que-sdk
v0.1.0
Published
Developer-friendly & type-safe Typescript SDK specifically catered to leverage *que-sdk* API.
Readme
que-sdk
Developer-friendly & type-safe Typescript SDK specifically catered to leverage que-sdk API.
Summary
Que API: Welcome to the Que Public HTTP API for C2PA (Content Authenticity Initiative) provenance management.
Our platform provides robust tools for working with digital asset provenance through C2PA manifests, enabling you to sign and verify digital assets to ensure their authenticity, origin, and processing history.
Key Features:
- Memory-Efficient Streaming: Assets are processed using streaming techniques to minimize memory usage, supporting large files efficiently
- Verify: Inspect and validate C2PA manifests embedded in assets with multiple detail levels
- Sign: Embed comprehensive C2PA manifests into your assets with server-side cryptographic signatures
- Trust Management: Retrieve and validate against current trust lists containing trusted certificate authorities and manufacturers
- Secure Uploads: Direct-to-S3 uploads via presigned URLs for large assets
Authentication:
All endpoints (except for /healthz) are secured and require an API key to be passed in the x-api-key header.
Processing Architecture: Assets are streamed from S3 or URLs to temporary storage during processing to ensure O(chunk_size) memory usage instead of O(file_size), enabling efficient handling of large files on containerized platforms.
Usage of this API is tracked via Firehose for billing and monitoring purposes.
For more information about the API: Find more detailed documentation and tutorials here.
Table of Contents
SDK Installation
The SDK can be installed with either npm, pnpm, bun or yarn package managers.
NPM
npm add que-sdkPNPM
pnpm add que-sdkBun
bun add que-sdkYarn
yarn add que-sdk zod
# Note that Yarn does not install peer dependencies automatically. You will need
# to install zod as shown above.[!NOTE] This package is published with CommonJS and ES Modules (ESM) support.
Requirements
For supported JavaScript runtimes, please consult RUNTIMES.md.
SDK Example Usage
Example
import { Que } from "que-sdk";
const que = new Que({
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
}
run();
Authentication
Per-Client Security Schemes
This SDK supports the following security scheme globally:
| Name | Type | Scheme | Environment Variable |
| ------------ | ------ | ------- | -------------------- |
| apiKeyAuth | apiKey | API key | QUE_API_KEY_AUTH |
To authenticate with the API the apiKeyAuth parameter must be set when initializing the SDK client instance. For example:
import { Que } from "que-sdk";
const que = new Que({
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
}
run();
Available Resources and Operations
assetManagement
- getPresignedUrl - Get an S3 presigned URL for secure uploads
Que SDK
- verifyAsset - Verify the C2PA manifest of an asset
- signAsset - Sign an asset with a C2PA manifest
utility
- getHealthCheck - Service Health Check
- getTrustList - Retrieve the current C2PA trust bundle
Standalone functions
All the methods listed above are available as standalone functions. These functions are ideal for use in applications running in the browser, serverless runtimes or other environments where application bundle size is a primary concern. When using a bundler to build your application, all unused functionality will be either excluded from the final bundle or tree-shaken away.
To read more about standalone functions, check FUNCTIONS.md.
assetManagementGetPresignedUrl- Get an S3 presigned URL for secure uploadssignAsset- Sign an asset with a C2PA manifestutilityGetHealthCheck- Service Health CheckutilityGetTrustList- Retrieve the current C2PA trust bundleverifyAsset- Verify the C2PA manifest of an asset
Retries
Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.
To change the default retry strategy for a single API call, simply provide a retryConfig object to the call:
import { Que } from "que-sdk";
const que = new Que({
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
}, {
retries: {
strategy: "backoff",
backoff: {
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
},
retryConnectionErrors: false,
},
});
console.log(result);
}
run();
If you'd like to override the default retry strategy for all operations that support retries, you can provide a retryConfig at SDK initialization:
import { Que } from "que-sdk";
const que = new Que({
retryConfig: {
strategy: "backoff",
backoff: {
initialInterval: 1,
maxInterval: 50,
exponent: 1.1,
maxElapsedTime: 100,
},
retryConnectionErrors: false,
},
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
}
run();
Error Handling
QueError is the base class for all HTTP error responses. It has the following properties:
| Property | Type | Description |
| ------------------- | ---------- | --------------------------------------------------------------------------------------- |
| error.message | string | Error message |
| error.statusCode | number | HTTP response status code eg 404 |
| error.headers | Headers | HTTP response headers |
| error.body | string | HTTP body. Can be empty string if no body is returned. |
| error.rawResponse | Response | Raw HTTP response |
| error.data$ | | Optional. Some errors may contain structured data. See Error Classes. |
Example
import { Que } from "que-sdk";
import * as errors from "que-sdk/models/errors";
const que = new Que({
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
try {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
} catch (error) {
// The base class for HTTP error responses
if (error instanceof errors.QueError) {
console.log(error.message);
console.log(error.statusCode);
console.log(error.body);
console.log(error.headers);
// Depending on the method different errors may be thrown
if (error instanceof errors.ProblemResponseError) {
console.log(error.data$.type); // string
console.log(error.data$.title); // string
console.log(error.data$.status); // number
console.log(error.data$.code); // string
console.log(error.data$.detail); // string
}
}
}
}
run();
Error Classes
Primary errors:
QueError: The base class for HTTP error responses.ProblemResponseError: An RFC 7807 problem details response. *
Network errors:
ConnectionError: HTTP client was unable to make a request to a server.RequestTimeoutError: HTTP request timed out due to an AbortSignal signal.RequestAbortedError: HTTP request was aborted by the client.InvalidRequestError: Any input used to create a request is invalid.UnexpectedClientError: Unrecognised or unexpected error.
Inherit from QueError:
ResponseValidationError: Type mismatch between the data returned from the server and the structure expected by the SDK. Seeerror.rawValuefor the raw value anderror.pretty()for a nicely formatted multi-line string.
* Check the method documentation to see if the error is applicable.
Server Selection
Server Variables
The default server https://{environment}.addque.org/ contains variables and is set to https://dev-api.addque.org/ by default. To override default values, the following parameters are available when initializing the SDK client instance:
| Variable | Parameter | Default | Description |
| ------------- | --------------------- | ----------- | --------------------------- |
| environment | environment: string | "dev-api" | The deployment environment. |
Example
import { Que } from "que-sdk";
const que = new Que({
environment: "<value>",
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
}
run();
Override Server URL Per-Client
The default server can be overridden globally by passing a URL to the serverURL: string optional parameter when initializing the SDK client instance. For example:
import { Que } from "que-sdk";
const que = new Que({
serverURL: "https://dev-api.addque.org/",
apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});
async function run() {
const result = await que.verifyAsset({
asset: {
bucket: "que-assets-dev",
key: "uploads/photo.jpg",
},
includeCertificates: true,
});
console.log(result);
}
run();
Custom HTTP Client
The TypeScript SDK makes API calls using an HTTPClient that wraps the native
Fetch API. This
client is a thin wrapper around fetch and provides the ability to attach hooks
around the request lifecycle that can be used to modify the request or handle
errors and response.
The HTTPClient constructor takes an optional fetcher argument that can be
used to integrate a third-party HTTP client or when writing tests to mock out
the HTTP client and feed in fixtures.
The following example shows how to use the "beforeRequest" hook to to add a
custom header and a timeout to requests and how to use the "requestError" hook
to log errors:
import { Que } from "que-sdk";
import { HTTPClient } from "que-sdk/lib/http";
const httpClient = new HTTPClient({
// fetcher takes a function that has the same signature as native `fetch`.
fetcher: (request) => {
return fetch(request);
}
});
httpClient.addHook("beforeRequest", (request) => {
const nextRequest = new Request(request, {
signal: request.signal || AbortSignal.timeout(5000)
});
nextRequest.headers.set("x-custom-header", "custom value");
return nextRequest;
});
httpClient.addHook("requestError", (error, request) => {
console.group("Request Error");
console.log("Reason:", `${error}`);
console.log("Endpoint:", `${request.method} ${request.url}`);
console.groupEnd();
});
const sdk = new Que({ httpClient });Debugging
You can setup your SDK to emit debug logs for SDK requests and responses.
You can pass a logger that matches console's interface as an SDK option.
[!WARNING] Beware that debug logging will reveal secrets, like API tokens in headers, in log messages printed to a console or files. It's recommended to use this feature only during local development and not in production.
import { Que } from "que-sdk";
const sdk = new Que({ debugLogger: console });You can also enable a default debug logger by setting an environment variable QUE_DEBUG to true.
Development
Maturity
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
Contributions
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.