Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
rm-api-sdk
A NodeJS wrapper for some of the RESTful methods documented at doc.revenuemonster.my
API-SDK-Nodejs
This is an Nodejs/Typescript SDK that maps some of the RESTful methods of Open API that are documented at doc.revenuemonster.my.
Installation
# using npm
npm i rm-api-sdk
# using yarn
yarn add rm-api-sdk
Supported APIs
- Client Credentials (Authentication)
- Mechant related API
- Store related API
- User related API
- Payment (Transaction QRCode/URL)
- Payment (Quick Pay)
- Loyalty
- Voucher
Prerequisites
- Get Client ID and Client Secret from portal.
- Generate private key and publci key from portal.
- Store private key for own use and public key at portal.
SDK API
Import the RMSDK via require
var RMSDK = require('rm-api-sdk').RMSDK
Or ES5
var { RMSDK } = require('rm-api-sdk')
Or Import/Export convention
import { RMSDK } from 'rm-api-sdk'
Initialise a RMSDK instance by using
const SDK = RMSDK({
clientId: '5499912462549392892',
clientSecret: 'pwMapjZzHljBALIGHxfGGXmiGLxjWBKt',
privateKey: Buffer.from(fs.readFileSync('privateKey.pem')).toString(),
openApiVersion: 'v3' // default, optional
oauthApiVersion: 'v1' // default, optional
isProduction: false // default, optional
timeout: 2000, // default, optional
})
Access Token Generation - getClientCredentials()
To get refresh token and access token(expired after 2 hours) with using provided clientId and clientSecret.
const result = await SDK.getClientCredentials();
Refresh Access Token - refreshToken(string)
To get new access token(expired after 2 hours) with using provided clientId and clientSecret (recommended to schedule to run this fucntion on every less than 2 hours) in order to avoid expired access token error.
const result = await SDK.refreshToken(refreshToken);
Merchant related API
Get merchant profile - getMerchantProfile(accessToken)
const result = await SDK.getMerchantProfile(accessToken);
Get merchant subscription - getMerchantSubscriptions(accessToken)
const result = await SDK.getMerchantSubscriptions(accessToken)
Store realted API
Get list of stores - getStores(accessToken)
const result = await SDK.getMerchantSubscriptions(accessToken)
Get store by Id - getStoreById(accessToken)
const result = await SDK.getStoreById(accessToken)
Create store - createStore(accessToken, data)
const result = await SDK.createStore(accessToken, {
name: 'Revenue Monster',
addressLine1: 'B-5-30, 5th Floor, Block Bougainvillea,'
addressLine2: 'PJU 6A, Lebuhraya SPRINT, 10 Boulevard,' // optional
postCode: '47400',
city: 'Petaling Jaya',
state: 'Selangor',
country: 'Malaysia',
countryCode: '60',
phoneNumber: '377334080',
geoLocation: { // optional
Lat: 3.1349857,
Lng: 101.6136659
}
})
Update store - updateStore(accessToken, storeId, data)
const result = await SDK.updateStore(accessToken, '1662168764176583360', {
name: 'Revenue Monster',
addressLine1: 'B-5-30, 5th Floor, Block Bougainvillea,'
addressLine2: 'PJU 6A, Lebuhraya SPRINT, 10 Boulevard,' // optional
postCode: '47400',
city: 'Petaling Jaya',
state: 'Selangor',
country: 'Malaysia',
countryCode: '60',
phoneNumber: '377334080',
geoLocation: { // optional
Lat: 3.1349857,
Lng: 101.6136659
}
})
Delete store - deleteStore(accessToken, storeId)
const result = await SDK.deleteStore(accessToken, '1662168764176583360')
User related API
Get user profile - getUserProfile(accessToken)
const result = await SDK.getUserProfile(accessToken)
Payment (Transaction QRCode/URL)
Create transaction QRCode/URL
Payment.createTransactionUrl(accessToken, transactionPayload)
const result = await SDK.Payment.createTransactionUrl(accessToken, {
amount: 100,
currencyType: 'MYR',
expiry: { type: 'PERMANENT' },
isPreFillAmount: true,
method: ['WECHATPAY'],
order: {
details: 'detail AAA',
title: 'title BBB',
},
redirectUrl: 'https://www.google.com',
storeId: '1981039839353524638',
type: 'DYNAMIC',
})
console.log(result)
Get list of transaction QRCode/URLs generated
Payment.getTransactionUrl(accessToken)
const result = await SDK.Payment.getTransactionUrl(accessToken)
Get transaction QRCode/URL by code
Payment.getTransactionUrlByCode(accessToken, code)
const result = await SDK.Payment.getTransactionUrlByCode(accessToken, 'a669adc3b06fe5cef977cc762f40ce8c')
Get list of transactions by code
Payment.getTransactionsByCode(accessToken, code)
const result = await SDK.Payment.getTransactionsByCode(accessToken)
Payment (Quick Pay)
Initiate Quick Pay transaction
Payment.initQuickPay(accessToken, data)
const result = await SDK.Payment.initQuickPay(accessToken, {
authCode: '161108235812586242',
order: {
amount: 100,
currencyType: 'MYR',
id: '12344333233444',
title: 'title',
detail: 'description here',
additionalData: 'API testing',
},
ipAddress: '175.143.101.229',
storeId: '5237968049713769466'
});
Refund transaction
Payment.refund(accessToken, data)
const result = await SDK.Payment.refund(accessToken, {
transactionId: '181203100634010427614646',
refund: {
type: 'FULL',
currencyType: 'MYR',
amount: 100,
},
reason: 'testing purpose',
});
Reverse transaction
Payment.reverse(accessToken, data)
const result = await SDK.Payment.reverse(accessToken, {
orderId: '12345678123'
});
Get list of payment transactions
Payment.getPaymentTransactions(accessToken)
const result = await SDK.Payment.getPaymentTransactions(accessToken);
Get payment transaction by Id
Payment.getTransactionById(accessToken, Id)
const result = await SDK.Payment.getPaymentTransactionById(accessToken, '1805260552060011600267');
Get payment trasaction by Order Id
Payment.getTransactionByOrderId(accessToken, orderId)
const result = await SDK.Payment.getPaymentTransactionByOrderId(accessToken, '9809099398273542333339');
Get daily settlement report
Payment.getDailySettlementReport(accessToken, data)
const result = await SDK.Payment.getDailySettlementReport(accessToken, {
date: "2019-01-06",
method: "WECHATPAY",
region: "MALAYSIA",
sequence: 1
});
Loyalty related API
Give loyalty point - giveLoyaltyPoint(accessToken, data)
const result = await SDK.giveLoyaltyPoint(accessToken, {
point: 100,
type: 'PHONENUMBER',
countryCode: '60',
phoneNumber: '176473298',
});
Voucher related API
Issue voucher - issueVoucher(accessToken, batchKey)
const result = await SDK.issueVoucher(
accessToken,
'EhQKCE1lcmNoYW50EJXVzd3wraqTORIYCgxWb3VjaGVyQmF0Y2gQkvnGweaB2uQg'
)
Void voucher - voidVoucher(accessToken, code)
const result = await SDK.voidVoucher(accessToken, 'NAklEfbVdV')
Get voucher by code - getVoucherByCode(accessToken, code)
const result = await SDK.getVoucherByCode(accessToken, 'NAklEfbVdV')
Get list of voucher batches - getVoucherBatches(accessToken)
const result = await SDK.getVoucherBatches(accessToken)
Get voucher batch by key - getVoucherBatchByKey(accessToken, batchKey)
const result = await SDK.getVoucherBatchByKey(
accessToken,
'EhQKCE1lcmNoYW50EJXVzd3wraqTORIYCgxWb3VjaGVyQmF0Y2gQxZP495jpsOla'
)
Get WeChat User OAuth URL throught Revenue Monster Official Account
const result = await SDK.getWechatOauthUrl(
accessToken,
'user-defined-redirectUrl'
)
Get Revenue Monster Official Account WeChat User Information By Code
const result = await SDK.getWechatUserByCode(
accessToken,
'code-you-get-from-wechat-oauth-url'
)
Keywords
FAQs
A NodeJS wrapper for some of the RESTful methods documented at doc.revenuemonster.my
The npm package rm-api-sdk receives a total of 62 weekly downloads. As such, rm-api-sdk popularity was classified as not popular.
We found that rm-api-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025