npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@opencollectiblesfoundry/api-client

v0.19.1

Published

Typed SDK for the OCF Core API

Downloads

1,147

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

franco.barreneche.pfranco.barreneche.pdevpoapdevpoap

Keywords

ocfcollectiblesapi-clientsdk

Readme

@opencollectiblesfoundry/api-client

npm License: MIT

Typed SDK for the OCF Core API. Handles Auth0 client credentials auth automatically — no token management required.

Installation

npm install @opencollectiblesfoundry/api-client

Quick Start

import { createOcfClient } from '@opencollectiblesfoundry/api-client'

const sdk = createOcfClient({
  clientId: process.env.OCF_CLIENT_ID,
  clientSecret: process.env.OCF_CLIENT_SECRET,
  projectSecret: process.env.OCF_PROJECT_SECRET, // 64-char hex from POST /projects/:id/secret
})

// List tokens
const { data: tokens, error } = await sdk.tokens.findAll({
  body: { limit: 10 },
})
if (error) {
  console.error(error)
} else {
  console.log(`Fetched ${tokens.data.length} of ${tokens.total} tokens`)
}

// Issue a token — pass `email`, the SDK derives `identityToken` automatically
const { data: token } = await sdk.tokens.issue({
  body: {
    collectibleId: 'abc',
    clientUserId: 'user-123',
    email: '[email protected]',
  },
})

// Transfer a token to another collector
await sdk.tokens.transfer({
  path: { id: 'token-id' },
  body: {
    toClientUserId: 'user-456',
  },
})

// Issue a batch — collectors carry email, not identityToken
await sdk.tokens.issueBatch({
  body: {
    collectibleIds: ['abc', 'def'],
    collectors: [
      { clientUserId: 'user-123', email: '[email protected]' },
      { clientUserId: 'user-124', email: '[email protected]' },
    ],
  },
})

// Get the caller's project
const { data: project } = await sdk.projects.findMine()
console.log(`Project: ${project.name}`)

Configuration

Environment presets

Pass environment to use a named preset. 'dev' and 'prod' are populated; 'sandbox' will be added when that environment launches.

const sdk = createOcfClient({
  clientId: '...',
  clientSecret: '...',
  environment: 'prod', // 'dev' | 'prod' — defaults to 'dev'
})

Explicit overrides

Any of baseUrl, auth0Domain, and audience can be overridden individually.

const sdk = createOcfClient({
  clientId: '...',
  clientSecret: '...',
  baseUrl: 'http://localhost:3000',
  auth0Domain: 'ocf-dev-enterprise.us.auth0.com',
  audience: 'https://dev-ocf-core.com',
})

Config reference

| Field | Type | Default | Description | |---|---|---|---| | clientId | string | required | Auth0 client ID | | clientSecret | string | required | Auth0 client secret | | projectSecret | string | required | 64-char hex HMAC secret returned by POST /projects/:id/secret. Used to derive identityToken from email. | | environment | 'dev' \| 'sandbox' \| 'prod' | 'dev' | Named preset | | baseUrl | string | from preset | API base URL | | auth0Domain | string | from preset | Auth0 tenant domain | | audience | string | from preset | Auth0 API audience identifier |

Identity tokens

tokens.issue and tokens.issueBatch accept email and the SDK substitutes it with identityToken before forwarding. The token is HMAC-SHA256(canonicalize(email), hexDecode(projectSecret)) as a 64-char lowercase hex digest, where canonicalize is email.trim().toLowerCase().

This must match what ocf-secrets-service computes at resolve time, byte-for-byte. The contractual fixture is pinned in src/identity-token.spec.ts and mirrored in ocf-secrets-service. If you regenerate or change the helper, both specs must continue to agree.

computeIdentityToken is exported if you need to compute it yourself.

Sorting

Token search accepts sortBy: 'issuedAt' or sortBy: 'metadata.<field>', where <field> is a top-level token metadata field. Metadata sorting requires either exactly one collectibleId filter, or both an accountLinkId/clientUserId and a tokenSchemaId filter.

Collectible search accepts sortBy: 'createdAt' or sortBy: 'tokenCount'.

Auth

The SDK uses the Auth0 client credentials flow. The token is fetched lazily on the first request, cached in memory, and refreshed automatically 60 seconds before it expires.

Error Handling

All methods return { data, error }. HTTP errors do not throw — check error instead.

const { data, error } = await sdk.collectibles.findOne({ path: { id: 'some-id' } })
if (error) {
  // typed from the OpenAPI spec
}

Resources

sdk.tokens

findAll · findOne · issue · issueBatch · transfer · update · remove

sdk.collectibles

findAll · findOne · create · update · remove

sdk.accountLinks

findAll · findOne · update · remove · removeByClientUserId

await sdk.accountLinks.removeByClientUserId({
  projectId: 'project-id',
  clientUserId: 'user-123',
})

sdk.projects

findAll · findOne · findMine · create · update · remove · getMembers · addMember · inviteMember · updateRole · removeMember

sdk.schemas

findAll · findOne · create · update · remove

sdk.users

findAll · findOne · findMe · create · update · remove

sdk.provisioning

provision

Generated Types

All types and SDK classes are generated from the OpenAPI spec via @hey-api/openapi-ts. To regenerate (requires a running local API server):

yarn generate

To run the smoke test against the dev environment:

yarn generate && yarn smoke-test

Requires a .env file with OCF_CLIENT_ID and OCF_CLIENT_SECRET.