Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@invertase/node-paddle-sdk

Package Overview
Dependencies
Maintainers
3
Versions
7
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@invertase/node-paddle-sdk

A fully typed NodeJS library for integration with Paddle.

  • 0.2.1
  • npm
  • Socket score

Version published
Weekly downloads
181
increased by33.09%
Maintainers
3
Weekly downloads
 
Created
Source

Node Paddle SDK

A NodeJS library for integrating with Paddle.

The library provides full TypeScript definitions for the Paddle API & Webhook events.

Installation

npm install @invertase/node-paddle-sdk --save

Usage

import { PaddleSDK } from '@invertase/node-paddle-sdk';

const paddle = new PaddleSDK(
  12345, // Required: Vendor ID
  'xxxx', // Required: Vendor Auth Code
  'xxxx', // Optional: Public Key
);

The Public Key is optional, but required if using the verifyWebhook method.

API

The library provides integration with the Paddle API endpoints.

The vendor_id and vendor_auth_code parameters are not required and are automatically provided by the library.

Example usage:

try {
  const coupons = await paddle.listCoupons({
    product_id: 123,
  });
} catch (e) {
  console.error(e.code, e.message);
}

Product API

Coupons

Products

Licenses

Pay Links

Transactions

Payments

Subscription API

Plans

Users

Modifiers

Payments

One-off Charges

Alert API

Webhooks

Webhooks

The library provides useful helpers for handling Webhooks, along with type definitions for events for TypeScript users.

Verifying a webhook

To verify a webhook, you must have provided a public key whilst creating a PaddleSDK instance otherwise an error will be thrown. If the provided body does not conform to a Paddle Webhook request (JSON response containing both a alert_name and p_signature), an error will also be thrown.

Pass the request body to the verifyWebhook method to verify the signature:

// Express example

// Ensure you accept a JSON request body.
app.use(express.json());

app.post('/your-webhook-endpoint', (req, res) => {
  const verified = paddle.verifyWebhook(req.body);

  if (!verified) {
    return res.status(403).send('Invalid webhook request.');
  }

  ...
});

TypeScript

The library provides type definitions for the various Paddle Webhook events. Using the alert_name, you can discover the type of the event:

import { PaddleWebhook } from '@invertase/node-paddle-sdk';

app.post('/your-webhook-endpoint', (req, res) => {
  const verified = paddle.verifyWebhook(req.body);

  if (!verified) {
    return res.status(403).send('Invalid webhook request.');
  }

  const event = req.body as PaddleWebhook;

  if (event.alert_name === 'subscription_created') {
    // `event` is now cast as a `SubscriptionCreatedWebhook`
    console.log(event.subscription_id);
  }
});

Sandbox Environment

If using the Paddle Sandbox Environment, you can set the library to use a custom server endpoint:

import { PaddleSDK } from '@invertase/node-paddle-sdk';

const paddle = new PaddleSDK(
  12345, // Required: Vendor ID
  'xxxx', // Required: Vendor Auth Code
  'xxxx', // Optional: Public Key
  'https://sandbox-vendors.paddle.com/api/2.0', // Optional: Custom Server Endpoint
);

License


Built and maintained by Invertase.

FAQs

Package last updated on 18 Aug 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc