Docs
SDKs

Node.js SDKs.

Typed, generated from the live OpenAPI specs, MIT-licensed, server-side.

Every product on the ProductCraft platform ships an official Node.js / TypeScript SDK published to npm. The SDKs are generated from the same OpenAPI specs the API reference docs render from — so the types you see in your editor always match the wire shape in production.

Install

Pick one product or grab the umbrella

Install the per-product package when you only need one surface. Install the umbrella when you call more than one from the same backend — it pulls each per-product package as a dependency.

install one product
npm install @productcraft/heimdall
# or
pnpm add @productcraft/envoi
# or
yarn add @productcraft/rally
install the umbrella
npm install productcraft

Packages

What's on npm

All packages live under the @productcraft scope. The umbrella is the unscoped 'productcraft' package.

@productcraft/heimdall

Customer auth & EndUsers — sign-in flows, OAuth (Apple, Google), MFA, sessions, JWT verification with a built-in JWKS cache. Hand-rolled ergonomic layer on top of the generated client.

View on npm ↗

Read more

@productcraft/envoi

Receive-and-store mail platform — template-rendered sends with idempotency, workspace-scoped mailboxes + domains + DKIM, message timeline, suppression lists, signed outbound webhooks.

View on npm ↗

Read more

@productcraft/rally

Waitlist management — public-form signups (callable unauthenticated from a marketing site), variants for A/B/n landing pages, referrals, leaderboard, approval workflow with invite-to-app, signed outbound webhooks, CSV export.

View on npm ↗

Read more

@productcraft/agora

Social infrastructure as an API — communities, posts, ranked feeds, stories with polls and close-friends, notifications, moderation.

View on npm ↗

Read more

@productcraft/platform-auth

PlatformUser auth + workspaces + members + invites + roles + IAM policies + PAKs + introspect. The platform-side identity layer your ProductCraft team account lives on. (For your own product users, use @productcraft/heimdall.)

View on npm ↗

Read more

@productcraft/heimdall-passport

Passport-JWT adapter for Heimdall. Plug a Heimdall ConsumerScope into a `passport-jwt` Strategy so existing Passport setups can verify Heimdall-issued tokens.

View on npm ↗

Read more

productcraft

All-in-one umbrella package. One install, one auth credential, one class with every surface attached (`pc.heimdall`, `pc.envoi`, `pc.rally`, …). Install this when you call more than one ProductCraft API from the same backend.

View on npm ↗

Read more

Quickstart

Hello, Heimdall

A minimum viable Heimdall integration through the BFF pattern. The SDK ships a Platform API Key in theAuthorization header — keep it server-side; never embed it in a browser bundle.

server.ts
import { Heimdall } from "@productcraft/heimdall";

const heimdall = new Heimdall({
  auth: { type: "apiKey", key: process.env.PCFT_KEY! },
});

const consumer = heimdall.consumer("my-app-slug");

// Email + password sign-in
const { access_token, refresh_token } = await consumer.auth.signin({
  identifier: "alice@example.com",
  password: "...",
});

// Sign in with Apple (native iOS flow)
await consumer.auth.signinWithProvider({
  provider: "apple",
  id_token: identityTokenFromAppleSdk,
  nonce: rawNonceClientGenerated,
});

// Verify a token your client just minted
const claims = await consumer.verifyToken(access_token);

Umbrella

Hello, ProductCraft

Install productcraft when you call more than one ProductCraft API from the same backend. One auth credential is shared across all surfaces; per-surfacebaseUrl overrides are available for staging environments.

server.ts
import { ProductCraft } from "productcraft";

const pc = new ProductCraft({
  auth: { type: "apiKey", key: process.env.PCFT_KEY! },
});

// Heimdall — sign in an EndUser
await pc.heimdall.consumer("my-app").auth.signin({
  identifier: "alice@example.com",
  password: "...",
});

// Envoi — send a transactional email from the same backend
await pc.envoi.client.POST(
  "/v1/mailboxes/{mailboxId}/messages/send",
  {
    params: { path: { mailboxId: "mbx_..." } },
    body: { to: "alice@example.com", from: "hello@yourbrand.com",
            subject: "Welcome", html: "<p>Hi!</p>" },
  },
);

How they're built

Spec-driven, low maintenance

Every per-surface SDK regenerates from the live /docs-json OpenAPI spec of its API. A nightly CI job in clauderanelagh/productcraft-node refreshes the specs, regenerates the typed clients, and opens a PR with the diff. Merging triggers a Changesets release that publishes the affected packages to npm with provenance attestations.

What that means for you: the types in your editor always match what production accepts. New endpoints land in the SDK without you (or us) hand-rolling another binding.

View on GitHubHeimdall quickstart