@turnkey/http/CHANGELOG.md

Typed HTTP client for interacting with Turnkey API

# @turnkey/http

## 4.0.0

### Major Changes

- [#1250](https://github.com/tkhq/sdk/pull/1250) [`6128132`](https://github.com/tkhq/sdk/commit/6128132d910f658cdf83ecc1dec6598eb20c008a) Author [@moeodeh3](https://github.com/moeodeh3) - ### `INIT_OTP`

  `ACTIVITY_TYPE_INIT_OTP_V2` → `ACTIVITY_TYPE_INIT_OTP_V3`

  **What changed:** Added required `otpEncryptionTargetBundle` to the result.

  ```ts
  // before — v1InitOtpResult
  {
    otpId: string;
  }

  // after — v1InitOtpResultV2
  {
    otpId: string;
    otpEncryptionTargetBundle: string; // new
  }
  ```

  ***

  ### `VERIFY_OTP`

  `ACTIVITY_TYPE_VERIFY_OTP` → `ACTIVITY_TYPE_VERIFY_OTP_V2`

  **What changed:** Replaced plaintext `otpCode` + `publicKey` with a single `encryptedOtpBundle`.

  Instead of sending the OTP code in plaintext, you now HPKE-encrypt it (along with your public key) to Turnkey's enclave using the `otpEncryptionTargetBundle` returned by `initOtp`. This ensures the OTP code never leaves the client in plaintext.

  Use `encryptOtpCodeToBundle` from `@turnkey/crypto` to build the bundle:

  ```ts
  import { encryptOtpCodeToBundle } from "@turnkey/crypto";

  const { otpId, otpEncryptionTargetBundle } = await client.initOtp({ ... });

  // After the user enters their OTP code:
  const encryptedOtpBundle = await encryptOtpCodeToBundle(
    otpCode,                    // the code the user entered
    otpEncryptionTargetBundle,  // from the initOtp response
    publicKey,                  // your target public key
  );

  await client.verifyOtp({
    otpId,
    encryptedOtpBundle,
  });
  ```

  ```ts
  // before — v1VerifyOtpIntent
  {
    otpId: string;
    otpCode: string;           // removed
    expirationSeconds?: string;
    publicKey?: string;         // removed
  }

  // after — v1VerifyOtpIntentV2
  {
    otpId: string;
    encryptedOtpBundle: string; // new — replaces otpCode + publicKey
    expirationSeconds?: string;
  }
  ```

  ***

  ### `OTP_LOGIN`

  `ACTIVITY_TYPE_OTP_LOGIN` → `ACTIVITY_TYPE_OTP_LOGIN_V2`

  **What changed:** `clientSignature` promoted from optional to required.

  ```ts
  // before — v1OtpLoginIntent
  {
    verificationToken: string;
    publicKey: string;
    expirationSeconds?: string;
    invalidateExisting?: boolean;
    clientSignature?: v1ClientSignature; // optional
  }

  // after — v1OtpLoginIntentV2
  {
    verificationToken: string;
    publicKey: string;
    expirationSeconds?: string;
    invalidateExisting?: boolean;
    clientSignature: v1ClientSignature;  // now required
  }
  ```

  ***

  ### `CREATE_OAUTH_PROVIDERS`

  `ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS` → `ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS_V2`

  **What changed:** Added `oidcClaims` as a new option alongside `oidcToken`; you must provide exactly one. This updated type feeds into the `CREATE_SUB_ORGANIZATION` and `CREATE_USERS` changes below.

  ```ts
  // before — v1OauthProviderParams
  {
    providerName: string;
    oidcToken: string;
  }

  // after — v1OauthProviderParamsV2
  {
    providerName: string;
  } & (
    | { oidcToken: string }
    | { oidcClaims: { iss: string; sub: string; aud: string } }
  )
  ```

  ***

  ### `CREATE_SUB_ORGANIZATION`

  `ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V7` → `ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V8`

  **What changed:** `rootUsers` items updated from `v1RootUserParamsV4` → `v1RootUserParamsV5`, which updates `oauthProviders` from `v1OauthProviderParams` → `v1OauthProviderParamsV2`.

  ```ts
  // before — v1RootUserParamsV4
  {
    userName: string;
    userEmail?: string;
    userPhoneNumber?: string;
    apiKeys: v1ApiKeyParamsV2[];
    authenticators: v1AuthenticatorParamsV2[];
    oauthProviders: {              // v1OauthProviderParams
      providerName: string;
      oidcToken: string;           // was required
    }[];
  }

  // after — v1RootUserParamsV5
  {
    userName: string;
    userEmail?: string;
    userPhoneNumber?: string;
    apiKeys: v1ApiKeyParamsV2[];
    authenticators: v1AuthenticatorParamsV2[];
    oauthProviders: ({             // v1OauthProviderParamsV2
      providerName: string;
    } & (
      | { oidcToken: string }
      | { oidcClaims: { iss: string; sub: string; aud: string } }
    ))[];
  }
  ```

  ***

  ### `CREATE_USERS`

  `ACTIVITY_TYPE_CREATE_USERS_V3` → `ACTIVITY_TYPE_CREATE_USERS_V4`

  **What changed:** `users` items updated from `v1UserParamsV3` → `v1UserParamsV4`, which updates `oauthProviders` from `v1OauthProviderParams` → `v1OauthProviderParamsV2`.

  ```ts
  // before — v1UserParamsV3
  {
    userName: string;
    userEmail?: string;
    userPhoneNumber?: string;
    apiKeys: v1ApiKeyParamsV2[];
    authenticators: v1AuthenticatorParamsV2[];
    oauthProviders: {              // v1OauthProviderParams
      providerName: string;
      oidcToken: string;           // was required
    }[];
    userTags: string[];
  }

  // after — v1UserParamsV4
  {
    userName: string;
    userEmail?: string;
    userPhoneNumber?: string;
    apiKeys: v1ApiKeyParamsV2[];
    authenticators: v1AuthenticatorParamsV2[];
    oauthProviders: ({             // v1OauthProviderParamsV2
      providerName: string;
    } & (
      | { oidcToken: string }
      | { oidcClaims: { iss: string; sub: string; aud: string } }
    ))[];
    userTags: string[];
  }
  ```

### Patch Changes

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.6

## 3.18.1

### Patch Changes

- [#1269](https://github.com/tkhq/sdk/pull/1269) [`ef66673`](https://github.com/tkhq/sdk/commit/ef6667325d210c8aa0ea4c1d11d834ff28ddb66c) Author [@ethankonk](https://github.com/ethankonk) - Sync with v2026.4.5 of mono

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.5

## 3.18.0

### Minor Changes

- [#1252](https://github.com/tkhq/sdk/pull/1252) [`46b4d2f`](https://github.com/tkhq/sdk/commit/46b4d2fa807fb87d06bb606623ba1f86582aa4ef) Author [@ethankonk](https://github.com/ethankonk) - Sync as per mono v2026.3.6

### Patch Changes

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.4

## 3.17.1

### Patch Changes

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.3

## 3.17.0

### Minor Changes

- [#1206](https://github.com/tkhq/sdk/pull/1206) [`58e04e5`](https://github.com/tkhq/sdk/commit/58e04e5856626d9d2593abb61d8ca32d8ccbb833) Author [@DeRauk](https://github.com/DeRauk) - Adds sdk methods for the GetWalletAddressBalances and ListSupportedAssets apis.

### Patch Changes

- [#1201](https://github.com/tkhq/sdk/pull/1201) [`1f6e240`](https://github.com/tkhq/sdk/commit/1f6e2403fca1fd9cbca646f88c88dbc49ddb0c34) Author [@ethankonk](https://github.com/ethankonk) - Synced with Mono v2026.2.0

- [#1197](https://github.com/tkhq/sdk/pull/1197) [`7458b7c`](https://github.com/tkhq/sdk/commit/7458b7cd6fc64796b376e3374b7c2ed79467459c) Thanks [@moe-dev](https://github.com/moe-dev)! - Add support for SolSendTransaction and associated abstractions

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.2

## 3.16.3

### Patch Changes

- [#1194](https://github.com/tkhq/sdk/pull/1194) [`dced9db`](https://github.com/tkhq/sdk/commit/dced9dbbd8ea533442e19e45ce36e6a05a45a555) Author [@moeodeh3](https://github.com/moeodeh3) - Add `Content-Type: application/json` header to all Turnkey API requests. The missing header caused "Network request failed" errors on React Native, intermittent for some setups and consistent for others, where OkHttp-backed fetch can reject `POST` requests without an explicit `Content-Type`. See also: https://github.com/JakeChampion/fetch/issues/823

  Special thanks to @jrmykolyn and @niroshanS for helping identify and debug this issue

## 3.16.2

### Patch Changes

- Updated dependencies []:
  - @turnkey/api-key-stamper@0.6.1

## 3.16.1

### Patch Changes

- Updated dependencies [[`91d6a9e`](https://github.com/tkhq/sdk/commit/91d6a9eb1b9ac9e21745749615ac7a7be66f5cf6)]:
  - @turnkey/api-key-stamper@0.6.0

## 3.16.0

### Minor Changes

- [#1153](https://github.com/tkhq/sdk/pull/1153) [`78ec1d9`](https://github.com/tkhq/sdk/commit/78ec1d9afcafde3ca7107fc720323d486d6afaea) Thanks [@moe-dev](https://github.com/moe-dev)! - Update as per mono v2025.12.3.

  ### Behavioral Changes
  - `appName` is now **required**:
    - In `emailCustomization` for Email Auth activities
    - At the top-level intent for OTP activities
  - Auth proxy endpoints are **not affected**

  ### Activity Version Bumps

  The following activity types have been versioned:
  - `ACTIVITY_TYPE_INIT_OTP` → `ACTIVITY_TYPE_INIT_OTP_V2`
  - `ACTIVITY_TYPE_INIT_OTP_AUTH_V2` → `ACTIVITY_TYPE_INIT_OTP_AUTH_V3`
  - `ACTIVITY_TYPE_EMAIL_AUTH_V2` → `ACTIVITY_TYPE_EMAIL_AUTH_V3`
  - `ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY` -> `ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY_V2`

## 3.15.0

### Minor Changes

- [#1072](https://github.com/tkhq/sdk/pull/1072) [`67b03a5`](https://github.com/tkhq/sdk/commit/67b03a5d9ab1b6eabfb0b41938ac91365b5dcd9b) Thanks [@moe-dev](https://github.com/moe-dev)! - Bump packages as per mono v2025.11.0

## 3.14.0

### Minor Changes

- [#1058](https://github.com/tkhq/sdk/pull/1058) [`9fbd5c4`](https://github.com/tkhq/sdk/commit/9fbd5c459782dc3721dd0935d0a4458babce258b) Author [@moeodeh3](https://github.com/moeodeh3) - Update per mono release `v2025.10.10-hotfix.2`

## 3.13.1

### Patch Changes

- [#1016](https://github.com/tkhq/sdk/pull/1016) [`9df42ad`](https://github.com/tkhq/sdk/commit/9df42adc02c7ff77afba3b938536e79b57882ef1) Author [@amircheikh](https://github.com/amircheikh) - Synced API as per mono v2025.10.2

## 3.13.0

### Minor Changes

- [#977](https://github.com/tkhq/sdk/pull/977) [`4567059`](https://github.com/tkhq/sdk/commit/45670598f102223925b87a5295edca15a6ce8241) Author [@besler613](https://github.com/besler613) - OAuth2Authenticate now supports returning the encrypted bearer token via the optional `bearerTokenTargetPublicKey` request parameter (mono release v2025.9.5)

## 3.12.1

### Patch Changes

- [#958](https://github.com/tkhq/sdk/pull/958) [`5a96fe8`](https://github.com/tkhq/sdk/commit/5a96fe80db4c4c45e09ad8c613695ee4c2b8e51f) Author [@amircheikh](https://github.com/amircheikh) - - Synced api with mono

## 3.12.0

### Minor Changes

- Updated dependencies [[`fc1d6e2`](https://github.com/tkhq/sdk/commit/fc1d6e2d26f4a53116633e9e8cccccd792267f4e), [`fc1d6e2`](https://github.com/tkhq/sdk/commit/fc1d6e2d26f4a53116633e9e8cccccd792267f4e), [`4880f26`](https://github.com/tkhq/sdk/commit/4880f26a4dd324c049bff7f35284098ccfc55823), [`c6ee323`](https://github.com/tkhq/sdk/commit/c6ee3239c389a7bbbbb23610c84b883ed298f95c), [`c6ee323`](https://github.com/tkhq/sdk/commit/c6ee3239c389a7bbbbb23610c84b883ed298f95c), [`c6ee323`](https://github.com/tkhq/sdk/commit/c6ee3239c389a7bbbbb23610c84b883ed298f95c), [`06347ad`](https://github.com/tkhq/sdk/commit/06347adfa08fb0867c350e43821d0fed06c49624), [`6bfcbc5`](https://github.com/tkhq/sdk/commit/6bfcbc5c098e64ab1d115518733b87cfc1653e17)]:
  - @turnkey/encoding@0.6.0
  - @turnkey/webauthn-stamper@0.6.0
  - @turnkey/api-key-stamper@0.5.0

## 3.11.1-beta.0

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@0.6.0-beta.6
  - @turnkey/api-key-stamper@0.5.0-beta.6

## 3.11.0

### Minor Changes

- [#879](https://github.com/tkhq/sdk/pull/879) [`026264c`](https://github.com/tkhq/sdk/commit/026264c55aa16342c8925af0bdcdf72dc00e5158) Author [@zkharit](https://github.com/zkharit) - Update packages to include new activities as of the newest release (mono v2025.8.10)

## 3.10.0-beta.2

### Minor Changes

- SDK beta release @turnkey/react-wallet-kit @turnkey/core

### Patch Changes

- Updated dependencies []:
  - @turnkey/webauthn-stamper@0.6.0-beta.0
  - @turnkey/api-key-stamper@0.5.0-beta.5
  - @turnkey/encoding@0.6.0-beta.5

## 3.10.0-beta.1

### Minor Changes

- @turnkey/react-wallet-kit and @turnkey/core beta-3 release

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@0.6.0-beta.4
  - @turnkey/api-key-stamper@0.4.8-beta.4

## 3.10.0-beta.0

### Minor Changes

- @turnkey/react-wallet-kit and @turnkey/core beta-3 release

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@0.6.0-beta.3
  - @turnkey/api-key-stamper@0.4.8-beta.3

## 3.10.0

### Minor Changes

- [#861](https://github.com/tkhq/sdk/pull/861) [`5d8be2d`](https://github.com/tkhq/sdk/commit/5d8be2d0329070c7aa025dddb1b28f04257ae4e6) Author [@amircheikh](https://github.com/amircheikh) - Synced as per mono 2025.8.4

## 3.9.0

### Minor Changes

- [#834](https://github.com/tkhq/sdk/pull/834) [`8b39dba`](https://github.com/tkhq/sdk/commit/8b39dbabf68d3e376b5b07f26960d5b61ae87fa9) Author [@moeodeh3](https://github.com/moeodeh3) - Update per mono release v2025.8.3-hotfix.0

## 3.8.1-beta.2

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@0.6.0-beta.2
  - @turnkey/api-key-stamper@0.4.8-beta.2

## 3.8.1-beta.1

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@0.6.0-beta.1
  - @turnkey/api-key-stamper@0.4.8-beta.1

## 3.8.1-beta.0

### Patch Changes

- Updated dependencies []:
  - @turnkey/encoding@1.0.0-beta.0
  - @turnkey/api-key-stamper@0.4.8-beta.0

## 3.8.0

### Minor Changes

- [#826](https://github.com/tkhq/sdk/pull/826) [`f83f25b`](https://github.com/tkhq/sdk/commit/f83f25ba33ef15dbd66723531eebe2fd00f43ac0) Author [@turnekybc](https://github.com/turnekybc) - Update per mono release v2025.8.1

## 3.7.0

### Minor Changes

- [#651](https://github.com/tkhq/sdk/pull/651) [`81e355c`](https://github.com/tkhq/sdk/commit/81e355c9a8321feffcac056916b65139cf35eeed) Author [@turnekybc](https://github.com/turnekybc) - Add Coinbase & MoonPay Fiat Onramp. View the [Fiat Onramp feature docs](https://docs.turnkey.com/wallets/fiat-on-ramp).

## 3.6.0

### Minor Changes

- [#782](https://github.com/tkhq/sdk/pull/782) [`e90a478`](https://github.com/tkhq/sdk/commit/e90a478c9208d858b1144df9b2c2c7ba956c406e) Thanks [@r-n-o](https://github.com/r-n-o)! - Release v2025.7.16

## 3.5.1

### Patch Changes

- [#763](https://github.com/tkhq/sdk/pull/763) [`cb13c26`](https://github.com/tkhq/sdk/commit/cb13c26edb79a01ab651e3b2897334fd154b436a) Author [@andrewkmin](https://github.com/andrewkmin) - Release per mono v2025.7.1. This release contains the following API changes:
  - Introduction of `SmartContractInterfaces`: we've now exposed endpoints for uploading ABIs and IDLs to help secure EVM and Solana signing flows. For more information, see our docs [here](https://docs.turnkey.com/concepts/policies/smart-contract-interfaces)

## 3.5.0

### Minor Changes

- [#704](https://github.com/tkhq/sdk/pull/704) [`5f3dd98`](https://github.com/tkhq/sdk/commit/5f3dd9814650308b3bf3198168c453e7b1a98efd) Author [@amircheikh](https://github.com/amircheikh) - Added `name` field to constructor. `isHttpClient` now uses this new field to complete the check. This fixes a bug where `isHttpClient` would fail the check under certain production environments.

  Synced with mono 2025.6.10 to include the following endpoints:

  `update_user_email`: Update a User's email in an existing Organization

  `update_user_name`: Update a User's name in an existing Organization

  `update_user_phone_number`: Update a User's phone number in an existing Organization

### Patch Changes

- Updated dependencies [[`7625df0`](https://github.com/tkhq/sdk/commit/7625df0538002c3455bd5862211210e38472e164)]:
  - @turnkey/api-key-stamper@0.4.7

## 3.4.2

### Patch Changes

- [#665](https://github.com/tkhq/sdk/pull/665) [`be0a621`](https://github.com/tkhq/sdk/commit/be0a621fb962bd51d2df1a1e79f5260d7c696772) Author [@amircheikh](https://github.com/amircheikh) - Exposed `isHttpClient` function for determining if a passed in client is from turnkey/http

## 3.4.1

### Patch Changes

- [#663](https://github.com/tkhq/sdk/pull/663) [`593de2d`](https://github.com/tkhq/sdk/commit/593de2d9404ec8cf53426f9cf832c13eefa3fbf2) Thanks [@moe-dev](https://github.com/moe-dev)! - Update to endpoints as per mono v2025.5.7. Add V5 TON address format generation. Non breaking

- Updated dependencies [[`5afbe51`](https://github.com/tkhq/sdk/commit/5afbe51949bdd1997fad083a4c1e4272ff7409dc), [`40c4035`](https://github.com/tkhq/sdk/commit/40c40359ec7096d0bca39ffc93e89361b3b11a1a)]:
  - @turnkey/webauthn-stamper@0.5.1
  - @turnkey/encoding@0.5.0
  - @turnkey/api-key-stamper@0.4.6

## 3.4.0

### Minor Changes

- Added new authentication activities:
  - STAMP_LOGIN: Handles authentication flows for passkeys, wallet logins, and session refresh. Initiated by sub-organizations; returns a session JWT.
  - INIT_OTP: Initiates sending a 6–9 digit or bech32 alphanumeric OTP to an email or phone. Initiated by the parent organization.
  - VERIFY_OTP: Verifies the OTP and returns a verification token. Initiated by the parent organization.
  - OTP_LOGIN: Completes OTP-based authentication by verifying a tokenized OTP challenge and establishing a session. Initiated by the parent organization; returns a session JWT.
  - OAUTH_LOGIN: Finalizes OAuth-based logins from third-party OIDC providers. Initiated by the parent organization; returns a session JWT.

## 3.3.0

### Minor Changes

- 25ca339: Adding replyToEmailAddress field for specifying reply-to when using a customer sender

## 3.2.0

### Minor Changes

- 3f6e415: Update per mono v2025.4.5
  - Introduces Tron transaction parsing and policy engine support. For more information, take a look at our [docs](https://docs.turnkey.com/networks/tron)

### Patch Changes

- Updated dependencies [4d1d775]
  - @turnkey/api-key-stamper@0.4.5

## 3.1.0

### Minor Changes

- 3e4a482: Release per mono v2025.4.4
  - Adds parsing and policy engine support for Ethereum Type 3 (EIP-4844) and Type 4 (EIP-7702) transactions. There is no change to any signing interface or API; you simply can now use Turnkey's signing endpoints to sign those transaction types. See [with-viem](https://github.com/tkhq/sdk/blob/main/examples/with-viem/) for examples.
  - New wallet account creations will now automatically derive the underlying derived account's public key. For example: previously, if derived an Ethereum wallet account, you would get the resulting Ethereum address (`0x...`). If you also wanted the public key associated with that underlying key, you would've had to derive an additional wallet account with `ADDRESS_FORMAT_COMPRESSED`. Now, this will automatically be derived for you. It is now a property that has been added to the wallet account primitive (i.e. accessible via `walletAccount.publicKey`).

## 3.0.0

### Major Changes

- f94d36e: Remove deprecated TurnkeyApiService. TurnkeyApi should be used instead.

### Minor Changes

- d1083bd: New activity `INIT_OTP_AUTH_V2` which allows alphanumeric boolean and otpLength (6-9) to be passed

- This release introduces the `INIT_OTP_AUTH_V2` activity. The difference between it and `INIT_OTP_AUTH` is that it can now accept `alphanumeric` and `otpLength` for selecting crockford bech32 alphanumeric codes and the length of those codes. By default alphanumeric = true, otpLength = 9

- This release introduces `sendFromEmailSenderName` to `INIT_OTP_AUTH`, `INIT_OTP_AUTH_V2`, `EMAIL_AUTH` and `EMAIL_AUTH_V2`. This is an optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications'.

## 2.22.0

### Minor Changes

- ecdb29a: Update API as per mono v2025.3.2
  - This release introduces the `CREATE_USERS_V3` activity. The difference between it and `CREATE_USERS_V2` is that it can now accept `userPhoneNumber` and `oauthProviders`. In total, it accepts the following parameters:

  ```javascript
  /** @description A list of Users. */
  users: {
    /** @description Human-readable name for a User. */
    userName: string;
    /** @description The user's email address. */
    userEmail?: string;
    /** @description The user's phone number in E.164 format e.g. +13214567890 */
    userPhoneNumber?: string;
    /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */
    apiKeys: definitions["v1ApiKeyParamsV2"][];
    /** @description A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */
    authenticators: definitions["v1AuthenticatorParamsV2"][];
    /** @description A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */
    oauthProviders: definitions["v1OauthProviderParams"][];
    /** @description A list of User Tag IDs. This field, if not needed, should be an empty array in your request body. */
    userTags: string[];
  }
  ```

  See [source code](https://github.com/tkhq/sdk/blob/60c0c03440785b841d1f6f393612046423dc665f/packages/http/src/__generated__/services/coordinator/public/v1/public_api.types.ts#L2894-L2909) to view details on the nested types.

## 2.21.0

### Minor Changes

- 56a307e: Update API to mono v2025.3.0
  - This release introduces an `invalidateExisting` flag to the `CreateReadWriteSession` and `Oauth` activities. If enabled, this will invalidate existing read-write and oauth API keys. This is useful in scenarios where a user attempts to create numerous `ReadWrite` or `Oauth` sessions. Because our API caps the number of session keys associated with a user, this flag can clear all other existing session keys of that specific type (e.g. setting `invalidateExisting: true` for `CreateReadWriteSession` will invalidate all previously created read-write session keys)

## 2.20.0

### Minor Changes

- 3c44c4a: Updates per mono release v2025.2.2

## 2.19.0

### Minor Changes

- 57f9cb0: Update endpoints - surface `GetWalletAccount`. This endpoint takes in the following args:
  ```javascript
  /** @description Unique identifier for a given Organization. */
  organizationId: string;
  /** @description Unique identifier for a given Wallet. */
  walletId: string;
  /** @description Address corresponding to a Wallet Account. */
  address?: string;
  /** @description Path corresponding to a Wallet Account. */
  path?: string;
  ```

## 2.18.0

### Minor Changes

- 6695af2: Update per mono release v2025.1.11

## 2.17.3

### Patch Changes

- 053fbfb: Update mono dependencies

## 2.17.2

### Patch Changes

- Updated dependencies [2d5977b]
  - @turnkey/api-key-stamper@0.4.4

## 2.17.1

### Patch Changes

- 538d4fc: Update api endpoints - NEW: User verification, SMS customization params

## 2.17.0

### Minor Changes

- 78bc39c: Add default accounts for various address types
  - Add wallet account ID to list wallets endpoint

## 2.16.0

### Minor Changes

- 4df8914: Version bump corresponding to mono release v2024.10.10.
  - Improved error message for duplicate activity submission
  - Address derivation support for DOGE, TON, SEI, XLM
  - Fix server side error if sub_org doesn’t have email and/or phone number

## 2.15.0

### Minor Changes

- 9ebd062: Release OTP functionality

## 2.14.2

### Patch Changes

- 96d7f99: Update dependencies
- Updated dependencies [e5c4fe9]
  - @turnkey/encoding@0.4.0
  - @turnkey/api-key-stamper@0.4.3

## 2.14.1

### Patch Changes

- ff059d5: Update dependencies
- Updated dependencies [93666ff]
  - @turnkey/encoding@0.3.0
  - @turnkey/api-key-stamper@0.4.2

## 2.14.0

### Minor Changes

- 848f8d3: Add new helpers and update types and errors
  - `getSignatureFromActivity` returns the signature corresponding to a completed activity
  - `getSignedTransactionFromActivity` returns the signed transaction corresponding to a completed activity
  - `assertActivityCompleted` checks the state of an activity and throws an error if the activity either requires consensus or is otherwise not yet completed
  - `TERMINAL_ACTIVITY_STATUSES` is a const containing all terminal activity statuses. Useful for checking on an activity
  - `TurnkeyActivityError` now uses `undefined` instead of `null`
  - Export some additional types: `TActivity`, `TActivityId`, `TActivityStatus`, `TActivityType`

## 2.13.0

### Minor Changes

- 93dee46: Add create read write session v2 which allows for user targeting directly from stamp or optional userId in intent

## 2.12.3

### Patch Changes

- e2f2e0b: Added two new endpoints for deleting private keys and deleting wallets

## 2.12.2

### Patch Changes

- 2d7e5a9: fix a (currently unused) return value

- Updated dependencies
  - @turnkey/api-key-stamper@0.4.1
  - @turnkey/encoding@0.2.1

## 2.12.1

### Patch Changes

- f17a229: Update to oauth related endpoints to drop jwks uri from oauth providers

## 2.12.0

### Minor Changes

- Add Email Auth V2 - Optional invalidate exisiting Email Authentication API keys

## 2.11.0

### Minor Changes

- Update to use new endpoints. Including CREATE_READ_WRITE_SESSION which allows one shot passkey sessions (returns org information and a credential bundle) and CREATE_API_KEYS_V2 which allows a curve type to be passed (SECP256K1 or P256)

## 2.10.0

### Minor Changes

- 7a9ce7a: Sync 2024.3.16

## 2.9.1

### Patch Changes

- Update generated files to latest release: optional pagination options were added to list sub-organization and list wallet account endpoints.

## 2.9.0

### Minor Changes

- 83b62b5: Sync types for latest release

## 2.8.0

### Minor Changes

- 46a7d90: Update to v2024.2.1 API: add activities to initialize wallet import, import wallet, delete users, delete private key tags, delete user tags, and list sub-organizations

## 2.7.1

### Patch Changes

- Update to v2024.2.0 API types: `mnemonicLength` is now a number instead of a string

## 2.7.0

### Minor Changes

- Introduce and reference `@turnkey/encoding` to consolidate utility functions
- Updated dependencies ([c3b423b], [d73725b])
  - @turnkey/webauthn-stamper@0.5.0
  - @turnkey/api-key-stamper@0.4.0
  - @turnkey/encoding@0.1.0

## 2.6.2

### Patch Changes

- b45a9ac: Include package version in request headers
- f9d636c: Export VERSION from turnkey/http

## 2.6.1

### Patch Changes

- 52e2389: Revert version export (#186 and #187)

## 2.6.0

### Minor Changes

- 0794f41: Add VERSION constant
- 7a3c890: Add key export support

### Patch Changes

- 4517e3b: Update version string to include package name

## 2.5.1

### Patch Changes

- Upgrade to Node v18 (#184)
- Updated dependencies
  - @turnkey/webauthn-stamper@0.4.3
  - @turnkey/api-key-stamper@0.3.1

## 2.5.0

### Minor Changes

- 464ac0e: Update protos for latest release, which includes:
  - Support optional expirations for API keys, configurable via the `expirationSeconds` parameter.
  - Support Email Auth. Details to follow ⚡️

## 2.4.2

### Patch Changes

- Updated dependencies [a03e385]
  - @turnkey/webauthn-stamper@0.4.2

## 2.4.1

### Patch Changes

- Fix universal files to stop using `require`. Use ES6 imports instead (#178)
- Updated dependencies [f87ced8]
  - @turnkey/webauthn-stamper@0.4.1

## 2.4.0

### Minor Changes

- Use rollup to build ESM and CommonJS, fix ESM support (#174)

### Patch Changes

- Updated dependencies [fc5b291]
  - @turnkey/api-key-stamper@0.3.0
  - @turnkey/webauthn-stamper@0.4.0

## 2.3.1

### Patch Changes

- Updated dependencies
  - @turnkey/api-key-stamper@0.2.0

## 2.3.0

### Minor Changes

- Sync protos from latest public endpoints

## 2.2.0

### Minor Changes

- Add ESM to package dist (#154)

### Patch Changes

- ed50a0f: simplify types

## 2.1.0

### Minor Changes

- bb6ea0b: Update generated files
  - new query endpoints to retrieve wallets (`/public/v1/query/list_wallets`)
  - new query endpoint to retrieve wallet accounts (`/public/v1/query/list_wallet_accounts`)

## 2.0.0

### Major Changes

- Synced protos from mono

### Upgrade notes

- `signRawPayload` and `signTransaction` now expect a `signWith` param instead of `privateKeyId` previously
- `signRawPayload` and `signTransaction` have been updated to expect a new type: `ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2` and `ACTIVITY_TYPE_SIGN_TRANSACTION_V2`, respectively
- If you have policies authorizing `ACTIVITY_TYPE_SIGN_RAW_PAYLOAD` or `ACTIVITY_TYPE_SIGN_TRANSACTION` specifically, they will need to be updated to authorize `ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2` and `ACTIVITY_TYPE_SIGN_TRANSACTION_V2` (or better yet, update your policies to allow all signing actions categorically using policy resources and actions. See https://docs.turnkey.com/managing-policies/examples)
- `createSubOrganization` now uses `ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4` under the hood, which utilizes wallets. The shape of the request has been updated to include the following parameter, `wallet`. Here's an example:

```js
{
  ...
  wallet: {
    walletName: "Default Wallet",
    accounts: [
      {
        curve: "CURVE_SECP256K1",
        pathFormat: "PATH_FORMAT_BIP32",
        path: "m/44'/60'/0'/0/0",
        addressFormat: "ADDRESS_FORMAT_ETHEREUM",
      },
    ],
  },
}
```

See https://docs.turnkey.com/concepts/sub-organizations for more details.

## 1.3.0

### Minor Changes

- Synced protos from mono
- Adds base URL check during initialization (closes https://github.com/tkhq/sdk/issues/124)
- The following are new features additions, fresh out the oven. Still getting them ready for primetime! Refreshed examples to come soon™️. Stay tuned and reach out to the Turnkey team if you have any questions.
  - Wallets:
    - 🟢 `ACTIVITY_TYPE_CREATE_WALLET` (via `/api/v1/submit/create_wallet`): create a HD wallet
    - 🟢 `ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS` (via `/api/v1/submit/create_wallet_accounts`): create a wallet account (address)
    - 🟢 `ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2` (via `/api/v1/submit/sign_raw_payload_v2`): sign a payload with a specified private key or address
    - 🟢 `ACTIVITY_TYPE_SIGN_TRANSACTION_V2` (via `/api/v1/submit/sign_transaction_v2`): sign a transaction with a specified private key or address
  - Organization features:
    - 🟢 `ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE` (via `/api/v1/submit/set_organization_feature`): set an organization feature
    - 🟢 `ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE` (via `/api/v1/submit/remove_organization_feature`): remove an organization feature
    - Only one feature supported as of this time; additional documentation to follow.
  - Export private key:
    - 🟡 `ACTIVITY_TYPE_EXPORT_PRIVATE_KEY` (via `/api/v1/submit/export_private_key`): export a private key, encrypted to a target public key. We do not yet have CLI or front-end tooling to use this safely; stay tuned!
  - Email recovery:
    - 🟡 `ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY` (via `/api/v1/submit/init_user_email_recovery`): initialize a new email recovery flow

Note:

- 🟢: good to go!
- 🟡: these endpoints are safe to use, but still experimental/unstable. Check back for updates and guidance.

### Patch Changes

- Updated dependencies
  - @turnkey/webauthn-stamper@0.2.0

## 1.2.0

### Minor Changes

- The `createSubOrganization` request has been updated under the hood:
  - Calling `.createSubOrganization` on our HTTP client will trigger an activity of type `CREATE_SUB_ORGANIZATION_V3` instead of `CREATE_SUB_ORGANIZATION_V2` previously.
  - If there are any policies referencing `CREATE_SUB_ORGANIZATION_V2` specifically, they will no longer work out of the box if creating sub-orgs via SDK. These policies will need to be updated to allow `CREATE_SUB_ORGANIZATION_V3`. See policy examples related to access control [here](https://docs.turnkey.com/managing-policies/examples#access-control) for additional methods of constructing policies.
  - `CREATE_SUB_ORGANIZATION_V3` supports everything `CREATE_SUB_ORGANIZATION_V2` supports, with the addition of a `privateKeys` field to atomically create a sub-org with private keys. If no private keys are desired, simply provide an empty array.
  - **NOTE**: when reading `createSubOrganization` results, SDK users will now need to look at `activity.result.createSubOrganizationResultV3` instead of the previously valid `activity.result.createSubOrganizationResult`.

## 1.1.1

### Patch Changes

- Updated dependencies
  - @turnkey/api-key-stamper@0.1.1

## 1.1.0

### Minor Changes

New exports:

- new `TurnkeyClient`. This is now the preferred interface to make Turnkey requests, because it supports both API keys and webauthn-signed requests. It also doesn't rely on global initialization
- new method to poll requests: `createActivityPoller`

Deprecation notices:

- deprecate `TurnkeyApi` (use `TurnkeyClient` instead), `init`, `browserInit` (no need for them anymore if you're using `TurnkeyClient`), and `withAsyncPolling` (use `createActivityPoller` instead)
- deprecate `SignedRequest` in favor of `TSignedRequest`. Besides the more correct name, `TSignedRequest` differs in its `stamp` property. It now stores the stamper header name as well as value, so users do not have to hardcode Turnkey stamp header names (e.g. "X-Stamp-Webauthn").

Update our swagger and generated files to latest versions:

- new endpoint to update users: `/public/v1/submit/update_user`
- pagination `limit` option has been updated to `string` instead of number for consistency with other pagination options

Signing is now performed through Turnkey stampers. New dependencies:

- @turnkey/webauthn-stamper@0.1.0
- @turnkey/api-key-stamper@0.1.0

## 1.0.1

### Patch Changes

- 8d1d0e8: Synced protos from mono

## 1.0.0

### Major Changes

- 46473ec: This breaking change updates generated code to be shorter and more intuitive to read:
  - generated fetchers do not include the HTTP method in their name. For example `useGetGetActivity` is now `useGetActivity`, and `usePostSignTransaction` is `useSignTransaction`.
  - input types follow the same convention (no HTTP method in the name): `TPostCreatePrivateKeysInput` is now `TCreatePrivateKeysInput`.
  - the "federated" request helpers introduced in `0.18.0` are now named "signed" requests to better reflect what they are. `FederatedRequest` is now `SignedRequest`, and generated types follow. For example: `federatedPostCreatePrivateKeys` is now `signCreatePrivateKeys`, `federatedGetGetActivity` is now `signGetActivity`, and so on.

  The name updates should be automatically suggested if you use VSCode since the new names are simply shorter versions of the old one.

### Patch Changes

- 38b424f: Sync public api types

## 0.18.1

### Patch Changes

- Synced protos from mono

## 0.18.0

### Minor Changes

- Add support for federated requests (an example is included under `sdk/examples/with-federated-passkeys`)
- Routine re-sync protos from mono

## 0.17.1

### Patch Changes

- Re-sync protos from mono. No public-facing changes.

## 0.17.0

### Minor Changes

- Added support for ed25519
- New endpoint to programmatically approve or reject activities (`/submit/approve_activity`, `/submit/reject_activity`)
- New endpoint to programmatically create authenticators (`/submit/create_authenticators`)
- New endpoints to update Private Key tags (`/submit/update_private_key_tag`)
- New endpoints to update User tags (`/submit/update_user_tag`)
- Simplified shape for `AuthenticatorParams` with a new `AuthenticatorParamsV2`. To take advantage of this new shape, use `ACTIVITY_TYPE_CREATE_USERS_V2` and the new `ACTIVITY_TYPE_CREATE_AUTHENTICATORS`.

## 0.16.0

### Minor Changes

- Fix `.postGetPrivateKey(...)`'s underlying path, while adding `@deprecated` `.postGetPrivateKeyBackwardsCompat(...)` for backward compatibility

## 0.15.0

### Minor Changes

- Export a new helper for offline request signing: `sealAndStampRequestBody(...)`.

## 0.14.0

### Minor Changes

- Updated the `addressFormats` enum field in `/submit/create_private_keys`

## 0.13.2

### Patch Changes

- New `TurnkeyRequestError` error class that contains rich error details

## 0.13.1

### Patch Changes

- Error messages now contain Turnkey-specific error details

## 0.13.0

### Minor Changes

- New `/submit/create_api_only_users` endpoint: `TurnkeyApi.postCreateApiOnlyUsers(...)`
- Marked `TurnkeyApi.postCreateUsers(...)` as deprecated
- Improved documentation on methods (via TSDoc)

## 0.12.0

### Minor Changes

- Error messages now contain Turnkey-specific error code and message

## 0.11.0

### Minor Changes

- New `/submit/create_users` endpoint: `TurnkeyApi.postCreateUsers(...)`

## 0.10.0

### Minor Changes

- No public-facing changes

## 0.9.0

### Minor Changes

- Improved support for React Native runtime (https://github.com/tkhq/sdk/pull/37)

## 0.8.1

### Patch Changes

- Switched from `undici` to `cross-fetch` to improve bundler compatibility

## 0.8.0

### Minor Changes

- Added browser runtime support — `@turnkey/http` is now a universal (isomorphic) package
- The API fetchers are now exported as namespace `TurnkeyApi`. `PublicApiService` has been marked as deprecated, but will remain functional until we hit v1.0.
- Dropped support for Node.js v14; we recommend using Node v18+

## 0.7.0

### Minor Changes

- Improved documentation
- Added `withAsyncPolling(...)` helper to provide built-in async polling support. Read more:
  - https://github.com/tkhq/sdk/tree/main/packages/http#withasyncpolling-helper

## 0.6.0

### Minor Changes

- Improved OpenAPI documentation

## 0.5.0

### Minor Changes

- Arbitrary message signing

## 0.4.0

### Minor Changes

- `timestamp` -> `timestampMs`

## 0.3.1

### Patch Changes

- Fix outdated artifact

## 0.3.0

### Minor Changes

- `keyId` -> `privateKeyId` everywhere

## 0.2.0

### Minor Changes

- Change parameter from `keyId` to `privateKeyId`
- Bump API version to latest Beta

## 0.1.3

### Patch Changes

- Support runtime config for credentials

## 0.1.2

### Patch Changes

- Drop internal dev dependency

## 0.1.1

### Patch Changes

- Initial release
- Updated dependencies
  - @turnkey/jest-config@0.1.1