Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@fiatconnect/fiatconnect-sdk
Advanced tools
A helper library for wallets to integrate with FiatConnect APIs
A lightweight Typescript helper library for wallets or dapps to integrate with FiatConnect compliant APIs.
To begin, install the library from your project:
yarn add @fiatconnect/fiatconnect-sdk
Next, initialize a FiatConnectClient
wherever you need to access a FiatConnect API in your codebase. See examples in
the Valora wallet
and FiatConnect validation tests.
From there, you can access any FiatConnect endpoint by invoking a method on the FiatConnectClient
instance. There is
a convenient example of a full transfer in this validation test.
Note that some FiatConnect endpoints require authentication before they can be accessed. You can read up on FiatConnect authentication here.
The FiatConnect SDK handles authentication by taking a signingFunction
as a parameter in the FiatConnectClient
constructor. The FiatConnectClient
instance uses the signing function to sign a SIWE message and log in with a
FiatConnect provider when:
login
method is invoked explicitlyWallets may or may not wish to require a PIN every time a SIWE message is signed, or just some of the time. They may implement
whatever preference they have by writing the signingFunction
accordingly.
In most cases, clients will wish to integrate with multiple FiatConnect providers. However, it is worth noting that the
FiatConnectClient
class deals with only a single provider. This allows for more convenient separation of session
cookies and provider-specific configuration data (base URL, etc.).
For an example of how to manage multiple FiatConnect providers in your codebase using the FiatConnect SDK, you may refer to the Valora wallet, which stores an object in memory mapping provider ID's to FiatConnectClient instances. Many similar possibilities exist.
At time of writing, three companies offer a FiatConnect-compliant sandbox API: Valora, Alpha Fortress, and Bitmama.
If you want to test against a sandbox server that is FiatConnect-compliant, you can ask one of these companies on Discord to share API credentials with you. In particular, you will want a base URL and client API key that can be used to instantiate a FiatConnectClient.
Alternatively, if you want to make heavier use of a sandbox server (such as for CI), you can stand up your own FiatConnect-compliant sandbox using the api starter.
yarn test
We welcome contributions in the form of Issues and PRs. See CONTRIBUTING.md. If you have ideas for FiatConnect SDK that you'd like to discuss with other developers, you may contact us on the FiatConnect Discord.
FAQs
A helper library for wallets to integrate with FiatConnect APIs
The npm package @fiatconnect/fiatconnect-sdk receives a total of 606 weekly downloads. As such, @fiatconnect/fiatconnect-sdk popularity was classified as not popular.
We found that @fiatconnect/fiatconnect-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.