The TypeScript SDK provides typed clients, authentication lifecycle management, and pre-built recipes for the Zeam API. It runs on Node.js 22+, Deno, and Bun.
Server-side only. One-time credentials (stellar.secret, connectSecret, apiKey.secret, webhookSecret.secret) must never reach an end-user device. Do not bundle this SDK for browser use.
Install
npm install @zeammoney/sdk
Create a client
import { Client, Environment } from "@zeammoney/sdk";
const client = new Client({ environment: Environment.Production });
X-Request-Id automatically.
Authentication
OTP (user sign-in)
import { loginOTP } from "@zeammoney/sdk/recipes";
const session = await loginOTP(client, {
mobileNumber: "+27821234567",
askCode: async (hint) => {
return prompt(`OTP sent to ${hint.maskedDestination}`)!;
},
});
// session is on TrackBusiness and persisted in the token store
Ed25519 (backend services)
import { connectLogin } from "@zeammoney/sdk/recipes";
const session = await connectLogin(client, {
stellarSeed: seed, // from your secret manager
publicKey: publicKey,
});
// session is on TrackConnect — keypair zeroed after authentication
Making API calls
Typed sub-clients are available via the facade:
// List associations
const associations = await client.business().listAssociations(session);
// Get a wallet
const wallet = await client.business().getWallet(session, walletId);
// Query connectors
const connectors = await client.connect().queryConnectors(connectSession, {
countryISO: "ZA",
method: "BANK",
});
Recipes
The @zeammoney/sdk/recipes module provides one-call workflows:
| Recipe | Description |
|---|
loginOTP | Business OTP login |
connectLogin | Full Ed25519 flow |
registerApplication | One-time-secret capture at registration |
connectPayment | 9-step off-ramp payment orchestration |
rotateCredential | API key or webhook secret rotation |
Error handling
import { ZeamError, ErrorKind } from "@zeammoney/sdk";
try {
const result = await client.business().listAssociations(session);
} catch (err) {
if (err instanceof ZeamError) {
if (err.kind === ErrorKind.Auth) {
// Token expired — re-authenticate
}
if (err.kind === ErrorKind.Transient) {
// Retry with backoff
}
console.error(`Error: ${err.code} (request_id=${err.requestId})`);
}
}
Webhook verification
The SDK includes constant-time HMAC verification with replay protection:
import { verifyWebhook } from "@zeammoney/sdk/webhooks";
const event = verifyWebhook(requestBody, {
signature: headers["x-zeam-signature"],
secret: webhookSecret,
maxAge: 300, // reject events older than 5 minutes
});
Configuration options
| Option | Description |
|---|
environment | Target endpoint. Use Environment.Production for all API access. Pass a custom URL string for local development only. Access mode is determined by credentials, not by this setting. |
tokenStore | Token persistence backend (default: in-memory) |
timeout | Per-call deadline (default: 30s) |
logger | Structured logger (receives redacted payloads only) |
observability | OpenTelemetry event hook |
Repository
Full source, examples, and detailed documentation:
github.com/ZeamMoney/zeam-sdk-ts 
