@notabene/nodejs
Advanced tools
Notabene NodeJS SDK for sending and receiving transactions through the Notabene Travel Rule gateway.
Documentation • Getting started • Installation • Configuration
npm install @notabene/nodejs
const Notabene = require('@notabene/nodejs');
const client = new Notabene({
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
The client ID and client secret required to authenticate against Notabene's APIs must be requested.
For sending transactions to Notabene's test environment, use your test Client ID and Client Secret and
set the baseURL to https://api.notabene.dev.
const Notabene = require('@notabene/nodejs');
const client = new Notabene({
baseURL: 'https://api.notabene.dev',
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
Examples for ivms and payload variables can be found in the Appendix.
async function demo() {
const ivms = ...;
const payload = ...;
const txCreated = await client.transaction.create(
payload,
PIIEncryptionMethod.DEFAULT
);
console.log(txCreated);
}
E2E encryption method will encryt PII that such that only you and the beneficiary VASP
async function demo() {
const ivms = ...;
const payload = ...;
const jsonDIDKey = ...; // create or import a jsonDIDKey (see Appendix)
const txCreated = await client.transaction.create(
payload,
PIIEncryptionMethod.END_2_END,
jsonDIDKey
);
console.log(txCreated);
}
The hybrid encryption method PIIEncryptionMethod.HYBRID will also encrypt the PII data to Notabene, using a unique managed Escrow Key for your VASP. This allows us to run sanction screening on the PII data.
For END_2_END and HYBRID encryption your VASP needs a dedicated DIDKey, which is a public-private keypair. The function initVASPkey will create a new DIDKey for your VASP and publish the public key to the Notabene directory. This allows other VASPs retrieve your public key and encrypt PII data to you.
const jsonDIDKey = await client.initVASPkey(vaspDID);
Typically you need to call this function only once, and re-use the jsonDIDKey for a long time. If you believe your private key was compromised, calling this function again will rotate your keypair. Data encrypted using a specific public key, can only be decrypted with its private key, don't throw away your old key(s) if you still have data of interest encrypted with those key(s).
To retrieve a transaction simply call:
const txInfo = await client.transaction.get(id);
If the transaction was encrypted with the DEFAULT or HYBRID strategy, the PII Service will be able to decrypt it for you, the ivms101 property will contain the decrypted data. However, for END_2_END encrypted data you can pass your jsonDIDKey argument to decrypt it locally:
const txInfo = await client.transaction.get(id, jsonDIDKey);
To update a transaction simply call the following with the fields you wish to update:
const updatedTx = await client.transaction.update(
{ id: txCreated.id, beneficiaryVASPdid: '...' },
PIIEncryptionMethod.DEFAULT
);
Note, you need specify an encryption method just like in transaction.create (and your jsonDIDKey):
const updatedTxEnd2End = await client.transaction.update(
{ id: txCreated.id, beneficiaryVASPdid: '...' },
PIIEncryptionMethod.END_2_END,
jsonDIDKey
);
// transaction.create payload:
const payload = {
transactionAsset: 'ETH',
transactionAmount: '1111111000000000000',
originatorVASPdid: 'did:ethr:0xb086499b7f028ab7d3c96c4c2b71d7f24c5a0772',
beneficiaryVASPdid: 'did:ethr:0xa80b54afa45dc22a4ebc0e1a9b638998a7899c33',
transactionBlockchainInfo: {
origin: '0x123',
destination: '0x321',
},
originator: ivms.originator,
beneficiary: ivms.beneficiary,
};
const ivms = {
originator: {
originatorPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Frodo',
secondaryIdentifier: 'Baggins',
nameIdentifierType: 'LEGL',
},
],
},
],
nationalIdentification: {
nationalIdentifier: 'AABBCCDDEEFF0011223344',
nationalIdentifierType: 'CCPT',
countryOfIssue: 'NZ',
},
dateAndPlaceOfBirth: {
dateOfBirth: '1900-01-01',
placeOfBirth: 'Planet Earth',
},
geographicAddress: [
{
addressLine: ['Cool Road /-.st'],
country: 'BE',
addressType: 'HOME',
},
],
},
},
],
accountNumber: ['01234567890'],
},
beneficiary: {
beneficiaryPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Bilbo',
secondaryIdentifier: 'Bolson',
nameIdentifierType: 'LEGL',
},
],
},
],
},
},
],
accountNumber: ['01234567890'],
},
};
BSD 3-Clause © Notabene Inc.
FAQs
Client for Notabene's API
The npm package @notabene/nodejs receives a total of 563 weekly downloads. As such, @notabene/nodejs popularity was classified as not popular.
We found that @notabene/nodejs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket Research Team investigates a malicious npm package that appears to be an Advcash integration but triggers a reverse shell during payment success, targeting servers handling transactions.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.