Package Exports
- @bluvo/sdk-ts
- @bluvo/sdk-ts/package.json
Readme
Bluvo TypeScript SDK
Official TypeScript SDK for the Bluvo API - Securely authenticate users via OAuth2 and perform safe, auditable withdrawals from cryptocurrency exchanges.
Features
- OAuth2 Authentication: Connect user CEX accounts securely via OAuth2 flow
- Safe Withdrawals: Request quotations and execute withdrawals with full transparency
- Dual SDK Architecture: Separate browser and server SDKs for security
- Multi-Exchange Support: Coinbase, Kraken, Binance, KuCoin, OKX, Bitmart, Gemini and more
- Type Safety: Full TypeScript support with proper types for all API responses
Installation
# Using npm
npm install @bluvo/sdk-ts
# Using yarn
yarn add @bluvo/sdk-ts
# Using pnpm
pnpm add @bluvo/sdk-tsOverview: OAuth2 → Withdraw Flow
Bluvo enables a secure flow to authenticate users with their CEX accounts and perform withdrawals:
- OAuth2 Authentication (Browser): User connects their CEX account via OAuth2 popup
- Get Withdrawable Balance (Server): Query available assets and supported networks
- Request Quotation (Server): Get a priced withdrawal instruction
- Execute Withdrawal (Server): Complete the withdrawal transaction
Quick Start
Web Client SDK (Browser)
Use in React-based UIs to handle OAuth2 flows securely. Never embed server secrets here.
import { createWebClient } from "@bluvo/sdk-ts";
const webClient = createWebClient({
orgId: "your-org-id", // Get from https://portal.bluvo.co
projectId: "your-project-id"
});Server SDK (Backend)
Use on trusted servers for privileged operations. Store API key securely.
import { createClient } from "@bluvo/sdk-ts";
const client = createClient({
orgId: "your-org-id",
projectId: "your-project-id",
apiKey: process.env.BLUVO_API_KEY // Store securely!
});OAuth2 CEX Authentication
1. Open OAuth2 Popup (Browser)
import { randomUUID } from 'crypto';
// Open OAuth2 popup for user authentication
await webClient.oauth2.openWindow(
"coinbase", // or: kraken, gemini, binance, okx, bitmart, kucoin
{
walletId: randomUUID(), // Unique identifier for this wallet
idem: randomUUID(), // Idempotency key for this auth attempt
},
{
onWindowClose: () => {
console.log("OAuth2 window was closed by user");
},
}
);2. Listen for Completion (Browser)
// Subscribe to OAuth2 completion event
await webClient.listen(
idem, // Same UUID from openWindow
SUBSCRIBE_ONLY_PUBLIC_TOKEN, // Ask Bluvo team for this token
{
onMessage: ({ walletId }) => {
console.log("CEX account connected with ID:", walletId);
// Store walletId for future operations
// e.g., saveUserWallet(currentUser, walletId);
},
onError: (error) => {
console.error("OAuth2 failed:", error);
}
}
);Withdrawal Flow
Once you have a walletId from OAuth2, perform withdrawals in three steps:
1. Get Withdrawable Balance (Server)
const { balances } = await client
.wallet
.withdrawals
.getWithdrawableBalance(walletId);
// Response structure:
// {
// balances: [{
// asset: "BTC",
// amount: 0.05,
// networks: [{
// id: "bitcoin",
// code: "bitcoin",
// name: "bitcoin",
// displayName: "Bitcoin",
// minWithdrawal: "0.0001",
// maxWithdrawal: "10",
// assetName: "BTC",
// addressRegex: "^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,62}$"
// }]
// }]
// }2. Request Quotation (Server)
Get a short-lived, priced withdrawal instruction:
const quote = await client
.wallet
.withdrawals
.requestQuotation(walletId, {
asset: "BTC",
amount: "0.05",
address: "bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq",
network: "bitcoin", // Optional, defaults to address type
tag: null, // For assets requiring memo/tag
includeFee: true // Include network fee in amount
});
// Response:
// {
// id: "quote_01H9X3Z7N5V2KJ4G8P6QR5T3Y2",
// asset: "BTC",
// amountWithFee: 0.0502,
// amountNoFee: 0.05,
// destinationAddress: "bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq",
// network: "bitcoin",
// estimatedFee: 0.0002,
// estimatedTotal: 0.0502,
// expiresAt: 1713984000 // UNIX timestamp
// }3. Execute Withdrawal (Server)
Execute the withdrawal using the quotation:
const withdrawal = await client
.wallet
.withdrawals
.executeQuotation(walletId, quote.id, {
idem: randomUUID() // For safe retries
});
// Response:
// {
// transactionId: "tx_01H9X3Z7N5V2KJ4G8P6QR5T3Y2",
// status: "pending",
// asset: "BTC",
// amount: 0.05,
// network: "bitcoin",
// destinationAddress: "bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq",
// fee: 0.0002,
// total: 0.0502
// }Security Best Practices
API Key Management: Keep
BLUVO_API_KEYstrictly server-side. Use environment variables or secrets managers.Address Validation: Use the network's
addressRegexfor client-side validation. The API will also validate.Idempotency: Use unique
idemkeys for all critical operations to make retries safe.Quote Management:
- Treat quotes as immutable and short-lived
- Display expiry time to users
- Request new quotes if inputs change or quotes expire
Error Handling: Surface actionable messages and provide clean retry paths.
Data Persistence: Store the
walletIdsecurely against your user profile for all future operations.
Operational Recommendations
- OAuth2 Flow: Generate fresh
idemfor each attempt - Transparency: Show fee breakdowns and quote expiry times
- Observability: Log
walletId, quoteid, andidemfor traceability - No Token Management: Bluvo handles access token refresh and balance sync automatically
Supported Exchanges
Currently supported for OAuth2:
- Coinbase
- Kraken
- Gemini
- Binance
- OKX
- Bitmart
- KuCoin
Related Projects
- Home Page - Bluvo Home Page
- API Documentation - Complete API reference
- Admin Dashboard - Get your credentials here
License
MIT © Bluvo Inc.