yarn add @prove-identity/prove-api zod

# Note that Yarn does not install peer dependencies automatically. You will need
# to install zod as shown above.

Requirements

For supported JavaScript runtimes, please consult RUNTIMES.md.

SDK Example Usage

Example

import { ProveAPI } from "@prove-identity/prove-api";

async function run() {
    // Get OAuth credentials from environment variables.
    const oauthClientId = process.env.PROVE_CLIENT_ID;
    const oauthClientSecret = process.env.PROVE_CLIENT_SECRET;

    const proveEnv = "uat-us" // Use UAT in US region.

    // Create client for the Prove API.
    const sdk = new ProveAPI({
        server: proveEnv,
        security: {
            clientID: oauthClientId,
            clientSecret: oauthClientSecret,
        },
    });

    let startReq = {
        flowType: req.body.flowtype,
        finalTargetUrl: 'https://example.com',
        phoneNumber: req.body.mobilenumber,
    }

    // Send the start request.
    const rspStart = await sdk.v3.v3StartRequest(startReq);
    if (!rspStart) {
        console.error("Start error.")
        return
    }

    // Store the correlation ID.
    // correlationId = rspStart.v3StartResponse.correlationId;

    // Return the authToken back to the client SDK.
    // let authToken = rspStart.v3StartResponse.authToken;


    let reqBody = {
        correlationId: correlationId,
    }

    // Wait for the client to return.

    // Send the validate request.
    const rspValidate = await sdk.v3.v3ValidateRequest(reqBody);
    if (!rspValidate) {
        console.error("Start SDK error.")
        return
    }

    // If challenge is the next endpoint, return the user information.
    if (next && 'v3-challenge' in next) {
        const rspChallenge = await sdk.v3.v3ChallengeRequest({
            correlationId: correlationId,
        })
        if (!rspChallenge) {
            console.error("Challenge error.")
            return
        }

        // Return the user information to the client.
        // let individual = rspChallenge.v3ChallengeResponse.individual;
    }

    // Verify the user information.
    const rspComplete = await sdk.v3.v3CompleteRequest({
        correlationId: correlationId,
        individual: {
            firstName: 'Tod',
            lastName: 'Weedall',
            addresses: [{
                address: '39 South Trail',
                city: 'San Antonio',
                region: 'TX',
                postalCode: '78285',
            }],
            dob: '1984-12-10',
            emailAddresses: [
                'tweedalld@ehow.com',
            ],
            ssn: '565228370',
        },
    });
    if (!rspComplete) {
        console.error("Complete error.")
        return
    }
}

run();

Available Resources and Operations

Available methods

auth

authContinueRequest - AuthContinue /v1/server/auth/continue
authFinishRequest - AuthFinish /v1/server/auth/finish
authStartRequest - AuthStart /v1/server/auth/start

domain

v3DomainConfirmLinkRequest - Confirm a domain link request
v3DomainIDRequest - Get Domain Details
v3DomainLinkRequest - Request a domain link
v3DomainLinkedRequest - Get the list of domains that are linked to this domain.
v3DomainUnlinkRequest - Remove a domain link or request

identity

v3BatchGetIdentities - Batch Get Identities
v3EnrollIdentity - Enroll Identity
v3BatchEnrollIdentities - Batch Enroll Identities
v3DisenrollIdentity - Disenroll Identity
v3GetIdentity - Get Identity
v3ActivateIdentity - Activate Identity
v3CrossDomainIdentity - Cross Domain Identity
v3DeactivateIdentity - Deactivate Identity
v3GetIdentitiesByPhoneNumber - Get Identities By Phone Number

v3

v3TokenRequest - Request OAuth Token
v3ChallengeRequest - Submit Challenge
v3CompleteRequest - Complete Flow
v3StartRequest - Start Flow
v3UnifyRequest - Initiate Possession Check
v3UnifyBindRequest - Bind Prove Key
v3UnifyStatusRequest - Check Status
v3ValidateRequest - Validate Phone Number
v3VerifyRequest - Verify User
v3VerifyBatchRequest - Batch Verify Users

Error Handling

ProveapiError is the base class for all HTTP error responses. It has the following properties:

Property	Type	Description
`error.message`	`string`	Error message
`error.httpMeta.response`	`Response`	HTTP response. Access to headers and more.
`error.httpMeta.request`	`Request`	HTTP request. Access to headers and more.
`error.data$`		Optional. Some errors may contain structured data. See Error Classes.

Example

import { Proveapi } from "@prove-identity/prove-api";
import * as errors from "@prove-identity/prove-api/models/errors";

const proveapi = new Proveapi();

async function run() {
  try {
    const result = await proveapi.v3.v3TokenRequest({
      clientId: "customer_id",
      clientSecret: "secret",
      grantType: "client_credentials",
    });

    console.log(result);
  } catch (error) {
    // The base class for HTTP error responses
    if (error instanceof errors.ProveapiError) {
      console.log(error.message);
      console.log(error.httpMeta.response.status);
      console.log(error.httpMeta.response.headers);
      console.log(error.httpMeta.request);

      // Depending on the method different errors may be thrown
      if (error instanceof errors.Error400) {
        console.log(error.data$.code); // number
        console.log(error.data$.message); // string
      }
    }
  }
}

run();

Error Classes

Primary errors:

ProveapiError: The base class for HTTP error responses.
- Error400: Error400 is a custom error for HTTP 400. This is used to support distinguishing between HTTP 400 and 500 in Speakeasy SDKs. Status code 400.
- ErrorT: Internal Server Error. The server encountered an unexpected condition that prevented it from fulfilling the request. Status code 500.
- Error401: Unauthorized. Authentication is required and has failed or has not been provided. Status code 401. *
- Error403: Forbidden. The server understood the request but refuses to authorize it. Status code 403. *

Less common errors (6)

Network errors:

ConnectionError: HTTP client was unable to make a request to a server.
RequestTimeoutError: HTTP request timed out due to an AbortSignal signal.
RequestAbortedError: HTTP request was aborted by the client.
InvalidRequestError: Any input used to create a request is invalid.
UnexpectedClientError: Unrecognised or unexpected error.

Inherit from ProveapiError:

ResponseValidationError: Type mismatch between the data returned from the server and the structure expected by the SDK. See error.rawValue for the raw value and error.pretty() for a nicely formatted multi-line string.

* Check the method documentation to see if the error is applicable.

Server Selection

Select Server by Name

You can override the default server globally by passing a server name to the server: keyof typeof ServerList optional parameter when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the names associated with the available servers:

Name	Server	Description
`uat-us`	`https://platform.uat.proveapis.com`	UAT for US Region
`prod-us`	`https://platform.proveapis.com`	Prod for US Region
`uat-eu`	`https://platform.uat.eu.proveapis.com`	UAT for EU Region
`prod-eu`	`https://platform.eu.proveapis.com`	Prod for EU Region

Example

import { Proveapi } from "@prove-identity/prove-api";

const proveapi = new Proveapi({
  server: "prod-eu",
});

async function run() {
  const result = await proveapi.v3.v3TokenRequest({
    clientId: "customer_id",
    clientSecret: "secret",
    grantType: "client_credentials",
  });

  console.log(result);
}

run();

Override Server URL Per-Client

The default server can also be overridden globally by passing a URL to the serverURL: string optional parameter when initializing the SDK client instance. For example:

import { Proveapi } from "@prove-identity/prove-api";

const proveapi = new Proveapi({
  serverURL: "https://platform.uat.proveapis.com",
});

async function run() {
  const result = await proveapi.v3.v3TokenRequest({
    clientId: "customer_id",
    clientSecret: "secret",
    grantType: "client_credentials",
  });

  console.log(result);
}

run();

Custom HTTP Client

The TypeScript SDK makes API calls using an HTTPClient that wraps the native Fetch API. This client is a thin wrapper around fetch and provides the ability to attach hooks around the request lifecycle that can be used to modify the request or handle errors and response.

The HTTPClient constructor takes an optional fetcher argument that can be used to integrate a third-party HTTP client or when writing tests to mock out the HTTP client and feed in fixtures.

The following example shows how to use the "beforeRequest" hook to to add a custom header and a timeout to requests and how to use the "requestError" hook to log errors:

import { Proveapi } from "@prove-identity/prove-api";
import { HTTPClient } from "@prove-identity/prove-api/lib/http";

const httpClient = new HTTPClient({
  // fetcher takes a function that has the same signature as native `fetch`.
  fetcher: (request) => {
    return fetch(request);
  }
});

httpClient.addHook("beforeRequest", (request) => {
  const nextRequest = new Request(request, {
    signal: request.signal || AbortSignal.timeout(5000)
  });

  nextRequest.headers.set("x-custom-header", "custom value");

  return nextRequest;
});

httpClient.addHook("requestError", (error, request) => {
  console.group("Request Error");
  console.log("Reason:", `${error}`);
  console.log("Endpoint:", `${request.method} ${request.url}`);
  console.groupEnd();
});

const sdk = new Proveapi({ httpClient });

Authentication

Per-Client Security Schemes

This SDK supports the following security scheme globally:

Name	Type	Scheme
`clientID` `clientSecret`	oauth2	OAuth2 Client Credentials Flow

You can set the security parameters through the security optional parameter when initializing the SDK client instance. For example:

import { Proveapi } from "@prove-identity/prove-api";

const proveapi = new Proveapi({
  security: {
    clientID: "<YOUR_CLIENT_ID_HERE>",
    clientSecret: "<YOUR_CLIENT_SECRET_HERE>",
  },
});

async function run() {
  const result = await proveapi.v3.v3TokenRequest({
    clientId: "customer_id",
    clientSecret: "secret",
    grantType: "client_credentials",
  });

  console.log(result);
}

run();

Retries

Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.

To change the default retry strategy for a single API call, simply provide a retryConfig object to the call:

import { Proveapi } from "@prove-identity/prove-api";

const proveapi = new Proveapi();

async function run() {
  const result = await proveapi.v3.v3TokenRequest({
    clientId: "customer_id",
    clientSecret: "secret",
    grantType: "client_credentials",
  }, {
    retries: {
      strategy: "backoff",
      backoff: {
        initialInterval: 1,
        maxInterval: 50,
        exponent: 1.1,
        maxElapsedTime: 100,
      },
      retryConnectionErrors: false,
    },
  });

  console.log(result);
}

run();

If you'd like to override the default retry strategy for all operations that support retries, you can provide a retryConfig at SDK initialization:

import { Proveapi } from "@prove-identity/prove-api";

const proveapi = new Proveapi({
  retryConfig: {
    strategy: "backoff",
    backoff: {
      initialInterval: 1,
      maxInterval: 50,
      exponent: 1.1,
      maxElapsedTime: 100,
    },
    retryConnectionErrors: false,
  },
});

async function run() {
  const result = await proveapi.v3.v3TokenRequest({
    clientId: "customer_id",
    clientSecret: "secret",
    grantType: "client_credentials",
  });

  console.log(result);
}

run();

Standalone functions

All the methods listed above are available as standalone functions. These functions are ideal for use in applications running in the browser, serverless runtimes or other environments where application bundle size is a primary concern. When using a bundler to build your application, all unused functionality will be either excluded from the final bundle or tree-shaken away.

To read more about standalone functions, check FUNCTIONS.md.

Available standalone functions

authAuthContinueRequest - AuthContinue /v1/server/auth/continue
authAuthFinishRequest - AuthFinish /v1/server/auth/finish
authAuthStartRequest - AuthStart /v1/server/auth/start
domainV3DomainConfirmLinkRequest - Confirm a domain link request
domainV3DomainIDRequest - Get Domain Details
domainV3DomainLinkedRequest - Get the list of domains that are linked to this domain.
domainV3DomainLinkRequest - Request a domain link
domainV3DomainUnlinkRequest - Remove a domain link or request
identityV3ActivateIdentity - Activate Identity
identityV3BatchEnrollIdentities - Batch Enroll Identities
identityV3BatchGetIdentities - Batch Get Identities
identityV3CrossDomainIdentity - Cross Domain Identity
identityV3DeactivateIdentity - Deactivate Identity
identityV3DisenrollIdentity - Disenroll Identity
identityV3EnrollIdentity - Enroll Identity
identityV3GetIdentitiesByPhoneNumber - Get Identities By Phone Number
identityV3GetIdentity - Get Identity
v3V3ChallengeRequest - Submit Challenge
v3V3CompleteRequest - Complete Flow
v3V3StartRequest - Start Flow
v3V3TokenRequest - Request OAuth Token
v3V3UnifyBindRequest - Bind Prove Key
v3V3UnifyRequest - Initiate Possession Check
v3V3UnifyStatusRequest - Check Status
v3V3ValidateRequest - Validate Phone Number
v3V3VerifyBatchRequest - Batch Verify Users
v3V3VerifyRequest - Verify User

Debugging

You can setup your SDK to emit debug logs for SDK requests and responses.

You can pass a logger that matches console's interface as an SDK option.

[!WARNING] Beware that debug logging will reveal secrets, like API tokens in headers, in log messages printed to a console or files. It's recommended to use this feature only during local development and not in production.

import { Proveapi } from "@prove-identity/prove-api";

const sdk = new Proveapi({ debugLogger: console });

FAQs

What is @prove-identity/prove-api?

Is @prove-identity/prove-api popular?

Is @prove-identity/prove-api well maintained?

Package last updated on 25 Nov 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@prove-identity/prove-api