JavaScript / TypeScript SDK
Official JS/TS SDK for KYA — key generation, signing, and API client.
Installation#
npm install @kya/sdk-js
# or
pnpm add @kya/sdk-jsKey Generation#
generate-keys.ts
import { generateKeypair } from "@kya/sdk-js";
const { publicKey, privateKey } = await generateKeypair();
// publicKey: base64-encoded Ed25519 public key
// privateKey: base64-encoded Ed25519 private key
console.log("Public key:", publicKey);
// Store privateKey securely — never expose itSign an Action#
Before calling POST /verify, your agent must sign the action payload using canonical JSON + SHA-256 + Ed25519:
sign-action.ts
import { canonicalize, hashPayload, signPayload } from "@kya/sdk-js";
const payload = {
action: "charge_payment",
amount: 45,
currency: "EUR",
agent_id: "agt_01J...",
};
// 1. Canonical JSON (deterministic key ordering)
const canonical = canonicalize(payload);
// 2. SHA-256 hash
const payloadHash = hashPayload(canonical);
// 3. Ed25519 signature
const signature = await signPayload(canonical, privateKey);
console.log({ payloadHash, signature });Full Verify Flow#
verify-flow.ts
import { KyaClient, generateKeypair, signPayload, hashPayload, canonicalize } from "@kya/sdk-js";
const kya = new KyaClient({
baseUrl: "https://api.know-your-agent.dev",
workspaceId: "ws_01J...",
});
// 1. Request a capability token
const { capability_token } = await kya.requestCapability({
agentId: "agt_01J...",
action: "charge_payment",
ttlSeconds: 300,
});
// 2. Sign the action payload
const payload = { action: "charge_payment", amount: 45 };
const canonical = canonicalize(payload);
const payloadHash = hashPayload(canonical);
const signature = await signPayload(canonical, agentPrivateKey);
// 3. Call verify
const { decision, reason_code, audit_event_id } = await kya.verify({
agentId: "agt_01J...",
capabilityToken: capability_token,
action: "charge_payment",
payload,
signature,
payloadHash,
});
if (decision === "ALLOW") {
// Execute the action
await processPayment(45);
} else {
console.error("Action denied:", reason_code);
}Express Middleware#
middleware.ts
import express from "express";
import { KyaClient } from "@kya/sdk-js";
const kya = new KyaClient({ baseUrl: "...", workspaceId: "ws_01J..." });
// Protect a route with KYA verification
app.post("/charge", async (req, res) => {
const { capability_token, signature, payload_hash, ...payload } = req.body;
const result = await kya.verify({
agentId: req.headers["x-agent-id"] as string,
capabilityToken: capability_token,
action: "charge_payment",
payload,
signature,
payloadHash: payload_hash,
});
if (result.decision !== "ALLOW") {
return res.status(403).json({
error: result.reason_code,
audit_event_id: result.audit_event_id,
});
}
// Proceed with the action
res.json({ success: true });
});