JSPM

  • Created
  • Published
  • Downloads 3068
  • Score
    100M100P100Q115362F
  • License MIT

Server-side JavaScript SDK for Proxy merchant API calls.

Package Exports

  • @proxy-checkout/server-js

Readme

@proxy-checkout/server-js

Server-side JavaScript SDK for merchant backends calling Proxy merchant APIs.

Exposed API Endpoints

This package should expose the merchant-authenticated backend routes that exist today:

SDK method HTTP endpoint Purpose
proxy.sessions.create POST /proxy_sessions Create a Proxy Elements session.
proxy.sessions.cart.set PUT /proxy_sessions/:id/cart Replace the current cart snapshot before payment orchestration.
proxy.sessions.payerHandoff POST /proxy_sessions/:id/payer_handoff Record merchant handoff issuance before the payer loads checkout.
proxy.sessions.payerOpened POST /proxy_sessions/:id/payer_opened Record checkout open and read the current cart details.
proxy.webhookEndpoints.list GET /webhook_endpoints List outbound merchant webhook endpoints.
proxy.webhookEndpoints.create POST /webhook_endpoints Create an outbound endpoint and receive its one-time signing secret.
proxy.webhookEndpoints.get GET /webhook_endpoints/:id Read one outbound endpoint.
proxy.webhookEndpoints.update PATCH /webhook_endpoints/:id Update URL, event types, or active/inactive status.
proxy.webhookEndpoints.archive POST /webhook_endpoints/:id/archive Archive an outbound endpoint.
proxy.webhookEndpoints.rotateSecret POST /webhook_endpoints/:id/rotate_secret Rotate an outbound endpoint signing secret.

Usage

import { createProxyCheckoutServerClient } from "@proxy-checkout/server-js";

const proxy = createProxyCheckoutServerClient({
  apiKey: process.env.PROXY_SECRET_KEY!,
});

const session = await proxy.sessions.create({
  amountMinor: 5000,
  buyerReference: "buyer_123",
  currency: "usd",
  cartSnapshot: {
    items: [{ product_id: "prod_123", quantity: 1 }],
  },
  idempotencyKey: "order_123",
});

await proxy.sessions.payerHandoff(session.id);

const endpoint = await proxy.webhookEndpoints.create({
  url: "https://example.com/proxy-webhooks",
  eventTypes: ["proxy_session.paid", "proxy_session.expired"],
});

console.log(endpoint.signingSecret);

Verify outbound webhook signatures with the exact raw request body:

import { verifyProxyWebhookSignature } from "@proxy-checkout/server-js";

const ok = verifyProxyWebhookSignature({
  body: rawBodyBuffer,
  header: request.headers["proxy-signature"],
  secret: process.env.PROXY_WEBHOOK_SIGNING_SECRET!,
});

Production calls default to https://api.proxycheckout.com. Tests, local development, and previews can pass apiHost.

First Publish Decisions

The first public package version is intentionally 0.0.1 because the SDK API is early and expected to change. The npm package is MIT-licensed under the package-scoped LICENSE file.

The package metadata is intentionally shaped for a public npm package, but the first publish still needs explicit owner approval for:

  • release automation, provenance, dist tags, and rollback ownership.