ventureverse-sdk

VentureVerse Developer Kit

Welcome to the VentureVerse Developer Kit! This package provides everything you need to integrate your applications with the VentureVerse platform using our secure API key authentication system.

🚀 Quick Start

Installation

npm install ventureverse-sdk

Basic Usage

Standalone Mode

import { VentureVerseSDKSecure } from 'ventureverse-sdk';

const sdk = new VentureVerseSDKSecure({
  apiKey: 'vv_your_api_key_here',
  apiSecret: 'vv_secret_your_api_secret_here',
  debug: true
});

await sdk.initialize();
const user = await sdk.getUserProfile();
await sdk.deductCredits(0.50, 'app_usage');

Iframe Mode (Auto-detected)

When your app is launched from the VentureVerse main portal, the SDK automatically detects iframe mode and uses real user context:

import { VentureVerseSDKSecure } from 'ventureverse-sdk';

// No API credentials needed - automatically detected from URL parameters
const sdk = new VentureVerseSDKSecure({
  debug: true
});

await sdk.initialize(); // Automatically connects to parent window
const user = await sdk.getUserProfile(); // Gets real logged-in user
await sdk.deductCredits(0.50, 'app_usage'); // Uses real credits

🔑 Getting Your API Key

1. Access Developer Console

Important: The VentureVerse Developer Console is currently invitation-only.

To get access:

• Contact the VentureVerse team for developer access
• You will receive login credentials for the developer portal
• Access the developer console through your VentureVerse platform account

2. Create Your First App

• In the Developer Console, click "Create New App"
• Fill in your application details:
  • App Name: Unique name for your application
  • Description: Brief description of what your app does
  • App URL: Where your app will be hosted
• Choose initial status: dev (development mode)
• Click "Create App"

3. Get Your API Credentials

• API Key and API Secret are generated immediately upon app creation
• API Key Format: vv_abc123def456...
• API Secret Format: vv_secret_xyz789...
• Copy and securely store both credentials
• Never expose API credentials in client-side code
• API Secret is required for enhanced security features

📊 App Status System

Status	Description	Developer Control
dev	Development mode for testing	✅ Can set
reviewing	Submitted for platform review	✅ Can set
disabled	App deactivated	✅ Can set

Note: Approved apps are automatically deployed by the VentureVerse platform team.

🏗️ Integration Guide

1. Initialize the SDK

import { VentureVerseSDKSecure } from 'ventureverse-sdk';

const sdk = new VentureVerseSDKSecure({
  apiKey: process.env.VENTUREVERSE_API_KEY, // Store securely
  apiSecret: process.env.VENTUREVERSE_API_SECRET, // Store securely
  environment: 'production', // or 'development'
  debug: false, // Set to true for development
  enableEncryption: true, // Enhanced security
  encryptionKey: process.env.VENTUREVERSE_ENCRYPTION_KEY // Optional
});

// Initialize when your app starts
try {
  await sdk.initialize();
  console.log('VentureVerse SDK initialized successfully');
} catch (error) {
  console.error('Failed to initialize SDK:', error);
}

2. User Authentication

// Check if user is authenticated
const isAuth = sdk.isAuthenticated();

if (!isAuth) {
  console.warn('User is not authenticated');
  // In iframe mode, the VentureVerse platform handles authentication
  // In standalone mode, ensure your API key is valid and the SDK is initialized
} else {
  const user = await sdk.getUserProfile();
  console.log('Current user:', user);
}

3. User Profile Access

// Get detailed user profile
const profile = await sdk.getUserProfile();
console.log('User profile:', {
  id: profile.id,
  name: profile.name,
  email: profile.email,
  tier: profile.tier.name,
  credits: profile.credits
});

4. Credit Management

// Check user's credit balance
const credits = await sdk.getCreditBalance();
console.log(`Monthly: ${credits.monthly_credit_balance}, Top-up: ${credits.topup_credit_balance}`);

// Deduct credits for app usage (idempotency key auto-generated)
try {
  const result = await sdk.deductCredits(1.5, 'app_usage');
  console.log('Credits deducted:', result.credits_deducted);
} catch (error) {
  console.error('Insufficient credits:', error);
  // Handle insufficient credits (show upgrade prompt, etc.)
}

// Check if user has enough credits before expensive operations
const hasCredits = sdk.hasEnoughCredits(2.0);
if (hasCredits) {
  // Proceed with operation
  await performExpensiveOperation();
  await sdk.deductCredits(2.0, 'app_usage');
}

5. Idempotency & Safe Retries

The SDK supports idempotency keys to prevent duplicate credit charges on network retries.

// Generate a key before the operation
const key = sdk.generateIdempotencyKey(1.5);

// Pass it as the 4th argument — user_id is auto-filled from session, pass null
const result = await sdk.deductCredits(1.5, 'app_usage', null, key);

// On retry (e.g. network error), reuse the SAME key — no double charge
try {
  await sdk.deductCredits(1.5, 'app_usage', null, key);
} catch (error) {
  // Retry with the same key
  await sdk.deductCredits(1.5, 'app_usage', null, key);
}

Key points:

• If no key is provided, one is auto-generated per call (safe for non-retry flows)
• Reuse the same key on retries to prevent duplicate charges
• Keys have the format deduct_<timestamp><random> and are unique per call
• Use the operation parameter for future extensibility: sdk.generateIdempotencyKey(cost, 'refund')

6. Error Handling

try {
  await sdk.deductCredits(1.0, 'app_usage');
} catch (error) {
  switch (error.code) {
    case 'INSUFFICIENT_CREDITS':
      showUpgradePrompt();
      break;
    case 'INVALID_API_KEY':
      console.error('API key is invalid or revoked');
      break;
    case 'RATE_LIMIT_EXCEEDED':
      console.error('Rate limit exceeded, try again later');
      break;
    default:
      console.error('Unexpected error:', error);
  }
}

7. Iframe Integration

The SDK automatically detects and handles iframe integration with the VentureVerse main portal:

// SDK auto-detects iframe mode - no special configuration needed
const sdk = new VentureVerseSDKSecure({ debug: true });
await sdk.initialize();

// Check if running in iframe mode
if (sdk.isIframeMode) {
  console.log('✅ Running in VentureVerse iframe - using real user data');
  
  // All methods work the same but use real user context from parent
  const user = await sdk.getUserProfile(); // Real logged-in user
  const credits = await sdk.getCreditBalance(); // Real credit balance
  
  // Credit deductions affect the actual user account
  await sdk.deductCredits(0.50, 'app_usage');
} else {
  console.log('Running in standalone mode - using demo data');
}

// Listen for iframe events
sdk.addEventListener('userProfileUpdated', (user) => {
  console.log('User profile updated:', user);
});

sdk.addEventListener('creditBalanceUpdated', (credits) => {
  console.log('Credits updated:', credits);
});

How Iframe Integration Works

• App Validation: VentureVerse validates your app's API credentials before loading
• Token Exchange: A short-lived iframe_token is passed in the URL; the SDK exchanges it server-side for real user context — no PII ever travels in the URL
• Automatic Detection: SDK detects iframe mode from iframe_mode=true URL parameter
• Real User Data: All SDK methods return actual user information, not mock data
• Credit Operations: Credit deductions affect the real user's account

URL Parameters (Auto-handled)

When launched from VentureVerse, your app receives these parameters:

• iframe_mode=true - Indicates iframe mode
• app_validated=true - Confirms app credentials were validated
• iframe_token - Short-lived opaque token; SDK exchanges it server-side for user context

The SDK automatically handles all of these parameters — no manual processing required. User PII (user_id, email, name) is never passed in the URL.

🔐 API Key Management

Viewing Your API Key

• Go to your app in the Developer Console
• Click "Show API Key" to reveal the full key
• Copy the key for use in your application

Rotating API Keys

⚠️ Important: Rotating invalidates the old key immediately.

• In your app details, click "Rotate API Key"
• Confirm the action
• Immediately update your application with the new key
• Test that your app works with the new key

Security Best Practices

• Store API keys and secrets in environment variables
• Never expose credentials in client-side code
• Use the secure SDK with encryption enabled
• Rotate credentials regularly (monthly/quarterly)
• Monitor usage patterns for anomalies
• Revoke compromised credentials immediately
• Enable request signing for additional security
• Use HTTPS for all communications

📈 Rate Limits

Default limits:

• 10,000 requests/day
• 100 requests/minute

Monitor your usage in the Developer Console. Contact support for higher limits with:

• Detailed usage projections
• Business justification
• Technical implementation plan

📋 API Reference

Core Methods

initialize()

Initialize the SDK. Must be called before using other methods.

await sdk.initialize();

getUserProfile()

Get the current user's profile information.

const profile = await sdk.getUserProfile();
// Returns: { id, name, email, tier, credits, ... }

getCreditBalance()

Get user's current credit balance.

const credits = await sdk.getCreditBalance();
// Returns: { monthly_credit_balance, topup_credit_balance, tier, ... }

hasEnoughCredits(amount)

Check if user has sufficient credits.

const hasEnough = sdk.hasEnoughCredits(850); // pass credit amount, not USD
// Returns: boolean

deductCredits(cost, type?, user_id?, idempotencyKey?)

Deduct credits from user's account.

// Basic usage — idempotency key auto-generated
await sdk.deductCredits(1.0, 'app_usage');

// With explicit idempotency key for safe retries (user_id auto-filled — pass null)
const key = sdk.generateIdempotencyKey(1.0);
const result = await sdk.deductCredits(1.0, 'app_usage', null, key);
// Returns: { success, credits_deducted, remaining_balance, transaction_id? }

generateIdempotencyKey(amount, operation?)

Generates a unique idempotency key for a credit operation.

const key = sdk.generateIdempotencyKey(1.0);
// Returns: string like "deduct_lf8xabc1234567890"

Authentication Methods

isAuthenticated()

Check if the current user session is valid.

const isAuth = sdk.isAuthenticated();
// Returns: boolean

Iframe Methods

isIframeMode (property)

Boolean property indicating whether the app is running inside the VentureVerse platform iframe.

if (sdk.isIframeMode) {
  console.log('Running in VentureVerse iframe — real user data active');
}

🚨 Troubleshooting

Common Issues

"Invalid API Key" Errors

• Check if key was recently rotated/revoked
• Verify key format starts with vv_
• Ensure no extra spaces or characters
• Check if app status is disabled

Rate Limit Exceeded

• Check current usage in Developer Console
• Implement request queuing/throttling
• Contact support for higher limits

Credit Deduction Failures

• Verify user has sufficient credits
• Check credit amount is valid (positive number)
• Ensure description is provided

SDK Initialization Fails

• Verify API key is correct and active
• Check network connectivity
• Enable debug mode for detailed logs

Debug Mode

Enable debug mode for detailed logging:

const sdk = new VentureVerseSDKSecure({
  apiKey: 'your-api-key',
  apiSecret: 'your-api-secret',
  debug: true
});

This will log all API requests, responses, and errors to the console.

🔒 Security Features

The VentureVerse SDK Secure edition includes enterprise-grade security:

Built-in Security

• Dual Authentication: API Key + Secret for enhanced security
• AES-256-GCM Encryption: End-to-end encryption for sensitive data
• HMAC-SHA256 Signing: Request signing to prevent tampering
• Rate Limiting: Built-in protection against abuse
• Session Management: Secure session handling and token management

Advanced Features

• Request Signing: All requests signed with HMAC-SHA256
• Encrypted Parameters: Sensitive data encrypted before transmission
• Error Monitoring: Comprehensive error tracking and reporting
• Resource Management: Automatic cleanup and memory management
• Retry Logic: Intelligent retry with exponential backoff

Security Configuration

const sdk = new VentureVerseSDKSecure({
  apiKey: 'vv_your_api_key',
  apiSecret: 'vv_secret_your_secret',
  enableEncryption: true, // Enable AES encryption
  encryptionKey: 'your-encryption-key', // Custom encryption key
  timeout: 10000, // Request timeout
  debug: false // Disable in production
});

📁 Repository Structure

ventureverse-developer-kit/
├── src/
│   ├── ventureverse-sdk-secure.js  # Secure SDK with encryption
│   ├── security/
│   │   └── auth-system.js          # Server-side auth utilities (Node.js)
│   └── types.d.ts                  # TypeScript definitions
├── docs/
│   └── API_REFERENCE.md            # Detailed API documentation
├── templates/
│   └── vanilla-js-template/        # Ready-to-use starter template
├── SECURITY_ISSUES_RESOLVED.md    # Security improvements log
├── CHANGELOG.md                    # Version history
└── README.md                       # This guide

🧪 Testing Your Integration

• Use templates/vanilla-js-template/ as a ready-to-run starter (run npm install && npm run dev)
• Follow the SDK initialization and credit deduction examples in this README
• Use the VentureVerse Developer Console sandbox to preview your app with real credits
• Test iframe context by loading your app in the sandbox preview — the SDK auto-detects iframe_mode=true

Note: User PII (user_id, user_email, user_name) is never passed as URL parameters. The SDK exchanges an iframe_token server-side to retrieve user context securely.

🎯 Next Steps

• Create your app in the Developer Console
• Get your API key and store it securely
• Follow the integration guide above
• Test thoroughly using the provided examples
• Submit for review when ready for production

📞 Support

• Documentation: This comprehensive guide
• Examples: Working templates in /examples
• GitHub Issues: Report bugs and feature requests
• Developer Console: Built-in help and tutorials

📄 License

MIT License - see LICENSE file for details.

Ready to build amazing apps on VentureVerse? Start with the integration guide above!