@corsa-labs/sdk
Advanced tools
SDK for integrating with Corsa API
You can install the package using npm or yarn:
npm install @corsa-labs/sdk
# or
yarn add @corsa-labs/sdk
This section covers how to use the SDK to interact with the Compliance API endpoints.
First, import the ComplianceClient and configure it with your API details:
import { ComplianceClient, OpenAPI } from '@corsa-labs/sdk';
// Configure API key (or other authentication methods) via Headers
// OpenAPI.TOKEN = 'YOUR_API_KEY'; // Deprecated: Use HEADERS instead
// Configure the base URL
OpenAPI.BASE = 'https://api-compliance.prod.paytweed.com';
// Configure Headers for Authentication (Recommended)
OpenAPI.HEADERS = {
"Authorization": `Bearer ${process.env.API_TOKEN}`
};
const client = new ComplianceClient();
// Or configure directly in the constructor
const clientWithConfig = new ComplianceClient({
BASE: "https://api-compliance.prod.paytweed.com",
HEADERS: {
"Authorization": `Bearer ${process.env.API_TOKEN}`
}
});
The SDK provides access to the following services via the ComplianceClient instance:
client.alerts: Manage compliance alerts.client.clients: Manage individual and corporate clients.client.health: Check the health status of the API.client.operations: Manage financial operations (deposits, withdrawals, trades).client.transactions: Manage transactions.Each service exposes methods corresponding to the API endpoints. Refer to the type definitions (exported from index.ts and within the models/ and services/ directories) for detailed request and response structures.
import { ClientRiskDto, ComplianceClient, CreateIndividualClientDto, IndividualClientCustomFieldDataDto, IndividualClientGeneralInformationDto } from "@corsa-labs/sdk";
import { v4 as uuidv4 } from 'uuid';
async function main() {
const client = new ComplianceClient({
BASE: "https://api-compliance.prod.paytweed.com",
HEADERS: {
"Authorization": `Bearer ${process.env.API_TOKEN}` // Use Authorization header
}
});
const referenceId = uuidv4();
const { id } = await client.clients.createIndividualClient({
referenceId,
activityStatus: CreateIndividualClientDto.activityStatus.ACTIVE,
accountStatus: CreateIndividualClientDto.accountStatus.APPROVED,
currentRisk: {
score: 75,
level: ClientRiskDto.level.HIGH,
reason: "Multiple high-value transactions in high-risk jurisdictions",
calculatedAt: "2023-08-15T14:30:00Z"
},
tags: ["high-value", "vip-client"],
controls: ["enhanced-due-diligence", "quarterly-review"],
address: {
addressLine1: "123 Main Street",
addressLine2: "Apt 4B",
city: "New York",
country: "USA",
postalCode: "10001"
},
adverseMedia: {
isAdverseMedia: false
},
application: {
submittedAt: "2023-08-15T10:30:00Z",
onboardedAt: "2023-08-20T14:00:00Z",
onboardingRisk: {
score: 75,
level: ClientRiskDto.level.HIGH,
reason: "Multiple high-value transactions in high-risk jurisdictions",
calculatedAt: "2023-08-15T14:30:00Z"
},
nextPeriodicReview: "2024-08-20T14:00:00Z"
},
riskHistory: [{
score: 75,
level: ClientRiskDto.level.HIGH,
reason: "Multiple high-value transactions in high-risk jurisdictions",
calculatedAt: "2023-08-15T14:30:00Z"
}],
contact: {
emailAddress: "john.doe@example.com",
phoneNumber: "+1-555-123-4567"
},
customFields: {
additionalProp1: {
label: "Preferred Contact Time",
value: "Morning",
category: IndividualClientCustomFieldDataDto.category.GENERAL
},
additionalProp2: {
label: "Preferred Contact Time",
value: "Morning",
category: IndividualClientCustomFieldDataDto.category.GENERAL
},
additionalProp3: {
label: "Preferred Contact Time",
value: "Morning",
category: IndividualClientCustomFieldDataDto.category.GENERAL
}
},
financial: {
annualDepositEstimate: "100000"
},
general: {
firstName: "Yarin SDK",
lastName: "Test",
gender: IndividualClientGeneralInformationDto.gender.MALE,
dateOfBirth: "1980-01-15",
citizenship: "USA",
personalId: "123-45-6789"
},
politicalExposure: {
isPoliticallyExposed: false
},
sanctions: {
isSanctioned: false
},
work: {
occupation: "Software Engineer"
}
});
console.log(id);
await client.clients.updateIndividualClient(id, {
activityStatus: CreateIndividualClientDto.activityStatus.NOT_ACTIVE,
});
}
main();
The SDK provides utilities for handling webhooks sent from the Compliance API.
When receiving webhooks, inspect the following HTTP headers:
x-hub-signature-256: The HMAC SHA256 signature of the request payload. Used for verifying the webhook's authenticity. (See Verifying Signatures below).x-tweed-event: The type of event that triggered the webhook (e.g., individual_client.created).x-tweed-hook-id: The unique identifier of the webhook configuration that sent this request.x-tweed-delivery: A unique identifier for this specific delivery attempt.It's crucial to verify the signature of incoming webhooks to ensure they originated from the Compliance API and were not tampered with. Use the verifyWebhookSignature function exported from the SDK.
import { verifyWebhookSignature } from '@corsa-labs/sdk';
async function verifyWebhookRequest(request: Request) { // Assuming a standard Request object
const signature = request.headers.get('x-hub-signature-256');
const payload = await request.text(); // Raw request body
const secret = process.env.WEBHOOK_SECRET; // Your webhook secret
if (!signature || !secret) {
console.error("Missing signature or secret");
// Return an error response (e.g., HTTP 400 Bad Request)
return false;
}
const isValid = await verifyWebhookSignature(secret, payload, signature);
if (!isValid) {
console.error('Invalid webhook signature');
// Return an error response (e.g., HTTP 401 Unauthorized)
return false;
}
console.log("Webhook signature verified successfully!");
// Signature is valid, proceed with processing the webhook payload
// const webhookEvent = JSON.parse(payload);
// console.log('Received valid webhook:', webhookEvent.type);
// ... process event ...
return true;
}
The following webhook event types are available (defined in WebhookEventType):
individual_client.created: Triggered when an individual client is created.individual_client.updated: Triggered when an individual client is updated.corporate_client.created: Triggered when a corporate client is created.corporate_client.updated: Triggered when a corporate client is updated.alert.created: Triggered when an alert is created.alert.updated: Triggered when an alert is updated.case.created: Triggered when a case is created.case.updated: Triggered when a case is updated.The payload structure for each event type (WebhookEvent, EntityCreatedPayload, EntityUpdatedPayload) and the WebhookEventType enum can be imported from @corsa-labs/sdk.
For a practical example of how to set up a webhook handler, see the Webhook Example.
To build the project locally:
yarn install
yarn build
Run the tests using:
yarn test
Contributions are welcome! Please follow standard practices for pull requests.
FAQs
SDK for Corsa API
We found that @corsa-labs/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
Research
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.