Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@typeform/api-client
Advanced tools
JS Client wrapper for Typeform API
# install with yarn
yarn add @typeform/api-client
# install with npm
npm install @typeform/api-client --save
// If using ESM syntax
import { createClient } from '@typeform/api-client'
// If using CJS syntax
const { createClient } = require('@typeform/api-client')
const typeformAPI = createClient({ token: '<your token>' })
If your account is configured to store responses in the EU Data Center
you can pass the apiBaseUrl
as https://api.eu.typeform.com
.
const typeformAPI = createClient(
{
token: '<your token>',
apiBaseUrl: 'https://api.eu.typeform.com'
}
)
// will retrieve all forms
typeformAPI.forms.list().then((response) => {
// do what do you want with your typeforms
})
Note: You can also execute the client binary directly via command line in your project:
yarn typeform-api <method> [params]
See next section for more details.
Clone this repo on your machine
Install all dependencies:
yarn install
TF_TOKEN
env variableexport TF_TOKEN=tfp_XXXXXXXXXX
yarn typeform-api <method> [params]
See reference for all available method names and their params.
Example usage:
yarn typeform-api forms.list
yarn typeform-api forms.get '{uid:"abcd1234"}'
yarn typeform-api themes.list '{pageSize:3}'
createClient({token})
const typeformClient = createClient({ token: '<your token>' })
// If what you are trying to access doesn't require a token, you can construct the client without any argument
const typeformAPI = createClient()
If your account is configured to store responses in the EU Data Center
you can pass the apiBaseUrl
as https://api.eu.typeform.com
.
const typeformAPI = createClient(
{
token: '<your token>',
apiBaseUrl: 'https://api.eu.typeform.com'
}
)
Client returns the following properties:
forms
images
teams
workspaces
themes
responses
webhooks
Each one of them encapsulates the operations related to it (like listing, updating, deleting the resource).
forms.list({ page: 1, pageSize = 10, search = '', page })
page: "auto"
to automatically fetch all pages if there are more. It fetches with maximum pageSize: 200
.forms.get({ uid })
forms.create({ data = {} })
forms.update({ uid, data = {}, override = false })
forms.delete({ uid })
forms.copy({ uid, workspaceUrl })
workspaceUrl
(optional) The URL of a workspace to copy the typeform into.forms.messages.get({ uid })
forms.messages.update({ uid })
images.list()
images.get({ id, size, backgroundSize, choiceSize })
size
: default, thumbnail, mobilebackgroundSize
: default, thumbnail, mobile, tabletchoiceSize
: default, thumbnail, supersize, supermobile, supersizefit, supermobilefitimages.add({ image, url, fileName })
image
: Base64 code for the image. Note that base64 encoders may add descriptors to the code (such as data:image/png;base64,
). Do not include these descriptors in your image string---include only the base64 code. Use this or url
(below)url
: URL of the image. Use this or image
(above)fileName
: File name for the imageimages.delete({ id })
themes.list({ page, pageSize })
page
: default 1
page: "auto"
to automatically fetch all pages if there are more, it fetches with maximum pageSize: 200
pageSize: default
10`themes.get({ id })
themes.create({ background, colors, font, hasTransparentButton, name })
themes.update({ id, background, colors, font, hasTransparentButton, name })
id
themes.delete({ id })
workspaces.add({ name })
name
: Name of the new workspace.workspaces.addMembers({ id, members })
id
: Unique ID for the workspace.members
: string
or an array
that should be the email of the userworkspaces.delete({ id })
id
: Unique ID for the workspace.workspaces.get({ id })
id
: Unique ID for the workspace.workspaces.list({ page, pageSize, search })
page
: The page of results to retrieve. Default 1
is the first page of results.
page: "auto"
to automatically fetch all pages if there are more, it fetches with maximum pageSize: 200
pageSize
: Number of results to retrieve per page. Default is 10. Maximum is 200.search
: Returns items that contain the specified string.workspaces.removeMembers({ id, members })
members
: string
or an array
that should be the email of the userworkspaces.update({ id, data })
id
: Unique ID for the workspace.data
: Patch operation to perform in an array structure. See more details in the documentationresponses.delete({ uid, ids })
uid
: Unique ID for the form.ids
: Tokens of the responses to delete. You can list up to 1000 tokens. Accepts either a string or an array of strings.responses.list({ uid, pageSize, since, until, after, before, ids, completed, sort, query, fields })
uid
: Unique ID for the form.pageSize
: Maximum number of responses. Default value is 25. Maximum value is 1000.page
: Set to "auto"
to automatically fetch all pages if there are more. It fetches with maximum pageSize: 1000
. The after
value is ignored when automatic paging is enabled. The responses will be sorted in the order that our system processed them (instead of the default order, submitted_at
). Note that it does not accept numeric value to identify page number.since
: Limit request to responses submitted since the specified date and time. In ISO 8601 format, UTC time, to the second, with T as a delimiter between the date and time.until
: Limit request to responses submitted until the specified date and time. In ISO 8601 format, UTC time, to the second, with T as a delimiter between the date and time.after
: Limit request to responses submitted after the specified token. If you use the after
parameter, the responses will be sorted in the order that our system processed them (instead of the default order, submitted_at
).before
: Limit request to responses submitted before the specified token. If you use the before
parameter, the responses will be sorted in the order that our system processed them (instead of the default order, submitted_at
).ids
: Limit request to the specified ids. Accepts either a string or an array of strings.completed
: true
if form was submitted. Otherwise, false
.sort
: Order of responses. Currently, responses are automatically sorted by submitted_at,desc
---the date they were submitted, from newest to oldest. We plan to add more options for sort order soon.query
: Limit request to only responses that that include the specified string. You can specify any string as the query
value. The string will be escaped, and the query will include Hidden Fields.fields
: Limit request to only responses for the specified fields. Accepts either a string or an array of strings.insights.summary({ uid })
uid
: Unique ID for the form.webhooks.create({ uid, tag, url, enabled = false, secret, verifySSL })
uid
: Unique ID for the form.tag
: Unique name you want to use for the webhook.url
: Webhook URL.enabled
: true
if you want to send responses to the webhook immediately. Otherwise, false
.secret
: If specified, will be used to sign the webhook payload with HMAC SHA256, so that you can verify that it came from Typeform. (Recommended to add security)verifySSL
: true
if you want Typeform to verify SSL certificates when delivering payloads.webhooks.delete({ uid, tag })
uid
: Unique ID for the form.tag
: Unique name of the webhook.webhooks.get({ uid, tag })
uid
: Unique ID for the form.tag
: tag of the webhook createdwebhooks.list({ uid })
uid
: Unique ID for the form.webhooks.update({ uid, tag, url, enabled = false, secret, verifySSL })
uid
: Unique ID for the form.tag
: Unique name you want to use for the webhook.url
: Webhook URL.enabled
: true
if you want to send responses to the webhook immediately. Otherwise, false
.secret
: If specified, will be used to sign the webhook payload with HMAC SHA256, so that you can verify that it came from Typeform.verifySSL
: true
if you want Typeform to verify SSL certificates when delivering payloads.webhooks.toggle({ uid, tag, enabled })
uid
: Unique ID for the form.tag
: tag of the webhook created.enabled
: true
or false
.typeformClient.forms
.update({
uid: 'asdf',
data: [
{
op: 'replace',
path: '/title',
value: 'new title',
},
],
})
.then((response) => {
//...
})
typeformClient.forms
.update({
uid: 'asdf',
override: true,
data: {
title: newTitle,
theme: {
href: 'https://api.typeform.com/themes/6lPNE6',
},
},
})
.then((response) => {
//...
})
Note:
The theme property applies a theme
to the form. If you don't specify a value for the 'theme' property, Typeform applies a new copy of the default theme to the form, even if you already have a copy of the default theme applied to this form.
typeformClient.images
.add({
image: 'bGRqZmxzZGpmbHNoZmtoc2RrZmpoc2tqZA==',
mediaType: 'image/gif',
fileName: 'newimage.gif',
})
.then((response) => {
//...
})
typeformClient.images
.get({ id: 'asdf', size: 'thumbnail' })
.then((response) => {
//...
})
To run unit tests.
yarn install
# Runs unit tests
yarn test:unit
Feel free to open a Github issue.
FAQs
JS SDK for Typeform API
We found that @typeform/api-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.