export type externaldatav1SignatureScheme = "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; export type protobufAny = { "@type"?: string; [key: string]: any; }; export type rpcStatus = { code?: number; message?: string; details?: protobufAny[]; }; export type v1AddressFormat = "ADDRESS_FORMAT_UNCOMPRESSED" | "ADDRESS_FORMAT_COMPRESSED" | "ADDRESS_FORMAT_ETHEREUM" | "ADDRESS_FORMAT_SOLANA" | "ADDRESS_FORMAT_COSMOS" | "ADDRESS_FORMAT_TRON" | "ADDRESS_FORMAT_SUI" | "ADDRESS_FORMAT_APTOS" | "ADDRESS_FORMAT_BITCOIN_MAINNET_P2PKH" | "ADDRESS_FORMAT_BITCOIN_MAINNET_P2SH" | "ADDRESS_FORMAT_BITCOIN_MAINNET_P2WPKH" | "ADDRESS_FORMAT_BITCOIN_MAINNET_P2WSH" | "ADDRESS_FORMAT_BITCOIN_MAINNET_P2TR" | "ADDRESS_FORMAT_BITCOIN_TESTNET_P2PKH" | "ADDRESS_FORMAT_BITCOIN_TESTNET_P2SH" | "ADDRESS_FORMAT_BITCOIN_TESTNET_P2WPKH" | "ADDRESS_FORMAT_BITCOIN_TESTNET_P2WSH" | "ADDRESS_FORMAT_BITCOIN_TESTNET_P2TR" | "ADDRESS_FORMAT_BITCOIN_SIGNET_P2PKH" | "ADDRESS_FORMAT_BITCOIN_SIGNET_P2SH" | "ADDRESS_FORMAT_BITCOIN_SIGNET_P2WPKH" | "ADDRESS_FORMAT_BITCOIN_SIGNET_P2WSH" | "ADDRESS_FORMAT_BITCOIN_SIGNET_P2TR" | "ADDRESS_FORMAT_BITCOIN_REGTEST_P2PKH" | "ADDRESS_FORMAT_BITCOIN_REGTEST_P2SH" | "ADDRESS_FORMAT_BITCOIN_REGTEST_P2WPKH" | "ADDRESS_FORMAT_BITCOIN_REGTEST_P2WSH" | "ADDRESS_FORMAT_BITCOIN_REGTEST_P2TR" | "ADDRESS_FORMAT_SEI" | "ADDRESS_FORMAT_XLM" | "ADDRESS_FORMAT_DOGE_MAINNET" | "ADDRESS_FORMAT_DOGE_TESTNET" | "ADDRESS_FORMAT_TON_V3R2" | "ADDRESS_FORMAT_TON_V4R2" | "ADDRESS_FORMAT_TON_V5R1" | "ADDRESS_FORMAT_XRP" | "ADDRESS_FORMAT_SPARK_MAINNET" | "ADDRESS_FORMAT_SPARK_REGTEST"; export type v1ApiKeyCurve = "API_KEY_CURVE_P256" | "API_KEY_CURVE_SECP256K1" | "API_KEY_CURVE_ED25519"; export type v1ApiKeyParamsV2 = { /** Human-readable name for an API Key. */ apiKeyName: string; /** The public component of a cryptographic key pair used to sign messages and transactions. */ publicKey: string; /** The curve type to be used for processing API key signatures. */ curveType: v1ApiKeyCurve; /** Optional window (in seconds) indicating how long the API Key should last. */ expirationSeconds?: string; }; export type v1AppProof = { /** Scheme of signing key. */ scheme: externaldatav1SignatureScheme; /** Ephemeral public key. */ publicKey: string; /** JSON serialized AppProofPayload. */ proofPayload: string; /** Signature over hashed proof_payload. */ signature: string; }; export type v1Attestation = { /** The cbor encoded then base64 url encoded id of the credential. */ credentialId: string; /** A base64 url encoded payload containing metadata about the signing context and the challenge. */ clientDataJson: string; /** A base64 url encoded payload containing authenticator data and any attestation the webauthn provider chooses. */ attestationObject: string; /** The type of authenticator transports. */ transports: v1AuthenticatorTransport[]; }; export type v1AuthenticatorParamsV2 = { /** Human-readable name for an Authenticator. */ authenticatorName: string; /** Challenge presented for authentication purposes. */ challenge: string; /** The attestation that proves custody of the authenticator and provides metadata about it. */ attestation: v1Attestation; }; export type v1AuthenticatorTransport = "AUTHENTICATOR_TRANSPORT_BLE" | "AUTHENTICATOR_TRANSPORT_INTERNAL" | "AUTHENTICATOR_TRANSPORT_NFC" | "AUTHENTICATOR_TRANSPORT_USB" | "AUTHENTICATOR_TRANSPORT_HYBRID"; export type v1ClientSignature = { /** The public component of a cryptographic key pair used to create the signature. */ publicKey: string; /** The signature scheme used to generate the client signature. */ scheme: v1ClientSignatureScheme; /** The message that was signed. */ message: string; /** The cryptographic signature over the message. */ signature: string; }; export type v1ClientSignatureScheme = "CLIENT_SIGNATURE_SCHEME_API_P256"; export type v1Curve = "CURVE_SECP256K1" | "CURVE_ED25519" | "CURVE_P256"; export type v1GetAccountRequest = { /** Specifies the type of filter to apply, i.e 'CREDENTIAL_ID', 'NAME', 'USERNAME', 'EMAIL', 'PHONE_NUMBER', 'OIDC_TOKEN' or 'PUBLIC_KEY' */ filterType: string; /** The value of the filter to apply for the specified type. For example, a specific email or name string. */ filterValue: string; /** Signed JWT containing a unique id, expiry, verification type, contact. Used to verify access to PII (email/phone number) when filter_type is 'EMAIL' or 'PHONE_NUMBER'. */ verificationToken?: string; /** OIDC token to verify access to PII (email/phone number) when filter_type is 'EMAIL' or 'PHONE_NUMBER'. Needed for social linking when verification_token is not available. */ oidcToken?: string; }; export type v1GetAccountResponse = { organizationId?: string; }; export type v1GetWalletKitConfigRequest = {}; export type v1GetWalletKitConfigResponse = { /** List of enabled authentication providers (e.g., 'facebook', 'google', 'apple', 'email', 'sms', 'passkey', 'wallet') */ enabledProviders: string[]; /** Session expiration duration in seconds */ sessionExpirationSeconds: string; /** The organization ID this configuration applies to */ organizationId: string; /** Mapping of social login providers to their OAuth client IDs. */ oauthClientIds?: Record; /** OAuth redirect URL to be used for social login flows. */ oauthRedirectUrl?: string; otpAlphanumeric?: boolean; otpLength?: string; }; export type v1InitOtpRequest = { type: "ACTIVITY_TYPE_INIT_OTP_V3"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitOtpIntentV3; generateAppProofs?: boolean; }; export type v1InitOtpResponse = { /** Unique identifier for an OTP authentication */ otpId: string; }; export type v1InitOtpV2Request = { /** Enum to specify whether to send OTP code via SMS or email */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1ProxyEmailCustomizationParams; }; export type v1InitOtpV2Response = { /** Unique identifier for an OTP flow. */ otpId: string; /** Signed bundle containing a target encryption key to use when submitting OTP codes. */ otpEncryptionTargetBundle: string; }; export type v1OAuth2AuthenticateRequest = { /** The OAuth 2.0 provider to authenticate with */ provider: v1Oauth2Provider; /** The auth_code provided by the OAuth 2.0 to the end user to be exchanged for a Bearer token in the OAuth 2.0 flow */ authCode: string; /** The URI the user is redirected to after they have authenticated with the OAuth 2.0 provider */ redirectUri: string; /** The code verifier used by OAuth 2.0 PKCE providers */ codeVerifier: string; /** A nonce value set to sha256(publicKey), used to bind the OIDC token to a specific public key */ nonce: string; /** The client ID registered with the OAuth 2.0 provider */ clientId: string; }; export type v1OAuth2AuthenticateResponse = { /** A Turnkey issued OIDC token to be used with the LoginWithOAuth activity */ oidcToken: string; }; export type v1OAuthLoginRequest = { /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the oidc token associated with this request */ publicKey: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; /** Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the OIDC token to look up the associated organization id. */ organizationId?: string; }; export type v1OAuthLoginResponse = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1Oauth2Provider = "OAUTH2_PROVIDER_X" | "OAUTH2_PROVIDER_DISCORD"; export type v1OauthProviderParams = { /** Human-readable name to identify a Provider. */ providerName: string; /** Base64 encoded OIDC token */ oidcToken: string; }; export type v1OauthProviderParamsV2 = { /** Human-readable name to identify a Provider. */ providerName: string; } & ({ oidcToken: string; } | { /** OIDC claims (iss, sub, aud) to uniquely identify the user */ oidcClaims: v1OidcClaims; }); export type v1OidcClaims = { /** The issuer identifier from the OIDC token (iss claim) */ iss: string; /** The subject identifier from the OIDC token (sub claim) */ sub: string; /** The audience from the OIDC token (aud claim) */ aud: string; }; export type v1OtpLoginRequest = { type: "ACTIVITY_TYPE_OTP_LOGIN_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1OtpLoginIntentV2; generateAppProofs?: boolean; }; export type v1OtpLoginResponse = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1OtpLoginV2Request = { /** Session containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; /** Client-side public key generated by the user, used as the session public key upon successful login. */ publicKey: string; /** Signature proving authorization for this login. The signature is over the verification token ID and the new session public key. */ clientSignature: v1ClientSignature; /** Invalidate all other previously generated Login sessions */ invalidateExisting?: boolean; /** Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the verification token to look up the verified sub-organization based on the contact and verification type. */ organizationId?: string; }; export type v1OtpLoginV2Response = { /** Session containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1PathFormat = "PATH_FORMAT_BIP32"; export type v1ProxyEmailCustomizationParams = { /** Unique identifier for a given Email Template. If not specified, the default is the most recent Email Template. */ templateId?: string; }; export type v1SignupRequest = { userEmail?: string; userPhoneNumber?: string; userTag?: string; userName?: string; organizationName?: string; verificationToken?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Optional signature proving authorization for this signup. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type v1SignupResponse = { organizationId: string; /** Wallet created for the sub-organization, if provided in the request */ wallet?: v1WalletResult; /** Root user ID created for this sub-organization */ userId: string; /** A list of App Proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ appProofs?: v1AppProof[]; }; export type v1SignupV2Request = { userEmail?: string; userPhoneNumber?: string; userTag?: string; userName?: string; organizationName?: string; verificationToken?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParamsV2[]; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Optional signature proving authorization for this signup. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type v1SignupV2Response = { organizationId: string; /** Wallet created for the sub-organization, if provided in the request */ wallet?: v1WalletResult; /** Root user ID created for this sub-organization */ userId: string; /** A list of App Proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ appProofs?: v1AppProof[]; }; export type v1VerifyOtpRequest = { type: "ACTIVITY_TYPE_VERIFY_OTP_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1VerifyOtpIntentV2; generateAppProofs?: boolean; }; export type v1VerifyOtpResponse = { /** Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type v1VerifyOtpV2Request = { /** ID representing the result of an init OTP activity. */ otpId: string; /** Encrypted bundle containing the OTP code and a client-generated public key. Turnkey's secure enclaves will decrypt this bundle, verify the OTP code, and issue a new Verification Token. Encrypted using the target encryption key provided in the INIT_OTP activity result. */ encryptedOtpBundle: string; }; export type v1VerifyOtpV2Response = { /** Verification Token containing a unique id, expiry, verification type, contact signed by Turnkey's enclaves. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type v1WalletAccountParams = { /** Cryptographic curve used to generate a wallet Account. */ curve: v1Curve; /** Path format used to generate a wallet Account. */ pathFormat: v1PathFormat; /** Path used to generate a wallet Account. */ path: string; /** Address format used to generate a wallet Acccount. */ addressFormat: v1AddressFormat; }; export type v1WalletParams = { /** Human-readable name for a Wallet. */ walletName: string; /** A list of wallet Accounts. This field, if not needed, should be an empty array in your request body. */ accounts: v1WalletAccountParams[]; /** Length of mnemonic to generate the Wallet seed. Defaults to 12. Accepted values: 12, 15, 18, 21, 24. */ mnemonicLength?: number; }; export type v1WalletResult = { walletId: string; /** A list of account addresses. */ addresses: string[]; }; export type apiApiKeyParams = { /** Human-readable name for an API Key. */ apiKeyName: string; /** The public component of a cryptographic key pair used to sign messages and transactions. */ publicKey: string; /** Optional window (in seconds) indicating how long the API Key should last. */ expirationSeconds?: string; }; export type billingActivateBillingTierIntent = { /** The product that the customer wants to subscribe to. */ productId: string; orbPlanId?: string; }; export type billingActivateBillingTierResult = { /** The id of the product being subscribed to. */ productId: string; }; export type billingDeletePaymentMethodIntent = { /** The payment method that the customer wants to remove. */ paymentMethodId: string; }; export type billingDeletePaymentMethodResult = { /** The payment method that was removed. */ paymentMethodId: string; }; export type billingSetPaymentMethodIntent = { /** The account number of the customer's credit card. */ number: string; /** The verification digits of the customer's credit card. */ cvv: string; /** The month that the credit card expires. */ expiryMonth: string; /** The year that the credit card expires. */ expiryYear: string; /** The email that will receive invoices for the credit card. */ cardHolderEmail: string; /** The name associated with the credit card. */ cardHolderName: string; }; export type billingSetPaymentMethodIntentV2 = { /** The id of the payment method that was created clientside. */ paymentMethodId: string; /** The email that will receive invoices for the credit card. */ cardHolderEmail: string; /** The name associated with the credit card. */ cardHolderName: string; }; export type billingSetPaymentMethodResult = { /** The last four digits of the credit card added. */ lastFour: string; /** The name associated with the payment method. */ cardHolderName: string; /** The email address associated with the payment method. */ cardHolderEmail: string; }; export type datav1Tag = { /** Unique identifier for a given Tag. */ tagId: string; /** Human-readable name for a Tag. */ tagName: string; tagType: v1TagType; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type externalactivityv1PolicyEvaluation = { /** Unique identifier for a given policy evaluation. */ id: string; /** Unique identifier for a given Activity. */ activityId: string; /** Unique identifier for the Organization the Activity belongs to. */ organizationId: string; /** Unique identifier for the Vote associated with this policy evaluation. */ voteId: string; /** Detailed evaluation result for each Policy that was run. */ policyEvaluations: immutablecommonv1PolicyEvaluation[]; createdAt: externaldatav1Timestamp; }; export type externaldatav1Address = { format?: v1AddressFormat; address?: string; }; export type externaldatav1Credential = { /** The public component of a cryptographic key pair used to sign messages and transactions. */ publicKey: string; type: v1CredentialType; }; export type externaldatav1Quorum = { /** Count of unique approvals required to meet quorum. */ threshold: number; /** Unique identifiers of quorum set members. */ userIds: string[]; }; export type externaldatav1SmartContractInterface = { /** The Organization the Smart Contract Interface belongs to. */ organizationId: string; /** Unique identifier for a given Smart Contract Interface (ABI or IDL). */ smartContractInterfaceId: string; /** The address corresponding to the Smart Contract or Program. */ smartContractAddress: string; /** The JSON corresponding to the Smart Contract Interface (ABI or IDL). */ smartContractInterface: string; /** The type corresponding to the Smart Contract Interface (either ETHEREUM or SOLANA). */ type: string; /** The label corresponding to the Smart Contract Interface (either ETHEREUM or SOLANA). */ label: string; /** The notes corresponding to the Smart Contract Interface (either ETHEREUM or SOLANA). */ notes: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type externaldatav1Timestamp = { seconds: string; nanos: string; }; export type immutableactivityv1Address = { format?: v1AddressFormat; address?: string; }; export type immutablecommonv1PolicyEvaluation = { policyId?: string; outcome?: v1Outcome; }; export type v1AcceptInvitationIntent = { /** Unique identifier for a given Invitation object. */ invitationId: string; /** Unique identifier for a given User. */ userId: string; /** WebAuthN hardware devices that can be used to log in to the Turnkey web app. */ authenticator: v1AuthenticatorParams; }; export type v1AcceptInvitationIntentV2 = { /** Unique identifier for a given Invitation object. */ invitationId: string; /** Unique identifier for a given User. */ userId: string; /** WebAuthN hardware devices that can be used to log in to the Turnkey web app. */ authenticator: v1AuthenticatorParamsV2; }; export type v1AcceptInvitationResult = { /** Unique identifier for a given Invitation. */ invitationId: string; /** Unique identifier for a given User. */ userId: string; }; export type v1AccessType = "ACCESS_TYPE_WEB" | "ACCESS_TYPE_API" | "ACCESS_TYPE_ALL"; export type v1Activity = { /** Unique identifier for a given Activity object. */ id: string; /** Unique identifier for a given Organization. */ organizationId: string; /** The current processing status of a specified Activity. */ status: v1ActivityStatus; /** Type of Activity, such as Add User, or Sign Transaction. */ type: v1ActivityType; /** Intent object crafted by Turnkey based on the user request, used to assess the permissibility of an action. */ intent: v1Intent; /** Result of the intended action. */ result: v1Result; /** A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: v1Vote[]; /** A list of App Proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ appProofs?: v1AppProof[]; /** An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; canReject: boolean; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** Failure reason of the intended action. */ failure?: rpcStatus; }; export type v1ActivityResponse = { /** An action that can be taken within the Turnkey infrastructure. */ activity: v1Activity; }; export type v1ActivityStatus = "ACTIVITY_STATUS_CREATED" | "ACTIVITY_STATUS_PENDING" | "ACTIVITY_STATUS_COMPLETED" | "ACTIVITY_STATUS_FAILED" | "ACTIVITY_STATUS_CONSENSUS_NEEDED" | "ACTIVITY_STATUS_REJECTED"; export type v1ActivityType = "ACTIVITY_TYPE_CREATE_API_KEYS" | "ACTIVITY_TYPE_CREATE_USERS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS" | "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD" | "ACTIVITY_TYPE_CREATE_INVITATIONS" | "ACTIVITY_TYPE_ACCEPT_INVITATION" | "ACTIVITY_TYPE_CREATE_POLICY" | "ACTIVITY_TYPE_DISABLE_PRIVATE_KEY" | "ACTIVITY_TYPE_DELETE_USERS" | "ACTIVITY_TYPE_DELETE_API_KEYS" | "ACTIVITY_TYPE_DELETE_INVITATION" | "ACTIVITY_TYPE_DELETE_ORGANIZATION" | "ACTIVITY_TYPE_DELETE_POLICY" | "ACTIVITY_TYPE_CREATE_USER_TAG" | "ACTIVITY_TYPE_DELETE_USER_TAGS" | "ACTIVITY_TYPE_CREATE_ORGANIZATION" | "ACTIVITY_TYPE_SIGN_TRANSACTION" | "ACTIVITY_TYPE_APPROVE_ACTIVITY" | "ACTIVITY_TYPE_REJECT_ACTIVITY" | "ACTIVITY_TYPE_DELETE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG" | "ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS" | "ACTIVITY_TYPE_SET_PAYMENT_METHOD" | "ACTIVITY_TYPE_ACTIVATE_BILLING_TIER" | "ACTIVITY_TYPE_DELETE_PAYMENT_METHOD" | "ACTIVITY_TYPE_CREATE_POLICY_V2" | "ACTIVITY_TYPE_CREATE_POLICY_V3" | "ACTIVITY_TYPE_CREATE_API_ONLY_USERS" | "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM" | "ACTIVITY_TYPE_UPDATE_USER_TAG" | "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG" | "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2" | "ACTIVITY_TYPE_CREATE_ORGANIZATION_V2" | "ACTIVITY_TYPE_CREATE_USERS_V2" | "ACTIVITY_TYPE_ACCEPT_INVITATION_V2" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V2" | "ACTIVITY_TYPE_UPDATE_ALLOWED_ORIGINS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2" | "ACTIVITY_TYPE_UPDATE_USER" | "ACTIVITY_TYPE_UPDATE_POLICY" | "ACTIVITY_TYPE_SET_PAYMENT_METHOD_V2" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V3" | "ACTIVITY_TYPE_CREATE_WALLET" | "ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS" | "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY" | "ACTIVITY_TYPE_RECOVER_USER" | "ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE" | "ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE" | "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2" | "ACTIVITY_TYPE_SIGN_TRANSACTION_V2" | "ACTIVITY_TYPE_EXPORT_PRIVATE_KEY" | "ACTIVITY_TYPE_EXPORT_WALLET" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4" | "ACTIVITY_TYPE_EMAIL_AUTH" | "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT" | "ACTIVITY_TYPE_INIT_IMPORT_WALLET" | "ACTIVITY_TYPE_IMPORT_WALLET" | "ACTIVITY_TYPE_INIT_IMPORT_PRIVATE_KEY" | "ACTIVITY_TYPE_IMPORT_PRIVATE_KEY" | "ACTIVITY_TYPE_CREATE_POLICIES" | "ACTIVITY_TYPE_SIGN_RAW_PAYLOADS" | "ACTIVITY_TYPE_CREATE_READ_ONLY_SESSION" | "ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS" | "ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V5" | "ACTIVITY_TYPE_OAUTH" | "ACTIVITY_TYPE_CREATE_API_KEYS_V2" | "ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION" | "ACTIVITY_TYPE_EMAIL_AUTH_V2" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V6" | "ACTIVITY_TYPE_DELETE_PRIVATE_KEYS" | "ACTIVITY_TYPE_DELETE_WALLETS" | "ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2" | "ACTIVITY_TYPE_DELETE_SUB_ORGANIZATION" | "ACTIVITY_TYPE_INIT_OTP_AUTH" | "ACTIVITY_TYPE_OTP_AUTH" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V7" | "ACTIVITY_TYPE_UPDATE_WALLET" | "ACTIVITY_TYPE_UPDATE_POLICY_V2" | "ACTIVITY_TYPE_CREATE_USERS_V3" | "ACTIVITY_TYPE_INIT_OTP_AUTH_V2" | "ACTIVITY_TYPE_INIT_OTP" | "ACTIVITY_TYPE_VERIFY_OTP" | "ACTIVITY_TYPE_OTP_LOGIN" | "ACTIVITY_TYPE_STAMP_LOGIN" | "ACTIVITY_TYPE_OAUTH_LOGIN" | "ACTIVITY_TYPE_UPDATE_USER_NAME" | "ACTIVITY_TYPE_UPDATE_USER_EMAIL" | "ACTIVITY_TYPE_UPDATE_USER_PHONE_NUMBER" | "ACTIVITY_TYPE_INIT_FIAT_ON_RAMP" | "ACTIVITY_TYPE_CREATE_SMART_CONTRACT_INTERFACE" | "ACTIVITY_TYPE_DELETE_SMART_CONTRACT_INTERFACE" | "ACTIVITY_TYPE_ENABLE_AUTH_PROXY" | "ACTIVITY_TYPE_DISABLE_AUTH_PROXY" | "ACTIVITY_TYPE_UPDATE_AUTH_PROXY_CONFIG" | "ACTIVITY_TYPE_CREATE_OAUTH2_CREDENTIAL" | "ACTIVITY_TYPE_UPDATE_OAUTH2_CREDENTIAL" | "ACTIVITY_TYPE_DELETE_OAUTH2_CREDENTIAL" | "ACTIVITY_TYPE_OAUTH2_AUTHENTICATE" | "ACTIVITY_TYPE_DELETE_WALLET_ACCOUNTS" | "ACTIVITY_TYPE_DELETE_POLICIES" | "ACTIVITY_TYPE_ETH_SEND_RAW_TRANSACTION" | "ACTIVITY_TYPE_ETH_SEND_TRANSACTION" | "ACTIVITY_TYPE_CREATE_FIAT_ON_RAMP_CREDENTIAL" | "ACTIVITY_TYPE_UPDATE_FIAT_ON_RAMP_CREDENTIAL" | "ACTIVITY_TYPE_DELETE_FIAT_ON_RAMP_CREDENTIAL" | "ACTIVITY_TYPE_EMAIL_AUTH_V3" | "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY_V2" | "ACTIVITY_TYPE_INIT_OTP_AUTH_V3" | "ACTIVITY_TYPE_INIT_OTP_V2" | "ACTIVITY_TYPE_UPSERT_GAS_USAGE_CONFIG" | "ACTIVITY_TYPE_CREATE_TVC_APP" | "ACTIVITY_TYPE_CREATE_TVC_DEPLOYMENT" | "ACTIVITY_TYPE_CREATE_TVC_MANIFEST_APPROVALS" | "ACTIVITY_TYPE_SOL_SEND_TRANSACTION" | "ACTIVITY_TYPE_INIT_OTP_V3" | "ACTIVITY_TYPE_VERIFY_OTP_V2" | "ACTIVITY_TYPE_OTP_LOGIN_V2" | "ACTIVITY_TYPE_UPDATE_ORGANIZATION_NAME" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V8" | "ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS_V2" | "ACTIVITY_TYPE_CREATE_USERS_V4" | "ACTIVITY_TYPE_CREATE_WEBHOOK_ENDPOINT" | "ACTIVITY_TYPE_UPDATE_WEBHOOK_ENDPOINT" | "ACTIVITY_TYPE_DELETE_WEBHOOK_ENDPOINT" | "ACTIVITY_TYPE_SET_IP_ALLOWLIST" | "ACTIVITY_TYPE_REMOVE_IP_ALLOWLIST" | "ACTIVITY_TYPE_UPDATE_TVC_APP_LIVE_DEPLOYMENT" | "ACTIVITY_TYPE_DELETE_TVC_DEPLOYMENT" | "ACTIVITY_TYPE_DELETE_TVC_APP_AND_DEPLOYMENTS" | "ACTIVITY_TYPE_RESTORE_TVC_DEPLOYMENT" | "ACTIVITY_TYPE_SPARK_SIGN_FROST" | "ACTIVITY_TYPE_SPARK_PREPARE_TRANSFER" | "ACTIVITY_TYPE_SPARK_CLAIM_TRANSFER" | "ACTIVITY_TYPE_SPARK_PREPARE_LIGHTNING_RECEIVE" | "ACTIVITY_TYPE_POST_TVC_QUORUM_KEY_SHARE"; export type v1ApiKey = { /** A User credential that can be used to authenticate to Turnkey. */ credential: externaldatav1Credential; /** Unique identifier for a given API Key. */ apiKeyId: string; /** Human-readable name for an API Key. */ apiKeyName: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** Optional window (in seconds) indicating how long the API Key should last. */ expirationSeconds?: string; }; export type v1ApiOnlyUserParams = { /** The name of the new API-only User. */ userName: string; /** The email address for this API-only User (optional). */ userEmail?: string; /** A list of tags assigned to the new API-only User. This field, if not needed, should be an empty array in your request body. */ userTags: string[]; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: apiApiKeyParams[]; }; export type v1AppStatus = { /** Unique identifier for this TVC App */ appId: string; /** List of deployment statuses for this app */ deployments: v1DeploymentStatus[]; /** The deployment ID currently serving traffic for this app */ targetedDeploymentId: string; }; export type v1ApproveActivityIntent = { /** An artifact verifying a User's action. */ fingerprint: string; }; export type v1ApproveActivityRequest = { type: "ACTIVITY_TYPE_APPROVE_ACTIVITY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ApproveActivityIntent; generateAppProofs?: boolean; }; export type v1AssetBalance = { /** The caip-19 asset identifier */ caip19?: string; /** The asset symbol */ symbol?: string; /** The balance in atomic units */ balance?: string; /** The number of decimals this asset uses */ decimals?: number; /** Normalized balance values for display purposes only. Do not do any arithmetic or calculations with these, as the results could be imprecise. Use the balance field instead. */ display?: v1AssetBalanceDisplay; /** The asset name */ name?: string; }; export type v1AssetBalanceDisplay = { /** USD value for display purposes only. Do not do any arithmetic or calculations with these, as the results could be imprecise. */ usd?: string; /** Normalized crypto value for display purposes only. Do not do any arithmetic or calculations with these, as the results could be imprecise. */ crypto?: string; }; export type v1AssetMetadata = { /** The caip-19 asset identifier */ caip19?: string; /** The asset symbol */ symbol?: string; /** The number of decimals this asset uses */ decimals?: number; /** The url of the asset logo */ logoUrl?: string; /** The asset name */ name?: string; }; export type v1Authenticator = { /** Types of transports that may be used by an Authenticator (e.g., USB, NFC, BLE). */ transports: v1AuthenticatorTransport[]; attestationType: string; /** Identifier indicating the type of the Security Key. */ aaguid: string; /** Unique identifier for a WebAuthn credential. */ credentialId: string; /** The type of Authenticator device. */ model: string; /** A User credential that can be used to authenticate to Turnkey. */ credential: externaldatav1Credential; /** Unique identifier for a given Authenticator. */ authenticatorId: string; /** Human-readable name for an Authenticator. */ authenticatorName: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1AuthenticatorAttestationResponse = { clientDataJson: string; attestationObject: string; transports?: v1AuthenticatorTransport[]; authenticatorAttachment?: "cross-platform" | "platform"; }; export type v1AuthenticatorParams = { /** Human-readable name for an Authenticator. */ authenticatorName: string; /** Unique identifier for a given User. */ userId: string; attestation: v1PublicKeyCredentialWithAttestation; /** Challenge presented for authentication purposes. */ challenge: string; }; export type v1BootProof = { /** The hex encoded Ephemeral Public Key. */ ephemeralPublicKeyHex: string; /** The DER encoded COSE Sign1 struct Attestation doc. */ awsAttestationDocB64: string; /** The borsch serialized base64 encoded Manifest. */ qosManifestB64: string; /** The borsch serialized base64 encoded Manifest Envelope. */ qosManifestEnvelopeB64: string; /** The label under which the enclave app was deployed. */ deploymentLabel: string; /** Name of the enclave app */ enclaveApp: string; /** Owner of the app i.e. 'tkhq' */ owner: string; createdAt: externaldatav1Timestamp; }; export type v1BootProofResponse = { bootProof: v1BootProof; }; export type v1Config = { features?: v1Feature[]; quorum?: externaldatav1Quorum; }; export type v1CreateApiKeysIntent = { /** A list of API Keys. */ apiKeys: apiApiKeyParams[]; /** Unique identifier for a given User. */ userId: string; }; export type v1CreateApiKeysIntentV2 = { /** A list of API Keys. */ apiKeys: v1ApiKeyParamsV2[]; /** Unique identifier for a given User. */ userId: string; }; export type v1CreateApiKeysRequest = { type: "ACTIVITY_TYPE_CREATE_API_KEYS_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateApiKeysIntentV2; generateAppProofs?: boolean; }; export type v1CreateApiKeysResult = { /** A list of API Key IDs. */ apiKeyIds: string[]; }; export type v1CreateApiOnlyUsersIntent = { /** A list of API-only Users to create. */ apiOnlyUsers: v1ApiOnlyUserParams[]; }; export type v1CreateApiOnlyUsersResult = { /** A list of API-only User IDs. */ userIds: string[]; }; export type v1CreateAuthenticatorsIntent = { /** A list of Authenticators. */ authenticators: v1AuthenticatorParams[]; /** Unique identifier for a given User. */ userId: string; }; export type v1CreateAuthenticatorsIntentV2 = { /** A list of Authenticators. */ authenticators: v1AuthenticatorParamsV2[]; /** Unique identifier for a given User. */ userId: string; }; export type v1CreateAuthenticatorsRequest = { type: "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateAuthenticatorsIntentV2; generateAppProofs?: boolean; }; export type v1CreateAuthenticatorsResult = { /** A list of Authenticator IDs. */ authenticatorIds: string[]; }; export type v1CreateFiatOnRampCredentialIntent = { /** The fiat on-ramp provider */ onrampProvider: v1FiatOnRampProvider; /** Project ID for the on-ramp provider. Some providers, like Coinbase, require this additional identifier */ projectId?: string; /** Publishable API key for the on-ramp provider */ publishableApiKey: string; /** Secret API key for the on-ramp provider encrypted to our on-ramp encryption public key */ encryptedSecretApiKey: string; /** Private API key for the on-ramp provider encrypted to our on-ramp encryption public key. Some providers, like Coinbase, require this additional key. */ encryptedPrivateApiKey?: string; /** If the on-ramp credential is a sandbox credential */ sandboxMode?: boolean; }; export type v1CreateFiatOnRampCredentialRequest = { type: "ACTIVITY_TYPE_CREATE_FIAT_ON_RAMP_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateFiatOnRampCredentialIntent; generateAppProofs?: boolean; }; export type v1CreateFiatOnRampCredentialResult = { /** Unique identifier of the Fiat On-Ramp credential that was created */ fiatOnRampCredentialId: string; }; export type v1CreateInvitationsIntent = { /** A list of Invitations. */ invitations: v1InvitationParams[]; }; export type v1CreateInvitationsRequest = { type: "ACTIVITY_TYPE_CREATE_INVITATIONS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateInvitationsIntent; generateAppProofs?: boolean; }; export type v1CreateInvitationsResult = { /** A list of Invitation IDs */ invitationIds: string[]; }; export type v1CreateOauth2CredentialIntent = { /** The OAuth 2.0 provider */ provider: v1Oauth2Provider; /** The Client ID issued by the OAuth 2.0 provider */ clientId: string; /** The client secret issued by the OAuth 2.0 provider encrypted to the TLS Fetcher quorum key */ encryptedClientSecret: string; }; export type v1CreateOauth2CredentialRequest = { type: "ACTIVITY_TYPE_CREATE_OAUTH2_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateOauth2CredentialIntent; generateAppProofs?: boolean; }; export type v1CreateOauth2CredentialResult = { /** Unique identifier of the OAuth 2.0 credential that was created */ oauth2CredentialId: string; }; export type v1CreateOauthProvidersIntent = { /** The ID of the User to add an Oauth provider to */ userId: string; /** A list of Oauth providers. */ oauthProviders: v1OauthProviderParams[]; }; export type v1CreateOauthProvidersIntentV2 = { /** The ID of the User to add an Oauth provider to */ userId: string; /** A list of Oauth providers. */ oauthProviders: v1OauthProviderParamsV2[]; }; export type v1CreateOauthProvidersRequest = { type: "ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateOauthProvidersIntentV2; generateAppProofs?: boolean; }; export type v1CreateOauthProvidersResult = { /** A list of unique identifiers for Oauth Providers */ providerIds: string[]; }; export type v1CreateOauthProvidersResultV2 = { /** A list of unique identifiers for Oauth Providers */ providerIds: string[]; }; export type v1CreateOrganizationIntent = { /** Human-readable name for an Organization. */ organizationName: string; /** The root user's email address. */ rootEmail: string; /** The root user's Authenticator. */ rootAuthenticator: v1AuthenticatorParams; /** Unique identifier for the root user object. */ rootUserId?: string; }; export type v1CreateOrganizationIntentV2 = { /** Human-readable name for an Organization. */ organizationName: string; /** The root user's email address. */ rootEmail: string; /** The root user's Authenticator. */ rootAuthenticator: v1AuthenticatorParamsV2; /** Unique identifier for the root user object. */ rootUserId?: string; }; export type v1CreateOrganizationResult = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1CreatePoliciesIntent = { /** An array of policy intents to be created. */ policies: v1CreatePolicyIntentV3[]; }; export type v1CreatePoliciesRequest = { type: "ACTIVITY_TYPE_CREATE_POLICIES"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreatePoliciesIntent; generateAppProofs?: boolean; }; export type v1CreatePoliciesResult = { /** A list of unique identifiers for the created policies. */ policyIds: string[]; }; export type v1CreatePolicyIntent = { /** Human-readable name for a Policy. */ policyName: string; /** A list of simple functions each including a subject, target and boolean. See Policy Engine Language section for additional details. */ selectors: v1Selector[]; /** The instruction to DENY or ALLOW a particular activity following policy selector(s). */ effect: v1Effect; notes?: string; }; export type v1CreatePolicyIntentV2 = { /** Human-readable name for a Policy. */ policyName: string; /** A list of simple functions each including a subject, target and boolean. See Policy Engine Language section for additional details. */ selectors: v1SelectorV2[]; /** Whether to ALLOW or DENY requests that match the condition and consensus requirements. */ effect: v1Effect; notes?: string; }; export type v1CreatePolicyIntentV3 = { /** Human-readable name for a Policy. */ policyName: string; /** The instruction to DENY or ALLOW an activity. */ effect: v1Effect; /** The condition expression that triggers the Effect */ condition?: string; /** The consensus expression that triggers the Effect */ consensus?: string; /** Notes for a Policy. */ notes: string; }; export type v1CreatePolicyRequest = { type: "ACTIVITY_TYPE_CREATE_POLICY_V3"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreatePolicyIntentV3; generateAppProofs?: boolean; }; export type v1CreatePolicyResult = { /** Unique identifier for a given Policy. */ policyId: string; }; export type v1CreatePrivateKeyTagIntent = { /** Human-readable name for a Private Key Tag. */ privateKeyTagName: string; /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type v1CreatePrivateKeyTagRequest = { type: "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreatePrivateKeyTagIntent; generateAppProofs?: boolean; }; export type v1CreatePrivateKeyTagResult = { /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type v1CreatePrivateKeysIntent = { /** A list of Private Keys. */ privateKeys: v1PrivateKeyParams[]; }; export type v1CreatePrivateKeysIntentV2 = { /** A list of Private Keys. */ privateKeys: v1PrivateKeyParams[]; }; export type v1CreatePrivateKeysRequest = { type: "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreatePrivateKeysIntentV2; generateAppProofs?: boolean; }; export type v1CreatePrivateKeysResult = { /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type v1CreatePrivateKeysResultV2 = { /** A list of Private Key IDs and addresses. */ privateKeys: v1PrivateKeyResult[]; }; export type v1CreateReadOnlySessionIntent = {}; export type v1CreateReadOnlySessionRequest = { type: "ACTIVITY_TYPE_CREATE_READ_ONLY_SESSION"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateReadOnlySessionIntent; generateAppProofs?: boolean; }; export type v1CreateReadOnlySessionResult = { /** Unique identifier for a given Organization. If the request is being made by a user and their Sub-Organization ID is unknown, this can be the Parent Organization ID. However, using the Sub-Organization ID is preferred due to performance reasons. */ organizationId: string; /** Human-readable name for an Organization. */ organizationName: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ username: string; /** String representing a read only session */ session: string; /** UTC timestamp in seconds representing the expiry time for the read only session. */ sessionExpiry: string; }; export type v1CreateReadWriteSessionIntent = { /** Client-side public key generated by the user, to which the read write session bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Email of the user to create a read write session for */ email: string; /** Optional human-readable name for an API Key. If none provided, default to Read Write Session - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; }; export type v1CreateReadWriteSessionIntentV2 = { /** Client-side public key generated by the user, to which the read write session bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional unique identifier for a given User. If none provided, the read write session will be created for the user who is making the request. */ userId?: string; /** Optional human-readable name for an API Key. If none provided, default to Read Write Session - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated ReadWriteSession API keys */ invalidateExisting?: boolean; }; export type v1CreateReadWriteSessionRequest = { type: "ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateReadWriteSessionIntentV2; generateAppProofs?: boolean; }; export type v1CreateReadWriteSessionResult = { /** Unique identifier for a given Organization. If the request is being made by a user and their Sub-Organization ID is unknown, this can be the Parent Organization ID. However, using the Sub-Organization ID is preferred due to performance reasons. */ organizationId: string; /** Human-readable name for an Organization. */ organizationName: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ username: string; /** Unique identifier for the created API key. */ apiKeyId: string; /** HPKE encrypted credential bundle */ credentialBundle: string; }; export type v1CreateReadWriteSessionResultV2 = { /** Unique identifier for a given Organization. If the request is being made by a user and their Sub-Organization ID is unknown, this can be the Parent Organization ID. However, using the Sub-Organization ID is preferred due to performance reasons. */ organizationId: string; /** Human-readable name for an Organization. */ organizationName: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ username: string; /** Unique identifier for the created API key. */ apiKeyId: string; /** HPKE encrypted credential bundle */ credentialBundle: string; }; export type v1CreateSmartContractInterfaceIntent = { /** Corresponding contract address or program ID */ smartContractAddress: string; /** ABI/IDL as a JSON string. Limited to 400kb */ smartContractInterface: string; type: v1SmartContractInterfaceType; /** Human-readable name for a Smart Contract Interface. */ label: string; /** Notes for a Smart Contract Interface. */ notes?: string; }; export type v1CreateSmartContractInterfaceRequest = { type: "ACTIVITY_TYPE_CREATE_SMART_CONTRACT_INTERFACE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateSmartContractInterfaceIntent; generateAppProofs?: boolean; }; export type v1CreateSmartContractInterfaceResult = { /** The ID of the created Smart Contract Interface. */ smartContractInterfaceId: string; }; export type v1CreateSubOrganizationIntent = { /** Name for this sub-organization */ name: string; /** Root User authenticator for this new sub-organization */ rootAuthenticator: v1AuthenticatorParamsV2; }; export type v1CreateSubOrganizationIntentV2 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParams[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; }; export type v1CreateSubOrganizationIntentV3 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParams[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** A list of Private Keys. */ privateKeys: v1PrivateKeyParams[]; }; export type v1CreateSubOrganizationIntentV4 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParams[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; }; export type v1CreateSubOrganizationIntentV5 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParamsV2[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; }; export type v1CreateSubOrganizationIntentV6 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParamsV3[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; }; export type v1CreateSubOrganizationIntentV7 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParamsV4[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; /** Disable OTP SMS auth for the sub-organization */ disableSmsAuth?: boolean; /** Disable OTP email auth for the sub-organization */ disableOtpEmailAuth?: boolean; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; /** Optional signature proving authorization for this sub-organization creation. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type v1CreateSubOrganizationIntentV8 = { /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParamsV5[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; /** Disable OTP SMS auth for the sub-organization */ disableSmsAuth?: boolean; /** Disable OTP email auth for the sub-organization */ disableOtpEmailAuth?: boolean; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; /** Optional signature proving authorization for this sub-organization creation. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type v1CreateSubOrganizationRequest = { type: "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V8"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateSubOrganizationIntentV8; generateAppProofs?: boolean; }; export type v1CreateSubOrganizationResult = { subOrganizationId: string; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV3 = { subOrganizationId: string; /** A list of Private Key IDs and addresses. */ privateKeys: v1PrivateKeyResult[]; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV4 = { subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV5 = { subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV6 = { subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV7 = { subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type v1CreateSubOrganizationResultV8 = { subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type v1CreateTvcAppIntent = { /** The name of the new TVC application */ name: string; /** Quorum public key to use for this application */ quorumPublicKey: string; /** Unique identifier for an existing TVC operator set to use as the Manifest Set for this TVC application. If left empty, a new Manifest Set configuration is required */ manifestSetId?: string; /** Configuration to create a new TVC operator set, used as the Manifest Set for this TVC application. If left empty, a Manifest Set ID is required */ manifestSetParams?: v1TvcOperatorSetParams; /** Unique identifier for an existing TVC operator set to use as the Share Set for this TVC application. If left empty, a new Share Set configuration is required */ shareSetId?: string; /** Configuration to create a new TVC operator set, used as the Share Set for this TVC application. If left empty, a Share Set ID is required */ shareSetParams?: v1TvcOperatorSetParams; /** Enables network egress for this TVC app. Default if not provided: false. */ enableEgress?: boolean; }; export type v1CreateTvcAppRequest = { type: "ACTIVITY_TYPE_CREATE_TVC_APP"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateTvcAppIntent; }; export type v1CreateTvcAppResult = { /** The unique identifier for the TVC application */ appId: string; /** The unique identifier for the TVC manifest set */ manifestSetId: string; /** The unique identifier(s) of the manifest set operators */ manifestSetOperatorIds: string[]; /** The required number of approvals for the manifest set */ manifestSetThreshold: number; }; export type v1CreateTvcDeploymentIntent = { /** The unique identifier of the to-be-deployed TVC application */ appId: string; /** The QuorumOS version to use to deploy this application */ qosVersion: string; /** URL of the container containing the pivot binary */ pivotContainerImageUrl: string; /** Location of the binary in the pivot container */ pivotPath: string; /** Arguments to pass to the pivot binary at startup. Encoded as a list of strings, for example ["--foo", "bar"] */ pivotArgs: string[]; /** Digest of the pivot binary in the pivot container. This value will be inserted in the QOS manifest to ensure application integrity. */ expectedPivotDigest: string; /** Optional nonce to ensure uniqueness of the deployment manifest. If not provided, it defaults to the current Unix timestamp in seconds. */ nonce?: number; /** Optional encrypted pull secret to authorize Turnkey to pull the pivot container image. If your image is public, leave this empty. */ pivotContainerEncryptedPullSecret?: string; /** Optional flag to indicate whether to deploy the TVC app in debug mode, which includes additional logging and debugging tools. Default is false. */ debugMode?: boolean; /** Health check type (TVC_HEALTH_CHECK_TYPE_HTTP or TVC_HEALTH_CHECK_TYPE_GRPC). HTTP health checks are made with a GET request on /health, and gRPC health checks follow the standard gRPC health checking protocol. */ healthCheckType: v1TvcHealthCheckType; /** Port to use for health checks. */ healthCheckPort: number; /** Port to use for public ingress. */ publicIngressPort: number; }; export type v1CreateTvcDeploymentRequest = { type: "ACTIVITY_TYPE_CREATE_TVC_DEPLOYMENT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateTvcDeploymentIntent; }; export type v1CreateTvcDeploymentResult = { /** The unique identifier for the TVC deployment */ deploymentId: string; /** The unique identifier for the TVC manifest */ manifestId: string; }; export type v1CreateTvcManifestApprovalsIntent = { /** Unique identifier of the TVC deployment to approve */ manifestId: string; /** List of manifest approvals */ approvals: v1TvcManifestApproval[]; }; export type v1CreateTvcManifestApprovalsRequest = { type: "ACTIVITY_TYPE_CREATE_TVC_MANIFEST_APPROVALS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateTvcManifestApprovalsIntent; }; export type v1CreateTvcManifestApprovalsResult = { /** The unique identifier(s) for the manifest approvals */ approvalIds: string[]; }; export type v1CreateUserTagIntent = { /** Human-readable name for a User Tag. */ userTagName: string; /** A list of User IDs. */ userIds: string[]; }; export type v1CreateUserTagRequest = { type: "ACTIVITY_TYPE_CREATE_USER_TAG"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateUserTagIntent; generateAppProofs?: boolean; }; export type v1CreateUserTagResult = { /** Unique identifier for a given User Tag. */ userTagId: string; /** A list of User IDs. */ userIds: string[]; }; export type v1CreateUsersIntent = { /** A list of Users. */ users: v1UserParams[]; }; export type v1CreateUsersIntentV2 = { /** A list of Users. */ users: v1UserParamsV2[]; }; export type v1CreateUsersIntentV3 = { /** A list of Users. */ users: v1UserParamsV3[]; }; export type v1CreateUsersIntentV4 = { /** A list of Users. */ users: v1UserParamsV4[]; }; export type v1CreateUsersRequest = { type: "ACTIVITY_TYPE_CREATE_USERS_V4"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateUsersIntentV4; generateAppProofs?: boolean; }; export type v1CreateUsersResult = { /** A list of User IDs. */ userIds: string[]; }; export type v1CreateWalletAccountsIntent = { /** Unique identifier for a given Wallet. */ walletId: string; /** A list of wallet Accounts. */ accounts: v1WalletAccountParams[]; /** Indicates if the wallet accounts should be persisted. This is helpful if you'd like to see the addresses of different derivation paths without actually creating the accounts. Defaults to true. */ persist?: boolean; }; export type v1CreateWalletAccountsRequest = { type: "ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateWalletAccountsIntent; generateAppProofs?: boolean; }; export type v1CreateWalletAccountsResult = { /** A list of derived addresses. */ addresses: string[]; }; export type v1CreateWalletIntent = { /** Human-readable name for a Wallet. */ walletName: string; /** A list of wallet Accounts. This field, if not needed, should be an empty array in your request body. */ accounts: v1WalletAccountParams[]; /** Length of mnemonic to generate the Wallet seed. Defaults to 12. Accepted values: 12, 15, 18, 21, 24. */ mnemonicLength?: number; }; export type v1CreateWalletRequest = { type: "ACTIVITY_TYPE_CREATE_WALLET"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateWalletIntent; generateAppProofs?: boolean; }; export type v1CreateWalletResult = { /** Unique identifier for a Wallet. */ walletId: string; /** A list of account addresses. */ addresses: string[]; }; export type v1CreateWebhookEndpointIntent = { /** The destination URL for webhook delivery. */ url: string; /** Human-readable name for this webhook endpoint. */ name: string; /** Event subscriptions to create for this endpoint. */ subscriptions?: v1WebhookSubscriptionParams[]; }; export type v1CreateWebhookEndpointRequest = { type: "ACTIVITY_TYPE_CREATE_WEBHOOK_ENDPOINT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1CreateWebhookEndpointIntent; generateAppProofs?: boolean; }; export type v1CreateWebhookEndpointResult = { /** Unique identifier of the created webhook endpoint. */ endpointId: string; /** The created webhook endpoint data. */ webhookEndpoint: v1WebhookEndpointData; }; export type v1CredPropsAuthenticationExtensionsClientOutputs = { rk: boolean; }; export type v1CredentialType = "CREDENTIAL_TYPE_WEBAUTHN_AUTHENTICATOR" | "CREDENTIAL_TYPE_API_KEY_P256" | "CREDENTIAL_TYPE_RECOVER_USER_KEY_P256" | "CREDENTIAL_TYPE_API_KEY_SECP256K1" | "CREDENTIAL_TYPE_EMAIL_AUTH_KEY_P256" | "CREDENTIAL_TYPE_API_KEY_ED25519" | "CREDENTIAL_TYPE_OTP_AUTH_KEY_P256" | "CREDENTIAL_TYPE_READ_WRITE_SESSION_KEY_P256" | "CREDENTIAL_TYPE_OAUTH_KEY_P256" | "CREDENTIAL_TYPE_LOGIN"; export type v1CustomRevertError = { /** The name of the custom error. */ errorName?: string; /** The decoded parameters as a JSON object. */ paramsJson?: string; }; export type v1DeleteApiKeysIntent = { /** Unique identifier for a given User. */ userId: string; /** A list of API Key IDs. */ apiKeyIds: string[]; }; export type v1DeleteApiKeysRequest = { type: "ACTIVITY_TYPE_DELETE_API_KEYS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteApiKeysIntent; generateAppProofs?: boolean; }; export type v1DeleteApiKeysResult = { /** A list of API Key IDs. */ apiKeyIds: string[]; }; export type v1DeleteAuthenticatorsIntent = { /** Unique identifier for a given User. */ userId: string; /** A list of Authenticator IDs. */ authenticatorIds: string[]; }; export type v1DeleteAuthenticatorsRequest = { type: "ACTIVITY_TYPE_DELETE_AUTHENTICATORS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteAuthenticatorsIntent; generateAppProofs?: boolean; }; export type v1DeleteAuthenticatorsResult = { /** Unique identifier for a given Authenticator. */ authenticatorIds: string[]; }; export type v1DeleteFiatOnRampCredentialIntent = { /** The ID of the fiat on-ramp credential to delete */ fiatOnrampCredentialId: string; }; export type v1DeleteFiatOnRampCredentialRequest = { type: "ACTIVITY_TYPE_DELETE_FIAT_ON_RAMP_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteFiatOnRampCredentialIntent; generateAppProofs?: boolean; }; export type v1DeleteFiatOnRampCredentialResult = { /** Unique identifier of the Fiat On-Ramp credential that was deleted */ fiatOnRampCredentialId: string; }; export type v1DeleteInvitationIntent = { /** Unique identifier for a given Invitation object. */ invitationId: string; }; export type v1DeleteInvitationRequest = { type: "ACTIVITY_TYPE_DELETE_INVITATION"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteInvitationIntent; generateAppProofs?: boolean; }; export type v1DeleteInvitationResult = { /** Unique identifier for a given Invitation. */ invitationId: string; }; export type v1DeleteOauth2CredentialIntent = { /** The ID of the OAuth 2.0 credential to delete */ oauth2CredentialId: string; }; export type v1DeleteOauth2CredentialRequest = { type: "ACTIVITY_TYPE_DELETE_OAUTH2_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteOauth2CredentialIntent; generateAppProofs?: boolean; }; export type v1DeleteOauth2CredentialResult = { /** Unique identifier of the OAuth 2.0 credential that was deleted */ oauth2CredentialId: string; }; export type v1DeleteOauthProvidersIntent = { /** The ID of the User to remove an Oauth provider from */ userId: string; /** Unique identifier for a given Provider. */ providerIds: string[]; }; export type v1DeleteOauthProvidersRequest = { type: "ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteOauthProvidersIntent; generateAppProofs?: boolean; }; export type v1DeleteOauthProvidersResult = { /** A list of unique identifiers for Oauth Providers */ providerIds: string[]; }; export type v1DeleteOrganizationIntent = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1DeleteOrganizationResult = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1DeletePoliciesIntent = { /** List of unique identifiers for policies within an organization */ policyIds: string[]; }; export type v1DeletePoliciesRequest = { type: "ACTIVITY_TYPE_DELETE_POLICIES"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeletePoliciesIntent; generateAppProofs?: boolean; }; export type v1DeletePoliciesResult = { /** A list of unique identifiers for the deleted policies. */ policyIds: string[]; }; export type v1DeletePolicyIntent = { /** Unique identifier for a given Policy. */ policyId: string; }; export type v1DeletePolicyRequest = { type: "ACTIVITY_TYPE_DELETE_POLICY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeletePolicyIntent; generateAppProofs?: boolean; }; export type v1DeletePolicyResult = { /** Unique identifier for a given Policy. */ policyId: string; }; export type v1DeletePrivateKeyTagsIntent = { /** A list of Private Key Tag IDs. */ privateKeyTagIds: string[]; }; export type v1DeletePrivateKeyTagsRequest = { type: "ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeletePrivateKeyTagsIntent; generateAppProofs?: boolean; }; export type v1DeletePrivateKeyTagsResult = { /** A list of Private Key Tag IDs. */ privateKeyTagIds: string[]; /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type v1DeletePrivateKeysIntent = { /** List of unique identifiers for private keys within an organization */ privateKeyIds: string[]; /** Optional parameter for deleting the private keys, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; }; export type v1DeletePrivateKeysRequest = { type: "ACTIVITY_TYPE_DELETE_PRIVATE_KEYS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeletePrivateKeysIntent; generateAppProofs?: boolean; }; export type v1DeletePrivateKeysResult = { /** A list of private key unique identifiers that were removed */ privateKeyIds: string[]; }; export type v1DeleteSmartContractInterfaceIntent = { /** The ID of a Smart Contract Interface intended for deletion. */ smartContractInterfaceId: string; }; export type v1DeleteSmartContractInterfaceRequest = { type: "ACTIVITY_TYPE_DELETE_SMART_CONTRACT_INTERFACE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteSmartContractInterfaceIntent; generateAppProofs?: boolean; }; export type v1DeleteSmartContractInterfaceResult = { /** The ID of the deleted Smart Contract Interface. */ smartContractInterfaceId: string; }; export type v1DeleteSubOrganizationIntent = { /** Sub-organization deletion, by default, requires associated wallets and private keys to be exported for security reasons. Set this boolean to true to force sub-organization deletion even if some wallets or private keys within it have not been exported yet. Default: false. */ deleteWithoutExport?: boolean; }; export type v1DeleteSubOrganizationRequest = { type: "ACTIVITY_TYPE_DELETE_SUB_ORGANIZATION"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteSubOrganizationIntent; generateAppProofs?: boolean; }; export type v1DeleteSubOrganizationResult = { /** Unique identifier of the sub organization that was removed */ subOrganizationUuid: string; }; export type v1DeleteTvcAppAndDeploymentsIntent = { /** The unique identifier of the TVC app to delete. The app and all associated deployments will be removed. */ appId: string; }; export type v1DeleteTvcAppAndDeploymentsRequest = { type: "ACTIVITY_TYPE_DELETE_TVC_APP_AND_DEPLOYMENTS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteTvcAppAndDeploymentsIntent; generateAppProofs?: boolean; }; export type v1DeleteTvcAppAndDeploymentsResult = { /** The unique identifier of the deleted TVC app. */ appId: string; }; export type v1DeleteTvcDeploymentIntent = { /** The unique identifier of the TVC deployment to delete. */ deploymentId: string; }; export type v1DeleteTvcDeploymentRequest = { type: "ACTIVITY_TYPE_DELETE_TVC_DEPLOYMENT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteTvcDeploymentIntent; generateAppProofs?: boolean; }; export type v1DeleteTvcDeploymentResult = { /** The unique identifier of the deleted TVC deployment. */ deploymentId: string; }; export type v1DeleteUserTagsIntent = { /** A list of User Tag IDs. */ userTagIds: string[]; }; export type v1DeleteUserTagsRequest = { type: "ACTIVITY_TYPE_DELETE_USER_TAGS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteUserTagsIntent; generateAppProofs?: boolean; }; export type v1DeleteUserTagsResult = { /** A list of User Tag IDs. */ userTagIds: string[]; /** A list of User IDs. */ userIds: string[]; }; export type v1DeleteUsersIntent = { /** A list of User IDs. */ userIds: string[]; }; export type v1DeleteUsersRequest = { type: "ACTIVITY_TYPE_DELETE_USERS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteUsersIntent; generateAppProofs?: boolean; }; export type v1DeleteUsersResult = { /** A list of User IDs. */ userIds: string[]; }; export type v1DeleteWalletAccountsIntent = { /** List of unique identifiers for wallet accounts within an organization */ walletAccountIds: string[]; /** Optional parameter for deleting the wallet accounts, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; }; export type v1DeleteWalletAccountsRequest = { type: "ACTIVITY_TYPE_DELETE_WALLET_ACCOUNTS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteWalletAccountsIntent; generateAppProofs?: boolean; }; export type v1DeleteWalletAccountsResult = { /** A list of wallet account unique identifiers that were removed */ walletAccountIds: string[]; }; export type v1DeleteWalletsIntent = { /** List of unique identifiers for wallets within an organization */ walletIds: string[]; /** Optional parameter for deleting the wallets, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; }; export type v1DeleteWalletsRequest = { type: "ACTIVITY_TYPE_DELETE_WALLETS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteWalletsIntent; generateAppProofs?: boolean; }; export type v1DeleteWalletsResult = { /** A list of wallet unique identifiers that were removed */ walletIds: string[]; }; export type v1DeleteWebhookEndpointIntent = { /** Unique identifier of the webhook endpoint to delete. */ endpointId: string; }; export type v1DeleteWebhookEndpointRequest = { type: "ACTIVITY_TYPE_DELETE_WEBHOOK_ENDPOINT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1DeleteWebhookEndpointIntent; generateAppProofs?: boolean; }; export type v1DeleteWebhookEndpointResult = { /** Unique identifier of the deleted webhook endpoint. */ endpointId: string; }; export type v1DeploymentStatus = { /** Unique identifier for this deployment (corresponds to k8s deployment label) */ deploymentId: string; /** Number of ready replicas */ readyReplicas: number; /** Desired number of replicas */ desiredReplicas: number; /** Last time this deployment was updated */ lastUpdatedTime: externaldatav1Timestamp; }; export type v1DisableAuthProxyIntent = {}; export type v1DisableAuthProxyResult = {}; export type v1DisablePrivateKeyIntent = { /** Unique identifier for a given Private Key. */ privateKeyId: string; }; export type v1DisablePrivateKeyResult = { /** Unique identifier for a given Private Key. */ privateKeyId: string; }; export type v1Effect = "EFFECT_ALLOW" | "EFFECT_DENY"; export type v1EmailAuthCustomizationParams = { /** The name of the application. This field is required and will be used in email notifications if an email template is not provided. */ appName: string; /** A URL pointing to a logo in PNG format. Note this logo will be resized to fit into 340px x 124px. */ logoUrl?: string; /** A template for the URL to be used in a magic link button, e.g. `https://dapp.xyz/%s`. The auth bundle will be interpolated into the `%s`. */ magicLinkTemplate?: string; /** JSON object containing key/value pairs to be used with custom templates. */ templateVariables?: string; /** Unique identifier for a given Email Template. If not specified, the default is the most recent Email Template. */ templateId?: string; }; export type v1EmailAuthIntent = { /** Email of the authenticating user. */ email: string; /** Client-side public key generated by the user, to which the email auth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Email Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Invalidate all other previously generated Email Auth API keys */ invalidateExisting?: boolean; /** Optional custom email address from which to send the email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1EmailAuthIntentV2 = { /** Email of the authenticating user. */ email: string; /** Client-side public key generated by the user, to which the email auth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Email Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Invalidate all other previously generated Email Auth API keys */ invalidateExisting?: boolean; /** Optional custom email address from which to send the email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1EmailAuthIntentV3 = { /** Email of the authenticating user. */ email: string; /** Client-side public key generated by the user, to which the email auth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Email Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Parameters for customizing emails. If not provided, the default email will be used. Note that app_name is required. */ emailCustomization: v1EmailAuthCustomizationParams; /** Invalidate all other previously generated Email Auth API keys */ invalidateExisting?: boolean; /** Optional custom email address from which to send the email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1EmailAuthRequest = { type: "ACTIVITY_TYPE_EMAIL_AUTH_V3"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1EmailAuthIntentV3; generateAppProofs?: boolean; }; export type v1EmailAuthResult = { /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId: string; }; export type v1EmailCustomizationParams = { /** The name of the application. */ appName?: string; /** A URL pointing to a logo in PNG format. Note this logo will be resized to fit into 340px x 124px. */ logoUrl?: string; /** A template for the URL to be used in a magic link button, e.g. `https://dapp.xyz/%s`. The auth bundle will be interpolated into the `%s`. */ magicLinkTemplate?: string; /** JSON object containing key/value pairs to be used with custom templates. */ templateVariables?: string; /** Unique identifier for a given Email Template. If not specified, the default is the most recent Email Template. */ templateId?: string; }; export type v1EmailCustomizationParamsV2 = { /** A URL pointing to a logo in PNG format. Note this logo will be resized to fit into 340px x 124px. */ logoUrl?: string; /** A template for the URL to be used in a magic link button, e.g. `https://dapp.xyz/%s`. The auth bundle will be interpolated into the `%s`. */ magicLinkTemplate?: string; /** JSON object containing key/value pairs to be used with custom templates. */ templateVariables?: string; /** Unique identifier for a given Email Template. If not specified, the default is the most recent Email Template. */ templateId?: string; }; export type v1EnableAuthProxyIntent = {}; export type v1EnableAuthProxyResult = { /** A User ID with permission to initiate authentication. */ userId: string; }; export type v1EthFailureDetails = { /** Ethereum revert chain, ordered from outermost to innermost. */ revertChain?: v1RevertChainEntry[]; }; export type v1EthSendRawTransactionIntent = { /** The raw, signed transaction to be sent. */ signedTransaction: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet). */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002"; }; export type v1EthSendRawTransactionResult = { /** The transaction hash of the sent transaction */ transactionHash: string; }; export type v1EthSendTransactionIntent = { /** A wallet or private key address to sign with. This does not support private key IDs. */ from: string; /** Whether to sponsor this transaction via Gas Station. */ sponsor?: boolean; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet). */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002"; /** Recipient address as a hex string with 0x prefix. */ to: string; /** Amount of native asset to send in wei. */ value?: string; /** Hex-encoded call data for contract interactions. */ data?: string; /** Transaction nonce, for EIP-1559 and Turnkey Gas Station authorizations. */ nonce?: string; /** Maximum amount of gas to use for this transaction, for EIP-1559 transactions. */ gasLimit?: string; /** Maximum total fee per gas unit (base fee + priority fee) in wei. Required for non-sponsored (EIP-1559) transactions. Not used for sponsored transactions. */ maxFeePerGas?: string; /** Maximum priority fee (tip) per gas unit in wei. Required for non-sponsored (EIP-1559) transactions. Not used for sponsored transactions. */ maxPriorityFeePerGas?: string; /** Unix timestamp in seconds for EIP-712 execution deadline. Only used when sponsor=true. */ deadline?: string; /** The gas station delegate contract nonce. Only used when sponsor=true. Include this if you want maximal security posture. */ gasStationNonce?: string; }; export type v1EthSendTransactionRequest = { type: "ACTIVITY_TYPE_ETH_SEND_TRANSACTION"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1EthSendTransactionIntent; generateAppProofs?: boolean; }; export type v1EthSendTransactionResult = { /** The send_transaction_status ID associated with the transaction submission */ sendTransactionStatusId: string; }; export type v1EthSendTransactionStatus = { /** The Ethereum transaction hash, if available. */ txHash?: string; }; export type v1ExportPrivateKeyIntent = { /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; }; export type v1ExportPrivateKeyRequest = { type: "ACTIVITY_TYPE_EXPORT_PRIVATE_KEY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ExportPrivateKeyIntent; generateAppProofs?: boolean; }; export type v1ExportPrivateKeyResult = { /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Export bundle containing a private key encrypted to the client's target public key. */ exportBundle: string; }; export type v1ExportWalletAccountIntent = { /** Address to identify Wallet Account. */ address: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; }; export type v1ExportWalletAccountRequest = { type: "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ExportWalletAccountIntent; generateAppProofs?: boolean; }; export type v1ExportWalletAccountResult = { /** Address to identify Wallet Account. */ address: string; /** Export bundle containing a private key encrypted by the client's target public key. */ exportBundle: string; }; export type v1ExportWalletIntent = { /** Unique identifier for a given Wallet. */ walletId: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; /** The language of the mnemonic to export. Defaults to English. */ language?: v1MnemonicLanguage; }; export type v1ExportWalletRequest = { type: "ACTIVITY_TYPE_EXPORT_WALLET"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ExportWalletIntent; generateAppProofs?: boolean; }; export type v1ExportWalletResult = { /** Unique identifier for a given Wallet. */ walletId: string; /** Export bundle containing a wallet mnemonic + optional newline passphrase encrypted by the client's target public key. */ exportBundle: string; }; export type v1Feature = { name?: v1FeatureName; value?: string; }; export type v1FeatureName = "FEATURE_NAME_ROOT_USER_EMAIL_RECOVERY" | "FEATURE_NAME_WEBAUTHN_ORIGINS" | "FEATURE_NAME_EMAIL_AUTH" | "FEATURE_NAME_EMAIL_RECOVERY" | "FEATURE_NAME_WEBHOOK" | "FEATURE_NAME_SMS_AUTH" | "FEATURE_NAME_OTP_EMAIL_AUTH" | "FEATURE_NAME_AUTH_PROXY" | "FEATURE_NAME_SOLANA_RENT_PREFUND_ENABLED"; export type v1FiatOnRampBlockchainNetwork = "FIAT_ON_RAMP_BLOCKCHAIN_NETWORK_BITCOIN" | "FIAT_ON_RAMP_BLOCKCHAIN_NETWORK_ETHEREUM" | "FIAT_ON_RAMP_BLOCKCHAIN_NETWORK_SOLANA" | "FIAT_ON_RAMP_BLOCKCHAIN_NETWORK_BASE"; export type v1FiatOnRampCredential = { /** Unique identifier for a given Fiat On-Ramp Credential. */ fiatOnrampCredentialId: string; /** Unique identifier for an Organization. */ organizationId: string; /** The fiat on-ramp provider. */ onrampProvider: v1FiatOnRampProvider; /** Project ID for the on-ramp provider. Some providers, like Coinbase, require this additional identifier. */ projectId?: string; /** Publishable API key for the on-ramp provider. */ publishableApiKey: string; /** Secret API key for the on-ramp provider encrypted to our on-ramp encryption public key. */ encryptedSecretApiKey: string; /** Private API key for the on-ramp provider encrypted to our on-ramp encryption public key. Some providers, like Coinbase, require this additional key. */ encryptedPrivateApiKey?: string; /** If the on-ramp credential is a sandbox credential. */ sandboxMode?: boolean; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1FiatOnRampCryptoCurrency = "FIAT_ON_RAMP_CRYPTO_CURRENCY_BTC" | "FIAT_ON_RAMP_CRYPTO_CURRENCY_ETH" | "FIAT_ON_RAMP_CRYPTO_CURRENCY_SOL" | "FIAT_ON_RAMP_CRYPTO_CURRENCY_USDC"; export type v1FiatOnRampCurrency = "FIAT_ON_RAMP_CURRENCY_AUD" | "FIAT_ON_RAMP_CURRENCY_BGN" | "FIAT_ON_RAMP_CURRENCY_BRL" | "FIAT_ON_RAMP_CURRENCY_CAD" | "FIAT_ON_RAMP_CURRENCY_CHF" | "FIAT_ON_RAMP_CURRENCY_COP" | "FIAT_ON_RAMP_CURRENCY_CZK" | "FIAT_ON_RAMP_CURRENCY_DKK" | "FIAT_ON_RAMP_CURRENCY_DOP" | "FIAT_ON_RAMP_CURRENCY_EGP" | "FIAT_ON_RAMP_CURRENCY_EUR" | "FIAT_ON_RAMP_CURRENCY_GBP" | "FIAT_ON_RAMP_CURRENCY_HKD" | "FIAT_ON_RAMP_CURRENCY_IDR" | "FIAT_ON_RAMP_CURRENCY_ILS" | "FIAT_ON_RAMP_CURRENCY_JOD" | "FIAT_ON_RAMP_CURRENCY_KES" | "FIAT_ON_RAMP_CURRENCY_KWD" | "FIAT_ON_RAMP_CURRENCY_LKR" | "FIAT_ON_RAMP_CURRENCY_MXN" | "FIAT_ON_RAMP_CURRENCY_NGN" | "FIAT_ON_RAMP_CURRENCY_NOK" | "FIAT_ON_RAMP_CURRENCY_NZD" | "FIAT_ON_RAMP_CURRENCY_OMR" | "FIAT_ON_RAMP_CURRENCY_PEN" | "FIAT_ON_RAMP_CURRENCY_PLN" | "FIAT_ON_RAMP_CURRENCY_RON" | "FIAT_ON_RAMP_CURRENCY_SEK" | "FIAT_ON_RAMP_CURRENCY_THB" | "FIAT_ON_RAMP_CURRENCY_TRY" | "FIAT_ON_RAMP_CURRENCY_TWD" | "FIAT_ON_RAMP_CURRENCY_USD" | "FIAT_ON_RAMP_CURRENCY_VND" | "FIAT_ON_RAMP_CURRENCY_ZAR"; export type v1FiatOnRampPaymentMethod = "FIAT_ON_RAMP_PAYMENT_METHOD_CREDIT_DEBIT_CARD" | "FIAT_ON_RAMP_PAYMENT_METHOD_APPLE_PAY" | "FIAT_ON_RAMP_PAYMENT_METHOD_GBP_BANK_TRANSFER" | "FIAT_ON_RAMP_PAYMENT_METHOD_GBP_OPEN_BANKING_PAYMENT" | "FIAT_ON_RAMP_PAYMENT_METHOD_GOOGLE_PAY" | "FIAT_ON_RAMP_PAYMENT_METHOD_SEPA_BANK_TRANSFER" | "FIAT_ON_RAMP_PAYMENT_METHOD_PIX_INSTANT_PAYMENT" | "FIAT_ON_RAMP_PAYMENT_METHOD_PAYPAL" | "FIAT_ON_RAMP_PAYMENT_METHOD_VENMO" | "FIAT_ON_RAMP_PAYMENT_METHOD_MOONPAY_BALANCE" | "FIAT_ON_RAMP_PAYMENT_METHOD_CRYPTO_ACCOUNT" | "FIAT_ON_RAMP_PAYMENT_METHOD_FIAT_WALLET" | "FIAT_ON_RAMP_PAYMENT_METHOD_ACH_BANK_ACCOUNT"; export type v1FiatOnRampProvider = "FIAT_ON_RAMP_PROVIDER_COINBASE" | "FIAT_ON_RAMP_PROVIDER_MOONPAY"; export type v1GetActivitiesRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Array of activity statuses filtering which activities will be listed in the response. */ filterByStatus?: v1ActivityStatus[]; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; /** Array of activity types filtering which activities will be listed in the response. */ filterByType?: v1ActivityType[]; }; export type v1GetActivitiesResponse = { /** A list of activities. */ activities: v1Activity[]; }; export type v1GetActivityRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given activity object. */ activityId: string; }; export type v1GetApiKeyRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given API key. */ apiKeyId: string; }; export type v1GetApiKeyResponse = { /** An API key. */ apiKey: v1ApiKey; }; export type v1GetApiKeysRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given user. */ userId?: string; }; export type v1GetApiKeysResponse = { /** A list of API keys. */ apiKeys: v1ApiKey[]; }; export type v1GetAppProofsRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** Unique identifier for a given activity. */ activityId: string; }; export type v1GetAppProofsResponse = { appProofs: v1AppProof[]; }; export type v1GetAppStatusRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** Unique identifier for a given TVC App. */ appId: string; }; export type v1GetAppStatusResponse = { /** Live runtime status for the TVC App */ appStatus: v1AppStatus; }; export type v1GetAuthenticatorRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given authenticator. */ authenticatorId: string; }; export type v1GetAuthenticatorResponse = { /** An authenticator. */ authenticator: v1Authenticator; }; export type v1GetAuthenticatorsRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given user. */ userId: string; }; export type v1GetAuthenticatorsResponse = { /** A list of authenticators. */ authenticators: v1Authenticator[]; }; export type v1GetBootProofRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** Hex encoded ephemeral public key. */ ephemeralKey: string; }; export type v1GetGasUsageRequest = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1GetGasUsageResponse = { /** The window duration (in minutes) for the organization or sub-organization. */ windowDurationMinutes: number; /** The window limit (in USD) for the organization or sub-organization. */ windowLimitUsd: string; /** The total gas usage (in USD) of all sponsored transactions processed over the last `window_duration_minutes` */ usageUsd: string; }; export type v1GetIpAllowlistRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** If provided, return only the allowlist for this specific API key. */ publicKey?: string; }; export type v1GetIpAllowlistResponse = { allowlist: v1IpAllowlist; }; export type v1GetLatestBootProofRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** Name of enclave app. */ appName: string; }; export type v1GetNoncesRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** The Ethereum address to query nonces for. */ address: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet). */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002"; /** Whether to fetch the standard on-chain nonce. */ nonce?: boolean; /** Whether to fetch the gas station nonce used for sponsored transactions. */ gasStationNonce?: boolean; }; export type v1GetNoncesResponse = { /** The standard on-chain nonce for the address, if requested. */ nonce?: string; /** The gas station nonce for sponsored transactions, if requested. */ gasStationNonce?: string; }; export type v1GetOauth2CredentialRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** Unique identifier for a given OAuth 2.0 Credential. */ oauth2CredentialId: string; }; export type v1GetOauth2CredentialResponse = { oauth2Credential: v1Oauth2Credential; }; export type v1GetOauthProvidersRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given user. */ userId?: string; }; export type v1GetOauthProvidersResponse = { /** A list of Oauth providers. */ oauthProviders: v1OauthProvider[]; }; export type v1GetOnRampTransactionStatusRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** The unique identifier for the fiat on ramp transaction. */ transactionId: string; /** Optional flag to specify if the transaction status should be refreshed from the fiat on ramp provider. Default = false. */ refresh?: boolean; }; export type v1GetOnRampTransactionStatusResponse = { /** The status of the fiat on ramp transaction. */ transactionStatus: string; }; export type v1GetOrganizationConfigsRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetOrganizationConfigsResponse = { /** Organization configs including quorum settings and organization features. */ configs: v1Config; }; export type v1GetPoliciesRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetPoliciesResponse = { /** A list of policies. */ policies: v1Policy[]; }; export type v1GetPolicyEvaluationsRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given activity. */ activityId: string; }; export type v1GetPolicyEvaluationsResponse = { policyEvaluations: externalactivityv1PolicyEvaluation[]; }; export type v1GetPolicyRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given policy. */ policyId: string; }; export type v1GetPolicyResponse = { /** Object that codifies rules defining the actions that are permissible within an organization. */ policy: v1Policy; }; export type v1GetPrivateKeyRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given private key. */ privateKeyId: string; }; export type v1GetPrivateKeyResponse = { /** Cryptographic public/private key pair that can be used for cryptocurrency needs or more generalized encryption. */ privateKey: v1PrivateKey; }; export type v1GetPrivateKeysRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetPrivateKeysResponse = { /** A list of private keys. */ privateKeys: v1PrivateKey[]; }; export type v1GetSendTransactionStatusRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** The unique identifier of a send transaction request. */ sendTransactionStatusId: string; }; export type v1GetSendTransactionStatusResponse = { /** The current status of the send transaction. */ txStatus: string; /** Ethereum-specific transaction status. */ eth?: v1EthSendTransactionStatus; /** Solana-specific transaction status. */ solana?: v1SolanaSendTransactionStatus; /** The error encountered when broadcasting or confirming the transaction, if any. */ txError?: string; /** Structured error information including revert details, if available. */ error?: v1TxError; }; export type v1GetSmartContractInterfaceRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given smart contract interface. */ smartContractInterfaceId: string; }; export type v1GetSmartContractInterfaceResponse = { /** Object to be used in conjunction with policies to guard transaction signing. */ smartContractInterface: externaldatav1SmartContractInterface; }; export type v1GetSmartContractInterfacesRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetSmartContractInterfacesResponse = { /** A list of smart contract interfaces. */ smartContractInterfaces: externaldatav1SmartContractInterface[]; }; export type v1GetSubOrgIdsRequest = { /** Unique identifier for the parent organization. This is used to find sub-organizations within it. */ organizationId: string; /** Specifies the type of filter to apply, i.e 'CREDENTIAL_ID', 'NAME', 'USERNAME', 'EMAIL', 'PHONE_NUMBER', 'OIDC_TOKEN', 'WALLET_ACCOUNT_ADDRESS' or 'PUBLIC_KEY' */ filterType?: string; /** The value of the filter to apply for the specified type. For example, a specific email or name string. */ filterValue?: string; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type v1GetSubOrgIdsResponse = { /** List of unique identifiers for the matching sub-organizations. */ organizationIds: string[]; }; export type v1GetTvcAppDeploymentsRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given TVC App. */ appId: string; }; export type v1GetTvcAppDeploymentsResponse = { /** List of deployments for this TVC App */ tvcDeployments: v1TvcDeployment[]; }; export type v1GetTvcAppRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given TVC App. */ tvcAppId: string; }; export type v1GetTvcAppResponse = { /** Details about a single TVC App */ tvcApp: v1TvcApp; }; export type v1GetTvcAppsRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetTvcAppsResponse = { /** A list of TVC Apps. */ tvcApps: v1TvcApp[]; }; export type v1GetTvcDeploymentRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given TVC Deployment. */ deploymentId: string; }; export type v1GetTvcDeploymentResponse = { /** Details about a single TVC Deployment */ tvcDeployment: v1TvcDeployment; }; export type v1GetUserRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given user. */ userId: string; }; export type v1GetUserResponse = { /** Web and/or API user within your organization. */ user: v1User; }; export type v1GetUsersRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetUsersResponse = { /** A list of users. */ users: v1User[]; }; export type v1GetVerifiedSubOrgIdsRequest = { /** Unique identifier for the parent organization. This is used to find sub-organizations within it. */ organizationId: string; /** Specifies the type of filter to apply, i.e 'EMAIL', 'PHONE_NUMBER'. */ filterType?: string; /** The value of the filter to apply for the specified type. For example, a specific email or phone number string. */ filterValue?: string; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type v1GetVerifiedSubOrgIdsResponse = { /** List of unique identifiers for the matching sub-organizations. */ organizationIds: string[]; }; export type v1GetWalletAccountRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given wallet. */ walletId: string; /** Address corresponding to a wallet account. */ address?: string; /** Path corresponding to a wallet account. */ path?: string; }; export type v1GetWalletAccountResponse = { /** The resulting wallet account. */ account: v1WalletAccount; }; export type v1GetWalletAccountsRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given wallet. If not provided, all accounts for the organization will be returned. */ walletId?: string; /** Optional flag to specify if the wallet details should be included in the response. Default = false. */ includeWalletDetails?: boolean; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type v1GetWalletAccountsResponse = { /** A list of accounts generated from a wallet that share a common seed. */ accounts: v1WalletAccount[]; }; export type v1GetWalletAddressBalancesRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Address corresponding to a wallet account. Private key addresses are not supported. */ address: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet or 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1"; }; export type v1GetWalletAddressBalancesResponse = { /** List of asset balances */ balances?: v1AssetBalance[]; }; export type v1GetWalletRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** Unique identifier for a given wallet. */ walletId: string; }; export type v1GetWalletResponse = { /** A collection of deterministically generated cryptographic public / private key pairs that share a common seed. */ wallet: v1Wallet; }; export type v1GetWalletsRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1GetWalletsResponse = { /** A list of wallets. */ wallets: v1Wallet[]; }; export type v1GetWhoamiRequest = { /** Unique identifier for a given organization. If the request is being made by a WebAuthN user and their sub-organization ID is unknown, this can be the parent organization ID; using the sub-organization ID when possible is preferred due to performance reasons. */ organizationId: string; }; export type v1GetWhoamiResponse = { /** Unique identifier for a given organization. */ organizationId: string; /** Human-readable name for an organization. */ organizationName: string; /** Unique identifier for a given user. */ userId: string; /** Human-readable name for a user. */ username: string; }; export type v1HashFunction = "HASH_FUNCTION_NO_OP" | "HASH_FUNCTION_SHA256" | "HASH_FUNCTION_KECCAK256" | "HASH_FUNCTION_NOT_APPLICABLE"; export type v1ImportPrivateKeyIntent = { /** The ID of the User importing a Private Key. */ userId: string; /** Human-readable name for a Private Key. */ privateKeyName: string; /** Bundle containing a raw private key encrypted to the enclave's target public key. */ encryptedBundle: string; /** Cryptographic Curve used to generate a given Private Key. */ curve: v1Curve; /** Cryptocurrency-specific formats for a derived address (e.g., Ethereum). */ addressFormats: v1AddressFormat[]; }; export type v1ImportPrivateKeyRequest = { type: "ACTIVITY_TYPE_IMPORT_PRIVATE_KEY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ImportPrivateKeyIntent; generateAppProofs?: boolean; }; export type v1ImportPrivateKeyResult = { /** Unique identifier for a Private Key. */ privateKeyId: string; /** A list of addresses. */ addresses: immutableactivityv1Address[]; }; export type v1ImportWalletIntent = { /** The ID of the User importing a Wallet. */ userId: string; /** Human-readable name for a Wallet. */ walletName: string; /** Bundle containing a wallet mnemonic encrypted to the enclave's target public key. */ encryptedBundle: string; /** A list of wallet Accounts. */ accounts: v1WalletAccountParams[]; }; export type v1ImportWalletRequest = { type: "ACTIVITY_TYPE_IMPORT_WALLET"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1ImportWalletIntent; generateAppProofs?: boolean; }; export type v1ImportWalletResult = { /** Unique identifier for a Wallet. */ walletId: string; /** A list of account addresses. */ addresses: string[]; }; export type v1InitFiatOnRampIntent = { /** Enum to specify which on-ramp provider to use */ onrampProvider: v1FiatOnRampProvider; /** Destination wallet address for the buy transaction. */ walletAddress: string; /** Blockchain network to be used for the transaction, e.g., bitcoin, ethereum. Maps to MoonPay's network or Coinbase's defaultNetwork. */ network: v1FiatOnRampBlockchainNetwork; /** Code for the cryptocurrency to be purchased, e.g., btc, eth. Maps to MoonPay's currencyCode or Coinbase's defaultAsset. */ cryptoCurrencyCode: v1FiatOnRampCryptoCurrency; /** Code for the fiat currency to be used in the transaction, e.g., USD, EUR. */ fiatCurrencyCode?: v1FiatOnRampCurrency; /** Specifies a preset fiat amount for the transaction, e.g., '100'. Must be greater than '20'. If not provided, the user will be prompted to enter an amount. */ fiatCurrencyAmount?: string; /** Pre-selected payment method, e.g., CREDIT_DEBIT_CARD, APPLE_PAY. Validated against the chosen provider. */ paymentMethod?: v1FiatOnRampPaymentMethod; /** ISO 3166-1 two-digit country code for Coinbase representing the purchasing user’s country of residence, e.g., US, GB. */ countryCode?: string; /** ISO 3166-2 two-digit country subdivision code for Coinbase representing the purchasing user’s subdivision of residence within their country, e.g. NY. Required if country_code=US. */ countrySubdivisionCode?: string; /** Optional flag to indicate whether to use the sandbox mode to simulate transactions for the on-ramp provider. Default is false. */ sandboxMode?: boolean; /** Optional MoonPay Widget URL to sign when using MoonPay client SDKs with URL Signing enabled. */ urlForSignature?: string; }; export type v1InitFiatOnRampRequest = { type: "ACTIVITY_TYPE_INIT_FIAT_ON_RAMP"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitFiatOnRampIntent; generateAppProofs?: boolean; }; export type v1InitFiatOnRampResult = { /** Unique URL for a given fiat on-ramp flow. */ onRampUrl: string; /** Unique identifier used to retrieve transaction statuses for a given fiat on-ramp flow. */ onRampTransactionId: string; /** Optional signature of the MoonPay Widget URL. The signature is generated if the Init Fiat On Ramp intent includes the urlForSignature field. The signature can be used to initialize the MoonPay SDKs when URL signing is enabled for your project. */ onRampUrlSignature?: string; }; export type v1InitImportPrivateKeyIntent = { /** The ID of the User importing a Private Key. */ userId: string; }; export type v1InitImportPrivateKeyRequest = { type: "ACTIVITY_TYPE_INIT_IMPORT_PRIVATE_KEY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitImportPrivateKeyIntent; generateAppProofs?: boolean; }; export type v1InitImportPrivateKeyResult = { /** Import bundle containing a public key and signature to use for importing client data. */ importBundle: string; }; export type v1InitImportWalletIntent = { /** The ID of the User importing a Wallet. */ userId: string; }; export type v1InitImportWalletRequest = { type: "ACTIVITY_TYPE_INIT_IMPORT_WALLET"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitImportWalletIntent; generateAppProofs?: boolean; }; export type v1InitImportWalletResult = { /** Import bundle containing a public key and signature to use for importing client data. */ importBundle: string; }; export type v1InitOtpAuthIntent = { /** Enum to specify whether to send OTP via SMS or email */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Optional parameters for customizing SMS message. If not provided, the default sms message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpAuthIntentV2 = { /** Enum to specify whether to send OTP via SMS or email */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Optional parameters for customizing SMS message. If not provided, the default SMS message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpAuthIntentV3 = { /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** The name of the application. This field is required and will be used in email notifications if an email template is not provided. */ appName: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParamsV2; /** Optional parameters for customizing SMS message. If not provided, the default SMS message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpAuthRequest = { type: "ACTIVITY_TYPE_INIT_OTP_AUTH_V3"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitOtpAuthIntentV3; generateAppProofs?: boolean; }; export type v1InitOtpAuthResult = { /** Unique identifier for an OTP authentication */ otpId: string; }; export type v1InitOtpAuthResultV2 = { /** Unique identifier for an OTP authentication */ otpId: string; }; export type v1InitOtpIntent = { /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Optional parameters for customizing SMS message. If not provided, the default sms message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpIntentV2 = { /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** The name of the application. This field is required and will be used in email notifications if an email template is not provided. */ appName: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParamsV2; /** Optional parameters for customizing SMS message. If not provided, the default SMS message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpIntentV3 = { /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** The name of the application. */ appName: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParamsV2; /** Optional parameters for customizing SMS message. If not provided, the default sms message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). If set to false, OTP code will only be numeric. Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitOtpResult = { /** Unique identifier for an OTP authentication */ otpId: string; }; export type v1InitOtpResultV2 = { /** Unique identifier for an OTP flow */ otpId: string; /** Signed bundle containing a target encryption key to use when submitting OTP codes. */ otpEncryptionTargetBundle: string; }; export type v1InitUserEmailRecoveryIntent = { /** Email of the user starting recovery */ email: string; /** Client-side public key generated by the user, to which the recovery bundle will be encrypted. */ targetPublicKey: string; /** Expiration window (in seconds) indicating how long the recovery credential is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParams; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitUserEmailRecoveryIntentV2 = { /** Email of the user starting recovery */ email: string; /** Client-side public key generated by the user, to which the recovery bundle will be encrypted. */ targetPublicKey: string; /** Expiration window (in seconds) indicating how long the recovery credential is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Parameters for customizing emails. If not provided, the default email will be used. Note that `app_name` is required. */ emailCustomization: v1EmailAuthCustomizationParams; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; }; export type v1InitUserEmailRecoveryRequest = { type: "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1InitUserEmailRecoveryIntentV2; generateAppProofs?: boolean; }; export type v1InitUserEmailRecoveryResult = { /** Unique identifier for the user being recovered. */ userId: string; }; export type v1Intent = { createOrganizationIntent?: v1CreateOrganizationIntent; createAuthenticatorsIntent?: v1CreateAuthenticatorsIntent; createUsersIntent?: v1CreateUsersIntent; createPrivateKeysIntent?: v1CreatePrivateKeysIntent; signRawPayloadIntent?: v1SignRawPayloadIntent; createInvitationsIntent?: v1CreateInvitationsIntent; acceptInvitationIntent?: v1AcceptInvitationIntent; createPolicyIntent?: v1CreatePolicyIntent; disablePrivateKeyIntent?: v1DisablePrivateKeyIntent; deleteUsersIntent?: v1DeleteUsersIntent; deleteAuthenticatorsIntent?: v1DeleteAuthenticatorsIntent; deleteInvitationIntent?: v1DeleteInvitationIntent; deleteOrganizationIntent?: v1DeleteOrganizationIntent; deletePolicyIntent?: v1DeletePolicyIntent; createUserTagIntent?: v1CreateUserTagIntent; deleteUserTagsIntent?: v1DeleteUserTagsIntent; signTransactionIntent?: v1SignTransactionIntent; createApiKeysIntent?: v1CreateApiKeysIntent; deleteApiKeysIntent?: v1DeleteApiKeysIntent; approveActivityIntent?: v1ApproveActivityIntent; rejectActivityIntent?: v1RejectActivityIntent; createPrivateKeyTagIntent?: v1CreatePrivateKeyTagIntent; deletePrivateKeyTagsIntent?: v1DeletePrivateKeyTagsIntent; createPolicyIntentV2?: v1CreatePolicyIntentV2; setPaymentMethodIntent?: billingSetPaymentMethodIntent; activateBillingTierIntent?: billingActivateBillingTierIntent; deletePaymentMethodIntent?: billingDeletePaymentMethodIntent; createPolicyIntentV3?: v1CreatePolicyIntentV3; createApiOnlyUsersIntent?: v1CreateApiOnlyUsersIntent; updateRootQuorumIntent?: v1UpdateRootQuorumIntent; updateUserTagIntent?: v1UpdateUserTagIntent; updatePrivateKeyTagIntent?: v1UpdatePrivateKeyTagIntent; createAuthenticatorsIntentV2?: v1CreateAuthenticatorsIntentV2; acceptInvitationIntentV2?: v1AcceptInvitationIntentV2; createOrganizationIntentV2?: v1CreateOrganizationIntentV2; createUsersIntentV2?: v1CreateUsersIntentV2; createSubOrganizationIntent?: v1CreateSubOrganizationIntent; createSubOrganizationIntentV2?: v1CreateSubOrganizationIntentV2; updateAllowedOriginsIntent?: v1UpdateAllowedOriginsIntent; createPrivateKeysIntentV2?: v1CreatePrivateKeysIntentV2; updateUserIntent?: v1UpdateUserIntent; updatePolicyIntent?: v1UpdatePolicyIntent; setPaymentMethodIntentV2?: billingSetPaymentMethodIntentV2; createSubOrganizationIntentV3?: v1CreateSubOrganizationIntentV3; createWalletIntent?: v1CreateWalletIntent; createWalletAccountsIntent?: v1CreateWalletAccountsIntent; initUserEmailRecoveryIntent?: v1InitUserEmailRecoveryIntent; recoverUserIntent?: v1RecoverUserIntent; setOrganizationFeatureIntent?: v1SetOrganizationFeatureIntent; removeOrganizationFeatureIntent?: v1RemoveOrganizationFeatureIntent; signRawPayloadIntentV2?: v1SignRawPayloadIntentV2; signTransactionIntentV2?: v1SignTransactionIntentV2; exportPrivateKeyIntent?: v1ExportPrivateKeyIntent; exportWalletIntent?: v1ExportWalletIntent; createSubOrganizationIntentV4?: v1CreateSubOrganizationIntentV4; emailAuthIntent?: v1EmailAuthIntent; exportWalletAccountIntent?: v1ExportWalletAccountIntent; initImportWalletIntent?: v1InitImportWalletIntent; importWalletIntent?: v1ImportWalletIntent; initImportPrivateKeyIntent?: v1InitImportPrivateKeyIntent; importPrivateKeyIntent?: v1ImportPrivateKeyIntent; createPoliciesIntent?: v1CreatePoliciesIntent; signRawPayloadsIntent?: v1SignRawPayloadsIntent; createReadOnlySessionIntent?: v1CreateReadOnlySessionIntent; createOauthProvidersIntent?: v1CreateOauthProvidersIntent; deleteOauthProvidersIntent?: v1DeleteOauthProvidersIntent; createSubOrganizationIntentV5?: v1CreateSubOrganizationIntentV5; oauthIntent?: v1OauthIntent; createApiKeysIntentV2?: v1CreateApiKeysIntentV2; createReadWriteSessionIntent?: v1CreateReadWriteSessionIntent; emailAuthIntentV2?: v1EmailAuthIntentV2; createSubOrganizationIntentV6?: v1CreateSubOrganizationIntentV6; deletePrivateKeysIntent?: v1DeletePrivateKeysIntent; deleteWalletsIntent?: v1DeleteWalletsIntent; createReadWriteSessionIntentV2?: v1CreateReadWriteSessionIntentV2; deleteSubOrganizationIntent?: v1DeleteSubOrganizationIntent; initOtpAuthIntent?: v1InitOtpAuthIntent; otpAuthIntent?: v1OtpAuthIntent; createSubOrganizationIntentV7?: v1CreateSubOrganizationIntentV7; updateWalletIntent?: v1UpdateWalletIntent; updatePolicyIntentV2?: v1UpdatePolicyIntentV2; createUsersIntentV3?: v1CreateUsersIntentV3; initOtpAuthIntentV2?: v1InitOtpAuthIntentV2; initOtpIntent?: v1InitOtpIntent; verifyOtpIntent?: v1VerifyOtpIntent; otpLoginIntent?: v1OtpLoginIntent; stampLoginIntent?: v1StampLoginIntent; oauthLoginIntent?: v1OauthLoginIntent; updateUserNameIntent?: v1UpdateUserNameIntent; updateUserEmailIntent?: v1UpdateUserEmailIntent; updateUserPhoneNumberIntent?: v1UpdateUserPhoneNumberIntent; initFiatOnRampIntent?: v1InitFiatOnRampIntent; createSmartContractInterfaceIntent?: v1CreateSmartContractInterfaceIntent; deleteSmartContractInterfaceIntent?: v1DeleteSmartContractInterfaceIntent; enableAuthProxyIntent?: v1EnableAuthProxyIntent; disableAuthProxyIntent?: v1DisableAuthProxyIntent; updateAuthProxyConfigIntent?: v1UpdateAuthProxyConfigIntent; createOauth2CredentialIntent?: v1CreateOauth2CredentialIntent; updateOauth2CredentialIntent?: v1UpdateOauth2CredentialIntent; deleteOauth2CredentialIntent?: v1DeleteOauth2CredentialIntent; oauth2AuthenticateIntent?: v1Oauth2AuthenticateIntent; deleteWalletAccountsIntent?: v1DeleteWalletAccountsIntent; deletePoliciesIntent?: v1DeletePoliciesIntent; ethSendRawTransactionIntent?: v1EthSendRawTransactionIntent; ethSendTransactionIntent?: v1EthSendTransactionIntent; createFiatOnRampCredentialIntent?: v1CreateFiatOnRampCredentialIntent; updateFiatOnRampCredentialIntent?: v1UpdateFiatOnRampCredentialIntent; deleteFiatOnRampCredentialIntent?: v1DeleteFiatOnRampCredentialIntent; emailAuthIntentV3?: v1EmailAuthIntentV3; initUserEmailRecoveryIntentV2?: v1InitUserEmailRecoveryIntentV2; initOtpIntentV2?: v1InitOtpIntentV2; initOtpAuthIntentV3?: v1InitOtpAuthIntentV3; upsertGasUsageConfigIntent?: v1UpsertGasUsageConfigIntent; createTvcAppIntent?: v1CreateTvcAppIntent; createTvcDeploymentIntent?: v1CreateTvcDeploymentIntent; createTvcManifestApprovalsIntent?: v1CreateTvcManifestApprovalsIntent; solSendTransactionIntent?: v1SolSendTransactionIntent; initOtpIntentV3?: v1InitOtpIntentV3; verifyOtpIntentV2?: v1VerifyOtpIntentV2; otpLoginIntentV2?: v1OtpLoginIntentV2; updateOrganizationNameIntent?: v1UpdateOrganizationNameIntent; createSubOrganizationIntentV8?: v1CreateSubOrganizationIntentV8; createOauthProvidersIntentV2?: v1CreateOauthProvidersIntentV2; createUsersIntentV4?: v1CreateUsersIntentV4; createWebhookEndpointIntent?: v1CreateWebhookEndpointIntent; updateWebhookEndpointIntent?: v1UpdateWebhookEndpointIntent; deleteWebhookEndpointIntent?: v1DeleteWebhookEndpointIntent; setIpAllowlistIntent?: v1SetIpAllowlistIntent; removeIpAllowlistIntent?: v1RemoveIpAllowlistIntent; updateTvcAppLiveDeploymentIntent?: v1UpdateTvcAppLiveDeploymentIntent; deleteTvcDeploymentIntent?: v1DeleteTvcDeploymentIntent; deleteTvcAppAndDeploymentsIntent?: v1DeleteTvcAppAndDeploymentsIntent; restoreTvcDeploymentIntent?: v1RestoreTvcDeploymentIntent; sparkSignFrostIntent?: v1SparkSignFrostIntent; sparkPrepareTransferIntent?: v1SparkPrepareTransferIntent; sparkClaimTransferIntent?: v1SparkClaimTransferIntent; sparkPrepareLightningReceiveIntent?: v1SparkPrepareLightningReceiveIntent; postTvcQuorumKeyShareIntent?: v1PostTvcQuorumKeyShareIntent; }; export type v1InvitationParams = { /** The name of the intended Invitation recipient. */ receiverUserName: string; /** The email address of the intended Invitation recipient. */ receiverUserEmail: string; /** A list of tags assigned to the Invitation recipient. This field, if not needed, should be an empty array in your request body. */ receiverUserTags: string[]; /** The User's permissible access method(s). */ accessType: v1AccessType; /** Unique identifier for the Sender of an Invitation. */ senderUserId: string; }; export type v1IpAllowlist = { /** Unique identifier for the organization this allowlist belongs to. */ organizationId: string; /** List of IP allowlist rules with their metadata. */ rules: v1IpAllowlistRule[]; /** Public key of the API key this allowlist applies to. Null means the allowlist applies to the entire organization. */ publicKey?: string; /** Whether the IP allowlist is enabled. Only present for organization-level allowlists. Null for API key-level allowlists (presence of the allowlist implies enablement). */ enabled?: boolean; /** Behavior when an error occurs during IP allowlist evaluation. Valid values: ALLOW, DENY. Defaults to DENY. */ onEvaluationError?: string; }; export type v1IpAllowlistIntentRule = { /** CIDR block (e.g., '192.168.1.0/24', '2001:db8::/32'). */ cidr: string; /** Optional human-readable label for this rule (e.g., 'Office VPN'). */ label?: string; }; export type v1IpAllowlistRule = { /** CIDR block (e.g., '192.168.1.0/24'). */ cidr: string; /** Optional human-readable label for this rule. */ label?: string; /** Creation timestamp as millisecond epoch string. */ createdAt?: string; }; export type v1ListFiatOnRampCredentialsRequest = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1ListFiatOnRampCredentialsResponse = { fiatOnRampCredentials: v1FiatOnRampCredential[]; }; export type v1ListOauth2CredentialsRequest = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1ListOauth2CredentialsResponse = { oauth2Credentials: v1Oauth2Credential[]; }; export type v1ListPrivateKeyTagsRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1ListPrivateKeyTagsResponse = { /** A list of private key tags. */ privateKeyTags: datav1Tag[]; }; export type v1ListSupportedAssetsRequest = { /** Unique identifier for a given organization. */ organizationId: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet or 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1"; }; export type v1ListSupportedAssetsResponse = { /** List of asset metadata */ assets?: v1AssetMetadata[]; }; export type v1ListUserTagsRequest = { /** Unique identifier for a given organization. */ organizationId: string; }; export type v1ListUserTagsResponse = { /** A list of user tags. */ userTags: datav1Tag[]; }; export type v1ListWebhookEndpointsRequest = { /** Unique identifier for a given Organization. */ organizationId: string; }; export type v1ListWebhookEndpointsResponse = { webhookEndpoints: v1WebhookEndpointData[]; }; export type v1LoginUsage = { /** Public key for authentication */ publicKey: string; }; export type v1MnemonicLanguage = "MNEMONIC_LANGUAGE_ENGLISH" | "MNEMONIC_LANGUAGE_SIMPLIFIED_CHINESE" | "MNEMONIC_LANGUAGE_TRADITIONAL_CHINESE" | "MNEMONIC_LANGUAGE_CZECH" | "MNEMONIC_LANGUAGE_FRENCH" | "MNEMONIC_LANGUAGE_ITALIAN" | "MNEMONIC_LANGUAGE_JAPANESE" | "MNEMONIC_LANGUAGE_KOREAN" | "MNEMONIC_LANGUAGE_SPANISH"; export type v1NOOPCodegenAnchorResponse = { stamp: v1WebAuthnStamp; tokenUsage?: v1TokenUsage; }; export type v1NativeRevertError = { /** The type of native error: 'error_string', 'panic', or 'execution_reverted'. */ nativeType?: string; /** The error message for Error(string) reverts. */ message?: string; /** The panic code for Panic(uint256) reverts. */ panicCode?: string; }; export type v1Oauth2AuthenticateIntent = { /** The OAuth 2.0 credential id whose client_id and client_secret will be used in the OAuth 2.0 flow */ oauth2CredentialId: string; /** The auth_code provided by the OAuth 2.0 provider to the end user to be exchanged for a Bearer token in the OAuth 2.0 flow */ authCode: string; /** The URI the user is redirected to after they have authenticated with the OAuth 2.0 provider */ redirectUri: string; /** The code verifier used by OAuth 2.0 PKCE providers */ codeVerifier: string; /** A nonce value set to sha256(publicKey), used to bind the OIDC token to a specific public key */ nonce: string; /** An optional P256 public key to which, if provided, the bearer token will be encrypted and returned via the `encrypted_bearer_token` claim of the OIDC Token */ bearerTokenTargetPublicKey?: string; }; export type v1Oauth2AuthenticateRequest = { type: "ACTIVITY_TYPE_OAUTH2_AUTHENTICATE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1Oauth2AuthenticateIntent; generateAppProofs?: boolean; }; export type v1Oauth2AuthenticateResult = { /** Base64 encoded OIDC token issued by Turnkey to be used with the LoginWithOAuth activity */ oidcToken: string; }; export type v1Oauth2Credential = { /** Unique identifier for a given OAuth 2.0 Credential. */ oauth2CredentialId: string; /** Unique identifier for an Organization. */ organizationId: string; /** The provider for a given OAuth 2.0 Credential. */ provider: v1Oauth2Provider; /** The client id for a given OAuth 2.0 Credential. */ clientId: string; /** The encrypted client secret for a given OAuth 2.0 Credential encrypted to the TLS Fetcher quorum key. */ encryptedClientSecret: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1OauthIntent = { /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, to which the oauth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Oauth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Oauth API keys */ invalidateExisting?: boolean; }; export type v1OauthLoginIntent = { /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the oidc token associated with this request */ publicKey: string; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; }; export type v1OauthLoginRequest = { type: "ACTIVITY_TYPE_OAUTH_LOGIN"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1OauthLoginIntent; generateAppProofs?: boolean; }; export type v1OauthLoginResult = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1OauthProvider = { /** Unique identifier for an OAuth Provider */ providerId: string; /** Human-readable name to identify a Provider. */ providerName: string; /** The issuer of the token, typically a URL indicating the authentication server, e.g https://accounts.google.com */ issuer: string; /** Expected audience ('aud' attribute of the signed token) which represents the app ID */ audience: string; /** Expected subject ('sub' attribute of the signed token) which represents the user ID */ subject: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1OauthRequest = { type: "ACTIVITY_TYPE_OAUTH"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1OauthIntent; generateAppProofs?: boolean; }; export type v1OauthResult = { /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId: string; /** HPKE encrypted credential bundle */ credentialBundle: string; }; export type v1Operator = "OPERATOR_EQUAL" | "OPERATOR_MORE_THAN" | "OPERATOR_MORE_THAN_OR_EQUAL" | "OPERATOR_LESS_THAN" | "OPERATOR_LESS_THAN_OR_EQUAL" | "OPERATOR_CONTAINS" | "OPERATOR_NOT_EQUAL" | "OPERATOR_IN" | "OPERATOR_NOT_IN" | "OPERATOR_CONTAINS_ONE" | "OPERATOR_CONTAINS_ALL"; export type v1OtpAuthIntent = { /** ID representing the result of an init OTP activity. */ otpId: string; /** OTP sent out to a user's contact (email or SMS) */ otpCode: string; /** Client-side public key generated by the user, to which the OTP bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to OTP Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated OTP Auth API keys */ invalidateExisting?: boolean; }; export type v1OtpAuthRequest = { type: "ACTIVITY_TYPE_OTP_AUTH"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1OtpAuthIntent; generateAppProofs?: boolean; }; export type v1OtpAuthResult = { /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId?: string; /** HPKE encrypted credential bundle */ credentialBundle?: string; }; export type v1OtpLoginIntent = { /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the verification token */ publicKey: string; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; /** Optional signature proving authorization for this login. The signature is over the verification token ID and the public key. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type v1OtpLoginIntentV2 = { /** Signed Verification Token containing a unique id, expiry, verification type, contact */ verificationToken: string; /** Client-side public key generated by the user, used as the session public key upon successful login */ publicKey: string; /** Required signature proving authorization for this login. The signature is over the verification token ID and the public key. Required for secure OTP login process. */ clientSignature: v1ClientSignature; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login sessions */ invalidateExisting?: boolean; }; export type v1OtpLoginResult = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1Outcome = "OUTCOME_ALLOW" | "OUTCOME_DENY_EXPLICIT" | "OUTCOME_DENY_IMPLICIT" | "OUTCOME_REQUIRES_CONSENSUS" | "OUTCOME_REJECTED" | "OUTCOME_ERROR"; export type v1Pagination = { /** A limit of the number of object to be returned, between 1 and 100. Defaults to 10. */ limit?: string; /** A pagination cursor. This is an object ID that enables you to fetch all objects before this ID. */ before?: string; /** A pagination cursor. This is an object ID that enables you to fetch all objects after this ID. */ after?: string; }; export type v1PayloadEncoding = "PAYLOAD_ENCODING_HEXADECIMAL" | "PAYLOAD_ENCODING_TEXT_UTF8" | "PAYLOAD_ENCODING_EIP712" | "PAYLOAD_ENCODING_EIP7702_AUTHORIZATION"; export type v1Policy = { /** Unique identifier for a given Policy. */ policyId: string; /** Human-readable name for a Policy. */ policyName: string; /** The instruction to DENY or ALLOW a particular activity following policy selector(s). */ effect: v1Effect; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** Human-readable notes added by a User to describe a particular policy. */ notes: string; /** A consensus expression that evalutes to true or false. */ consensus: string; /** A condition expression that evalutes to true or false. */ condition: string; }; export type v1PostTvcQuorumKeyShareIntent = { /** Unique identifier of the TVC deployment receiving quorum key share */ deploymentId: string; /** Hex-encoded ephemeral public key used to encrypt the quorum key share */ ephemeralPublicKeyHex: string; /** Re-encrypted quorum key share and approval */ shareApprovalBundle: v1QuorumKeyShareApprovalBundle; }; export type v1PostTvcQuorumKeyShareResult = { /** The unique identifier for the provisioning quorum key share */ provisioningShareId: string; }; export type v1PrivateKey = { /** Unique identifier for a given Private Key. */ privateKeyId: string; /** The public component of a cryptographic key pair used to sign messages and transactions. */ publicKey: string; /** Human-readable name for a Private Key. */ privateKeyName: string; /** Cryptographic Curve used to generate a given Private Key. */ curve: v1Curve; /** Derived cryptocurrency addresses for a given Private Key. */ addresses: externaldatav1Address[]; /** A list of Private Key Tag IDs. */ privateKeyTags: string[]; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** True when a given Private Key is exported, false otherwise. */ exported: boolean; /** True when a given Private Key is imported, false otherwise. */ imported: boolean; }; export type v1PrivateKeyParams = { /** Human-readable name for a Private Key. */ privateKeyName: string; /** Cryptographic Curve used to generate a given Private Key. */ curve: v1Curve; /** A list of Private Key Tag IDs. This field, if not needed, should be an empty array in your request body. */ privateKeyTags: string[]; /** Cryptocurrency-specific formats for a derived address (e.g., Ethereum). */ addressFormats: v1AddressFormat[]; }; export type v1PrivateKeyResult = { privateKeyId?: string; addresses?: immutableactivityv1Address[]; }; export type v1PublicKeyCredentialWithAttestation = { id: string; type: "public-key"; rawId: string; authenticatorAttachment?: "cross-platform" | "platform"; response: v1AuthenticatorAttestationResponse; clientExtensionResults: v1SimpleClientExtensionResults; }; export type v1QuorumKeyShareApprovalBundle = { /** Unique identifier of the operator providing this quorum key share */ operatorId: string; /** Hex-encoded re-encrypted quorum key share */ reEncryptedShareHex: string; /** Signature from the share set operator approving the manifest */ signature: string; }; export type v1RecoverUserIntent = { /** The new authenticator to register. */ authenticator: v1AuthenticatorParamsV2; /** Unique identifier for the user performing recovery. */ userId: string; }; export type v1RecoverUserRequest = { type: "ACTIVITY_TYPE_RECOVER_USER"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1RecoverUserIntent; generateAppProofs?: boolean; }; export type v1RecoverUserResult = { /** ID of the authenticator created. */ authenticatorId: string[]; }; export type v1RejectActivityIntent = { /** An artifact verifying a User's action. */ fingerprint: string; }; export type v1RejectActivityRequest = { type: "ACTIVITY_TYPE_REJECT_ACTIVITY"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1RejectActivityIntent; generateAppProofs?: boolean; }; export type v1RemoveIpAllowlistIntent = { /** The public component of an API key. If null, removes the organization-level IP allowlist. If set, removes the IP allowlist for this specific API key. */ publicKey?: string; }; export type v1RemoveIpAllowlistRequest = { type: "ACTIVITY_TYPE_REMOVE_IP_ALLOWLIST"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1RemoveIpAllowlistIntent; generateAppProofs?: boolean; }; export type v1RemoveIpAllowlistResult = {}; export type v1RemoveOrganizationFeatureIntent = { /** Name of the feature to remove */ name: v1FeatureName; }; export type v1RemoveOrganizationFeatureRequest = { type: "ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1RemoveOrganizationFeatureIntent; generateAppProofs?: boolean; }; export type v1RemoveOrganizationFeatureResult = { /** Resulting list of organization features. */ features: v1Feature[]; }; export type v1RestoreTvcDeploymentIntent = { /** The unique identifier of the TVC deployment to restore. */ deploymentId: string; }; export type v1RestoreTvcDeploymentRequest = { type: "ACTIVITY_TYPE_RESTORE_TVC_DEPLOYMENT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1RestoreTvcDeploymentIntent; generateAppProofs?: boolean; }; export type v1RestoreTvcDeploymentResult = { /** The unique identifier of the restored TVC deployment. */ deploymentId: string; }; export type v1Result = { createOrganizationResult?: v1CreateOrganizationResult; createAuthenticatorsResult?: v1CreateAuthenticatorsResult; createUsersResult?: v1CreateUsersResult; createPrivateKeysResult?: v1CreatePrivateKeysResult; createInvitationsResult?: v1CreateInvitationsResult; acceptInvitationResult?: v1AcceptInvitationResult; signRawPayloadResult?: v1SignRawPayloadResult; createPolicyResult?: v1CreatePolicyResult; disablePrivateKeyResult?: v1DisablePrivateKeyResult; deleteUsersResult?: v1DeleteUsersResult; deleteAuthenticatorsResult?: v1DeleteAuthenticatorsResult; deleteInvitationResult?: v1DeleteInvitationResult; deleteOrganizationResult?: v1DeleteOrganizationResult; deletePolicyResult?: v1DeletePolicyResult; createUserTagResult?: v1CreateUserTagResult; deleteUserTagsResult?: v1DeleteUserTagsResult; signTransactionResult?: v1SignTransactionResult; deleteApiKeysResult?: v1DeleteApiKeysResult; createApiKeysResult?: v1CreateApiKeysResult; createPrivateKeyTagResult?: v1CreatePrivateKeyTagResult; deletePrivateKeyTagsResult?: v1DeletePrivateKeyTagsResult; setPaymentMethodResult?: billingSetPaymentMethodResult; activateBillingTierResult?: billingActivateBillingTierResult; deletePaymentMethodResult?: billingDeletePaymentMethodResult; createApiOnlyUsersResult?: v1CreateApiOnlyUsersResult; updateRootQuorumResult?: v1UpdateRootQuorumResult; updateUserTagResult?: v1UpdateUserTagResult; updatePrivateKeyTagResult?: v1UpdatePrivateKeyTagResult; createSubOrganizationResult?: v1CreateSubOrganizationResult; updateAllowedOriginsResult?: v1UpdateAllowedOriginsResult; createPrivateKeysResultV2?: v1CreatePrivateKeysResultV2; updateUserResult?: v1UpdateUserResult; updatePolicyResult?: v1UpdatePolicyResult; createSubOrganizationResultV3?: v1CreateSubOrganizationResultV3; createWalletResult?: v1CreateWalletResult; createWalletAccountsResult?: v1CreateWalletAccountsResult; initUserEmailRecoveryResult?: v1InitUserEmailRecoveryResult; recoverUserResult?: v1RecoverUserResult; setOrganizationFeatureResult?: v1SetOrganizationFeatureResult; removeOrganizationFeatureResult?: v1RemoveOrganizationFeatureResult; exportPrivateKeyResult?: v1ExportPrivateKeyResult; exportWalletResult?: v1ExportWalletResult; createSubOrganizationResultV4?: v1CreateSubOrganizationResultV4; emailAuthResult?: v1EmailAuthResult; exportWalletAccountResult?: v1ExportWalletAccountResult; initImportWalletResult?: v1InitImportWalletResult; importWalletResult?: v1ImportWalletResult; initImportPrivateKeyResult?: v1InitImportPrivateKeyResult; importPrivateKeyResult?: v1ImportPrivateKeyResult; createPoliciesResult?: v1CreatePoliciesResult; signRawPayloadsResult?: v1SignRawPayloadsResult; createReadOnlySessionResult?: v1CreateReadOnlySessionResult; createOauthProvidersResult?: v1CreateOauthProvidersResult; deleteOauthProvidersResult?: v1DeleteOauthProvidersResult; createSubOrganizationResultV5?: v1CreateSubOrganizationResultV5; oauthResult?: v1OauthResult; createReadWriteSessionResult?: v1CreateReadWriteSessionResult; createSubOrganizationResultV6?: v1CreateSubOrganizationResultV6; deletePrivateKeysResult?: v1DeletePrivateKeysResult; deleteWalletsResult?: v1DeleteWalletsResult; createReadWriteSessionResultV2?: v1CreateReadWriteSessionResultV2; deleteSubOrganizationResult?: v1DeleteSubOrganizationResult; initOtpAuthResult?: v1InitOtpAuthResult; otpAuthResult?: v1OtpAuthResult; createSubOrganizationResultV7?: v1CreateSubOrganizationResultV7; updateWalletResult?: v1UpdateWalletResult; updatePolicyResultV2?: v1UpdatePolicyResultV2; initOtpAuthResultV2?: v1InitOtpAuthResultV2; initOtpResult?: v1InitOtpResult; verifyOtpResult?: v1VerifyOtpResult; otpLoginResult?: v1OtpLoginResult; stampLoginResult?: v1StampLoginResult; oauthLoginResult?: v1OauthLoginResult; updateUserNameResult?: v1UpdateUserNameResult; updateUserEmailResult?: v1UpdateUserEmailResult; updateUserPhoneNumberResult?: v1UpdateUserPhoneNumberResult; initFiatOnRampResult?: v1InitFiatOnRampResult; createSmartContractInterfaceResult?: v1CreateSmartContractInterfaceResult; deleteSmartContractInterfaceResult?: v1DeleteSmartContractInterfaceResult; enableAuthProxyResult?: v1EnableAuthProxyResult; disableAuthProxyResult?: v1DisableAuthProxyResult; updateAuthProxyConfigResult?: v1UpdateAuthProxyConfigResult; createOauth2CredentialResult?: v1CreateOauth2CredentialResult; updateOauth2CredentialResult?: v1UpdateOauth2CredentialResult; deleteOauth2CredentialResult?: v1DeleteOauth2CredentialResult; oauth2AuthenticateResult?: v1Oauth2AuthenticateResult; deleteWalletAccountsResult?: v1DeleteWalletAccountsResult; deletePoliciesResult?: v1DeletePoliciesResult; ethSendRawTransactionResult?: v1EthSendRawTransactionResult; createFiatOnRampCredentialResult?: v1CreateFiatOnRampCredentialResult; updateFiatOnRampCredentialResult?: v1UpdateFiatOnRampCredentialResult; deleteFiatOnRampCredentialResult?: v1DeleteFiatOnRampCredentialResult; ethSendTransactionResult?: v1EthSendTransactionResult; upsertGasUsageConfigResult?: v1UpsertGasUsageConfigResult; createTvcAppResult?: v1CreateTvcAppResult; createTvcDeploymentResult?: v1CreateTvcDeploymentResult; createTvcManifestApprovalsResult?: v1CreateTvcManifestApprovalsResult; solSendTransactionResult?: v1SolSendTransactionResult; initOtpResultV2?: v1InitOtpResultV2; updateOrganizationNameResult?: v1UpdateOrganizationNameResult; createSubOrganizationResultV8?: v1CreateSubOrganizationResultV8; createOauthProvidersResultV2?: v1CreateOauthProvidersResultV2; createWebhookEndpointResult?: v1CreateWebhookEndpointResult; updateWebhookEndpointResult?: v1UpdateWebhookEndpointResult; deleteWebhookEndpointResult?: v1DeleteWebhookEndpointResult; setIpAllowlistResult?: v1SetIpAllowlistResult; removeIpAllowlistResult?: v1RemoveIpAllowlistResult; updateTvcAppLiveDeploymentResult?: v1UpdateTvcAppLiveDeploymentResult; deleteTvcDeploymentResult?: v1DeleteTvcDeploymentResult; deleteTvcAppAndDeploymentsResult?: v1DeleteTvcAppAndDeploymentsResult; restoreTvcDeploymentResult?: v1RestoreTvcDeploymentResult; sparkSignFrostResult?: v1SparkSignFrostResult; sparkPrepareTransferResult?: v1SparkPrepareTransferResult; sparkClaimTransferResult?: v1SparkClaimTransferResult; sparkPrepareLightningReceiveResult?: v1SparkPrepareLightningReceiveResult; postTvcQuorumKeyShareResult?: v1PostTvcQuorumKeyShareResult; }; export type v1RevertChainEntry = { /** The contract address where the revert occurred. */ address?: string; /** Type of error: 'unknown', 'native', or 'custom'. */ errorType?: string; /** Human-readable message describing this revert. */ displayMessage?: string; /** Details for unknown error types. */ unknown?: v1UnknownRevertError; /** Details for native Solidity errors (Error, Panic, execution reverted). */ native?: v1NativeRevertError; /** Details for custom contract errors. */ custom?: v1CustomRevertError; }; export type v1RootUserParams = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: apiApiKeyParams[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; }; export type v1RootUserParamsV2 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: apiApiKeyParams[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; }; export type v1RootUserParamsV3 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; }; export type v1RootUserParamsV4 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; }; export type v1RootUserParamsV5 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParamsV2[]; }; export type v1Selector = { subject?: string; operator?: v1Operator; target?: string; }; export type v1SelectorV2 = { subject?: string; operator?: v1Operator; targets?: string[]; }; export type v1SetIpAllowlistIntent = { /** The public component of an API key. If null, the IP allowlist applies at the organization level. If set, it applies only to this specific API key. */ publicKey?: string; /** Whether the IP allowlist is enabled. Only meaningful for organization-level allowlists. Omit for API key-level allowlists. */ enabled?: boolean; /** List of IP allowlist rules with CIDR blocks and optional labels. */ rules?: v1IpAllowlistIntentRule[]; /** Behavior when an error occurs during IP allowlist evaluation. Valid values: ALLOW, DENY. Defaults to DENY. */ onEvaluationError?: string; }; export type v1SetIpAllowlistRequest = { type: "ACTIVITY_TYPE_SET_IP_ALLOWLIST"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SetIpAllowlistIntent; generateAppProofs?: boolean; }; export type v1SetIpAllowlistResult = {}; export type v1SetOrganizationFeatureIntent = { /** Name of the feature to set */ name: v1FeatureName; /** Optional value for the feature. Will override existing values if feature is already set. */ value: string; }; export type v1SetOrganizationFeatureRequest = { type: "ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SetOrganizationFeatureIntent; generateAppProofs?: boolean; }; export type v1SetOrganizationFeatureResult = { /** Resulting list of organization features. */ features: v1Feature[]; }; export type v1SignRawPayloadIntent = { /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Raw unsigned payload to be signed. */ payload: string; /** Encoding of the `payload` string. Turnkey uses this information to convert `payload` into bytes with the correct decoder (e.g. hex, utf8). */ encoding: v1PayloadEncoding; /** Hash function to apply to payload bytes before signing. This field must be set to HASH_FUNCTION_NOT_APPLICABLE for EdDSA/ed25519 signature requests; configurable payload hashing is not supported by RFC 8032. */ hashFunction: v1HashFunction; }; export type v1SignRawPayloadIntentV2 = { /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** Raw unsigned payload to be signed. */ payload: string; /** Encoding of the `payload` string. Turnkey uses this information to convert `payload` into bytes with the correct decoder (e.g. hex, utf8). */ encoding: v1PayloadEncoding; /** Hash function to apply to payload bytes before signing. This field must be set to HASH_FUNCTION_NOT_APPLICABLE for EdDSA/ed25519 signature requests; configurable payload hashing is not supported by RFC 8032. */ hashFunction: v1HashFunction; }; export type v1SignRawPayloadRequest = { type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SignRawPayloadIntentV2; generateAppProofs?: boolean; }; export type v1SignRawPayloadResult = { /** Component of an ECSDA signature. */ r: string; /** Component of an ECSDA signature. */ s: string; /** Component of an ECSDA signature. */ v: string; }; export type v1SignRawPayloadsIntent = { /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** An array of raw unsigned payloads to be signed. */ payloads: string[]; /** Encoding of the `payload` string. Turnkey uses this information to convert `payload` into bytes with the correct decoder (e.g. hex, utf8). */ encoding: v1PayloadEncoding; /** Hash function to apply to payload bytes before signing. This field must be set to HASH_FUNCTION_NOT_APPLICABLE for EdDSA/ed25519 signature requests; configurable payload hashing is not supported by RFC 8032. */ hashFunction: v1HashFunction; }; export type v1SignRawPayloadsRequest = { type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOADS"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SignRawPayloadsIntent; generateAppProofs?: boolean; }; export type v1SignRawPayloadsResult = { signatures?: v1SignRawPayloadResult[]; }; export type v1SignTransactionIntent = { /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Raw unsigned transaction to be signed by a particular Private Key. */ unsignedTransaction: string; type: v1TransactionType; }; export type v1SignTransactionIntentV2 = { /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** Raw unsigned transaction to be signed */ unsignedTransaction: string; type: v1TransactionType; }; export type v1SignTransactionRequest = { type: "ACTIVITY_TYPE_SIGN_TRANSACTION_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SignTransactionIntentV2; generateAppProofs?: boolean; }; export type v1SignTransactionResult = { signedTransaction: string; }; export type v1SignupUsage = { email?: string; phoneNumber?: string; apiKeys?: v1ApiKeyParamsV2[]; authenticators?: v1AuthenticatorParamsV2[]; oauthProviders?: v1OauthProviderParams[]; }; export type v1SignupUsageV2 = { email?: string; phoneNumber?: string; apiKeys?: v1ApiKeyParamsV2[]; authenticators?: v1AuthenticatorParamsV2[]; oauthProviders?: v1OauthProviderParamsV2[]; }; export type v1SimpleClientExtensionResults = { appid?: boolean; appidExclude?: boolean; credProps?: v1CredPropsAuthenticationExtensionsClientOutputs; }; export type v1SmartContractInterfaceType = "SMART_CONTRACT_INTERFACE_TYPE_ETHEREUM" | "SMART_CONTRACT_INTERFACE_TYPE_SOLANA"; export type v1SmsCustomizationParams = { /** Template containing references to .OtpCode i.e Your OTP is {{.OtpCode}} */ template?: string; }; export type v1SolSendTransactionIntent = { /** Base64-encoded serialized unsigned Solana transaction */ unsignedTransaction: string; /** A wallet or private key address to sign with. This does not support private key IDs. */ signWith: string; /** Whether to sponsor this transaction via Gas Station. */ sponsor?: boolean; /** CAIP-2 chain ID (e.g., 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "solana:mainnet" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d" | "solana:devnet" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1wcaWoxPkrZBG"; /** user-provided blockhash for replay protection / deadline control. If omitted and sponsor=true, we fetch a fresh blockhash during execution */ recentBlockhash?: string; }; export type v1SolSendTransactionRequest = { type: "ACTIVITY_TYPE_SOL_SEND_TRANSACTION"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SolSendTransactionIntent; generateAppProofs?: boolean; }; export type v1SolSendTransactionResult = { /** The send_transaction_status ID associated with the transaction submission */ sendTransactionStatusId: string; }; export type v1SolanaConfig = { /** Whether Solana rent prefunding is enabled for the organization. When omitted, the existing rent-prefund state is left unchanged. */ rentPrefundEnabled?: boolean; }; export type v1SolanaFailureDetails = { /** Where the Solana failure occurred, such as simulation or preflight. */ source?: string; /** The Solana JSON-RPC error code, if available. */ rpcCode?: number; /** The Solana JSON-RPC error message, if available. */ rpcMessage?: string; /** The raw Solana transaction error object serialized as JSON, if available. */ transactionErrorJson?: string; /** Program logs returned by Solana simulation or preflight, if available. */ logs?: string[]; /** Compute units consumed during simulation or preflight, if available. */ unitsConsumed?: string; /** The raw Solana inner instructions payload serialized as JSON, if available. */ innerInstructionsJson?: string; }; export type v1SolanaSendTransactionStatus = { /** The Solana transaction signature, if available. */ signature?: string; }; export type v1SparkClaimLeaf = { /** Leaf identifier (UUID). */ leafId: string; /** ECIES ciphertext (hex-encoded) containing the inbound transfer secret. Decrypted inside the enclave using the wallet's Identity key. */ ciphertext: string; /** Hex-encoded 64-byte compact ECDSA signature binding (leaf_id, transfer_id, ciphertext) to the sender's identity key. Verified inside the enclave before decryption. */ senderSignature: string; }; export type v1SparkClaimPackage = { /** Leaves being claimed. */ leaves: v1SparkClaimLeaf[]; /** Shamir threshold for reconstructing the per-leaf claim secret. */ threshold: number; /** Operators that will receive Shamir shares. */ operatorRecipients: v1SparkOperatorRecipient[]; /** Spark transfer identifier (UUID). Used together with each leaf's sender_signature to verify the sender bound this ciphertext to this transfer. */ transferId: string; /** Sender's compressed secp256k1 identity public key (hex-encoded, 33 bytes). Used to verify the per-leaf sender_signature fields. */ senderIdentityPublicKey: string; }; export type v1SparkClaimTransferIntent = { /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Claim package parameters. */ claim: v1SparkClaimPackage; }; export type v1SparkClaimTransferRequest = { type: "ACTIVITY_TYPE_SPARK_CLAIM_TRANSFER"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SparkClaimTransferIntent; }; export type v1SparkClaimTransferResult = { /** Per-operator ECIES-encrypted packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Newly-derived SigningLeaf public keys, one per leaf, in input order. */ newLeafPublicKeys: v1SparkLeafPublicKey[]; }; export type v1SparkDepositDerivation = {}; export type v1SparkEncryptedOperatorPackage = { /** Spark operator identifier (UUID). */ operatorId: string; /** ECIES ciphertext (hex-encoded) opaque to Turnkey after emission. */ encryptedPackage: string; }; export type v1SparkFrostCommitment = { /** FROST participant identifier, hex-encoded (32-byte scalar). */ id: string; /** Hiding commitment D, hex-encoded compressed secp256k1 point. */ hiding: string; /** Binding commitment E, hex-encoded compressed secp256k1 point. */ binding: string; }; export type v1SparkHtlcPreimageDerivation = {}; export type v1SparkIdentityDerivation = {}; export type v1SparkKeyDerivation = { /** Spark identity key derivation. */ identity?: v1SparkIdentityDerivation; /** Spark signing leaf key derivation, identified by leaf ID. */ signingLeaf?: v1SparkSigningLeafDerivation; /** Spark deposit key derivation. */ deposit?: v1SparkDepositDerivation; /** Spark static deposit key derivation, identified by index. */ staticDeposit?: v1SparkStaticDepositDerivation; /** Spark HTLC preimage key derivation. */ htlcPreimage?: v1SparkHtlcPreimageDerivation; }; export type v1SparkLeafPublicKey = { /** The Spark leaf_id this public key was derived for. */ leafId: string; /** Hex-encoded compressed secp256k1 point (33 bytes) for the SigningLeaf derivation at leaf_id. */ publicKey: string; }; export type v1SparkLightningReceivePackage = { /** Feldman VSS threshold for reconstructing the preimage. */ threshold: number; /** Operators that will receive Feldman shares of the preimage. Order must match the operators' numeric IDs in the Spark operator config - share index is the 1-based position in this list. */ operatorRecipients: v1SparkOperatorRecipient[]; }; export type v1SparkOperatorRecipient = { /** Spark operator identifier (UUID). */ operatorId: string; /** Operator's ECIES encryption pubkey (hex-encoded compressed secp256k1 point). */ encryptionPublicKey: string; }; export type v1SparkPartialSignature = { /** Hex-encoded FROST partial signature. */ signatureShare: string; /** Turnkey's hiding commitment D (hex-encoded compressed secp256k1 point). Forward to the Spark Operator. */ hiding: string; /** Turnkey's binding commitment E (hex-encoded compressed secp256k1 point). Forward to the Spark Operator. */ binding: string; }; export type v1SparkPrepareLightningReceiveIntent = { /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Lightning receive package parameters: threshold and operator recipients. */ lightningReceive: v1SparkLightningReceivePackage; }; export type v1SparkPrepareLightningReceiveRequest = { type: "ACTIVITY_TYPE_SPARK_PREPARE_LIGHTNING_RECEIVE"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SparkPrepareLightningReceiveIntent; }; export type v1SparkPrepareLightningReceiveResult = { /** Per-operator ECIES-encrypted Feldman share packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Hex-encoded SHA256(preimage). Forward to the Lightning node. */ paymentHash: string; }; export type v1SparkPrepareTransferIntent = { /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Transfer package parameters for HD key tweak splitting. */ transfer: v1SparkTransferPackage; }; export type v1SparkPrepareTransferRequest = { type: "ACTIVITY_TYPE_SPARK_PREPARE_TRANSFER"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SparkPrepareTransferIntent; }; export type v1SparkPrepareTransferResult = { /** Per-operator ECIES-encrypted packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Hex-encoded ECDSA-DER signature of the TransferPackage signing payload, signed with the wallet's IDENTITY key. */ transferUserSignature: string; /** Newly-derived SigningLeaf public keys, one per leaf, in input order. */ newLeafPublicKeys: v1SparkLeafPublicKey[]; }; export type v1SparkSignFrostIntent = { /** A Spark wallet account address identifying the wallet to sign with. */ signWith: string; /** Batched sign requests. Each produces a partial signature plus Turnkey's public commitments. */ signatures: v1SparkSignatureRequest[]; }; export type v1SparkSignFrostRequest = { type: "ACTIVITY_TYPE_SPARK_SIGN_FROST"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1SparkSignFrostIntent; }; export type v1SparkSignFrostResult = { /** Partial signatures plus Turnkey commitments, one per request, in order. */ signatures: v1SparkPartialSignature[]; }; export type v1SparkSignatureRequest = { /** Which key to sign with. */ derivation: v1SparkKeyDerivation; /** Hex-encoded 32-byte sighash to sign. */ message: string; /** Aggregate group verifying key (hex-encoded compressed secp256k1 point), computed as P_ops + P_user. Bound into the nonce HMAC. */ verifyingKey: string; /** Commitments for every non-Turnkey participant. MUST NOT include an entry under Turnkey's identifier. Bound into the nonce HMAC. */ operatorCommitments: v1SparkFrostCommitment[]; /** Optional adaptor point T (hex-encoded 33-byte compressed secp256k1 pubkey). When set, Turnkey produces a Schnorr adaptor pre-signature with the FROST challenge bound to `R+T` (where `R` is the aggregate group nonce commitment from FROST). The party holding the discrete log `t` completes the pre-sig to a valid BIP-340 signature by adding `t` (or `-t`, for parity) to the signature scalar `s`. This is primarily used by Spark leaves-swap and other adaptor-bound flows; absent or empty leads to plain FROST signing (the typical case). */ adaptorPublicKey?: string; }; export type v1SparkSigningLeafDerivation = { /** Unique identifier for the Spark signing leaf. */ leafId: string; }; export type v1SparkStaticDepositDerivation = { /** Index used to derive the static deposit key. */ index: number; }; export type v1SparkTransferLeaf = { /** Leaf identifier (UUID). */ leafId: string; /** Derivation for the existing (pre-transfer) leaf key. Always a SigningLeaf derivation. */ oldLeafDerivation: v1SparkKeyDerivation; /** Derivation for the new (post-transfer) leaf key. Always a SigningLeaf derivation. The enclave ECIES-encrypts this private key to receiver_public_key as the per-leaf secret_cipher; HD-derived rather than random so the sender can re-derive on retry (Turnkey's enclave is stateless). */ newLeafDerivation: v1SparkKeyDerivation; /** Client-produced CPFP refund signature (hex-encoded), passed through verbatim into the per-operator SendLeafKeyTweak. Empty omits the field from the operator package. */ refundSignature?: string; /** Client-produced direct refund signature (hex-encoded). Passed through verbatim. */ directRefundSignature?: string; /** Client-produced direct-from-CPFP refund signature (hex-encoded). Passed through verbatim. */ directFromCpfpRefundSignature?: string; }; export type v1SparkTransferPackage = { /** Spark transfer identifier (UUID). */ transferId: string; /** Leaves being transferred. */ leaves: v1SparkTransferLeaf[]; /** Feldman VSS threshold for reconstructing the per-leaf tweak scalar. */ threshold: number; /** Operators that will receive Feldman shares of the per-leaf tweak. Order must match the operators' numeric IDs in the Spark operator config - share index is the 1-based position in this list. */ operatorRecipients: v1SparkOperatorRecipient[]; /** Recipient's identity pubkey (hex-encoded compressed secp256k1 point). Each leaf's new_priv is ECIES-encrypted to this key and embedded in the per-operator package for claim-time delivery. */ receiverPublicKey: string; }; export type v1StampLoginIntent = { /** Client-side public key generated by the user, which will be conditionally added to org data based on the passkey stamp associated with this request */ publicKey: string; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; }; export type v1StampLoginRequest = { type: "ACTIVITY_TYPE_STAMP_LOGIN"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1StampLoginIntent; generateAppProofs?: boolean; }; export type v1StampLoginResult = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type v1TagType = "TAG_TYPE_USER" | "TAG_TYPE_PRIVATE_KEY"; export type v1TokenUsage = { /** Type of token usage */ type: v1UsageType; /** Unique identifier for the verification token */ tokenId: string; signup?: v1SignupUsage; login?: v1LoginUsage; signupV2?: v1SignupUsageV2; }; export type v1TransactionType = "TRANSACTION_TYPE_ETHEREUM" | "TRANSACTION_TYPE_SOLANA" | "TRANSACTION_TYPE_TRON" | "TRANSACTION_TYPE_BITCOIN" | "TRANSACTION_TYPE_TEMPO"; export type v1TvcApp = { /** Unique Identifier for this TVC App. */ id: string; /** Unique Identifier of the Organization for this TVC App */ organizationId: string; /** Name for this TVC App. */ name: string; /** Public key for the Quorum Key associated with this TVC App */ quorumPublicKey: string; /** Manifest Set (people who can approve manifests) */ manifestSet: v1TvcOperatorSet; /** Share Set (people who have a share of the Quorum Key) */ shareSet: v1TvcOperatorSet; /** Whether or not this TVC App has network egress enabled. */ enableEgress: boolean; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** The deployment currently designated to receive traffic. Null if no deployment for this app is deployed. */ liveDeploymentId?: string; /** The public domain for ingress to this TVC App (in the format "app-.turnkey.cloud"). */ publicDomain: string; }; export type v1TvcContainerSpec = { /** The URL for this container image. */ containerUrl: string; /** The path (in-container) to the executable binary. */ path: string; /** The arguments to pass to the executable. */ args: string[]; /** Whether or not this container requires a pull secret to access. */ hasPullSecret: boolean; /** The type of health check to perform against this executable. */ healthCheckType: v1TvcHealthCheckType; /** The port to use for health checks against this executable. */ healthCheckPort: number; /** The port to use for public ingress to this executable. */ publicIngressPort: number; }; export type v1TvcDeployment = { /** Unique Identifier for this TVC Deployment. */ id: string; /** Unique Identifier of the Organization for this TVC Deployment */ organizationId: string; /** Unique Identifier of the TVC App for this deployment */ appId: string; /** Set of TVC operators who can approve this deployment */ manifestSet: v1TvcOperatorSet; /** Set of TVC operators who have a share of the Quorum Key */ shareSet: v1TvcOperatorSet; /** The manifest used for this deployment */ manifest: v1TvcManifest; /** List of operator approvals for this manifest */ manifestApprovals: v1TvcOperatorApproval[]; /** QOS Version used for this deployment */ qosVersion: string; /** The pivot container spec for this deployment */ pivotContainer: v1TvcContainerSpec; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** Whether or not the user wants this deployment deleted from the cluster. */ delete: boolean; }; export type v1TvcHealthCheckType = "TVC_HEALTH_CHECK_TYPE_HTTP" | "TVC_HEALTH_CHECK_TYPE_GRPC"; export type v1TvcManifest = { /** Unique Identifier for this TVC Manifest. */ id: string; /** The manifest content (raw UTF-8 JSON bytes) */ manifest: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1TvcManifestApproval = { /** Unique identifier of the operator providing this approval */ operatorId: string; /** Signature from the operator approving the manifest */ signature: string; }; export type v1TvcOperator = { /** Unique Identifier for this TVC Operator. */ id: string; /** Name of this TVC Operator. */ name: string; /** Public key for this TVC Operator. */ publicKey: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1TvcOperatorApproval = { /** Unique ID for this approval */ id: string; /** Unique Identifier of the TVC Manifest being approved */ manifestId: string; /** The TVC Operator who made this approval */ operator: v1TvcOperator; /** Signature of the operator over the deployment manifest */ approval: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1TvcOperatorParams = { /** The name for this new operator */ name: string; /** Public key for this operator */ publicKey: string; }; export type v1TvcOperatorSet = { /** Unique Identifier for this TVC Operator Set. */ id: string; /** Name of this TVC Operator Set. */ name: string; /** Unique Identifier of the Organization for this TVC Operator Set */ organizationId: string; /** List of TVC Operators in this set */ operators: v1TvcOperator[]; /** Threshold number of operators required for quorum. */ threshold: number; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1TvcOperatorSetParams = { /** Short description for this new operator set */ name: string; /** Operators to create as part of this new operator set */ newOperators?: v1TvcOperatorParams[]; /** Existing operators to use as part of this new operator set */ existingOperatorIds?: string[]; /** The threshold of operators needed to reach consensus in this new Operator Set */ threshold: number; }; export type v1TxError = { /** Human-readable error message describing what went wrong. */ message?: string; /** Chain of revert errors from nested contract calls, ordered from outermost to innermost. */ revertChain?: v1RevertChainEntry[]; /** Solana-specific failure details for simulation or preflight errors, if available. */ solana?: v1SolanaFailureDetails; /** Ethereum-specific failure details, if available. */ eth?: v1EthFailureDetails; }; export type v1UnknownRevertError = { /** The 4-byte error selector, if available. */ selector?: string; /** The raw error data, hex-encoded. */ data?: string; }; export type v1UpdateAllowedOriginsIntent = { /** Additional origins requests are allowed from besides Turnkey origins */ allowedOrigins: string[]; }; export type v1UpdateAllowedOriginsResult = {}; export type v1UpdateAuthProxyConfigIntent = { /** Updated list of allowed origins for CORS. */ allowedOrigins?: string[]; /** Updated list of allowed proxy authentication methods. */ allowedAuthMethods?: string[]; /** Custom 'from' address for auth-related emails. */ sendFromEmailAddress?: string; /** Custom reply-to address for auth-related emails. */ replyToEmailAddress?: string; /** Template ID for email-auth messages. */ emailAuthTemplateId?: string; /** Template ID for OTP SMS messages. */ otpTemplateId?: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomizationParams?: v1EmailCustomizationParams; /** Overrides for auth-related SMS content. */ smsCustomizationParams?: v1SmsCustomizationParams; /** Overrides for react wallet kit related settings. */ walletKitSettings?: v1WalletKitSettingsParams; /** OTP code lifetime in seconds. */ otpExpirationSeconds?: number; /** Verification-token lifetime in seconds. */ verificationTokenExpirationSeconds?: number; /** Session lifetime in seconds. */ sessionExpirationSeconds?: number; /** Enable alphanumeric OTP codes. */ otpAlphanumeric?: boolean; /** Desired OTP code length (6–9). */ otpLength?: number; /** Custom 'from' email sender for auth-related emails. */ sendFromEmailSenderName?: string; /** Verification token required for get account with PII (email/phone number). Default false. */ verificationTokenRequiredForGetAccountPii?: boolean; /** Whitelisted OAuth client IDs for social account linking. When a user authenticates via a social provider with an email matching an existing account, the accounts will be linked if the client ID is in this list and the issuer is considered a trusted provider. */ socialLinkingClientIds?: string[]; }; export type v1UpdateAuthProxyConfigResult = { /** Unique identifier for a given User. (representing the turnkey signer user id) */ configId?: string; }; export type v1UpdateFiatOnRampCredentialIntent = { /** The ID of the fiat on-ramp credential to update */ fiatOnrampCredentialId: string; /** The fiat on-ramp provider */ onrampProvider: v1FiatOnRampProvider; /** Project ID for the on-ramp provider. Some providers, like Coinbase, require this additional identifier. */ projectId?: string; /** Publishable API key for the on-ramp provider */ publishableApiKey: string; /** Secret API key for the on-ramp provider encrypted to our on-ramp encryption public key */ encryptedSecretApiKey: string; /** Private API key for the on-ramp provider encrypted to our on-ramp encryption public key. Some providers, like Coinbase, require this additional key. */ encryptedPrivateApiKey?: string; }; export type v1UpdateFiatOnRampCredentialRequest = { type: "ACTIVITY_TYPE_UPDATE_FIAT_ON_RAMP_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateFiatOnRampCredentialIntent; generateAppProofs?: boolean; }; export type v1UpdateFiatOnRampCredentialResult = { /** Unique identifier of the Fiat On-Ramp credential that was updated */ fiatOnRampCredentialId: string; }; export type v1UpdateOauth2CredentialIntent = { /** The ID of the OAuth 2.0 credential to update */ oauth2CredentialId: string; /** The OAuth 2.0 provider */ provider: v1Oauth2Provider; /** The Client ID issued by the OAuth 2.0 provider */ clientId: string; /** The client secret issued by the OAuth 2.0 provider encrypted to the TLS Fetcher quorum key */ encryptedClientSecret: string; }; export type v1UpdateOauth2CredentialRequest = { type: "ACTIVITY_TYPE_UPDATE_OAUTH2_CREDENTIAL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateOauth2CredentialIntent; generateAppProofs?: boolean; }; export type v1UpdateOauth2CredentialResult = { /** Unique identifier of the OAuth 2.0 credential that was updated */ oauth2CredentialId: string; }; export type v1UpdateOrganizationNameIntent = { /** New name for the Organization. */ organizationName: string; }; export type v1UpdateOrganizationNameRequest = { type: "ACTIVITY_TYPE_UPDATE_ORGANIZATION_NAME"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateOrganizationNameIntent; generateAppProofs?: boolean; }; export type v1UpdateOrganizationNameResult = { /** Unique identifier for the Organization. */ organizationId: string; /** The updated organization name. */ organizationName: string; }; export type v1UpdatePolicyIntent = { /** Unique identifier for a given Policy. */ policyId: string; /** Human-readable name for a Policy. */ policyName?: string; /** The instruction to DENY or ALLOW an activity (optional). */ policyEffect?: v1Effect; /** The condition expression that triggers the Effect (optional). */ policyCondition?: string; /** The consensus expression that triggers the Effect (optional). */ policyConsensus?: string; /** Accompanying notes for a Policy (optional). */ policyNotes?: string; }; export type v1UpdatePolicyIntentV2 = { /** Unique identifier for a given Policy. */ policyId: string; /** Human-readable name for a Policy. */ policyName?: string; /** The instruction to DENY or ALLOW an activity (optional). */ policyEffect?: v1Effect; /** The condition expression that triggers the Effect (optional). */ policyCondition?: string; /** The consensus expression that triggers the Effect (optional). */ policyConsensus?: string; /** Accompanying notes for a Policy (optional). */ policyNotes?: string; }; export type v1UpdatePolicyRequest = { type: "ACTIVITY_TYPE_UPDATE_POLICY_V2"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdatePolicyIntentV2; generateAppProofs?: boolean; }; export type v1UpdatePolicyResult = { /** Unique identifier for a given Policy. */ policyId: string; }; export type v1UpdatePolicyResultV2 = { /** Unique identifier for a given Policy. */ policyId: string; }; export type v1UpdatePrivateKeyTagIntent = { /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; /** The new, human-readable name for the tag with the given ID. */ newPrivateKeyTagName?: string; /** A list of Private Keys IDs to add this tag to. */ addPrivateKeyIds: string[]; /** A list of Private Key IDs to remove this tag from. */ removePrivateKeyIds: string[]; }; export type v1UpdatePrivateKeyTagRequest = { type: "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdatePrivateKeyTagIntent; generateAppProofs?: boolean; }; export type v1UpdatePrivateKeyTagResult = { /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; }; export type v1UpdateRootQuorumIntent = { /** The threshold of unique approvals to reach quorum. */ threshold: number; /** The unique identifiers of users who comprise the quorum set. */ userIds: string[]; }; export type v1UpdateRootQuorumRequest = { type: "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateRootQuorumIntent; generateAppProofs?: boolean; }; export type v1UpdateRootQuorumResult = {}; export type v1UpdateTvcAppLiveDeploymentIntent = { /** The unique identifier of the TVC deployment to set as live for the app. */ deploymentId: string; }; export type v1UpdateTvcAppLiveDeploymentRequest = { type: "ACTIVITY_TYPE_UPDATE_TVC_APP_LIVE_DEPLOYMENT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateTvcAppLiveDeploymentIntent; generateAppProofs?: boolean; }; export type v1UpdateTvcAppLiveDeploymentResult = {}; export type v1UpdateUserEmailIntent = { /** Unique identifier for a given User. */ userId: string; /** The user's email address. Setting this to an empty string will remove the user's email. */ userEmail: string; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; }; export type v1UpdateUserEmailRequest = { type: "ACTIVITY_TYPE_UPDATE_USER_EMAIL"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateUserEmailIntent; generateAppProofs?: boolean; }; export type v1UpdateUserEmailResult = { /** Unique identifier of the User whose email was updated. */ userId: string; }; export type v1UpdateUserIntent = { /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ userName?: string; /** The user's email address. */ userEmail?: string; /** An updated list of User Tags to apply to this User. This field, if not needed, should be an empty array in your request body. */ userTagIds?: string[]; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; }; export type v1UpdateUserNameIntent = { /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ userName: string; }; export type v1UpdateUserNameRequest = { type: "ACTIVITY_TYPE_UPDATE_USER_NAME"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateUserNameIntent; generateAppProofs?: boolean; }; export type v1UpdateUserNameResult = { /** Unique identifier of the User whose name was updated. */ userId: string; }; export type v1UpdateUserPhoneNumberIntent = { /** Unique identifier for a given User. */ userId: string; /** The user's phone number in E.164 format e.g. +13214567890. Setting this to an empty string will remove the user's phone number. */ userPhoneNumber: string; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; }; export type v1UpdateUserPhoneNumberRequest = { type: "ACTIVITY_TYPE_UPDATE_USER_PHONE_NUMBER"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateUserPhoneNumberIntent; generateAppProofs?: boolean; }; export type v1UpdateUserPhoneNumberResult = { /** Unique identifier of the User whose phone number was updated. */ userId: string; }; export type v1UpdateUserRequest = { type: "ACTIVITY_TYPE_UPDATE_USER"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateUserIntent; generateAppProofs?: boolean; }; export type v1UpdateUserResult = { /** A User ID. */ userId: string; }; export type v1UpdateUserTagIntent = { /** Unique identifier for a given User Tag. */ userTagId: string; /** The new, human-readable name for the tag with the given ID. */ newUserTagName?: string; /** A list of User IDs to add this tag to. */ addUserIds: string[]; /** A list of User IDs to remove this tag from. */ removeUserIds: string[]; }; export type v1UpdateUserTagRequest = { type: "ACTIVITY_TYPE_UPDATE_USER_TAG"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateUserTagIntent; generateAppProofs?: boolean; }; export type v1UpdateUserTagResult = { /** Unique identifier for a given User Tag. */ userTagId: string; }; export type v1UpdateWalletIntent = { /** Unique identifier for a given Wallet. */ walletId: string; /** Human-readable name for a Wallet. */ walletName?: string; }; export type v1UpdateWalletRequest = { type: "ACTIVITY_TYPE_UPDATE_WALLET"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateWalletIntent; generateAppProofs?: boolean; }; export type v1UpdateWalletResult = { /** A Wallet ID. */ walletId: string; }; export type v1UpdateWebhookEndpointIntent = { /** Unique identifier of the webhook endpoint to update. */ endpointId: string; /** Updated destination URL for webhook delivery. */ url?: string; /** Updated human-readable name for this webhook endpoint. */ name?: string; /** Whether this webhook endpoint is active. */ isActive?: boolean; }; export type v1UpdateWebhookEndpointRequest = { type: "ACTIVITY_TYPE_UPDATE_WEBHOOK_ENDPOINT"; /** Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */ timestampMs: string; /** Unique identifier for a given Organization. */ organizationId: string; parameters: v1UpdateWebhookEndpointIntent; generateAppProofs?: boolean; }; export type v1UpdateWebhookEndpointResult = { /** Unique identifier of the updated webhook endpoint. */ endpointId: string; /** The updated webhook endpoint data. */ webhookEndpoint: v1WebhookEndpointData; }; export type v1UpsertGasUsageConfigIntent = { /** Gas sponsorship USD limit for the billing organization window. */ orgWindowLimitUsd: string; /** Gas sponsorship USD limit for sub-organizations under the billing organization. */ subOrgWindowLimitUsd: string; /** Rolling sponsorship window duration, expressed in minutes. This value can't exceed 30 days (43200 minutes). */ windowDurationMinutes: string; /** Whether gas sponsorship is enabled for the organization. */ enabled?: boolean; /** Optional Solana sponsorship settings. If omitted, the existing Solana sponsorship state is left unchanged. */ solanaConfig?: v1SolanaConfig; }; export type v1UpsertGasUsageConfigResult = { /** Unique identifier for the gas usage configuration that was created or updated. */ gasUsageConfigId: string; }; export type v1UsageType = "USAGE_TYPE_SIGNUP" | "USAGE_TYPE_LOGIN"; export type v1User = { /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; /** A list of Authenticator parameters. */ authenticators: v1Authenticator[]; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKey[]; /** A list of User Tag IDs. */ userTags: string[]; /** A list of Oauth Providers. */ oauthProviders: v1OauthProvider[]; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; }; export type v1UserParams = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The User's permissible access method(s). */ accessType: v1AccessType; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: apiApiKeyParams[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParams[]; /** A list of User Tag IDs. This field, if not needed, should be an empty array in your request body. */ userTags: string[]; }; export type v1UserParamsV2 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: apiApiKeyParams[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of User Tag IDs. This field, if not needed, should be an empty array in your request body. */ userTags: string[]; }; export type v1UserParamsV3 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; /** A list of User Tag IDs. This field, if not needed, should be an empty array in your request body. */ userTags: string[]; }; export type v1UserParamsV4 = { /** Human-readable name for a User. */ userName: string; /** The user's email address. */ userEmail?: string; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParamsV2[]; /** A list of User Tag IDs. This field, if not needed, should be an empty array in your request body. */ userTags: string[]; }; export type v1ValidateTvcImageRequest = { /** Unique identifier for a given Organization. */ organizationId: string; /** URL of the container image. */ pivotContainerImageUrl: string; /** HPKE-encrypted pull secret for private images. */ pivotContainerEncryptedPullSecret?: string; }; export type v1ValidateTvcImageResponse = { resolvedImageDigest?: string; }; export type v1VerifyOtpIntent = { /** ID representing the result of an init OTP activity. */ otpId: string; /** OTP sent out to a user's contact (email or SMS) */ otpCode: string; /** Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; /** Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ publicKey?: string; }; export type v1VerifyOtpIntentV2 = { /** UUID representing an OTP flow. A new UUID is created for each init OTP activity. */ otpId: string; /** Encrypted bundle containing the OTP code and a client-generated public key. Turnkey's secure enclaves will decrypt this bundle, verify the OTP code, and issue a new Verification Token. Encrypted using the target encryption key provided in the INIT_OTP activity result. */ encryptedOtpBundle: string; /** Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; }; export type v1VerifyOtpResult = { /** Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type v1Vote = { /** Unique identifier for a given Vote object. */ id: string; /** Unique identifier for a given User. */ userId: string; /** Web and/or API user within your Organization. */ user: v1User; /** Unique identifier for a given Activity object. */ activityId: string; selection: "VOTE_SELECTION_APPROVED" | "VOTE_SELECTION_REJECTED"; /** The raw message being signed within a Vote. */ message: string; /** The public component of a cryptographic key pair used to sign messages and transactions. */ publicKey: string; /** The signature applied to a particular vote. */ signature: string; /** Method used to produce a signature. */ scheme: string; createdAt: externaldatav1Timestamp; }; export type v1Wallet = { /** Unique identifier for a given Wallet. */ walletId: string; /** Human-readable name for a Wallet. */ walletName: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** True when a given Wallet is exported, false otherwise. */ exported: boolean; /** True when a given Wallet is imported, false otherwise. */ imported: boolean; }; export type v1WalletAccount = { /** Unique identifier for a given Wallet Account. */ walletAccountId: string; /** The Organization the Account belongs to. */ organizationId: string; /** The Wallet the Account was derived from. */ walletId: string; /** Cryptographic curve used to generate the Account. */ curve: v1Curve; /** Path format used to generate the Account. */ pathFormat: v1PathFormat; /** Path used to generate the Account. */ path: string; /** Address format used to generate the Account. */ addressFormat: v1AddressFormat; /** Address generated using the Wallet seed and Account parameters. */ address: string; createdAt: externaldatav1Timestamp; updatedAt: externaldatav1Timestamp; /** The public component of this wallet account's underlying cryptographic key pair. */ publicKey?: string; /** Wallet details for this account. This is only present when include_wallet_details=true. */ walletDetails?: v1Wallet; }; export type v1WalletKitSettingsParams = { /** List of enabled social login providers (e.g., 'apple', 'google', 'facebook') */ enabledSocialProviders?: string[]; /** Mapping of social login providers to their Oauth client IDs. */ oauthClientIds?: Record; /** Oauth redirect URL to be used for social login flows. */ oauthRedirectUrl?: string; }; export type v1WebAuthnStamp = { /** A base64 url encoded Unique identifier for a given credential. */ credentialId: string; /** A base64 encoded payload containing metadata about the signing context and the challenge. */ clientDataJson: string; /** A base64 encoded payload containing metadata about the authenticator. */ authenticatorData: string; /** The base64 url encoded signature bytes contained within the WebAuthn assertion response. */ signature: string; }; export type v1WebhookEndpointData = { /** Unique identifier of the webhook endpoint. */ endpointId: string; /** Unique identifier for a given Organization. */ organizationId: string; /** The destination URL for webhook delivery. */ url: string; /** Human-readable name for this webhook endpoint. */ name: string; /** Whether this webhook endpoint is active. */ isActive: boolean; /** Current subscriptions attached to this endpoint. */ subscriptions?: v1WebhookSubscriptionParams[]; }; export type v1WebhookSubscriptionParams = { /** The event type to subscribe to (for example, ACTIVITY_UPDATES, BALANCE_CONFIRMED_UPDATES, or BALANCE_FINALIZED_UPDATES). */ eventType: string; /** JSON-encoded filter criteria for this subscription. */ filtersJson?: string; /** Whether this subscription is active. */ isActive?: boolean; }; export type TGetActivityResponse = { /** An action that can be taken within the Turnkey infrastructure. */ activity: v1Activity; }; export type TGetActivityBody = { organizationId?: string; /** Unique identifier for a given activity object. */ activityId: string; }; export type TGetActivityInput = { body: TGetActivityBody; }; export type TGetApiKeyResponse = { /** An API key. */ apiKey: v1ApiKey; }; export type TGetApiKeyBody = { organizationId?: string; /** Unique identifier for a given API key. */ apiKeyId: string; }; export type TGetApiKeyInput = { body: TGetApiKeyBody; }; export type TGetApiKeysResponse = { /** A list of API keys. */ apiKeys: v1ApiKey[]; }; export type TGetApiKeysBody = { organizationId?: string; /** Unique identifier for a given user. */ userId?: string; }; export type TGetApiKeysInput = { body: TGetApiKeysBody; }; export type TGetAppStatusResponse = { /** Live runtime status for the TVC App */ appStatus: v1AppStatus; }; export type TGetAppStatusBody = { organizationId?: string; /** Unique identifier for a given TVC App. */ appId: string; }; export type TGetAppStatusInput = { body: TGetAppStatusBody; }; export type TGetAuthenticatorResponse = { /** An authenticator. */ authenticator: v1Authenticator; }; export type TGetAuthenticatorBody = { organizationId?: string; /** Unique identifier for a given authenticator. */ authenticatorId: string; }; export type TGetAuthenticatorInput = { body: TGetAuthenticatorBody; }; export type TGetAuthenticatorsResponse = { /** A list of authenticators. */ authenticators: v1Authenticator[]; }; export type TGetAuthenticatorsBody = { organizationId?: string; /** Unique identifier for a given user. */ userId: string; }; export type TGetAuthenticatorsInput = { body: TGetAuthenticatorsBody; }; export type TGetBootProofResponse = { bootProof: v1BootProof; }; export type TGetBootProofBody = { organizationId?: string; /** Hex encoded ephemeral public key. */ ephemeralKey: string; }; export type TGetBootProofInput = { body: TGetBootProofBody; }; export type TGetGasUsageResponse = { /** The window duration (in minutes) for the organization or sub-organization. */ windowDurationMinutes: number; /** The window limit (in USD) for the organization or sub-organization. */ windowLimitUsd: string; /** The total gas usage (in USD) of all sponsored transactions processed over the last `window_duration_minutes` */ usageUsd: string; }; export type TGetGasUsageBody = { organizationId?: string; }; export type TGetGasUsageInput = { body: TGetGasUsageBody; }; export type TGetIpAllowlistResponse = { allowlist: v1IpAllowlist; }; export type TGetIpAllowlistBody = { organizationId?: string; /** If provided, return only the allowlist for this specific API key. */ publicKey?: string; }; export type TGetIpAllowlistInput = { body: TGetIpAllowlistBody; }; export type TGetLatestBootProofResponse = { bootProof: v1BootProof; }; export type TGetLatestBootProofBody = { organizationId?: string; /** Name of enclave app. */ appName: string; }; export type TGetLatestBootProofInput = { body: TGetLatestBootProofBody; }; export type TGetNoncesResponse = { /** The standard on-chain nonce for the address, if requested. */ nonce?: string; /** The gas station nonce for sponsored transactions, if requested. */ gasStationNonce?: string; }; export type TGetNoncesBody = { organizationId?: string; /** The Ethereum address to query nonces for. */ address: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet). */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002"; /** Whether to fetch the standard on-chain nonce. */ nonce?: boolean; /** Whether to fetch the gas station nonce used for sponsored transactions. */ gasStationNonce?: boolean; }; export type TGetNoncesInput = { body: TGetNoncesBody; }; export type TGetOauth2CredentialResponse = { oauth2Credential: v1Oauth2Credential; }; export type TGetOauth2CredentialBody = { organizationId?: string; /** Unique identifier for a given OAuth 2.0 Credential. */ oauth2CredentialId: string; }; export type TGetOauth2CredentialInput = { body: TGetOauth2CredentialBody; }; export type TGetOauthProvidersResponse = { /** A list of Oauth providers. */ oauthProviders: v1OauthProvider[]; }; export type TGetOauthProvidersBody = { organizationId?: string; /** Unique identifier for a given user. */ userId?: string; }; export type TGetOauthProvidersInput = { body: TGetOauthProvidersBody; }; export type TGetOnRampTransactionStatusResponse = { /** The status of the fiat on ramp transaction. */ transactionStatus: string; }; export type TGetOnRampTransactionStatusBody = { organizationId?: string; /** The unique identifier for the fiat on ramp transaction. */ transactionId: string; /** Optional flag to specify if the transaction status should be refreshed from the fiat on ramp provider. Default = false. */ refresh?: boolean; }; export type TGetOnRampTransactionStatusInput = { body: TGetOnRampTransactionStatusBody; }; export type TGetOrganizationConfigsResponse = { /** Organization configs including quorum settings and organization features. */ configs: v1Config; }; export type TGetOrganizationConfigsBody = { organizationId?: string; }; export type TGetOrganizationConfigsInput = { body: TGetOrganizationConfigsBody; }; export type TGetPolicyResponse = { /** Object that codifies rules defining the actions that are permissible within an organization. */ policy: v1Policy; }; export type TGetPolicyBody = { organizationId?: string; /** Unique identifier for a given policy. */ policyId: string; }; export type TGetPolicyInput = { body: TGetPolicyBody; }; export type TGetPolicyEvaluationsResponse = { policyEvaluations: externalactivityv1PolicyEvaluation[]; }; export type TGetPolicyEvaluationsBody = { organizationId?: string; /** Unique identifier for a given activity. */ activityId: string; }; export type TGetPolicyEvaluationsInput = { body: TGetPolicyEvaluationsBody; }; export type TGetPrivateKeyResponse = { /** Cryptographic public/private key pair that can be used for cryptocurrency needs or more generalized encryption. */ privateKey: v1PrivateKey; }; export type TGetPrivateKeyBody = { organizationId?: string; /** Unique identifier for a given private key. */ privateKeyId: string; }; export type TGetPrivateKeyInput = { body: TGetPrivateKeyBody; }; export type TGetSendTransactionStatusResponse = { /** The current status of the send transaction. */ txStatus: string; /** Ethereum-specific transaction status. */ eth?: v1EthSendTransactionStatus; /** Solana-specific transaction status. */ solana?: v1SolanaSendTransactionStatus; /** The error encountered when broadcasting or confirming the transaction, if any. */ txError?: string; /** Structured error information including revert details, if available. */ error?: v1TxError; }; export type TGetSendTransactionStatusBody = { organizationId?: string; /** The unique identifier of a send transaction request. */ sendTransactionStatusId: string; }; export type TGetSendTransactionStatusInput = { body: TGetSendTransactionStatusBody; }; export type TGetSmartContractInterfaceResponse = { /** Object to be used in conjunction with policies to guard transaction signing. */ smartContractInterface: externaldatav1SmartContractInterface; }; export type TGetSmartContractInterfaceBody = { organizationId?: string; /** Unique identifier for a given smart contract interface. */ smartContractInterfaceId: string; }; export type TGetSmartContractInterfaceInput = { body: TGetSmartContractInterfaceBody; }; export type TGetTvcAppResponse = { /** Details about a single TVC App */ tvcApp: v1TvcApp; }; export type TGetTvcAppBody = { organizationId?: string; /** Unique identifier for a given TVC App. */ tvcAppId: string; }; export type TGetTvcAppInput = { body: TGetTvcAppBody; }; export type TGetTvcDeploymentResponse = { /** Details about a single TVC Deployment */ tvcDeployment: v1TvcDeployment; }; export type TGetTvcDeploymentBody = { organizationId?: string; /** Unique identifier for a given TVC Deployment. */ deploymentId: string; }; export type TGetTvcDeploymentInput = { body: TGetTvcDeploymentBody; }; export type TGetUserResponse = { /** Web and/or API user within your organization. */ user: v1User; }; export type TGetUserBody = { organizationId?: string; /** Unique identifier for a given user. */ userId: string; }; export type TGetUserInput = { body: TGetUserBody; }; export type TGetWalletResponse = { /** A collection of deterministically generated cryptographic public / private key pairs that share a common seed. */ wallet: v1Wallet; }; export type TGetWalletBody = { organizationId?: string; /** Unique identifier for a given wallet. */ walletId: string; }; export type TGetWalletInput = { body: TGetWalletBody; }; export type TGetWalletAccountResponse = { /** The resulting wallet account. */ account: v1WalletAccount; }; export type TGetWalletAccountBody = { organizationId?: string; /** Unique identifier for a given wallet. */ walletId: string; /** Address corresponding to a wallet account. */ address?: string; /** Path corresponding to a wallet account. */ path?: string; }; export type TGetWalletAccountInput = { body: TGetWalletAccountBody; }; export type TGetWalletAddressBalancesResponse = { /** List of asset balances */ balances?: v1AssetBalance[]; }; export type TGetWalletAddressBalancesBody = { organizationId?: string; /** Address corresponding to a wallet account. Private key addresses are not supported. */ address: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet or 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1"; }; export type TGetWalletAddressBalancesInput = { body: TGetWalletAddressBalancesBody; }; export type TGetActivitiesResponse = { /** A list of activities. */ activities: v1Activity[]; }; export type TGetActivitiesBody = { organizationId?: string; /** Array of activity statuses filtering which activities will be listed in the response. */ filterByStatus?: v1ActivityStatus[]; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; /** Array of activity types filtering which activities will be listed in the response. */ filterByType?: v1ActivityType[]; }; export type TGetActivitiesInput = { body: TGetActivitiesBody; }; export type TGetAppProofsResponse = { appProofs: v1AppProof[]; }; export type TGetAppProofsBody = { organizationId?: string; /** Unique identifier for a given activity. */ activityId: string; }; export type TGetAppProofsInput = { body: TGetAppProofsBody; }; export type TListFiatOnRampCredentialsResponse = { fiatOnRampCredentials: v1FiatOnRampCredential[]; }; export type TListFiatOnRampCredentialsBody = { organizationId?: string; }; export type TListFiatOnRampCredentialsInput = { body: TListFiatOnRampCredentialsBody; }; export type TListOauth2CredentialsResponse = { oauth2Credentials: v1Oauth2Credential[]; }; export type TListOauth2CredentialsBody = { organizationId?: string; }; export type TListOauth2CredentialsInput = { body: TListOauth2CredentialsBody; }; export type TGetPoliciesResponse = { /** A list of policies. */ policies: v1Policy[]; }; export type TGetPoliciesBody = { organizationId?: string; }; export type TGetPoliciesInput = { body: TGetPoliciesBody; }; export type TListPrivateKeyTagsResponse = { /** A list of private key tags. */ privateKeyTags: datav1Tag[]; }; export type TListPrivateKeyTagsBody = { organizationId?: string; }; export type TListPrivateKeyTagsInput = { body: TListPrivateKeyTagsBody; }; export type TGetPrivateKeysResponse = { /** A list of private keys. */ privateKeys: v1PrivateKey[]; }; export type TGetPrivateKeysBody = { organizationId?: string; }; export type TGetPrivateKeysInput = { body: TGetPrivateKeysBody; }; export type TGetSmartContractInterfacesResponse = { /** A list of smart contract interfaces. */ smartContractInterfaces: externaldatav1SmartContractInterface[]; }; export type TGetSmartContractInterfacesBody = { organizationId?: string; }; export type TGetSmartContractInterfacesInput = { body: TGetSmartContractInterfacesBody; }; export type TGetSubOrgIdsResponse = { /** List of unique identifiers for the matching sub-organizations. */ organizationIds: string[]; }; export type TGetSubOrgIdsBody = { organizationId?: string; /** Specifies the type of filter to apply, i.e 'CREDENTIAL_ID', 'NAME', 'USERNAME', 'EMAIL', 'PHONE_NUMBER', 'OIDC_TOKEN', 'WALLET_ACCOUNT_ADDRESS' or 'PUBLIC_KEY' */ filterType?: string; /** The value of the filter to apply for the specified type. For example, a specific email or name string. */ filterValue?: string; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type TGetSubOrgIdsInput = { body: TGetSubOrgIdsBody; }; export type TListSupportedAssetsResponse = { /** List of asset metadata */ assets?: v1AssetMetadata[]; }; export type TListSupportedAssetsBody = { organizationId?: string; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet or 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1"; }; export type TListSupportedAssetsInput = { body: TListSupportedAssetsBody; }; export type TGetTvcAppDeploymentsResponse = { /** List of deployments for this TVC App */ tvcDeployments: v1TvcDeployment[]; }; export type TGetTvcAppDeploymentsBody = { organizationId?: string; /** Unique identifier for a given TVC App. */ appId: string; }; export type TGetTvcAppDeploymentsInput = { body: TGetTvcAppDeploymentsBody; }; export type TGetTvcAppsResponse = { /** A list of TVC Apps. */ tvcApps: v1TvcApp[]; }; export type TGetTvcAppsBody = { organizationId?: string; }; export type TGetTvcAppsInput = { body: TGetTvcAppsBody; }; export type TListUserTagsResponse = { /** A list of user tags. */ userTags: datav1Tag[]; }; export type TListUserTagsBody = { organizationId?: string; }; export type TListUserTagsInput = { body: TListUserTagsBody; }; export type TGetUsersResponse = { /** A list of users. */ users: v1User[]; }; export type TGetUsersBody = { organizationId?: string; }; export type TGetUsersInput = { body: TGetUsersBody; }; export type TGetVerifiedSubOrgIdsResponse = { /** List of unique identifiers for the matching sub-organizations. */ organizationIds: string[]; }; export type TGetVerifiedSubOrgIdsBody = { organizationId?: string; /** Specifies the type of filter to apply, i.e 'EMAIL', 'PHONE_NUMBER'. */ filterType?: string; /** The value of the filter to apply for the specified type. For example, a specific email or phone number string. */ filterValue?: string; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type TGetVerifiedSubOrgIdsInput = { body: TGetVerifiedSubOrgIdsBody; }; export type TGetWalletAccountsResponse = { /** A list of accounts generated from a wallet that share a common seed. */ accounts: v1WalletAccount[]; }; export type TGetWalletAccountsBody = { organizationId?: string; /** Unique identifier for a given wallet. If not provided, all accounts for the organization will be returned. */ walletId?: string; /** Optional flag to specify if the wallet details should be included in the response. Default = false. */ includeWalletDetails?: boolean; /** Parameters used for cursor-based pagination. */ paginationOptions?: v1Pagination; }; export type TGetWalletAccountsInput = { body: TGetWalletAccountsBody; }; export type TGetWalletsResponse = { /** A list of wallets. */ wallets: v1Wallet[]; }; export type TGetWalletsBody = { organizationId?: string; }; export type TGetWalletsInput = { body: TGetWalletsBody; }; export type TListWebhookEndpointsResponse = { webhookEndpoints: v1WebhookEndpointData[]; }; export type TListWebhookEndpointsBody = { organizationId?: string; }; export type TListWebhookEndpointsInput = { body: TListWebhookEndpointsBody; }; export type TValidateTvcImageResponse = { activity: v1Activity; }; export type TValidateTvcImageBody = { timestampMs?: string; organizationId?: string; /** URL of the container image. */ pivotContainerImageUrl: string; /** HPKE-encrypted pull secret for private images. */ pivotContainerEncryptedPullSecret?: string; }; export type TValidateTvcImageInput = { body: TValidateTvcImageBody; }; export type TGetWhoamiResponse = { /** Unique identifier for a given organization. */ organizationId: string; /** Human-readable name for an organization. */ organizationName: string; /** Unique identifier for a given user. */ userId: string; /** Human-readable name for a user. */ username: string; }; export type TGetWhoamiBody = { organizationId?: string; }; export type TGetWhoamiInput = { body: TGetWhoamiBody; }; export type TApproveActivityResponse = { activity: v1Activity; }; export type TApproveActivityBody = { timestampMs?: string; organizationId?: string; /** An artifact verifying a User's action. */ fingerprint: string; generateAppProofs?: boolean; }; export type TApproveActivityInput = { body: TApproveActivityBody; }; export type TCreateApiKeysResponse = { activity: v1Activity; /** A list of API Key IDs. */ apiKeyIds: string[]; }; export type TCreateApiKeysBody = { timestampMs?: string; organizationId?: string; /** A list of API Keys. */ apiKeys: v1ApiKeyParamsV2[]; /** Unique identifier for a given User. */ userId: string; generateAppProofs?: boolean; }; export type TCreateApiKeysInput = { body: TCreateApiKeysBody; }; export type TCreateAuthenticatorsResponse = { activity: v1Activity; /** A list of Authenticator IDs. */ authenticatorIds: string[]; }; export type TCreateAuthenticatorsBody = { timestampMs?: string; organizationId?: string; /** A list of Authenticators. */ authenticators: v1AuthenticatorParamsV2[]; /** Unique identifier for a given User. */ userId: string; generateAppProofs?: boolean; }; export type TCreateAuthenticatorsInput = { body: TCreateAuthenticatorsBody; }; export type TCreateFiatOnRampCredentialResponse = { activity: v1Activity; /** Unique identifier of the Fiat On-Ramp credential that was created */ fiatOnRampCredentialId: string; }; export type TCreateFiatOnRampCredentialBody = { timestampMs?: string; organizationId?: string; /** The fiat on-ramp provider */ onrampProvider: v1FiatOnRampProvider; /** Project ID for the on-ramp provider. Some providers, like Coinbase, require this additional identifier */ projectId?: string; /** Publishable API key for the on-ramp provider */ publishableApiKey: string; /** Secret API key for the on-ramp provider encrypted to our on-ramp encryption public key */ encryptedSecretApiKey: string; /** Private API key for the on-ramp provider encrypted to our on-ramp encryption public key. Some providers, like Coinbase, require this additional key. */ encryptedPrivateApiKey?: string; /** If the on-ramp credential is a sandbox credential */ sandboxMode?: boolean; generateAppProofs?: boolean; }; export type TCreateFiatOnRampCredentialInput = { body: TCreateFiatOnRampCredentialBody; }; export type TCreateInvitationsResponse = { activity: v1Activity; /** A list of Invitation IDs */ invitationIds: string[]; }; export type TCreateInvitationsBody = { timestampMs?: string; organizationId?: string; /** A list of Invitations. */ invitations: v1InvitationParams[]; generateAppProofs?: boolean; }; export type TCreateInvitationsInput = { body: TCreateInvitationsBody; }; export type TCreateOauth2CredentialResponse = { activity: v1Activity; /** Unique identifier of the OAuth 2.0 credential that was created */ oauth2CredentialId: string; }; export type TCreateOauth2CredentialBody = { timestampMs?: string; organizationId?: string; /** The OAuth 2.0 provider */ provider: v1Oauth2Provider; /** The Client ID issued by the OAuth 2.0 provider */ clientId: string; /** The client secret issued by the OAuth 2.0 provider encrypted to the TLS Fetcher quorum key */ encryptedClientSecret: string; generateAppProofs?: boolean; }; export type TCreateOauth2CredentialInput = { body: TCreateOauth2CredentialBody; }; export type TCreateOauthProvidersResponse = { activity: v1Activity; /** A list of unique identifiers for Oauth Providers */ providerIds: string[]; }; export type TCreateOauthProvidersBody = { timestampMs?: string; organizationId?: string; /** The ID of the User to add an Oauth provider to */ userId: string; /** A list of Oauth providers. */ oauthProviders: v1OauthProviderParamsV2[]; generateAppProofs?: boolean; }; export type TCreateOauthProvidersInput = { body: TCreateOauthProvidersBody; }; export type TCreatePoliciesResponse = { activity: v1Activity; /** A list of unique identifiers for the created policies. */ policyIds: string[]; }; export type TCreatePoliciesBody = { timestampMs?: string; organizationId?: string; /** An array of policy intents to be created. */ policies: v1CreatePolicyIntentV3[]; generateAppProofs?: boolean; }; export type TCreatePoliciesInput = { body: TCreatePoliciesBody; }; export type TCreatePolicyResponse = { activity: v1Activity; /** Unique identifier for a given Policy. */ policyId: string; }; export type TCreatePolicyBody = { timestampMs?: string; organizationId?: string; /** Human-readable name for a Policy. */ policyName: string; /** The instruction to DENY or ALLOW an activity. */ effect: v1Effect; /** The condition expression that triggers the Effect */ condition?: string; /** The consensus expression that triggers the Effect */ consensus?: string; /** Notes for a Policy. */ notes: string; generateAppProofs?: boolean; }; export type TCreatePolicyInput = { body: TCreatePolicyBody; }; export type TCreatePrivateKeyTagResponse = { activity: v1Activity; /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type TCreatePrivateKeyTagBody = { timestampMs?: string; organizationId?: string; /** Human-readable name for a Private Key Tag. */ privateKeyTagName: string; /** A list of Private Key IDs. */ privateKeyIds: string[]; generateAppProofs?: boolean; }; export type TCreatePrivateKeyTagInput = { body: TCreatePrivateKeyTagBody; }; export type TCreatePrivateKeysResponse = { activity: v1Activity; /** A list of Private Key IDs and addresses. */ privateKeys: v1PrivateKeyResult[]; }; export type TCreatePrivateKeysBody = { timestampMs?: string; organizationId?: string; /** A list of Private Keys. */ privateKeys: v1PrivateKeyParams[]; generateAppProofs?: boolean; }; export type TCreatePrivateKeysInput = { body: TCreatePrivateKeysBody; }; export type TCreateReadOnlySessionResponse = { activity: v1Activity; /** Unique identifier for a given Organization. If the request is being made by a user and their Sub-Organization ID is unknown, this can be the Parent Organization ID. However, using the Sub-Organization ID is preferred due to performance reasons. */ organizationId: string; /** Human-readable name for an Organization. */ organizationName: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ username: string; /** String representing a read only session */ session: string; /** UTC timestamp in seconds representing the expiry time for the read only session. */ sessionExpiry: string; }; export type TCreateReadOnlySessionBody = { timestampMs?: string; organizationId?: string; generateAppProofs?: boolean; }; export type TCreateReadOnlySessionInput = { body: TCreateReadOnlySessionBody; }; export type TCreateReadWriteSessionResponse = { activity: v1Activity; /** Unique identifier for a given Organization. If the request is being made by a user and their Sub-Organization ID is unknown, this can be the Parent Organization ID. However, using the Sub-Organization ID is preferred due to performance reasons. */ organizationId: string; /** Human-readable name for an Organization. */ organizationName: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ username: string; /** Unique identifier for the created API key. */ apiKeyId: string; /** HPKE encrypted credential bundle */ credentialBundle: string; }; export type TCreateReadWriteSessionBody = { timestampMs?: string; organizationId?: string; /** Client-side public key generated by the user, to which the read write session bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional unique identifier for a given User. If none provided, the read write session will be created for the user who is making the request. */ userId?: string; /** Optional human-readable name for an API Key. If none provided, default to Read Write Session - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated ReadWriteSession API keys */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TCreateReadWriteSessionInput = { body: TCreateReadWriteSessionBody; }; export type TCreateSmartContractInterfaceResponse = { activity: v1Activity; /** The ID of the created Smart Contract Interface. */ smartContractInterfaceId: string; }; export type TCreateSmartContractInterfaceBody = { timestampMs?: string; organizationId?: string; /** Corresponding contract address or program ID */ smartContractAddress: string; /** ABI/IDL as a JSON string. Limited to 400kb */ smartContractInterface: string; type: v1SmartContractInterfaceType; /** Human-readable name for a Smart Contract Interface. */ label: string; /** Notes for a Smart Contract Interface. */ notes?: string; generateAppProofs?: boolean; }; export type TCreateSmartContractInterfaceInput = { body: TCreateSmartContractInterfaceBody; }; export type TCreateSubOrganizationResponse = { activity: v1Activity; subOrganizationId: string; wallet?: v1WalletResult; rootUserIds?: string[]; }; export type TCreateSubOrganizationBody = { timestampMs?: string; organizationId?: string; /** Name for this sub-organization */ subOrganizationName: string; /** Root users to create within this sub-organization */ rootUsers: v1RootUserParamsV5[]; /** The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users */ rootQuorumThreshold: number; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Disable email recovery for the sub-organization */ disableEmailRecovery?: boolean; /** Disable email auth for the sub-organization */ disableEmailAuth?: boolean; /** Disable OTP SMS auth for the sub-organization */ disableSmsAuth?: boolean; /** Disable OTP email auth for the sub-organization */ disableOtpEmailAuth?: boolean; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; /** Optional signature proving authorization for this sub-organization creation. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; generateAppProofs?: boolean; }; export type TCreateSubOrganizationInput = { body: TCreateSubOrganizationBody; }; export type TCreateTvcAppResponse = { activity: v1Activity; /** The unique identifier for the TVC application */ appId: string; /** The unique identifier for the TVC manifest set */ manifestSetId: string; /** The unique identifier(s) of the manifest set operators */ manifestSetOperatorIds: string[]; /** The required number of approvals for the manifest set */ manifestSetThreshold: number; }; export type TCreateTvcAppBody = { timestampMs?: string; organizationId?: string; /** The name of the new TVC application */ name: string; /** Quorum public key to use for this application */ quorumPublicKey: string; /** Unique identifier for an existing TVC operator set to use as the Manifest Set for this TVC application. If left empty, a new Manifest Set configuration is required */ manifestSetId?: string; /** Configuration to create a new TVC operator set, used as the Manifest Set for this TVC application. If left empty, a Manifest Set ID is required */ manifestSetParams?: v1TvcOperatorSetParams; /** Unique identifier for an existing TVC operator set to use as the Share Set for this TVC application. If left empty, a new Share Set configuration is required */ shareSetId?: string; /** Configuration to create a new TVC operator set, used as the Share Set for this TVC application. If left empty, a Share Set ID is required */ shareSetParams?: v1TvcOperatorSetParams; /** Enables network egress for this TVC app. Default if not provided: false. */ enableEgress?: boolean; }; export type TCreateTvcAppInput = { body: TCreateTvcAppBody; }; export type TCreateTvcDeploymentResponse = { activity: v1Activity; /** The unique identifier for the TVC deployment */ deploymentId: string; /** The unique identifier for the TVC manifest */ manifestId: string; }; export type TCreateTvcDeploymentBody = { timestampMs?: string; organizationId?: string; /** The unique identifier of the to-be-deployed TVC application */ appId: string; /** The QuorumOS version to use to deploy this application */ qosVersion: string; /** URL of the container containing the pivot binary */ pivotContainerImageUrl: string; /** Location of the binary in the pivot container */ pivotPath: string; /** Arguments to pass to the pivot binary at startup. Encoded as a list of strings, for example ["--foo", "bar"] */ pivotArgs: string[]; /** Digest of the pivot binary in the pivot container. This value will be inserted in the QOS manifest to ensure application integrity. */ expectedPivotDigest: string; /** Optional nonce to ensure uniqueness of the deployment manifest. If not provided, it defaults to the current Unix timestamp in seconds. */ nonce?: number; /** Optional encrypted pull secret to authorize Turnkey to pull the pivot container image. If your image is public, leave this empty. */ pivotContainerEncryptedPullSecret?: string; /** Optional flag to indicate whether to deploy the TVC app in debug mode, which includes additional logging and debugging tools. Default is false. */ debugMode?: boolean; /** Health check type (TVC_HEALTH_CHECK_TYPE_HTTP or TVC_HEALTH_CHECK_TYPE_GRPC). HTTP health checks are made with a GET request on /health, and gRPC health checks follow the standard gRPC health checking protocol. */ healthCheckType: v1TvcHealthCheckType; /** Port to use for health checks. */ healthCheckPort: number; /** Port to use for public ingress. */ publicIngressPort: number; }; export type TCreateTvcDeploymentInput = { body: TCreateTvcDeploymentBody; }; export type TCreateTvcManifestApprovalsResponse = { activity: v1Activity; /** The unique identifier(s) for the manifest approvals */ approvalIds: string[]; }; export type TCreateTvcManifestApprovalsBody = { timestampMs?: string; organizationId?: string; /** Unique identifier of the TVC deployment to approve */ manifestId: string; /** List of manifest approvals */ approvals: v1TvcManifestApproval[]; }; export type TCreateTvcManifestApprovalsInput = { body: TCreateTvcManifestApprovalsBody; }; export type TCreateUserTagResponse = { activity: v1Activity; /** Unique identifier for a given User Tag. */ userTagId: string; /** A list of User IDs. */ userIds: string[]; }; export type TCreateUserTagBody = { timestampMs?: string; organizationId?: string; /** Human-readable name for a User Tag. */ userTagName: string; /** A list of User IDs. */ userIds: string[]; generateAppProofs?: boolean; }; export type TCreateUserTagInput = { body: TCreateUserTagBody; }; export type TCreateUsersResponse = { activity: v1Activity; /** A list of User IDs. */ userIds: string[]; }; export type TCreateUsersBody = { timestampMs?: string; organizationId?: string; /** A list of Users. */ users: v1UserParamsV4[]; generateAppProofs?: boolean; }; export type TCreateUsersInput = { body: TCreateUsersBody; }; export type TCreateWalletResponse = { activity: v1Activity; /** Unique identifier for a Wallet. */ walletId: string; /** A list of account addresses. */ addresses: string[]; }; export type TCreateWalletBody = { timestampMs?: string; organizationId?: string; /** Human-readable name for a Wallet. */ walletName: string; /** A list of wallet Accounts. This field, if not needed, should be an empty array in your request body. */ accounts: v1WalletAccountParams[]; /** Length of mnemonic to generate the Wallet seed. Defaults to 12. Accepted values: 12, 15, 18, 21, 24. */ mnemonicLength?: number; generateAppProofs?: boolean; }; export type TCreateWalletInput = { body: TCreateWalletBody; }; export type TCreateWalletAccountsResponse = { activity: v1Activity; /** A list of derived addresses. */ addresses: string[]; }; export type TCreateWalletAccountsBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Wallet. */ walletId: string; /** A list of wallet Accounts. */ accounts: v1WalletAccountParams[]; /** Indicates if the wallet accounts should be persisted. This is helpful if you'd like to see the addresses of different derivation paths without actually creating the accounts. Defaults to true. */ persist?: boolean; generateAppProofs?: boolean; }; export type TCreateWalletAccountsInput = { body: TCreateWalletAccountsBody; }; export type TCreateWebhookEndpointResponse = { activity: v1Activity; /** Unique identifier of the created webhook endpoint. */ endpointId: string; /** The created webhook endpoint data. */ webhookEndpoint: v1WebhookEndpointData; }; export type TCreateWebhookEndpointBody = { timestampMs?: string; organizationId?: string; /** The destination URL for webhook delivery. */ url: string; /** Human-readable name for this webhook endpoint. */ name: string; /** Event subscriptions to create for this endpoint. */ subscriptions?: v1WebhookSubscriptionParams[]; generateAppProofs?: boolean; }; export type TCreateWebhookEndpointInput = { body: TCreateWebhookEndpointBody; }; export type TDeleteApiKeysResponse = { activity: v1Activity; /** A list of API Key IDs. */ apiKeyIds: string[]; }; export type TDeleteApiKeysBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** A list of API Key IDs. */ apiKeyIds: string[]; generateAppProofs?: boolean; }; export type TDeleteApiKeysInput = { body: TDeleteApiKeysBody; }; export type TDeleteAuthenticatorsResponse = { activity: v1Activity; /** Unique identifier for a given Authenticator. */ authenticatorIds: string[]; }; export type TDeleteAuthenticatorsBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** A list of Authenticator IDs. */ authenticatorIds: string[]; generateAppProofs?: boolean; }; export type TDeleteAuthenticatorsInput = { body: TDeleteAuthenticatorsBody; }; export type TDeleteFiatOnRampCredentialResponse = { activity: v1Activity; /** Unique identifier of the Fiat On-Ramp credential that was deleted */ fiatOnRampCredentialId: string; }; export type TDeleteFiatOnRampCredentialBody = { timestampMs?: string; organizationId?: string; /** The ID of the fiat on-ramp credential to delete */ fiatOnrampCredentialId: string; generateAppProofs?: boolean; }; export type TDeleteFiatOnRampCredentialInput = { body: TDeleteFiatOnRampCredentialBody; }; export type TDeleteInvitationResponse = { activity: v1Activity; /** Unique identifier for a given Invitation. */ invitationId: string; }; export type TDeleteInvitationBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Invitation object. */ invitationId: string; generateAppProofs?: boolean; }; export type TDeleteInvitationInput = { body: TDeleteInvitationBody; }; export type TDeleteOauth2CredentialResponse = { activity: v1Activity; /** Unique identifier of the OAuth 2.0 credential that was deleted */ oauth2CredentialId: string; }; export type TDeleteOauth2CredentialBody = { timestampMs?: string; organizationId?: string; /** The ID of the OAuth 2.0 credential to delete */ oauth2CredentialId: string; generateAppProofs?: boolean; }; export type TDeleteOauth2CredentialInput = { body: TDeleteOauth2CredentialBody; }; export type TDeleteOauthProvidersResponse = { activity: v1Activity; /** A list of unique identifiers for Oauth Providers */ providerIds: string[]; }; export type TDeleteOauthProvidersBody = { timestampMs?: string; organizationId?: string; /** The ID of the User to remove an Oauth provider from */ userId: string; /** Unique identifier for a given Provider. */ providerIds: string[]; generateAppProofs?: boolean; }; export type TDeleteOauthProvidersInput = { body: TDeleteOauthProvidersBody; }; export type TDeletePoliciesResponse = { activity: v1Activity; /** A list of unique identifiers for the deleted policies. */ policyIds: string[]; }; export type TDeletePoliciesBody = { timestampMs?: string; organizationId?: string; /** List of unique identifiers for policies within an organization */ policyIds: string[]; generateAppProofs?: boolean; }; export type TDeletePoliciesInput = { body: TDeletePoliciesBody; }; export type TDeletePolicyResponse = { activity: v1Activity; /** Unique identifier for a given Policy. */ policyId: string; }; export type TDeletePolicyBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Policy. */ policyId: string; generateAppProofs?: boolean; }; export type TDeletePolicyInput = { body: TDeletePolicyBody; }; export type TDeletePrivateKeyTagsResponse = { activity: v1Activity; /** A list of Private Key Tag IDs. */ privateKeyTagIds: string[]; /** A list of Private Key IDs. */ privateKeyIds: string[]; }; export type TDeletePrivateKeyTagsBody = { timestampMs?: string; organizationId?: string; /** A list of Private Key Tag IDs. */ privateKeyTagIds: string[]; generateAppProofs?: boolean; }; export type TDeletePrivateKeyTagsInput = { body: TDeletePrivateKeyTagsBody; }; export type TDeletePrivateKeysResponse = { activity: v1Activity; /** A list of private key unique identifiers that were removed */ privateKeyIds: string[]; }; export type TDeletePrivateKeysBody = { timestampMs?: string; organizationId?: string; /** List of unique identifiers for private keys within an organization */ privateKeyIds: string[]; /** Optional parameter for deleting the private keys, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; generateAppProofs?: boolean; }; export type TDeletePrivateKeysInput = { body: TDeletePrivateKeysBody; }; export type TDeleteSmartContractInterfaceResponse = { activity: v1Activity; /** The ID of the deleted Smart Contract Interface. */ smartContractInterfaceId: string; }; export type TDeleteSmartContractInterfaceBody = { timestampMs?: string; organizationId?: string; /** The ID of a Smart Contract Interface intended for deletion. */ smartContractInterfaceId: string; generateAppProofs?: boolean; }; export type TDeleteSmartContractInterfaceInput = { body: TDeleteSmartContractInterfaceBody; }; export type TDeleteSubOrganizationResponse = { activity: v1Activity; /** Unique identifier of the sub organization that was removed */ subOrganizationUuid: string; }; export type TDeleteSubOrganizationBody = { timestampMs?: string; organizationId?: string; /** Sub-organization deletion, by default, requires associated wallets and private keys to be exported for security reasons. Set this boolean to true to force sub-organization deletion even if some wallets or private keys within it have not been exported yet. Default: false. */ deleteWithoutExport?: boolean; generateAppProofs?: boolean; }; export type TDeleteSubOrganizationInput = { body: TDeleteSubOrganizationBody; }; export type TDeleteTvcAppAndDeploymentsResponse = { activity: v1Activity; /** The unique identifier of the deleted TVC app. */ appId: string; }; export type TDeleteTvcAppAndDeploymentsBody = { timestampMs?: string; organizationId?: string; /** The unique identifier of the TVC app to delete. The app and all associated deployments will be removed. */ appId: string; generateAppProofs?: boolean; }; export type TDeleteTvcAppAndDeploymentsInput = { body: TDeleteTvcAppAndDeploymentsBody; }; export type TDeleteTvcDeploymentResponse = { activity: v1Activity; /** The unique identifier of the deleted TVC deployment. */ deploymentId: string; }; export type TDeleteTvcDeploymentBody = { timestampMs?: string; organizationId?: string; /** The unique identifier of the TVC deployment to delete. */ deploymentId: string; generateAppProofs?: boolean; }; export type TDeleteTvcDeploymentInput = { body: TDeleteTvcDeploymentBody; }; export type TDeleteUserTagsResponse = { activity: v1Activity; /** A list of User Tag IDs. */ userTagIds: string[]; /** A list of User IDs. */ userIds: string[]; }; export type TDeleteUserTagsBody = { timestampMs?: string; organizationId?: string; /** A list of User Tag IDs. */ userTagIds: string[]; generateAppProofs?: boolean; }; export type TDeleteUserTagsInput = { body: TDeleteUserTagsBody; }; export type TDeleteUsersResponse = { activity: v1Activity; /** A list of User IDs. */ userIds: string[]; }; export type TDeleteUsersBody = { timestampMs?: string; organizationId?: string; /** A list of User IDs. */ userIds: string[]; generateAppProofs?: boolean; }; export type TDeleteUsersInput = { body: TDeleteUsersBody; }; export type TDeleteWalletAccountsResponse = { activity: v1Activity; /** A list of wallet account unique identifiers that were removed */ walletAccountIds: string[]; }; export type TDeleteWalletAccountsBody = { timestampMs?: string; organizationId?: string; /** List of unique identifiers for wallet accounts within an organization */ walletAccountIds: string[]; /** Optional parameter for deleting the wallet accounts, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; generateAppProofs?: boolean; }; export type TDeleteWalletAccountsInput = { body: TDeleteWalletAccountsBody; }; export type TDeleteWalletsResponse = { activity: v1Activity; /** A list of wallet unique identifiers that were removed */ walletIds: string[]; }; export type TDeleteWalletsBody = { timestampMs?: string; organizationId?: string; /** List of unique identifiers for wallets within an organization */ walletIds: string[]; /** Optional parameter for deleting the wallets, even if any have not been previously exported. If they have been exported, this field is ignored. */ deleteWithoutExport?: boolean; generateAppProofs?: boolean; }; export type TDeleteWalletsInput = { body: TDeleteWalletsBody; }; export type TDeleteWebhookEndpointResponse = { activity: v1Activity; /** Unique identifier of the deleted webhook endpoint. */ endpointId: string; }; export type TDeleteWebhookEndpointBody = { timestampMs?: string; organizationId?: string; /** Unique identifier of the webhook endpoint to delete. */ endpointId: string; generateAppProofs?: boolean; }; export type TDeleteWebhookEndpointInput = { body: TDeleteWebhookEndpointBody; }; export type TEmailAuthResponse = { activity: v1Activity; /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId: string; }; export type TEmailAuthBody = { timestampMs?: string; organizationId?: string; /** Email of the authenticating user. */ email: string; /** Client-side public key generated by the user, to which the email auth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Email Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Parameters for customizing emails. If not provided, the default email will be used. Note that app_name is required. */ emailCustomization: v1EmailAuthCustomizationParams; /** Invalidate all other previously generated Email Auth API keys */ invalidateExisting?: boolean; /** Optional custom email address from which to send the email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; generateAppProofs?: boolean; }; export type TEmailAuthInput = { body: TEmailAuthBody; }; export type TEthSendTransactionResponse = { activity: v1Activity; /** The send_transaction_status ID associated with the transaction submission */ sendTransactionStatusId: string; }; export type TEthSendTransactionBody = { timestampMs?: string; organizationId?: string; /** A wallet or private key address to sign with. This does not support private key IDs. */ from: string; /** Whether to sponsor this transaction via Gas Station. */ sponsor?: boolean; /** CAIP-2 chain ID (e.g., 'eip155:1' for Ethereum mainnet). */ caip2: "eip155:1" | "eip155:11155111" | "eip155:8453" | "eip155:84532" | "eip155:137" | "eip155:80002"; /** Recipient address as a hex string with 0x prefix. */ to: string; /** Amount of native asset to send in wei. */ value?: string; /** Hex-encoded call data for contract interactions. */ data?: string; /** Transaction nonce, for EIP-1559 and Turnkey Gas Station authorizations. */ nonce?: string; /** Maximum amount of gas to use for this transaction, for EIP-1559 transactions. */ gasLimit?: string; /** Maximum total fee per gas unit (base fee + priority fee) in wei. Required for non-sponsored (EIP-1559) transactions. Not used for sponsored transactions. */ maxFeePerGas?: string; /** Maximum priority fee (tip) per gas unit in wei. Required for non-sponsored (EIP-1559) transactions. Not used for sponsored transactions. */ maxPriorityFeePerGas?: string; /** Unix timestamp in seconds for EIP-712 execution deadline. Only used when sponsor=true. */ deadline?: string; /** The gas station delegate contract nonce. Only used when sponsor=true. Include this if you want maximal security posture. */ gasStationNonce?: string; generateAppProofs?: boolean; }; export type TEthSendTransactionInput = { body: TEthSendTransactionBody; }; export type TExportPrivateKeyResponse = { activity: v1Activity; /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Export bundle containing a private key encrypted to the client's target public key. */ exportBundle: string; }; export type TExportPrivateKeyBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Private Key. */ privateKeyId: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; generateAppProofs?: boolean; }; export type TExportPrivateKeyInput = { body: TExportPrivateKeyBody; }; export type TExportWalletResponse = { activity: v1Activity; /** Unique identifier for a given Wallet. */ walletId: string; /** Export bundle containing a wallet mnemonic + optional newline passphrase encrypted by the client's target public key. */ exportBundle: string; }; export type TExportWalletBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Wallet. */ walletId: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; /** The language of the mnemonic to export. Defaults to English. */ language?: v1MnemonicLanguage; generateAppProofs?: boolean; }; export type TExportWalletInput = { body: TExportWalletBody; }; export type TExportWalletAccountResponse = { activity: v1Activity; /** Address to identify Wallet Account. */ address: string; /** Export bundle containing a private key encrypted by the client's target public key. */ exportBundle: string; }; export type TExportWalletAccountBody = { timestampMs?: string; organizationId?: string; /** Address to identify Wallet Account. */ address: string; /** Client-side public key generated by the user, to which the export bundle will be encrypted. */ targetPublicKey: string; generateAppProofs?: boolean; }; export type TExportWalletAccountInput = { body: TExportWalletAccountBody; }; export type TImportPrivateKeyResponse = { activity: v1Activity; /** Unique identifier for a Private Key. */ privateKeyId: string; /** A list of addresses. */ addresses: immutableactivityv1Address[]; }; export type TImportPrivateKeyBody = { timestampMs?: string; organizationId?: string; /** The ID of the User importing a Private Key. */ userId: string; /** Human-readable name for a Private Key. */ privateKeyName: string; /** Bundle containing a raw private key encrypted to the enclave's target public key. */ encryptedBundle: string; /** Cryptographic Curve used to generate a given Private Key. */ curve: v1Curve; /** Cryptocurrency-specific formats for a derived address (e.g., Ethereum). */ addressFormats: v1AddressFormat[]; generateAppProofs?: boolean; }; export type TImportPrivateKeyInput = { body: TImportPrivateKeyBody; }; export type TImportWalletResponse = { activity: v1Activity; /** Unique identifier for a Wallet. */ walletId: string; /** A list of account addresses. */ addresses: string[]; }; export type TImportWalletBody = { timestampMs?: string; organizationId?: string; /** The ID of the User importing a Wallet. */ userId: string; /** Human-readable name for a Wallet. */ walletName: string; /** Bundle containing a wallet mnemonic encrypted to the enclave's target public key. */ encryptedBundle: string; /** A list of wallet Accounts. */ accounts: v1WalletAccountParams[]; generateAppProofs?: boolean; }; export type TImportWalletInput = { body: TImportWalletBody; }; export type TInitFiatOnRampResponse = { activity: v1Activity; /** Unique URL for a given fiat on-ramp flow. */ onRampUrl: string; /** Unique identifier used to retrieve transaction statuses for a given fiat on-ramp flow. */ onRampTransactionId: string; /** Optional signature of the MoonPay Widget URL. The signature is generated if the Init Fiat On Ramp intent includes the urlForSignature field. The signature can be used to initialize the MoonPay SDKs when URL signing is enabled for your project. */ onRampUrlSignature?: string; }; export type TInitFiatOnRampBody = { timestampMs?: string; organizationId?: string; /** Enum to specify which on-ramp provider to use */ onrampProvider: v1FiatOnRampProvider; /** Destination wallet address for the buy transaction. */ walletAddress: string; /** Blockchain network to be used for the transaction, e.g., bitcoin, ethereum. Maps to MoonPay's network or Coinbase's defaultNetwork. */ network: v1FiatOnRampBlockchainNetwork; /** Code for the cryptocurrency to be purchased, e.g., btc, eth. Maps to MoonPay's currencyCode or Coinbase's defaultAsset. */ cryptoCurrencyCode: v1FiatOnRampCryptoCurrency; /** Code for the fiat currency to be used in the transaction, e.g., USD, EUR. */ fiatCurrencyCode?: v1FiatOnRampCurrency; /** Specifies a preset fiat amount for the transaction, e.g., '100'. Must be greater than '20'. If not provided, the user will be prompted to enter an amount. */ fiatCurrencyAmount?: string; /** Pre-selected payment method, e.g., CREDIT_DEBIT_CARD, APPLE_PAY. Validated against the chosen provider. */ paymentMethod?: v1FiatOnRampPaymentMethod; /** ISO 3166-1 two-digit country code for Coinbase representing the purchasing user’s country of residence, e.g., US, GB. */ countryCode?: string; /** ISO 3166-2 two-digit country subdivision code for Coinbase representing the purchasing user’s subdivision of residence within their country, e.g. NY. Required if country_code=US. */ countrySubdivisionCode?: string; /** Optional flag to indicate whether to use the sandbox mode to simulate transactions for the on-ramp provider. Default is false. */ sandboxMode?: boolean; /** Optional MoonPay Widget URL to sign when using MoonPay client SDKs with URL Signing enabled. */ urlForSignature?: string; generateAppProofs?: boolean; }; export type TInitFiatOnRampInput = { body: TInitFiatOnRampBody; }; export type TInitImportPrivateKeyResponse = { activity: v1Activity; /** Import bundle containing a public key and signature to use for importing client data. */ importBundle: string; }; export type TInitImportPrivateKeyBody = { timestampMs?: string; organizationId?: string; /** The ID of the User importing a Private Key. */ userId: string; generateAppProofs?: boolean; }; export type TInitImportPrivateKeyInput = { body: TInitImportPrivateKeyBody; }; export type TInitImportWalletResponse = { activity: v1Activity; /** Import bundle containing a public key and signature to use for importing client data. */ importBundle: string; }; export type TInitImportWalletBody = { timestampMs?: string; organizationId?: string; /** The ID of the User importing a Wallet. */ userId: string; generateAppProofs?: boolean; }; export type TInitImportWalletInput = { body: TInitImportWalletBody; }; export type TInitOtpResponse = { activity: v1Activity; /** Unique identifier for an OTP flow */ otpId: string; /** Signed bundle containing a target encryption key to use when submitting OTP codes. */ otpEncryptionTargetBundle: string; }; export type TInitOtpBody = { timestampMs?: string; organizationId?: string; /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** The name of the application. */ appName: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParamsV2; /** Optional parameters for customizing SMS message. If not provided, the default sms message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). If set to false, OTP code will only be numeric. Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; generateAppProofs?: boolean; }; export type TInitOtpInput = { body: TInitOtpBody; }; export type TInitOtpAuthResponse = { activity: v1Activity; /** Unique identifier for an OTP authentication */ otpId: string; }; export type TInitOtpAuthBody = { timestampMs?: string; organizationId?: string; /** Whether to send OTP via SMS or email. Possible values: OTP_TYPE_SMS, OTP_TYPE_EMAIL */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional length of the OTP code. Default = 9 */ otpLength?: number; /** The name of the application. This field is required and will be used in email notifications if an email template is not provided. */ appName: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1EmailCustomizationParamsV2; /** Optional parameters for customizing SMS message. If not provided, the default SMS message will be used. */ smsCustomization?: v1SmsCustomizationParams; /** Optional client-generated user identifier to enable per-user rate limiting for SMS auth. We recommend using a hash of the client-side IP address. */ userIdentifier?: string; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional flag to specify if the OTP code should be alphanumeric (Crockford’s Base32). Default = true */ alphanumeric?: boolean; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Expiration window (in seconds) indicating how long the OTP is valid for. If not provided, a default of 5 minutes will be used. Maximum value is 600 seconds (10 minutes) */ expirationSeconds?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; generateAppProofs?: boolean; }; export type TInitOtpAuthInput = { body: TInitOtpAuthBody; }; export type TInitUserEmailRecoveryResponse = { activity: v1Activity; /** Unique identifier for the user being recovered. */ userId: string; }; export type TInitUserEmailRecoveryBody = { timestampMs?: string; organizationId?: string; /** Email of the user starting recovery */ email: string; /** Client-side public key generated by the user, to which the recovery bundle will be encrypted. */ targetPublicKey: string; /** Expiration window (in seconds) indicating how long the recovery credential is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Parameters for customizing emails. If not provided, the default email will be used. Note that `app_name` is required. */ emailCustomization: v1EmailAuthCustomizationParams; /** Optional custom email address from which to send the OTP email */ sendFromEmailAddress?: string; /** Optional custom sender name for use with sendFromEmailAddress; if left empty, will default to 'Notifications' */ sendFromEmailSenderName?: string; /** Optional custom email address to use as reply-to */ replyToEmailAddress?: string; generateAppProofs?: boolean; }; export type TInitUserEmailRecoveryInput = { body: TInitUserEmailRecoveryBody; }; export type TOauthResponse = { activity: v1Activity; /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId: string; /** HPKE encrypted credential bundle */ credentialBundle: string; }; export type TOauthBody = { timestampMs?: string; organizationId?: string; /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, to which the oauth bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to Oauth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Oauth API keys */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TOauthInput = { body: TOauthBody; }; export type TOauth2AuthenticateResponse = { activity: v1Activity; /** Base64 encoded OIDC token issued by Turnkey to be used with the LoginWithOAuth activity */ oidcToken: string; }; export type TOauth2AuthenticateBody = { timestampMs?: string; organizationId?: string; /** The OAuth 2.0 credential id whose client_id and client_secret will be used in the OAuth 2.0 flow */ oauth2CredentialId: string; /** The auth_code provided by the OAuth 2.0 provider to the end user to be exchanged for a Bearer token in the OAuth 2.0 flow */ authCode: string; /** The URI the user is redirected to after they have authenticated with the OAuth 2.0 provider */ redirectUri: string; /** The code verifier used by OAuth 2.0 PKCE providers */ codeVerifier: string; /** A nonce value set to sha256(publicKey), used to bind the OIDC token to a specific public key */ nonce: string; /** An optional P256 public key to which, if provided, the bearer token will be encrypted and returned via the `encrypted_bearer_token` claim of the OIDC Token */ bearerTokenTargetPublicKey?: string; generateAppProofs?: boolean; }; export type TOauth2AuthenticateInput = { body: TOauth2AuthenticateBody; }; export type TOauthLoginResponse = { activity: v1Activity; /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type TOauthLoginBody = { timestampMs?: string; organizationId?: string; /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the oidc token associated with this request */ publicKey: string; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TOauthLoginInput = { body: TOauthLoginBody; }; export type TOtpAuthResponse = { activity: v1Activity; /** Unique identifier for the authenticating User. */ userId: string; /** Unique identifier for the created API key. */ apiKeyId?: string; /** HPKE encrypted credential bundle */ credentialBundle?: string; }; export type TOtpAuthBody = { timestampMs?: string; organizationId?: string; /** ID representing the result of an init OTP activity. */ otpId: string; /** OTP sent out to a user's contact (email or SMS) */ otpCode: string; /** Client-side public key generated by the user, to which the OTP bundle (credentials) will be encrypted. */ targetPublicKey: string; /** Optional human-readable name for an API Key. If none provided, default to OTP Auth - */ apiKeyName?: string; /** Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated OTP Auth API keys */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TOtpAuthInput = { body: TOtpAuthBody; }; export type TOtpLoginResponse = { activity: v1Activity; /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type TOtpLoginBody = { timestampMs?: string; organizationId?: string; /** Signed Verification Token containing a unique id, expiry, verification type, contact */ verificationToken: string; /** Client-side public key generated by the user, used as the session public key upon successful login */ publicKey: string; /** Required signature proving authorization for this login. The signature is over the verification token ID and the public key. Required for secure OTP login process. */ clientSignature: v1ClientSignature; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login sessions */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TOtpLoginInput = { body: TOtpLoginBody; }; export type TRecoverUserResponse = { activity: v1Activity; /** ID of the authenticator created. */ authenticatorId: string[]; }; export type TRecoverUserBody = { timestampMs?: string; organizationId?: string; /** The new authenticator to register. */ authenticator: v1AuthenticatorParamsV2; /** Unique identifier for the user performing recovery. */ userId: string; generateAppProofs?: boolean; }; export type TRecoverUserInput = { body: TRecoverUserBody; }; export type TRejectActivityResponse = { activity: v1Activity; }; export type TRejectActivityBody = { timestampMs?: string; organizationId?: string; /** An artifact verifying a User's action. */ fingerprint: string; generateAppProofs?: boolean; }; export type TRejectActivityInput = { body: TRejectActivityBody; }; export type TRemoveIpAllowlistResponse = { activity: v1Activity; }; export type TRemoveIpAllowlistBody = { timestampMs?: string; organizationId?: string; /** The public component of an API key. If null, removes the organization-level IP allowlist. If set, removes the IP allowlist for this specific API key. */ publicKey?: string; generateAppProofs?: boolean; }; export type TRemoveIpAllowlistInput = { body: TRemoveIpAllowlistBody; }; export type TRemoveOrganizationFeatureResponse = { activity: v1Activity; /** Resulting list of organization features. */ features: v1Feature[]; }; export type TRemoveOrganizationFeatureBody = { timestampMs?: string; organizationId?: string; /** Name of the feature to remove */ name: v1FeatureName; generateAppProofs?: boolean; }; export type TRemoveOrganizationFeatureInput = { body: TRemoveOrganizationFeatureBody; }; export type TRestoreTvcDeploymentResponse = { activity: v1Activity; /** The unique identifier of the restored TVC deployment. */ deploymentId: string; }; export type TRestoreTvcDeploymentBody = { timestampMs?: string; organizationId?: string; /** The unique identifier of the TVC deployment to restore. */ deploymentId: string; generateAppProofs?: boolean; }; export type TRestoreTvcDeploymentInput = { body: TRestoreTvcDeploymentBody; }; export type TSetIpAllowlistResponse = { activity: v1Activity; }; export type TSetIpAllowlistBody = { timestampMs?: string; organizationId?: string; /** The public component of an API key. If null, the IP allowlist applies at the organization level. If set, it applies only to this specific API key. */ publicKey?: string; /** Whether the IP allowlist is enabled. Only meaningful for organization-level allowlists. Omit for API key-level allowlists. */ enabled?: boolean; /** List of IP allowlist rules with CIDR blocks and optional labels. */ rules?: v1IpAllowlistIntentRule[]; /** Behavior when an error occurs during IP allowlist evaluation. Valid values: ALLOW, DENY. Defaults to DENY. */ onEvaluationError?: string; generateAppProofs?: boolean; }; export type TSetIpAllowlistInput = { body: TSetIpAllowlistBody; }; export type TSetOrganizationFeatureResponse = { activity: v1Activity; /** Resulting list of organization features. */ features: v1Feature[]; }; export type TSetOrganizationFeatureBody = { timestampMs?: string; organizationId?: string; /** Name of the feature to set */ name: v1FeatureName; /** Optional value for the feature. Will override existing values if feature is already set. */ value: string; generateAppProofs?: boolean; }; export type TSetOrganizationFeatureInput = { body: TSetOrganizationFeatureBody; }; export type TUpdateTvcAppLiveDeploymentResponse = { activity: v1Activity; }; export type TUpdateTvcAppLiveDeploymentBody = { timestampMs?: string; organizationId?: string; /** The unique identifier of the TVC deployment to set as live for the app. */ deploymentId: string; generateAppProofs?: boolean; }; export type TUpdateTvcAppLiveDeploymentInput = { body: TUpdateTvcAppLiveDeploymentBody; }; export type TSignRawPayloadResponse = { activity: v1Activity; /** Component of an ECSDA signature. */ r: string; /** Component of an ECSDA signature. */ s: string; /** Component of an ECSDA signature. */ v: string; }; export type TSignRawPayloadBody = { timestampMs?: string; organizationId?: string; /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** Raw unsigned payload to be signed. */ payload: string; /** Encoding of the `payload` string. Turnkey uses this information to convert `payload` into bytes with the correct decoder (e.g. hex, utf8). */ encoding: v1PayloadEncoding; /** Hash function to apply to payload bytes before signing. This field must be set to HASH_FUNCTION_NOT_APPLICABLE for EdDSA/ed25519 signature requests; configurable payload hashing is not supported by RFC 8032. */ hashFunction: v1HashFunction; generateAppProofs?: boolean; }; export type TSignRawPayloadInput = { body: TSignRawPayloadBody; }; export type TSignRawPayloadsResponse = { activity: v1Activity; signatures?: v1SignRawPayloadResult[]; }; export type TSignRawPayloadsBody = { timestampMs?: string; organizationId?: string; /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** An array of raw unsigned payloads to be signed. */ payloads: string[]; /** Encoding of the `payload` string. Turnkey uses this information to convert `payload` into bytes with the correct decoder (e.g. hex, utf8). */ encoding: v1PayloadEncoding; /** Hash function to apply to payload bytes before signing. This field must be set to HASH_FUNCTION_NOT_APPLICABLE for EdDSA/ed25519 signature requests; configurable payload hashing is not supported by RFC 8032. */ hashFunction: v1HashFunction; generateAppProofs?: boolean; }; export type TSignRawPayloadsInput = { body: TSignRawPayloadsBody; }; export type TSignTransactionResponse = { activity: v1Activity; signedTransaction: string; }; export type TSignTransactionBody = { timestampMs?: string; organizationId?: string; /** A Wallet account address, Private Key address, or Private Key identifier. */ signWith: string; /** Raw unsigned transaction to be signed */ unsignedTransaction: string; type: v1TransactionType; generateAppProofs?: boolean; }; export type TSignTransactionInput = { body: TSignTransactionBody; }; export type TSolSendTransactionResponse = { activity: v1Activity; /** The send_transaction_status ID associated with the transaction submission */ sendTransactionStatusId: string; }; export type TSolSendTransactionBody = { timestampMs?: string; organizationId?: string; /** Base64-encoded serialized unsigned Solana transaction */ unsignedTransaction: string; /** A wallet or private key address to sign with. This does not support private key IDs. */ signWith: string; /** Whether to sponsor this transaction via Gas Station. */ sponsor?: boolean; /** CAIP-2 chain ID (e.g., 'solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp' for Solana mainnet). Human-readable Solana aliases ('solana:mainnet', 'solana:devnet') are also accepted and normalized to canonical CAIP-2 values. */ caip2: "solana:mainnet" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" | "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d" | "solana:devnet" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" | "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1wcaWoxPkrZBG"; /** user-provided blockhash for replay protection / deadline control. If omitted and sponsor=true, we fetch a fresh blockhash during execution */ recentBlockhash?: string; generateAppProofs?: boolean; }; export type TSolSendTransactionInput = { body: TSolSendTransactionBody; }; export type TSparkClaimTransferResponse = { activity: v1Activity; /** Per-operator ECIES-encrypted packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Newly-derived SigningLeaf public keys, one per leaf, in input order. */ newLeafPublicKeys: v1SparkLeafPublicKey[]; }; export type TSparkClaimTransferBody = { timestampMs?: string; organizationId?: string; /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Claim package parameters. */ claim: v1SparkClaimPackage; }; export type TSparkClaimTransferInput = { body: TSparkClaimTransferBody; }; export type TSparkPrepareLightningReceiveResponse = { activity: v1Activity; /** Per-operator ECIES-encrypted Feldman share packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Hex-encoded SHA256(preimage). Forward to the Lightning node. */ paymentHash: string; }; export type TSparkPrepareLightningReceiveBody = { timestampMs?: string; organizationId?: string; /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Lightning receive package parameters: threshold and operator recipients. */ lightningReceive: v1SparkLightningReceivePackage; }; export type TSparkPrepareLightningReceiveInput = { body: TSparkPrepareLightningReceiveBody; }; export type TSparkPrepareTransferResponse = { activity: v1Activity; /** Per-operator ECIES-encrypted packages. */ operatorPackages: v1SparkEncryptedOperatorPackage[]; /** Hex-encoded ECDSA-DER signature of the TransferPackage signing payload, signed with the wallet's IDENTITY key. */ transferUserSignature: string; /** Newly-derived SigningLeaf public keys, one per leaf, in input order. */ newLeafPublicKeys: v1SparkLeafPublicKey[]; }; export type TSparkPrepareTransferBody = { timestampMs?: string; organizationId?: string; /** A Spark wallet account address identifying the wallet. */ signWith: string; /** Transfer package parameters for HD key tweak splitting. */ transfer: v1SparkTransferPackage; }; export type TSparkPrepareTransferInput = { body: TSparkPrepareTransferBody; }; export type TSparkSignFrostResponse = { activity: v1Activity; /** Partial signatures plus Turnkey commitments, one per request, in order. */ signatures: v1SparkPartialSignature[]; }; export type TSparkSignFrostBody = { timestampMs?: string; organizationId?: string; /** A Spark wallet account address identifying the wallet to sign with. */ signWith: string; /** Batched sign requests. Each produces a partial signature plus Turnkey's public commitments. */ signatures: v1SparkSignatureRequest[]; }; export type TSparkSignFrostInput = { body: TSparkSignFrostBody; }; export type TStampLoginResponse = { activity: v1Activity; /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type TStampLoginBody = { timestampMs?: string; organizationId?: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the passkey stamp associated with this request */ publicKey: string; /** Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used. */ expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; generateAppProofs?: boolean; }; export type TStampLoginInput = { body: TStampLoginBody; }; export type TUpdateFiatOnRampCredentialResponse = { activity: v1Activity; /** Unique identifier of the Fiat On-Ramp credential that was updated */ fiatOnRampCredentialId: string; }; export type TUpdateFiatOnRampCredentialBody = { timestampMs?: string; organizationId?: string; /** The ID of the fiat on-ramp credential to update */ fiatOnrampCredentialId: string; /** The fiat on-ramp provider */ onrampProvider: v1FiatOnRampProvider; /** Project ID for the on-ramp provider. Some providers, like Coinbase, require this additional identifier. */ projectId?: string; /** Publishable API key for the on-ramp provider */ publishableApiKey: string; /** Secret API key for the on-ramp provider encrypted to our on-ramp encryption public key */ encryptedSecretApiKey: string; /** Private API key for the on-ramp provider encrypted to our on-ramp encryption public key. Some providers, like Coinbase, require this additional key. */ encryptedPrivateApiKey?: string; generateAppProofs?: boolean; }; export type TUpdateFiatOnRampCredentialInput = { body: TUpdateFiatOnRampCredentialBody; }; export type TUpdateOauth2CredentialResponse = { activity: v1Activity; /** Unique identifier of the OAuth 2.0 credential that was updated */ oauth2CredentialId: string; }; export type TUpdateOauth2CredentialBody = { timestampMs?: string; organizationId?: string; /** The ID of the OAuth 2.0 credential to update */ oauth2CredentialId: string; /** The OAuth 2.0 provider */ provider: v1Oauth2Provider; /** The Client ID issued by the OAuth 2.0 provider */ clientId: string; /** The client secret issued by the OAuth 2.0 provider encrypted to the TLS Fetcher quorum key */ encryptedClientSecret: string; generateAppProofs?: boolean; }; export type TUpdateOauth2CredentialInput = { body: TUpdateOauth2CredentialBody; }; export type TUpdateOrganizationNameResponse = { activity: v1Activity; /** Unique identifier for the Organization. */ organizationId: string; /** The updated organization name. */ organizationName: string; }; export type TUpdateOrganizationNameBody = { timestampMs?: string; organizationId?: string; /** New name for the Organization. */ organizationName: string; generateAppProofs?: boolean; }; export type TUpdateOrganizationNameInput = { body: TUpdateOrganizationNameBody; }; export type TUpdatePolicyResponse = { activity: v1Activity; /** Unique identifier for a given Policy. */ policyId: string; }; export type TUpdatePolicyBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Policy. */ policyId: string; /** Human-readable name for a Policy. */ policyName?: string; /** The instruction to DENY or ALLOW an activity (optional). */ policyEffect?: v1Effect; /** The condition expression that triggers the Effect (optional). */ policyCondition?: string; /** The consensus expression that triggers the Effect (optional). */ policyConsensus?: string; /** Accompanying notes for a Policy (optional). */ policyNotes?: string; generateAppProofs?: boolean; }; export type TUpdatePolicyInput = { body: TUpdatePolicyBody; }; export type TUpdatePrivateKeyTagResponse = { activity: v1Activity; /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; }; export type TUpdatePrivateKeyTagBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Private Key Tag. */ privateKeyTagId: string; /** The new, human-readable name for the tag with the given ID. */ newPrivateKeyTagName?: string; /** A list of Private Keys IDs to add this tag to. */ addPrivateKeyIds: string[]; /** A list of Private Key IDs to remove this tag from. */ removePrivateKeyIds: string[]; generateAppProofs?: boolean; }; export type TUpdatePrivateKeyTagInput = { body: TUpdatePrivateKeyTagBody; }; export type TUpdateRootQuorumResponse = { activity: v1Activity; }; export type TUpdateRootQuorumBody = { timestampMs?: string; organizationId?: string; /** The threshold of unique approvals to reach quorum. */ threshold: number; /** The unique identifiers of users who comprise the quorum set. */ userIds: string[]; generateAppProofs?: boolean; }; export type TUpdateRootQuorumInput = { body: TUpdateRootQuorumBody; }; export type TUpdateUserResponse = { activity: v1Activity; /** A User ID. */ userId: string; }; export type TUpdateUserBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ userName?: string; /** The user's email address. */ userEmail?: string; /** An updated list of User Tags to apply to this User. This field, if not needed, should be an empty array in your request body. */ userTagIds?: string[]; /** The user's phone number in E.164 format e.g. +13214567890 */ userPhoneNumber?: string; generateAppProofs?: boolean; }; export type TUpdateUserInput = { body: TUpdateUserBody; }; export type TUpdateUserEmailResponse = { activity: v1Activity; /** Unique identifier of the User whose email was updated. */ userId: string; }; export type TUpdateUserEmailBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** The user's email address. Setting this to an empty string will remove the user's email. */ userEmail: string; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; generateAppProofs?: boolean; }; export type TUpdateUserEmailInput = { body: TUpdateUserEmailBody; }; export type TUpdateUserNameResponse = { activity: v1Activity; /** Unique identifier of the User whose name was updated. */ userId: string; }; export type TUpdateUserNameBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** Human-readable name for a User. */ userName: string; generateAppProofs?: boolean; }; export type TUpdateUserNameInput = { body: TUpdateUserNameBody; }; export type TUpdateUserPhoneNumberResponse = { activity: v1Activity; /** Unique identifier of the User whose phone number was updated. */ userId: string; }; export type TUpdateUserPhoneNumberBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User. */ userId: string; /** The user's phone number in E.164 format e.g. +13214567890. Setting this to an empty string will remove the user's phone number. */ userPhoneNumber: string; /** Signed JWT containing a unique id, expiry, verification type, contact */ verificationToken?: string; generateAppProofs?: boolean; }; export type TUpdateUserPhoneNumberInput = { body: TUpdateUserPhoneNumberBody; }; export type TUpdateUserTagResponse = { activity: v1Activity; /** Unique identifier for a given User Tag. */ userTagId: string; }; export type TUpdateUserTagBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given User Tag. */ userTagId: string; /** The new, human-readable name for the tag with the given ID. */ newUserTagName?: string; /** A list of User IDs to add this tag to. */ addUserIds: string[]; /** A list of User IDs to remove this tag from. */ removeUserIds: string[]; generateAppProofs?: boolean; }; export type TUpdateUserTagInput = { body: TUpdateUserTagBody; }; export type TUpdateWalletResponse = { activity: v1Activity; /** A Wallet ID. */ walletId: string; }; export type TUpdateWalletBody = { timestampMs?: string; organizationId?: string; /** Unique identifier for a given Wallet. */ walletId: string; /** Human-readable name for a Wallet. */ walletName?: string; generateAppProofs?: boolean; }; export type TUpdateWalletInput = { body: TUpdateWalletBody; }; export type TUpdateWebhookEndpointResponse = { activity: v1Activity; /** Unique identifier of the updated webhook endpoint. */ endpointId: string; /** The updated webhook endpoint data. */ webhookEndpoint: v1WebhookEndpointData; }; export type TUpdateWebhookEndpointBody = { timestampMs?: string; organizationId?: string; /** Unique identifier of the webhook endpoint to update. */ endpointId: string; /** Updated destination URL for webhook delivery. */ url?: string; /** Updated human-readable name for this webhook endpoint. */ name?: string; /** Whether this webhook endpoint is active. */ isActive?: boolean; generateAppProofs?: boolean; }; export type TUpdateWebhookEndpointInput = { body: TUpdateWebhookEndpointBody; }; export type TVerifyOtpResponse = { activity: v1Activity; /** Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type TVerifyOtpBody = { timestampMs?: string; organizationId?: string; /** UUID representing an OTP flow. A new UUID is created for each init OTP activity. */ otpId: string; /** Encrypted bundle containing the OTP code and a client-generated public key. Turnkey's secure enclaves will decrypt this bundle, verify the OTP code, and issue a new Verification Token. Encrypted using the target encryption key provided in the INIT_OTP activity result. */ encryptedOtpBundle: string; /** Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; generateAppProofs?: boolean; }; export type TVerifyOtpInput = { body: TVerifyOtpBody; }; export type TNOOPCodegenAnchorResponse = { activity: v1Activity; }; export type ProxyTGetAccountResponse = { organizationId?: string; }; export type ProxyTGetAccountBody = { /** Specifies the type of filter to apply, i.e 'CREDENTIAL_ID', 'NAME', 'USERNAME', 'EMAIL', 'PHONE_NUMBER', 'OIDC_TOKEN' or 'PUBLIC_KEY' */ filterType: string; /** The value of the filter to apply for the specified type. For example, a specific email or name string. */ filterValue: string; /** Signed JWT containing a unique id, expiry, verification type, contact. Used to verify access to PII (email/phone number) when filter_type is 'EMAIL' or 'PHONE_NUMBER'. */ verificationToken?: string; /** OIDC token to verify access to PII (email/phone number) when filter_type is 'EMAIL' or 'PHONE_NUMBER'. Needed for social linking when verification_token is not available. */ oidcToken?: string; }; export type ProxyTGetAccountInput = { body: ProxyTGetAccountBody; }; export type ProxyTOAuth2AuthenticateResponse = { /** A Turnkey issued OIDC token to be used with the LoginWithOAuth activity */ oidcToken: string; }; export type ProxyTOAuth2AuthenticateBody = { /** The OAuth 2.0 provider to authenticate with */ provider: v1Oauth2Provider; /** The auth_code provided by the OAuth 2.0 to the end user to be exchanged for a Bearer token in the OAuth 2.0 flow */ authCode: string; /** The URI the user is redirected to after they have authenticated with the OAuth 2.0 provider */ redirectUri: string; /** The code verifier used by OAuth 2.0 PKCE providers */ codeVerifier: string; /** A nonce value set to sha256(publicKey), used to bind the OIDC token to a specific public key */ nonce: string; /** The client ID registered with the OAuth 2.0 provider */ clientId: string; }; export type ProxyTOAuth2AuthenticateInput = { body: ProxyTOAuth2AuthenticateBody; }; export type ProxyTOAuthLoginResponse = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type ProxyTOAuthLoginBody = { /** Base64 encoded OIDC token */ oidcToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the oidc token associated with this request */ publicKey: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; /** Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the OIDC token to look up the associated organization id. */ organizationId?: string; }; export type ProxyTOAuthLoginInput = { body: ProxyTOAuthLoginBody; }; export type ProxyTInitOtpResponse = { /** Unique identifier for an OTP authentication */ otpId: string; }; export type ProxyTInitOtpBody = { /** Enum to specify whether to send OTP via SMS or email */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1ProxyEmailCustomizationParams; }; export type ProxyTInitOtpInput = { body: ProxyTInitOtpBody; }; export type ProxyTInitOtpV2Response = { /** Unique identifier for an OTP flow. */ otpId: string; /** Signed bundle containing a target encryption key to use when submitting OTP codes. */ otpEncryptionTargetBundle: string; }; export type ProxyTInitOtpV2Body = { /** Enum to specify whether to send OTP code via SMS or email */ otpType: string; /** Email or phone number to send the OTP code to */ contact: string; /** Optional parameters for customizing emails. If not provided, the default email will be used. */ emailCustomization?: v1ProxyEmailCustomizationParams; }; export type ProxyTInitOtpV2Input = { body: ProxyTInitOtpV2Body; }; export type ProxyTOtpLoginResponse = { /** Signed JWT containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type ProxyTOtpLoginBody = { /** Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; /** Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the verification token */ publicKey: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; /** Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the verification token to look up the verified sub-organization based on the contact and verification type. */ organizationId?: string; /** Optional signature proving authorization for this login. The signature is over the verification token ID and the public key. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type ProxyTOtpLoginInput = { body: ProxyTOtpLoginBody; }; export type ProxyTOtpLoginV2Response = { /** Session containing an expiry, public key, session type, user id, and organization id */ session: string; }; export type ProxyTOtpLoginV2Body = { /** Session containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; /** Client-side public key generated by the user, used as the session public key upon successful login. */ publicKey: string; /** Signature proving authorization for this login. The signature is over the verification token ID and the new session public key. */ clientSignature: v1ClientSignature; /** Invalidate all other previously generated Login sessions */ invalidateExisting?: boolean; /** Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the verification token to look up the verified sub-organization based on the contact and verification type. */ organizationId?: string; }; export type ProxyTOtpLoginV2Input = { body: ProxyTOtpLoginV2Body; }; export type ProxyTVerifyOtpResponse = { /** Signed JWT containing a unique id, expiry, verification type, contact. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type ProxyTVerifyOtpBody = { /** ID representing the result of an init OTP activity. */ otpId: string; /** OTP sent out to a user's contact (email or SMS) */ otpCode: string; /** Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ publicKey?: string; }; export type ProxyTVerifyOtpInput = { body: ProxyTVerifyOtpBody; }; export type ProxyTVerifyOtpV2Response = { /** Verification Token containing a unique id, expiry, verification type, contact signed by Turnkey's enclaves. Verification status of a user is updated when the token is consumed (in OTP_LOGIN requests) */ verificationToken: string; }; export type ProxyTVerifyOtpV2Body = { /** ID representing the result of an init OTP activity. */ otpId: string; /** Encrypted bundle containing the OTP code and a client-generated public key. Turnkey's secure enclaves will decrypt this bundle, verify the OTP code, and issue a new Verification Token. Encrypted using the target encryption key provided in the INIT_OTP activity result. */ encryptedOtpBundle: string; }; export type ProxyTVerifyOtpV2Input = { body: ProxyTVerifyOtpV2Body; }; export type ProxyTSignupResponse = { organizationId: string; /** Wallet created for the sub-organization, if provided in the request */ wallet?: v1WalletResult; /** Root user ID created for this sub-organization */ userId: string; /** A list of App Proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ appProofs?: v1AppProof[]; }; export type ProxyTSignupBody = { userEmail?: string; userPhoneNumber?: string; userTag?: string; userName?: string; organizationName?: string; verificationToken?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParams[]; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Optional signature proving authorization for this signup. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type ProxyTSignupInput = { body: ProxyTSignupBody; }; export type ProxyTSignupV2Response = { organizationId: string; /** Wallet created for the sub-organization, if provided in the request */ wallet?: v1WalletResult; /** Root user ID created for this sub-organization */ userId: string; /** A list of App Proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ appProofs?: v1AppProof[]; }; export type ProxyTSignupV2Body = { userEmail?: string; userPhoneNumber?: string; userTag?: string; userName?: string; organizationName?: string; verificationToken?: string; /** A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: v1ApiKeyParamsV2[]; /** A list of Authenticator parameters. This field, if not needed, should be an empty array in your request body. */ authenticators: v1AuthenticatorParamsV2[]; /** A list of Oauth providers. This field, if not needed, should be an empty array in your request body. */ oauthProviders: v1OauthProviderParamsV2[]; /** The wallet to create for the sub-organization */ wallet?: v1WalletParams; /** Optional signature proving authorization for this signup. The signature is over the verification token ID and the root user parameters for the root user associated with the verification token. Only required if a public key was provided during the verification step. */ clientSignature?: v1ClientSignature; }; export type ProxyTSignupV2Input = { body: ProxyTSignupV2Body; }; export type ProxyTGetWalletKitConfigResponse = { /** List of enabled authentication providers (e.g., 'facebook', 'google', 'apple', 'email', 'sms', 'passkey', 'wallet') */ enabledProviders: string[]; /** Session expiration duration in seconds */ sessionExpirationSeconds: string; /** The organization ID this configuration applies to */ organizationId: string; /** Mapping of social login providers to their OAuth client IDs. */ oauthClientIds?: Record; /** OAuth redirect URL to be used for social login flows. */ oauthRedirectUrl?: string; otpAlphanumeric?: boolean; otpLength?: string; }; export type ProxyTGetWalletKitConfigBody = {}; export type ProxyTGetWalletKitConfigInput = { body: ProxyTGetWalletKitConfigBody; }; //# sourceMappingURL=types.d.ts.map