Skip to main content

Installation

npm install @grantex/sdk

Requirements

  • Node.js 18+ (uses native fetch and crypto)
  • ESM only — the package ships as "type": "module" with TypeScript NodeNext resolution

Configuration

import { Grantex } from '@grantex/sdk';

const grantex = new Grantex({
  apiKey: process.env.GRANTEX_API_KEY,  // required (or set GRANTEX_API_KEY env var)
  baseUrl: 'https://api.grantex.dev',   // optional, defaults to production
  timeout: 30_000,                       // optional, request timeout in ms
});

Options

apiKey
string
required
Your Grantex API key. Falls back to the GRANTEX_API_KEY environment variable if omitted.
baseUrl
string
default:"https://api.grantex.dev"
Base URL for the Grantex API. Override for self-hosted or local development.
timeout
number
default:"30000"
Request timeout in milliseconds. The SDK uses AbortController to enforce the deadline.

Quick start

The complete authorization flow in one script: 
import { Grantex, verifyGrantToken } from '@grantex/sdk';

const grantex = new Grantex({ apiKey: process.env.GRANTEX_API_KEY });

// 1. Register an agent
const agent = await grantex.agents.register({
  name: 'travel-booker',
  description: 'Books flights and hotels on behalf of users',
  scopes: ['calendar:read', 'payments:initiate:max_500', 'email:send'],
});
console.log(agent.did);
// → did:grantex:ag_01HXYZ123abc...

// 2. Request user authorization
const authRequest = await grantex.authorize({
  agentId: agent.id,
  userId: 'user_abc123',
  scopes: ['calendar:read', 'payments:initiate:max_500'],
  expiresIn: '24h',
  redirectUri: 'https://yourapp.com/auth/callback',
});
// Redirect the user to authRequest.consentUrl

// 3. Exchange the authorization code for a grant token
const token = await grantex.tokens.exchange({
  code,                  // from the redirect callback
  agentId: agent.id,
});
console.log(token.grantToken);  // RS256 JWT
console.log(token.scopes);      // ['calendar:read', 'payments:initiate:max_500']

// 4. Verify the token offline (no Grantex dependency at runtime)
const grant = await verifyGrantToken(token.grantToken, {
  jwksUri: 'https://api.grantex.dev/.well-known/jwks.json',
  requiredScopes: ['calendar:read'],
});
console.log(grant.principalId); // 'user_abc123'

// 5. Revoke the token when done
await grantex.tokens.revoke(grant.tokenId);

Available resources

The Grantex client exposes the following sub-clients:
PropertyDescriptionReference
grantex.agentsRegister, list, update, and delete agentsAgents
grantex.tokensExchange, verify, and revoke tokensTokens
grantex.grantsManage grants, delegate to sub-agentsGrants
grantex.auditLog and query the tamper-evident audit trailAudit
grantex.webhooksCreate and manage webhook endpointsWebhooks
grantex.policiesDefine authorization policiesPolicies
grantex.complianceCompliance summaries, exports, evidence packsCompliance
grantex.anomaliesDetect and acknowledge anomaliesAnomalies
grantex.billingSubscription management via StripeBilling
grantex.scimSCIM 2.0 user provisioningSCIM
grantex.ssoOIDC single sign-onSSO

Standalone exports

These functions can be used without instantiating a Grantex client:
ExportDescriptionReference
verifyGrantToken()Offline JWT verification via JWKSOffline Verification
generatePkce()Generate PKCE S256 challenge pairsPKCE
verifyWebhookSignature()Verify webhook payload signaturesWebhooks

Error handling

All errors extend GrantexError. See the Error Handling reference for the full hierarchy and usage patterns.