SDK — JavaScript / TypeScript
@vereid/js — the universal isomorphic SDK for VEREID Social, Auth, and Identity.
Last updated 2026-05-20
@vereid/js is the universal SDK. It runs in Node ≥18, every modern browser (via the /browser entry), Bun, Deno, and edge runtimes (Vercel Edge, Cloudflare Workers). It is the dependency that powers @vereid/react, the CLI, and the official Auth/Identity reference apps.
- Repo: github.com/vereid/sdk (
packages/js) - License: MIT
- Size: ~12 KB gzipped, tree-shakeable
Install
npm install @vereid/js
# or
pnpm add @vereid/js
# or
yarn add @vereid/jsThe package ships ESM and CJS entry points, full TypeScript types, and a slim browser build.
Quickstart
import { Vereid } from "@vereid/js";
const vereid = new Vereid({ apiKey: process.env.VEREID_API_KEY });
// Social
const profile = await vereid.social.profiles.get("@mina");
// Auth — server-side authorization code exchange
const tokens = await vereid.auth.exchangeCode({
code,
codeVerifier,
redirectUri: "https://yourapp.com/auth/callback",
});
// Identity
const session = await vereid.verify.sessions.create({
tiers: ["T1", "T2"],
reference: "user_42",
});Configuration
const vereid = new Vereid({
apiKey: process.env.VEREID_API_KEY, // required, server-side
baseUrl: "https://api.vereid.com", // default
timeoutMs: 10_000, // per-request
retry: { maxAttempts: 5, baseMs: 250 }, // honours retry-after
userAgent: "myapp/1.4.2",
fetch: globalThis.fetch, // injectable for testing
});Promise vs streaming
All list endpoints return both a thenable page and an async iterator over every page. Iterate with for await:
for await (const post of vereid.social.timeline.iterate("@mina")) {
console.log(post.body);
}The iterator transparently follows next_cursor and stops when the timeline is exhausted.
Webhook verification helper
A first-class helper bundled with the SDK — same algorithm as the Webhooks page, but you do not need to copy it:
import { verifyWebhook } from "@vereid/js/webhooks";
app.post("/webhooks/vereid", express.raw({ type: "*/*" }), (req, res) => {
const ok = verifyWebhook(req.body, req.header("vereid-signature"), SECRET);
if (!ok) return res.status(400).end();
// ... handle event
res.status(204).end();
});Browser build
The @vereid/js/browser entry exposes only the safe subset — public read endpoints, OIDC PKCE helpers, hosted-flow redirectors. It refuses to accept an API key, so accidental client-side key exposure is impossible.
import { VereidBrowser } from "@vereid/js/browser";
const vereid = new VereidBrowser({ clientId: "app_••••" });
const challenge = await vereid.auth.beginPkce({
redirectUri: window.location.origin + "/callback",
scope: "openid email profile vereid:verification",
});
window.location.href = challenge.authorizationUrl;Error handling
Every error thrown by the SDK is a subclass of VereidError and carries the RFC 9457 problem document plus the request ID for support tickets:
try {
await vereid.verify.sessions.create({ tiers: ["T7"] });
} catch (e) {
if (e instanceof VereidValidationError) {
console.error(e.detail, "request_id:", e.requestId);
}
}Testing
@vereid/js/test exports a MockVereid you can swap in for the real client. It records every call and lets you script responses without an HTTP server:
import { MockVereid } from "@vereid/js/test";
const vereid = new MockVereid();
vereid.verify.sessions.create.mockResolvedValueOnce({
id: "vs_test",
status: "pending",
hosted_url: "https://id.vereid.com/s/test",
});Compatibility
- Node 18, 20, 22, 24
- Bun 1.x
- Deno 1.x with
--allow-net=api.vereid.com - Cloudflare Workers / Vercel Edge runtime
- Chrome, Firefox, Safari ≥ 16, Edge
Versioning
Semver. Breaking changes only on major bumps. The full changelog ships at npm/@vereid/js and is mirrored on the docs changelog.