v7.0.0.beta.1

Author: Ian-Montgomery-Klaviyo

CHANGELOG.md

@@ -1,53 +1,66 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-## [7.0.0] - revision 2023-10-15
+## [7.0.0-beta.1] - revision 2023-10-15
 
 ### Added
 
-#### Support for returning list suppressions via the [/profiles endpoint](https://developers.klaviyo.com/en/reference/get_profiles)
+- OAuth Support
+  - `OAuthApi` - Holds integration configuration and outlines how the SDK will interact with your application access and refresh token storage
+  - `OAuthSession` - Makes API calls using OAuth and automatically updates `access tokens` when needed
+  - `OAuthBasicSession` - Makes API calls with OAuth with no automatic updating
+
+  Learn how to use OAuth in the [README](README.md) and in the sample [application](https://github.com/klaviyo-labs/node-integration-example)
+
+## [7.0.0] - revision 2023-10-15
+
+### Added
 
-We now support filtering on list suppression with the get profiles endpoint, which brings us to parity with v2 list suppression endpoint that was the previously recommended solution.
+- Support for returning list suppressions via the [/profiles endpoint](https://developers.klaviyo.com/en/reference/get_profiles)
 
-Rules for suppression [filtering](https://developers.klaviyo.com/en/docs/filtering_):  
+  Rules for suppression [filtering](https://developers.klaviyo.com/en/docs/filtering_):  
 
-- You may not mix-and-match list and global filters  
-- You may only specify a single date filter  
-- You may or may not specify a reason  
-- You must specify a list_id to filter on any list suppression properties
+  - You may not mix-and-match list and global filters  
+  - You may only specify a single date filter  
+  - You may or may not specify a reason  
+  - You must specify a list_id to filter on any list suppression properties
 
-Examples:
+  Examples:
 
-```
-{filter: 'greater-than(subscriptions.email.marketing.suppression.timestamp,2023-03-01T01:00:00Z)'}
-{filter: 'greater-than(subscriptions.email.marketing.list_suppressions.timestamp,2023-03-01T01:00:00Z),equals(subscriptions.email.marketing.list_suppressions.list_id,”LIST_ID”')
-{filter: 'greater-than(subscriptions.email.marketing.suppression.timestamp,2023-03-01T01:00:00Z),equals(subscriptions.email.marketing.suppression.reason,"user_suppressed"')
-```
-##### Optionally retrieve subscription status on Get List Profiles, Get Segment Profiles, Get Event Profile 
-Now you can retrieve subscription status on any endpoint that returns profiles, including `getListProfiles`, `getSegmentProfiles` and `getEventProfile`.  Use `{additionalFieldsProfile: ['subscriptions']}` on these endpoints to include subscription information.
+  ```
+  {filter: 'greater-than(subscriptions.email.marketing.suppression.timestamp,2023-03-01T01:00:00Z)'}
+  {filter: 'greater-than(subscriptions.email.marketing.list_suppressions.timestamp,2023-03-01T01:00:00Z),equals(subscriptions.email.marketing.list_suppressions.list_id,”LIST_ID”')
+  {filter: 'greater-than(subscriptions.email.marketing.suppression.timestamp,2023-03-01T01:00:00Z),equals(subscriptions.email.marketing.suppression.reason,"user_suppressed"')
+  ```
+- Optionally retrieve subscription status on:
+  - `getListProfiles`
+  - `getSegmentProfiles`
+  - `getEventProfile`
+  
+  Use `{additionalFieldsProfile: ['subscriptions']}` on these endpoints to include subscription information.
 
-### Breaking changes
+### Changed
 
-#### Subscription object not returned by default on Get Profile / Get Profiles
+- Subscription object not returned by default on Get Profile / Get Profiles
 
-The subscription object is no longer returned by default with get profile(s) requests. However, it can be included by adding  `?additional-fields[profile]=subscriptions` to the request. This change will allow us to provide a more performant experience when making requests to `GetProfiles` without including the subscriptions object.
+  The subscription object is no longer returned by default with get profile(s) requests. However, it can be included by adding  `?additional-fields[profile]=subscriptions` to the request. This change will allow us to provide a more performant experience when making requests to `GetProfiles` without including the subscriptions object.
 
-#### Profile Subscription Fields Renamed
+- Profile Subscription Fields Renamed
 
-In the interest of providing more clarity and information on the subscription object, we have renamed several fields, and added several as well. This will provide more context on a contact's subscriptions and consent, as well as boolean fields to see who you can or cannot message.
+  In the interest of providing more clarity and information on the subscription object, we have renamed several fields, and added several as well. This will provide more context on a contact's subscriptions and consent, as well as boolean fields to see who you can or cannot message.
 
-For SMSMarketing:
+  For SMSMarketing:
 
-- `timestamp` is now `consentTimestamp`
-- `lastUpdated` is a new field that mirrors `consenTimestamp`
-- `canReceiveSmsMarketing` is a new field which is `True` if the profile is consented for SMS 
+  - `timestamp` is now `consentTimestamp`
+  - `lastUpdated` is a new field that mirrors `consenTimestamp`
+  - `canReceiveSmsMarketing` is a new field which is `True` if the profile is consented for SMS 
 
-For EmailMarketing:
+  For EmailMarketing:
 
-- `timestamp` is now `consentTimestamp`
-- `canReceiveEmailMarketing` is True if the profile does not have a global suppression
-- `suppressions` is now `suppression`
-- `lastUpdated` is a new field that is the most recent of all the dates on the object
+  - `timestamp` is now `consentTimestamp`
+  - `canReceiveEmailMarketing` is True if the profile does not have a global suppression
+  - `suppressions` is now `suppression`
+  - `lastUpdated` is a new field that is the most recent of all the dates on the object
 
 ## [6.0.1] - revision 2023-09-15
 ### Fixed

README.md

@@ -1,6 +1,6 @@
 # Klaviyo Typescript SDK
 
-- SDK version: 7.0.0
+- SDK version: 7.0.0-beta.1
 
 - Revision: 2023-10-15
 
@@ -47,7 +47,7 @@ This SDK is organized into the following resources:
 
 You can install this library using `npm`.
 
-`npm install [email protected]`
+`npm install [email protected]-beta.1`
 
 
 ## source code
@@ -206,6 +206,170 @@ Profiles.getProfiles().then(result => {
 });
 ```
 
+## Using OAuth to connect to multiple Klaviyo accounts.
+
+For users creating integrations or managing multiple Klaviyo accounts, Klaviyo's OAuth authentication will make these tasks easier.
+
+### Getting started with OAuth
+
+First, configure an integration. If you haven't set up an integration, learn about it in this [guide](https://help.klaviyo.com/hc/en-us/articles/18819413031067#h_01HACEKGF2DBDMGJ4JG6TV4AMN)
+
+### Making API Calls with OAuth
+The `klaviyo-api` package can keep your `access token` up to date. If you have already developed a system for refreshing tokens or would like a more minimalist option, skip to [OAuthBasicSession](#oauthbasicsession)
+
+#### TokenStorage
+For the OAuthApi to be storage agnostic, this interface must be implemented for the `OAuthApi` to retrieve and save you `access` and `refresh` tokens.
+Implement the `retrieve` and `save` functions outlined in the interface. If you need help getting started, check out the `storageHelpers.ts` in the [Klaviyo Example Typescript Integration](https://github.com/klaviyo-labs/node-integration-example)
+
+Your implementation needs to include two methods:
+1. `save` is called after creating a new `access token` via the authorization flow or after refreshing the `access token`.
+    Your code needs to update (and insert if you are going to be using `createTokens()`) the new `access` or `refresh` token information into storage
+    to keep track of which of your integration users' access information you are referencing, the `customerIdentifer` is a unique value to help with lookup later.
+    ```typescript
+    save(customerIdentifier: string, tokens: CreatedTokens): Promise<void> | void
+    ```
+2. `retrieve` leverages the `customerIdentifier` to look up the saved token information and returns it for the `OAuthApi` to use
+    ```typescript
+    retrieve(customerIdentifier: string): Promise<RetrievedTokens> | RetrievedTokens
+    ```
+
+```typescript
+import { TokenStorage } from 'klaviyo-api';
+class <Your Token Storage Class Name Here> implements TokenStorage
+```
+
+#### OAuthApi
+This class holds the information about your specific integration. It takes three inputs:
+1. `clientId` - This is the id of your integration. Retrieve it from your integration's settings page
+2. `clientSecret` - This is the secret for your integration. The secret is generated upon the creation of your integration.
+3. `tokenStorage` - This is an instance of your implementation of `TokenStorage` and is called automatically when creating and refreshing `access tokens`
+
+
+```typescript
+import { OAuthApi } from 'klaviyo-api';
+
+const oauthApi = new OAuthApi("<client id>", "<client secret>", <instance of your TokenStorage implimentation>)
+```
+
+#### `OAuthSession`
+To make an API call, you need to create an `OAuthSession` instance. This session object is the OAuth equivalent of `ApiKeySession` and is used similarly.
+
+It takes two properties
+1. `customerIdentifier` - This is how the session is going to grab a user's authentication information and let your implementation of `TokenStorage` know where to save any update `access token`
+2. `oauthApi` - This is the instance of `OAuthApi` created above. It will dictate how the session `saves` and `retrieves` the `access tokens`
+3. `retryOptions` - OPTIONAL - the `RetryOptions` instance outlines your desired exponential backoff retry options, outlined in [Retry Options](#retry-options) above
+
+```typescript
+import { OAuthSession, ProfilesApi } from 'klaviyo-api';
+
+const session = new OAuthSession(customerIdentifier, oauthApi)
+
+//Pass the session into the API you want to use
+const profileApi = new ProfilesApi(session)
+```
+
+#### `OAuthBasicSession`
+If you don't want to deal with any of the helpers above or don't want `klaviyo-api` to refresh your tokens for you, this is the alternative.
+
+The `OAuthBasicSession` takes up to two parameters
+1. `accessToken` - The token is used in the API calls' authentication
+2. `retryOptions` - OPTIONAL - the `RetryOptions` instance outlines your desired exponential backoff retry options, outlined in [Retry Options](#retry-options) above
+
+```typescript
+import { OAuthBasicSession } from 'klaviyo-api';
+
+const session = new OAuthBasicSession("<access token>")
+
+//Pass the session into the API you want to use
+const profileApi = new ProfilesApi(session)
+```
+
+Remember to check for `401` errors. A 401 means that your token is probably expired.
+
+#### `KlaviyoTokenError`
+
+If an error occurred during an API call, check the error type with `isKlaviyoTokenError`. The name property will reflect which step the error occurred, reflecting whether it happened during creating, refreshing, saving, or retrieving the `name` tokens. The `cause` property will hold the error object of whatever specific error occurred.
+
+### Authorization Flow
+
+Build The authorization flow in the same application as with the rest of your integrations business logic or separately.
+There is no requirement that the authorization flow has to be backend and can be implemented entirely in a frontend application (in that case, you can ignore this section, as this repo shouldn't use this for frontend code)
+
+To understand the authorization flow, there are two major resources to help:
+1. [OAuth authorization guide](https://help.klaviyo.com/hc/en-us/articles/18819413031067)
+2. [Node Integration Example](https://github.com/klaviyo-labs/node-integration-example)
+
+If you implement your authorization flow on a node server, you can use these exposed helper functions.
+
+#### OAuthApi
+
+The OAuthApi class also exposes helpful Authorization flow utilities.
+
+1. `generateAuthorizeUrl` - This helps correctly format the Klaviyo `/oauth/authorize` URL the application needs to redirect to so a user can approve your integration.
+   1. `state` - This is the only way to identify which user just authorized your application (or failed to). `state` is passed back via query parameter to your `redirectUrl`.
+   2. `scope` - The permissions the created `access tokens` will have. The user will be displayed these scopes during the authorization flow. For these permissions to work, also add them to your app settings in Klaviyo [here](www.klaviyo.com/oauth/client)
+   3. `codeChallenge` - This is the value generated above by the `generateCode` function.
+   4. `redirectUrl` - This is the URL that Klaviyo will redirect the user to once Authorization is completed (even if it is denied or has an error).
+   Remember to whitelist this redirect URL in your integration's settings in Klaviyo.
+   ```typescript
+    import { OAuthApi } from 'klaviyo-api'
+
+    const oauthApi = new OAuthApi("<client id>", "<client secret>", <TokenStorage implementation instance>)
+    oauthApi.generateAuthorizeUrl(
+      state, // It's suggested to use your internal identifier for the Klaviyo account that is authorizing
+      scopes,
+      codeChallenge,
+      redirectUrl
+    )
+    ```
+2. `createTokens` - Uses Klaviyo `/oauth/token/` endpoint to create `access` and `refresh` tokens
+   1. `customerIdentifier` - This ID is NOT sent to Klaviyo's API. If the `/token` API call this method wraps is successful, the created tokens will be passed into your `save` method along with this `customerIdentifier`  in your implementation of `TokenStorage`.
+   2. `codeVerifier` - The verifier code must match the challenge code in the authorized URL redirect.
+   3. `authorizationCode`- A User approving your integration creates this temporary authorization code. Your specified redirect URL receives this under a `code` query parameter.
+   4. `redirectUrl` - The endpoint set in `generateAuthorizeUrl`. Whitelist the URL in your application settings.
+
+   ```typescript
+    import { OAuthApi } from 'klaviyo-api'
+
+    const oauthApi = new OAuthApi("<client id>", "<client secret>", <TokenStorage implementation instance>)
+    await oauthApi.createTokens(
+      customerIdentifier,
+      codeVerifier,
+      authorizationCode,
+      redirectUrl
+    )
+   ```
+3. `OAuthCallbackQueryParams` For typescript users, this object is an interface representing the possible query parameters sent to your redirect endpoint
+
+
+
+#### Proof Key of Code Exchange (PKCE)
+
+All the PKCE helper functions live within the `Pkce` namespace. Read about PKCE [here](https://help.klaviyo.com/hc/en-us/articles/18819413031067#h_01HACEKGF3AZ2KFGVPSSZNR5QW)
+
+```typescript
+import { Pkce } from 'klaviyo-api'
+```
+
+The `Pkce` namespace holds two different helper utilities
+1. `generateCodes` - This method will create the `codeVerifier` and `codeChallenge` needed later in the authorization flow.
+
+    ```typescript
+    import { Pkce } from 'klaviyo-api'
+
+    const pkceCodes = new Pkce.generateCodes()
+    // the two codes can be accessed by
+    const codeVerifier: string = pkceCodes.codeVerifier
+    const codeChallenge: string = pkceCodes.codeChallenge
+    ```
+
+2. `CodeStorage` - This is an OPTIONAL interface to help keep your code organized, to relate a `customerIdentifier` to their generated PKCE code
+
+    ```typescript
+    import { Pkce } from 'klaviyo-api'
+    class <Your Code Storage Class Here> implements Pkce.CodeStorage
+    ```
+
 ## Optional Parameters and [JSON:API](https://jsonapi.org/) features
 
 Here we will go over

api/accountsApi.ts

@@ -37,10 +37,7 @@ export class AccountsApi {
     session: Session
 
     protected _basePath = defaultBasePath;
-    protected _defaultHeaders : any = {
-        revision: "2023-10-15",
-        "User-Agent": "klaviyo-api-node/7.0.0"
-    };
+    protected _defaultHeaders : any = {};
     protected _useQuerystring : boolean = false;
 
     constructor(session: Session){
@@ -105,21 +102,27 @@ export class AccountsApi {
             params: localVarQueryParameters,
         }
 
-        this.session.applyToRequest(config)
-
-        return backOff<{ response: AxiosResponse; body: GetAccountResponse;  }>( () => {
-            return new Promise<{ response: AxiosResponse; body: GetAccountResponse;  }>((resolve, reject) => {
-                axios(config)
-                    .then(axiosResponse => {
-                        let body;
-                        body = ObjectSerializer.deserialize(axiosResponse.data, "GetAccountResponse");
-                        resolve({ response: axiosResponse, body: body });
-                    })
-                    .catch(error => {
-                        reject(error);
-                    })
-            });
-        }, this.session.getRetryOptions());
+        await this.session.applyToRequest(config)
+
+        const request = async (config: AxiosRequestConfig, retried = false): Promise<{ response: AxiosResponse; body: GetAccountResponse;  }> => {
+            try {
+                const axiosResponse = await axios(config)
+                let body;
+                body = ObjectSerializer.deserialize(axiosResponse.data, "GetAccountResponse");
+                return ({response: axiosResponse, body: body});
+            } catch (error) {
+                if (await this.session.refreshAndRetry(error, retried)) {
+                    await this.session.applyToRequest(config)
+                    return request(config, true)
+                }
+                throw error
+            }
+        }
+
+        return backOff<{ response: AxiosResponse; body: GetAccountResponse;  }>(
+            () => {return request(config)},
+            this.session.getRetryOptions()
+        );
     }
     /**
      * Retrieve the account(s) associated with a given private API key. This will return 1 account object within the array.  You can use this to retrieve account-specific data (contact information, timezone, currency, Public API key, etc.) or test if a Private API Key belongs to the correct account prior to performing subsequent actions with the API.<br><br>*Rate limits*:<br>Burst: `1/s`<br>Steady: `15/m`  **Scopes:** `accounts:read`
@@ -153,20 +156,26 @@ export class AccountsApi {
             params: localVarQueryParameters,
         }
 
-        this.session.applyToRequest(config)
-
-        return backOff<{ response: AxiosResponse; body: GetAccountResponseCollection;  }>( () => {
-            return new Promise<{ response: AxiosResponse; body: GetAccountResponseCollection;  }>((resolve, reject) => {
-                axios(config)
-                    .then(axiosResponse => {
-                        let body;
-                        body = ObjectSerializer.deserialize(axiosResponse.data, "GetAccountResponseCollection");
-                        resolve({ response: axiosResponse, body: body });
-                    })
-                    .catch(error => {
-                        reject(error);
-                    })
-            });
-        }, this.session.getRetryOptions());
+        await this.session.applyToRequest(config)
+
+        const request = async (config: AxiosRequestConfig, retried = false): Promise<{ response: AxiosResponse; body: GetAccountResponseCollection;  }> => {
+            try {
+                const axiosResponse = await axios(config)
+                let body;
+                body = ObjectSerializer.deserialize(axiosResponse.data, "GetAccountResponseCollection");
+                return ({response: axiosResponse, body: body});
+            } catch (error) {
+                if (await this.session.refreshAndRetry(error, retried)) {
+                    await this.session.applyToRequest(config)
+                    return request(config, true)
+                }
+                throw error
+            }
+        }
+
+        return backOff<{ response: AxiosResponse; body: GetAccountResponseCollection;  }>(
+            () => {return request(config)},
+            this.session.getRetryOptions()
+        );
     }
 }