Skip to main content

Methods Reference

This page covers all SDK namespaces other than auth. Admin operations require a bearer token with the appropriate permissions. Use client credentials authentication for server-side contexts — see Installation.

Pagination

All list methods return PagedResult<T>:

interface PagedResult<T> {
  items: T[];
  totalItems: number;
  totalPages: number;
  page: number;
  pageSize: number;
}

List methods accept page and limit parameters to control pagination.

User management (sdk.users)

List users

SDK: sdk.users.listUsers(params?)

REST: GET /api/v1/users

const result = await sdk.users.listUsers({
  page: 1,
  limit: 25,
  search: 'jane',
  isActive: true,
  sortBy: 'createdAt',
  sortOrder: 'desc',
});

console.log(result.totalItems);
result.items.forEach((user) => console.log(user.email));

Parameters:

NameTypeDescription
pagenumberPage number (1-based). Default: 1.
limitnumberResults per page.
searchstringFree-text search across email, firstName, and familyName.
isActivebooleanFilter by active status.
sortBystringField to sort by.
sortOrder'asc' | 'desc'Sort direction.

Returns: PagedResult<User>

interface User {
  id: string;
  tenantId: string;
  email: string;
  emailVerified: boolean;
  firstName?: string;
  familyName?: string;
  phoneNumber?: string;
  phoneVerified: boolean;
  locale?: string;
  timezone?: string;
  isActive: boolean;
  mfaEnabled: boolean;
  createdAt: string;
  updatedAt: string;
}

Get a user

SDK: sdk.users.getUser(userId)

REST: GET /api/v1/users/{id}

const user = await sdk.users.getUser('a1b2c3d4-e5f6-7890-abcd-ef1234567890');
console.log(user.email, user.isActive);

Create a user

SDK: sdk.users.createUser(params)

REST: POST /api/v1/users

const user = await sdk.users.createUser({
  email: '[email protected]',
  firstName: 'New',
  familyName: 'User',
  password: 'TempPass123!',
  sendInvite: true,
});

console.log(user.id);

Parameters:

NameTypeRequiredDescription
emailstringYesMust be unique within the tenant.
passwordstringNoInitial password. If omitted and sendInvite is true, the user sets their password via the invite link.
firstNamestringNo
familyNamestringNo
phoneNumberstringNo
sendInvitebooleanNoSend an invitation email to the user.

Update a user

SDK: sdk.users.updateUser(userId, params)

REST: PUT /api/v1/users/{id}

All fields are optional. Only the fields provided are updated.

const updated = await sdk.users.updateUser(
  'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
  {
    firstName: 'Janet',
    familyName: 'Smith',
    locale: 'en-US',
    timezone: 'America/New_York',
  }
);

Delete a user

SDK: sdk.users.deleteUser(userId)

REST: DELETE /api/v1/users/{id}

Permanently deletes the user and all associated data. This action is irreversible.

await sdk.users.deleteUser('a1b2c3d4-e5f6-7890-abcd-ef1234567890');

Suspend and reactivate a user

SDK: sdk.users.suspendUser(userId) / sdk.users.reactivateUser(userId)

REST: POST /api/v1/users/{id}/suspend / POST /api/v1/users/{id}/reactivate

Suspending a user immediately prevents new logins. Reactivating restores access without resetting credentials.

await sdk.users.suspendUser('a1b2c3d4-e5f6-7890-abcd-ef1234567890');
await sdk.users.reactivateUser('a1b2c3d4-e5f6-7890-abcd-ef1234567890');

Assign a role to a user

SDK: sdk.users.assignRole(userId, roleId)

REST: POST /api/v1/users/{id}/roles

await sdk.users.assignRole(
  'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
  'r9b8a7c6-d5e4-3f21-bcde-fa0987654321'
);

Remove a role from a user

SDK: sdk.users.removeRole(userId, roleId)

REST: DELETE /api/v1/users/{id}/roles/{roleId}

await sdk.users.removeRole(
  'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
  'r9b8a7c6-d5e4-3f21-bcde-fa0987654321'
);

Role management (sdk.roles)

List roles

SDK: sdk.roles.listRoles(params?)

REST: GET /api/v1/roles

const result = await sdk.roles.listRoles({ page: 1, limit: 50 });
result.items.forEach((role) => console.log(role.name, role.permissions));

Returns: PagedResult<Role>

interface Role {
  id: string;
  tenantId: string;
  name: string;
  description?: string;
  permissions: string[];
  isSystem: boolean;
  createdAt: string;
  updatedAt: string;
}

Get a role

SDK: sdk.roles.getRole(roleId)

REST: GET /api/v1/roles/{id}

const role = await sdk.roles.getRole('r9b8a7c6-...');
console.log(role.permissions);

Create a role

SDK: sdk.roles.createRole(params)

REST: POST /api/v1/roles

const role = await sdk.roles.createRole({
  name: 'Support Agent',
  description: 'Can view users and read audit logs',
  permissions: ['user:read', 'audit:read'],
});

console.log(role.id);

Update a role

SDK: sdk.roles.updateRole(roleId, params)

REST: PUT /api/v1/roles/{id}

await sdk.roles.updateRole('r9b8a7c6-...', {
  permissions: ['user:read', 'audit:read', 'user:write'],
});

Delete a role

SDK: sdk.roles.deleteRole(roleId)

REST: DELETE /api/v1/roles/{id}

await sdk.roles.deleteRole('r9b8a7c6-...');

List available permissions

SDK: sdk.roles.listPermissions()

REST: GET /api/v1/permissions

Returns all permission strings available in the system:

const { permissions } = await sdk.roles.listPermissions();
console.log(permissions); // ['user:read', 'user:write', 'audit:read', ...]

Group management (sdk.groups)

List groups

SDK: sdk.groups.listGroups(params?)

REST: GET /api/v1/groups

const result = await sdk.groups.listGroups({ page: 1, limit: 25 });
result.items.forEach((group) => console.log(group.name, group.memberCount));

Returns: PagedResult<Group>

interface Group {
  id: string;
  name: string;
  description?: string;
  tenantId: string;
  memberCount?: number;
  createdAt: string;
  updatedAt: string;
}

Get a group

SDK: sdk.groups.getGroup(groupId)

REST: GET /api/v1/groups/{id}

const group = await sdk.groups.getGroup('g1a2b3c4-...');

Create a group

SDK: sdk.groups.createGroup(params)

REST: POST /api/v1/groups

const group = await sdk.groups.createGroup({
  name: 'Engineering',
  description: 'All engineering staff',
});

Update a group

SDK: sdk.groups.updateGroup(groupId, params)

REST: PUT /api/v1/groups/{id}

await sdk.groups.updateGroup('g1a2b3c4-...', {
  description: 'Engineering and platform staff',
});

Delete a group

SDK: sdk.groups.deleteGroup(groupId)

REST: DELETE /api/v1/groups/{id}

await sdk.groups.deleteGroup('g1a2b3c4-...');

List group members

SDK: sdk.groups.getGroupMembers(groupId, params?)

REST: GET /api/v1/groups/{id}/members

const members = await sdk.groups.getGroupMembers('g1a2b3c4-...', {
  page: 1,
  limit: 50,
});

members.items.forEach((m) => console.log(m.email, m.addedAt));

Returns: PagedResult<GroupMember>

interface GroupMember {
  userId: string;
  email: string;
  firstName?: string;
  familyName?: string;
  addedAt: string;
}

Add a member to a group

SDK: sdk.groups.addGroupMember(groupId, userId)

REST: POST /api/v1/groups/{id}/members

await sdk.groups.addGroupMember(
  'g1a2b3c4-...',
  'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
);

Remove a member from a group

SDK: sdk.groups.removeGroupMember(groupId, userId)

REST: DELETE /api/v1/groups/{id}/members/{userId}

await sdk.groups.removeGroupMember('g1a2b3c4-...', 'a1b2c3d4-...');

Tenant management (sdk.tenants)

List tenants

SDK: sdk.tenants.listTenants(params?)

REST: GET /api/v1/tenants

const result = await sdk.tenants.listTenants({
  page: 1,
  limit: 25,
  status: 'active',
  plan: 'b2b-business',
});

result.items.forEach((t) => console.log(t.name, t.plan));

Returns: PagedResult<Tenant>

interface Tenant {
  id: string;
  name: string;
  slug: string;
  domain?: string;
  plan: 'b2c-free' | 'b2c-pro' | 'b2c-scale' | 'b2b-free' | 'b2b-business' | 'b2b-enterprise';
  status: 'active' | 'suspended' | 'deleted';
  settings: TenantSettings;
  createdAt: string;
  updatedAt: string;
}

interface TenantSettings {
  locale?: string;
  timezone?: string;
  theme?: {
    primaryColor?: string;
    logo?: string;
  };
}

Get a tenant

SDK: sdk.tenants.getTenant(tenantId)

REST: GET /api/v1/tenants/{id}

const tenant = await sdk.tenants.getTenant('t1a2b3c4-...');

Get the current tenant

SDK: sdk.tenants.getCurrentTenant()

REST: GET /api/v1/tenants/current

Returns the tenant identified by the X-Tenant-ID header sent with the request:

const tenant = await sdk.tenants.getCurrentTenant();
console.log(tenant.plan, tenant.status);

Create a tenant

SDK: sdk.tenants.createTenant(params)

REST: POST /api/v1/tenants

const tenant = await sdk.tenants.createTenant({
  name: 'Acme Corp',
  slug: 'acme-corp',
  plan: 'b2b-business',
  adminEmail: '[email protected]',
  adminPassword: 'AdminPass123!',
});

console.log(tenant.id);

Update a tenant

SDK: sdk.tenants.updateTenant(tenantId, params)

REST: PUT /api/v1/tenants/{id}

await sdk.tenants.updateTenant('t1a2b3c4-...', {
  name: 'Acme Corporation',
  settings: {
    locale: 'en-US',
    theme: { primaryColor: '#0B7285' },
  },
});

Delete a tenant

SDK: sdk.tenants.deleteTenant(tenantId)

REST: DELETE /api/v1/tenants/{id}

await sdk.tenants.deleteTenant('t1a2b3c4-...');

Suspend and reactivate a tenant

SDK: sdk.tenants.suspendTenant(tenantId, reason?) / sdk.tenants.reactivateTenant(tenantId)

REST: POST /api/v1/tenants/{id}/suspend / POST /api/v1/tenants/{id}/reactivate

await sdk.tenants.suspendTenant('t1a2b3c4-...', 'Payment overdue');
await sdk.tenants.reactivateTenant('t1a2b3c4-...');

Get enabled features

SDK: sdk.tenants.getEnabledFeatures()

REST: GET /api/v1/tenant/features

Returns the feature flags enabled for the current tenant's plan:

const { features } = await sdk.tenants.getEnabledFeatures();
console.log(features); // ['mfa', 'audit', 'groups', ...]

Session management (sdk.sessions)

List your sessions

SDK: sdk.sessions.getMySessions(params?)

REST: GET /api/v1/auth/sessions

Returns all active sessions for the currently authenticated user:

const result = await sdk.sessions.getMySessions({ page: 1, limit: 10 });

result.items.forEach((s) => {
  console.log(s.id, s.ipAddress, s.deviceType, s.lastActivity);
});

Returns: PagedResult<Session>

interface Session {
  id: string;
  userId: string;
  tenantId: string;
  ipAddress?: string;
  userAgent?: string;
  deviceType?: string;
  location?: {
    city?: string;
    region?: string;
    country?: string;
  };
  isActive: boolean;
  lastActivity: string;
  createdAt: string;
  expiresAt: string;
}

Revoke a session

SDK: sdk.sessions.revokeSession(sessionId)

REST: DELETE /api/v1/auth/sessions/{id}

await sdk.sessions.revokeSession('sess_abc123...');

Revoke all other sessions

SDK: sdk.sessions.revokeAllOtherSessions()

REST: DELETE /api/v1/auth/sessions

Revokes all sessions except the current one. Useful for "log out everywhere else" functionality:

await sdk.sessions.revokeAllOtherSessions();

Get sessions for a specific user

SDK: sdk.sessions.getUserSessions(userId, params?)

REST: GET /api/v1/users/{id}/sessions

const result = await sdk.sessions.getUserSessions('a1b2c3d4-...', {
  page: 1,
  limit: 10,
});

result.items.forEach((s) => console.log(s.id, s.ipAddress, s.createdAt));

Revoke all sessions for a user

SDK: sdk.sessions.revokeUserSessions(userId)

REST: DELETE /api/v1/users/{id}/sessions

Forces the user to log in again on all devices:

await sdk.sessions.revokeUserSessions('a1b2c3d4-...');

Audit logs (sdk.audit)

List audit events

SDK: sdk.audit.listEvents(params?)

REST: GET /api/v1/audit/events

const events = await sdk.audit.listEvents({
  page: 1,
  limit: 50,
  userId: 'a1b2c3d4-...',
  startDate: '2026-02-01T00:00:00Z',
  endDate: '2026-02-28T23:59:59Z',
  status: 'failure',
});

events.items.forEach((event) => {
  console.log(event.action, event.userEmail, event.timestamp);
});

Parameters:

NameTypeDescription
pagenumberPage number.
limitnumberResults per page.
userIdstringFilter events by user.
actionstringFilter by action string, e.g. user.login.
resourceTypestringFilter by resource type, e.g. user.
resourceIdstringFilter by resource ID.
startDatestringISO 8601 start of date range.
endDatestringISO 8601 end of date range.
status'success' | 'failure'Filter by event outcome.
sortBystringSort field.
sortOrder'asc' | 'desc'Sort direction.

Returns: PagedResult<AuditEvent>

interface AuditEvent {
  id: string;
  tenantId: string;
  userId?: string;
  userEmail?: string;
  action: string;
  resourceType: string;
  resourceId?: string;
  ipAddress?: string;
  userAgent?: string;
  details?: Record<string, any>;
  status: 'success' | 'failure';
  timestamp: string;
}

Get a single audit event

SDK: sdk.audit.getEvent(eventId)

REST: GET /api/v1/audit/events/{id}

const event = await sdk.audit.getEvent('evt_abc123...');
console.log(event.details);

Get login history (tenant-wide)

SDK: sdk.audit.getLoginHistory(params?)

REST: GET /api/v1/audit/logins

const logins = await sdk.audit.getLoginHistory({ page: 1, limit: 25 });
logins.items.forEach((e) => console.log(e.userEmail, e.status, e.timestamp));

Get my activity

SDK: sdk.audit.getMyActivity(params?)

REST: GET /api/v1/audit/me/activity

Returns the audit history for the currently authenticated user:

const activity = await sdk.audit.getMyActivity({ page: 1, limit: 25 });

Get my login history

SDK: sdk.audit.getMyLoginHistory(params?)

REST: GET /api/v1/audit/me/logins

const logins = await sdk.audit.getMyLoginHistory({ page: 1, limit: 10 });

Get activity for a specific user

SDK: sdk.audit.getUserActivity(userId, params?)

REST: GET /api/v1/audit/users/{userId}/activity

const activity = await sdk.audit.getUserActivity('a1b2c3d4-...', {
  page: 1,
  limit: 25,
});

Get login history for a specific user

SDK: sdk.audit.getUserLoginHistory(userId, params?)

REST: GET /api/v1/audit/users/{userId}/logins

const logins = await sdk.audit.getUserLoginHistory('a1b2c3d4-...');

Get resource history

SDK: sdk.audit.getResourceHistory(resourceType, resourceId, params?)

REST: GET /api/v1/audit/resources/{resourceType}/{resourceId}/history

Returns all audit events associated with a specific resource:

const history = await sdk.audit.getResourceHistory(
  'user',
  'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
  { page: 1, limit: 50 }
);

history.items.forEach((e) => console.log(e.action, e.userEmail, e.timestamp));

MFA management (sdk.mfa)

Set up an MFA method

SDK: sdk.mfa.setup(params)

REST: POST /api/v1/auth/mfa/setup

const setup = await sdk.mfa.setup({
  method: 'totp',
  password: 'CurrentPass123!',
});

console.log(setup.qrCode);      // Render as <img> for the user to scan
console.log(setup.secret);      // Manual entry fallback
console.log(setup.backupCodes); // One-time backup codes

method accepts: 'totp' | 'sms' | 'email' | 'backup_codes'

Returns: SetupMFAResponse

interface SetupMFAResponse {
  secret?: string;
  qrCode?: string;
  backupCodes?: string[];
  message?: string;
}

Confirm MFA setup

SDK: sdk.mfa.verifySetup(params)

REST: POST /api/v1/auth/mfa/verify-setup

After the user scans the QR code, confirm with the 6-digit code:

await sdk.mfa.verifySetup({
  code: '123456',
  method: 'totp',
});

Disable MFA

SDK: sdk.mfa.disable(params)

REST: POST /api/v1/auth/mfa/disable

await sdk.mfa.disable({
  password: 'CurrentPass123!',
});

Regenerate backup codes

SDK: sdk.mfa.regenerateBackupCodes(params)

REST: POST /api/v1/auth/mfa/backup-codes

const { backupCodes } = await sdk.mfa.regenerateBackupCodes({
  password: 'CurrentPass123!',
});

Set up SMS MFA

SDK: sdk.mfa.setupSMS(params)

REST: POST /api/v1/auth/mfa/sms/setup

await sdk.mfa.setupSMS({
  phoneNumber: '+1234567890',
  password: 'CurrentPass123!',
});

Confirm SMS setup

SDK: sdk.mfa.verifySMSSetup(code)

REST: POST /api/v1/auth/mfa/sms/verify-setup

await sdk.mfa.verifySMSSetup('654321');

Send SMS OTP

SDK: sdk.mfa.sendSMSOTP()

REST: POST /api/v1/auth/mfa/sms/send

Triggers an SMS to be sent to the user's registered phone number:

await sdk.mfa.sendSMSOTP();

Disable SMS MFA

SDK: sdk.mfa.disableSMS(params)

REST: POST /api/v1/auth/mfa/sms/disable

await sdk.mfa.disableSMS({
  password: 'CurrentPass123!',
});