DS24 Node/TS Client

Minimal Digistore24 (DS24) Node/TypeScript client with a tiny surface area and CJS output (Firebase Functions friendly).

Install

npm install @sebastianmaierofficial/ds24-client

Usage

import { DS24Client } from "@sebastianmaierofficial/ds24-client";

const client = new DS24Client({
  apiKey: process.env.DS24_API_KEY as string
});

const ping = await client.testConnection();

const buyUrl = await client.createBuyUrl({
  product_id: "12345",
  buyer: {
    email: "buyer@example.com",
    first_name: "Ava",
    last_name: "Lee",
    readonly_keys: "email_and_name"
  },
  tracking: {
    utm_source: "newsletter"
  }
});

const upgrades = await client.listUpgrades();

Generated client

If you want full OpenAPI coverage, use the generated low-level client:

import { DS24GeneratedClient } from "@sebastianmaierofficial/ds24-client";

const client = new DS24GeneratedClient({ apiKey: process.env.DS24_API_KEY as string });
const upgrades = await client.listUpgrades();

Supported endpoints

Current hand-written, supported endpoints:

• testConnection() → GET /getUserInfo
• createBuyUrl(params) → POST /createBuyUrl
• listUpgrades(params) → POST /listUpgrades

For the full API surface, use DS24GeneratedClient and refer to the bundled spec at openapi/bundled/openapi.bundle.yaml.

Local testing

cp examples/env.example examples/.env
npm run example:smoke

Security Note (Important)

This client uses your Digistore24 API key. Treat it like a password.

• Never use this library in browser/client-side JavaScript.
  If you bundle it into frontend code, your API key will be exposed.
• Use it server-side only (Node.js backend, Cloud Functions, Cloud Run, etc.).
• Store the API key in environment variables / secret managers, never in source code.
• Do not commit .env files. Use env.example as a template only.
• If you suspect leakage, revoke/rotate the API key immediately in Digistore24.

The example scripts in /examples are intended for local server-side testing only.

OpenAPI

• npm run openapi:fetch downloads the official spec and referenced YAMLs into openapi/raw/.
• npm run openapi:bundle bundles into openapi/bundled/openapi.bundle.yaml.

Error Codes

• DS24_AUTH_FAILED
• DS24_FORBIDDEN
• DS24_RATE_LIMITED
• DS24_NOT_FOUND
• DS24_BAD_REQUEST
• DS24_TIMEOUT
• DS24_NETWORK_ERROR
• DS24_UNKNOWN

Notes

• Authentication uses the X-DS-API-KEY header as defined in the DS24 OpenAPI spec.
• Requests are application/x-www-form-urlencoded for DS24 endpoints.
• Retries: up to 3 attempts for 429/5xx/timeouts with exponential backoff.