessionKey?: string;
createSubOrgParams?: CreateSubOrgParams;
}) => Promise<string>;
/**
* Completes the OAuth authentication flow by either signing up or logging in the user, depending on whether a sub-organization already exists for the provided OIDC token.
*
* - This function first checks if there is an existing sub-organization associated with the OIDC token.
* - If a sub-organization exists, it proceeds with the OAuth login flow.
* - If no sub-organization exists, it creates a new sub-organization and completes the sign-up flow.
* - Optionally accepts a custom OAuth provider name, session key, and additional sub-organization creation parameters.
* - Handles session storage and management, and supports invalidating existing sessions if specified.
*
* @param params.oidcToken - OIDC token received after successful authentication with the OAuth provider.
* @param params.publicKey - public key to use for authentication. Must be generated prior to calling this function.
* @param params.providerName - name of the OAuth provider (defaults to a generated name with a timestamp).
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @param params.invalidateExisting - flag to invalidate existing sessions for the user.
* @param params.createSubOrgParams - parameters for sub-organization creation (e.g., authenticators, user metadata).
* @returns A promise that resolves to a signed JWT session token for the user.
* @throws {TurnkeyError} If there is an error during the OAuth completion process, such as account lookup, sign-up, or login.
*/
completeOauth: (params: {
oidcToken: string;
publicKey: string;
providerName?: string;
sessionKey?: string;
invalidateExisting?: boolean;
createSubOrgParams?: CreateSubOrgParams;
}) => Promise<string>;
/**
* Logs in a user using OAuth authentication.
*
* - This function logs in a user using the provided OIDC token and public key.
* - Optionally invalidates any existing sessions for the user if `invalidateExisting` is set to true.
* - Stores the resulting session token under the specified session key, or the default session key if not provided.
* - Handles cleanup of unused key pairs if login fails.
*
* @param params.oidcToken - OIDC token received after successful authentication with the OAuth provider.
* @param params.publicKey - public key to use for authentication. Must be generated prior to calling this function.
* @param params.invalidateExisting - flag to invalidate existing sessions for the user.
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @returns A promise that resolves to a signed JWT session token.
* @throws {TurnkeyError} If there is an error during the OAuth login process or if key pair cleanup fails.
*/
loginWithOauth: (params: {
oidcToken: string;
publicKey: string;
invalidateExisting?: boolean;
sessionKey?: string;
}) => Promise<string>;
/**
* Signs up a user using OAuth authentication.
*
* - This function creates a new sub-organization for the user using the provided OIDC token, public key, and provider name.
* - Handles the full OAuth sign-up flow, including sub-organization creation and session management.
* - Optionally accepts additional sub-organization creation parameters and a custom session key.
* - After successful sign-up, automatically logs in the user and returns a signed JWT session token.
*
* @param params.oidcToken - OIDC token received after successful authentication with the OAuth provider.
* @param params.publicKey - public key to associate with the new sub-organization.
* @param params.providerName - name of the OAuth provider (e.g., "Google", "Apple").
* @param params.createSubOrgParams - parameters for sub-organization creation (e.g., authenticators, user metadata).
* @param params.sessionKey - session key to use for session creation (defaults to the default session key).
* @returns A promise that resolves to a signed JWT session token for the new sub-organization.
* @throws {TurnkeyError} If there is an error during the OAuth sign-up or login process.
*/
signUpWithOauth: (params: {
oidcToken: string;
publicKey: string;
providerName: string;
createSubOrgParams?: CreateSubOrgParams;
sessionKey?: string;
}) => Promise<string>;
/**
* Fetches all wallets for the current user, including both embedded and connected wallets.
*
* - Retrieves all wallets associated with the organizationId from the current active session.
* - For each embedded wallet, automatically fetches and attaches all associated wallet accounts.
* - For connected wallets (e.g., browser extensions or external providers), groups providers by wallet name and attaches all connected accounts.
* - Returns both embedded and connected wallets in a single array, each with their respective accounts populated.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of `Wallet` objects.
* @throws {TurnkeyError} If no active session is found or if there is an error fetching wallets.
*/
fetchWallets: (params?: {
walletProviders?: WalletProvider[] | undefined;
stampWith?: StamperType | undefined;
}) => Promise<Wallet[]>;
/**
* Fetches all accounts for a specific wallet, including both embedded and connected wallet accounts.
*
* - For embedded wallets, retrieves accounts from the Turnkey API, supporting pagination (defaults to the first page with a limit of 100 accounts).
* - For connected wallets (e.g., browser extensions or external providers), constructs account objects for each connected address from the provided or discovered wallet providers.
* - Automatically determines the account type and populates relevant fields such as address, curve, and signing capability.
* - Optionally allows filtering by a specific set of wallet providers and supports custom pagination options.
* - Supports stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.wallet - wallet for which to fetch accounts.
* @param params.walletProviders - list of wallet providers to filter by (used for connected wallets).
* @param params.paginationOptions - pagination options for embedded wallets.
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of `v1WalletAccount` objects.
* @throws {TurnkeyError} If no active session is found or if there is an error fetching wallet accounts.
*/
fetchWalletAccounts: (params: {
wallet: Wallet;
walletProviders?: WalletProvider[];
paginationOptions?: v1Pagination;
stampWith?: StamperType | undefined;
}) => Promise<WalletAccount[]>;
/**
* Signs a message using the specified wallet account.
*
* - Supports both embedded and connected wallets.
* - For **connected wallets**:
* - Delegates signing to the wallet provider’s native signing method.
* - **Important:** For Ethereum wallets (e.g., MetaMask), signatures follow [EIP-191](https://eips.ethereum.org/EIPS/eip-191).
* The message is automatically prefixed with `"\x19Ethereum Signed Message:\n" + message length`
* before signing. As a result, this signature **cannot be used as a raw transaction signature**
* or broadcast on-chain.
* - For **embedded wallets**, uses the Turnkey API to sign the message directly.
* - Automatically handles message encoding and hashing based on the wallet account’s address format,
* unless explicitly overridden.
*
* @param params.message - message to sign.
* @param params.walletAccount - wallet account to use for signing.
* @param params.encoding - override for the payload encoding (defaults to the encoding appropriate for the address type).
* @param params.hashFunction - override for the hash function (defaults to the hash function appropriate for the address type).
* @param params.stampWith - stamper to tag the signing request (e.g., Passkey, ApiKey, or Wallet).
* @param params.addEthereumPrefix - whether to prefix the message with Ethereum's `"\x19Ethereum Signed Message:\n"` string.
* - If `true` (default for Ethereum), the message is prefixed before signing.
* - If `false`:
* - Connected wallets will throw an error because they always prefix automatically.
* - Embedded wallets will sign the raw message without any prefix.
*
* @returns A promise resolving to a `v1SignRawPayloadResult` containing the signature and metadata.
* @throws {TurnkeyError} If signing fails, if the wallet account does not support signing, or if the response is invalid.
*/
signMessage: (params: {
message: string;
walletAccount: WalletAccount;
encoding?: v1PayloadEncoding;
hashFunction?: v1HashFunction;
stampWith?: StamperType | undefined;
addEthereumPrefix?: boolean;
}) => Promise<v1SignRawPayloadResult>;
/**
* Signs a transaction using the specified wallet account.
*
* - This function signs a blockchain transaction using the provided wallet address and transaction data.
* - Supports all Turnkey-supported blockchain networks (e.g., Ethereum, Solana, Tron).
* - Automatically determines the appropriate signing method based on the transaction type.
* - Delegates signing to the Turnkey API, which returns the signed transaction and related metadata.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.walletAccount - wallet account to use for signing the transaction.
* @param params.unsignedTransaction - unsigned transaction data (serialized as a string) to be signed.
* @param params.transactionType - type of transaction (e.g., "TRANSACTION_TYPE_ETHEREUM", "TRANSACTION_TYPE_SOLANA", "TRANSACTION_TYPE_TRON").
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to a `TSignTransactionResponse` object containing the signed transaction and any additional signing metadata.
* @throws {TurnkeyError} If there is an error signing the transaction or if the response is invalid.
*/
signTransaction: (params: {
unsignedTransaction: string;
transactionType: v1TransactionType;
walletAccount: WalletAccount;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Signs and broadcasts a transaction using the specified wallet account.
*
* - For **connected wallets**:
* - Calls the wallet’s native `signAndSendTransaction` method.
* - Does **not** require an `rpcUrl`.
*
* - For **embedded wallets**:
* - Signs the transaction using the Turnkey API.
* - Requires an `rpcUrl` to broadcast the transaction.
* - Broadcasts the transaction using a JSON-RPC client.
*
* @param params.walletAccount - wallet account to use for signing and sending.
* @param params.unsignedTransaction - unsigned transaction (serialized string).
* @param params.transactionType - transaction type (e.g., "TRANSACTION_TYPE_SOLANA").
* @param params.rpcUrl - required for embedded wallets to broadcast the signed transaction.
* @param params.stampWith - optional stamper to tag the signing request.
* @returns A promise that resolves to a transaction signature or hash.
* @throws {TurnkeyError} If signing or broadcasting fails.
*/
signAndSendTransaction: (params: {
unsignedTransaction: string;
transactionType: v1TransactionType;
walletAccount: WalletAccount;
rpcUrl?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Fetches the user details for the current session or a specified user.
*
* - Retrieves user details from the Turnkey API using the provided userId and organizationId, or defaults to those from the active session.
* - If no userId is provided, the userId from the current session is used.
* - If no organizationId is provided, the organizationId from the current session is used.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* - Ensures that an active session exists before making the request.
*
* @param params.organizationId - organization ID to specify the sub-organization (defaults to the current session's organizationId).
* @param params.userId - user ID to fetch specific user details (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to a `v1User` object containing the user details.
* @throws {TurnkeyError} If there is no active session, if there is no userId, or if there is an error fetching user details.
*/
fetchUser: (params?: {
organizationId?: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<v1User>;
/**
* Updates the user's email address.
*
* - This function updates the user's email address and, if provided, verifies it using a verification token (typically from an OTP flow).
* - If a userId is provided, it updates the email for that specific user; otherwise, it uses the current session's userId.
* - If a verificationToken is not provided, the email will be updated but will not be marked as verified.
* - Automatically ensures an active session exists before making the request.
* - Handles session management and error reporting for both update and verification flows.
*
* @param params.email - new email address to set for the user.
* @param params.verificationToken - verification token from OTP email verification (required if verifying the email).
* @param params.userId - user ID to update a specific user's email (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the userId of the updated user.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating or verifying the user email.
*/
updateUserEmail: (params: {
email: string;
verificationToken?: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Removes the user's email address.
*
* - This function removes the user's email address by setting it to an empty string.
* - If a userId is provided, it removes the email for that specific user; otherwise, it uses the current session's userId.
* - Automatically ensures an active session exists before making the request.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.userId - user ID to remove a specific user's email address (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the userId of the user whose email was removed.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the user email.
*/
removeUserEmail: (params?: {
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Updates the user's phone number.
*
* - This function updates the user's phone number and, if provided, verifies it using a verification token (from an OTP flow).
* - If a userId is provided, it updates the phone number for that specific user; otherwise, it uses the current session's userId.
* - If a verificationToken is not provided, the phone number will be updated but will not be marked as verified.
* - Automatically ensures an active session exists before making the request.
* - Handles session management and error reporting for both update and verification flows.
*
* @param params.phoneNumber - new phone number to set for the user.
* @param params.verificationToken - verification token from OTP phone verification (required if verifying the phone number).
* @param params.userId - user ID to update a specific user's phone number (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the userId of the updated user.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating or verifying the user phone number.
*/
updateUserPhoneNumber: (params: {
phoneNumber: string;
verificationToken?: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Removes the user's phone number.
*
* - This function removes the user's phone number by setting it to an empty string.
* - If a userId is provided, it removes the phone number for that specific user; otherwise, it uses the current session's userId.
* - Automatically ensures an active session exists before making the request.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.userId - user ID to remove a specific user's phone number (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the userId of the user whose phone number was removed.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the user phone number.
*/
removeUserPhoneNumber: (params?: {
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Updates the user's name.
*
* - This function updates the user's display name.
* - If a userId is provided, it updates the name for that specific user; otherwise, it uses the current session's userId.
* - Automatically ensures an active session exists before making the request.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* - Handles session management and error reporting for the update flow.
*
* @param params.userName - new name to set for the user.
* @param params.userId - user ID to update a specific user's name (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the userId of the updated user.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating the user name.
*/
updateUserName: (params: {
userName: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Adds an OAuth provider to the user.
*
* - This function adds an OAuth provider (e.g., Google, Apple) to the user account.
* - If a userId is provided, it adds the provider for that specific user; otherwise, it uses the current session's userId.
* - Automatically checks if an account already exists for the provided OIDC token and prevents duplicate associations.
* - If the user's email is not set or not verified, attempts to update and verify the email using the email from the OIDC token.
* - Handles session management and error reporting for the add provider flow.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.providerName - name of the OAuth provider to add (e.g., "Google", "Apple").
* @param params.oidcToken - OIDC token for the OAuth provider.
* @param params.userId - user ID to add the provider for a specific user (defaults to current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of provider IDs associated with the user.
* @throws {TurnkeyError} If there is no active session, if the account already exists, or if there is an error adding the OAuth provider.
*/
addOauthProvider: (params: {
providerName: string;
oidcToken: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string[]>;
/**
* Removes a list of OAuth providers from the user.
*
* - This function removes OAuth providers (e.g., Google, Apple) from the user's account.
* - If a userId is provided, it removes the providers for that specific user; otherwise, it uses the current session's userId.
* - Automatically ensures an active session exists before making the request.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* - Returns an array of remaining provider IDs associated with the user after removal.
*
* @param params.providerIds - IDs of the OAuth providers to remove.
* @param params.userId - user ID to remove the provider for a specific user (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of provider IDs that were removed.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the OAuth provider.
*/
removeOauthProviders: (params: {
providerIds: string[];
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string[]>;
/**
* Adds a new passkey authenticator for the user.
*
* - This function prompts the user to create a new passkey (WebAuthn/FIDO2) and adds it as an authenticator for the user.
* - Handles both web and React Native environments, automatically selecting the appropriate passkey creation flow.
* - If a userId is provided, the passkey is added for that specific user; otherwise, it uses the current session's userId.
* - The passkey's name and display name can be customized; if not provided, defaults are generated.
* - The resulting passkey attestation and challenge are registered with Turnkey as a new authenticator.
*
* @param params.name - name of the passkey (defaults to "Turnkey Passkey-`timestamp`").
* @param params.displayName - display name of the passkey (defaults to the value of `name`).
* @param params.userId - user ID to add the passkey for a specific user (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of authenticator IDs for the newly added passkey(s).
* @throws {TurnkeyError} If there is no active session, if passkey creation fails, or if there is an error adding the passkey.
*/
addPasskey: (params?: {
name?: string;
displayName?: string;
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string[]>;
/**
* Removes passkeys (authenticator) from the user.
*
* - This function removes passkeys (WebAuthn/FIDO2 authenticators) from the user's account.
* - If a userId is provided, it removes the passkeys for that specific user; otherwise, it uses the current session's userId.
* - Automatically ensures an active session exists before making the request.
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* - Returns an array of remaining authenticator IDs for the user after removal.
*
* @param params.authenticatorIds - IDs of the authenticators (passkeys) to remove.
* @param params.userId - user ID to remove the passkeys for a specific user (defaults to the current session's userId).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to an array of authenticator IDs that were removed.
* @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the passkeys.
*/
removePasskeys: (params: {
authenticatorIds: string[];
userId?: string;
stampWith?: StamperType | undefined;
}) => Promise<string[]>;
/**
* Creates a new wallet for sub-organization.
*
* - This function creates a new wallet for the current sub-organization.
* - If an organizationId is provided, the wallet will be created under that specific sub-organization; otherwise, it uses the current session's organizationId.
* - If a list of address formats is provided, accounts will be created in the wallet based on those formats (starting from path index 0).
* - If a list of account parameters is provided, those accounts will be created in the wallet.
* - If no accounts or address formats are provided, default Ethereum and Solana accounts will be created.
* - Optionally allows specifying the mnemonic length for the wallet seed phrase (defaults to 12).
* - Optionally allows stamping the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
*
* @param params.walletName - name of the wallet to create.
* @param params.accounts - array of account parameters or address formats to create in the wallet.
* @param params.organizationId - organization ID to create the wallet under a specific sub-organization (defaults to the current session's organizationId).
* @param params.mnemonicLength - mnemonic length for the wallet seed phrase (defaults to 12).
* @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
* @returns A promise that resolves to the ID of the newly created wallet.
* @throws {TurnkeyError} If there is no active session or if there is an error creating the wallet.
*/
createWallet: (params: {
walletName: string;
accounts?: v1WalletAccountParams[] | v1AddressFormat[];
organizationId?: string;
mnemonicLength?: number;
stampWith?: StamperType | undefined;
}) => Promise<string>;
/**
* Creates new accounts i