Authentication
The SDK authenticates using API keys and manages access/refresh tokens automatically.
Credentials
| Parameter | Type | Required | Description |
|---|---|---|---|
apiBase | string | Yes | Base URL for the API (e.g. https://api.example.com/public/v1) |
apiKey | string | Yes | Your integrator API key |
apiSecret | string | Yes | Your integrator API secret |
tenant | string | Yes | Tenant UUID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) |
country | string | No | Two-letter ISO country code (e.g. CO, MX) |
Client options
type HeuristikClientOptions = {
apiBase: string;
apiKey: string;
apiSecret: string;
tenant: string;
country?: string | null;
defaultHeaders?: Record<string, string>;
};
Login
client.init() loads stored tokens and performs login if needed:
const client = new HeuristikClient({
apiBase: 'https://api.example.com/public/v1',
apiKey: 'your-api-key',
apiSecret: 'your-api-secret',
tenant: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
country: 'CO',
});
await client.init();
// client is now authenticated
console.log(client.accessToken); // string | null
The tokens are stored in memory and persisted via the StorageProvider.
Token refresh
Refresh the access token using the current refresh token:
await client.refreshToken();
This updates both tokens in memory and storage.
| Token | Duration |
|---|---|
| Access token | 10 hours |
| Refresh token | 24 hours |
The developer is responsible for refreshing tokens before they expire and for storing them securely. See Storage for persistence options.
Logout
Close the session and clear all tokens:
await client.logout();
This clears tokens from memory and storage.
Never expose apiKey or apiSecret in client-side code for production applications. Use a server-side proxy to manage credentials.
Use client.auth.request(url, init?) for all API calls. It automatically merges SDK default headers, the Authorization token, and converts network failures into NetworkError.