Overview
The Velt Node SDK exposes two independent backends:| Backend | Namespace | Use case |
|---|---|---|
| Self-hosting | sdk.selfHosting.* | Store Velt data in your own MongoDB + AWS S3 |
| REST API | sdk.api.* | Call Velt’s REST APIs directly from your backend |
sdk.selfHosting.*) simplifies backend implementation by 90%. Instead of writing custom database queries and storage logic, you:
- Pass your DB and storage configs to the SDK
- Call the relevant SDK method with the raw request payload
- Return the resulting response directly to the client
sdk.api.*) provides parity with Velt’s REST APIs. 18 services, fully-typed TypeScript request objects, and raw Velt API responses. API calls do not read or write MongoDB or AWS S3.
In
@veltdev/node@1.0.7, VeltSDK.initialize still validates the top-level
database config. Pass your database config during initialization even when
you only call sdk.api.*; the REST API methods themselves do not use it.Installation
Requirements
- Node.js 18+
- TypeScript 5.x (optional — JavaScript is fully supported)
- MongoDB 6+ (Percona Server or MongoDB Atlas) for self-hosting
mongodb^6,@aws-sdk/client-s3^3, andjose^5 (forverifyToken) as optional peer dependencies
Quick Start
Initialize the SDK
- Self-hosting
- REST API
Self-hosting initialization (MongoDB + optional AWS):
Shutdown
Callawait sdk.close() when your process exits to release the database connection pool.
Configuration
Environment Variables
| Variable | Config key equivalent | Purpose |
|---|---|---|
VELT_API_KEY | apiKey | Velt API key for authenticating REST API calls |
VELT_AUTH_TOKEN | authToken | Velt auth token for authenticating REST API calls |
VELT_WORKSPACE_ID | — | Default workspace ID for workspace-scoped operations |
VELT_WORKSPACE_AUTH_TOKEN | — | Auth token scoped to a specific workspace |
AWS_ACCESS_KEY_ID | — | AWS access key for S3 attachments |
AWS_SECRET_ACCESS_KEY | — | AWS secret key for S3 attachments |
AWS_REGION | — | AWS region for S3 |
AWS_S3_BUCKET_NAME | — | S3 bucket name for attachments |
AWS_S3_ENDPOINT_URL | — | Custom S3 endpoint (e.g., for MinIO) |
Self-Hosting Configuration
- Database
- AWS (Attachments)
- Complete Example
- Resolver Auth
Configure MongoDB connection for storing comments, reactions, and user data.
Self-Hosting Backend
Each self-hosting service is loaded asynchronously on first access viaawait sdk.selfHosting.getXxx(). The service is cached after the first call. The token service is the exception — it is available as a direct synchronous property via sdk.selfHosting.token.
Comments
Access viaawait sdk.selfHosting.getComments().
getComments
- Fetches comments for a document from your MongoDB store.
- Params: GetCommentsRequest (SH)
- Returns: VeltSelfHostingResponse
saveComments
- Saves (creates or updates) comment annotations to MongoDB.
- Params: SaveCommentsRequest (SH)
- Returns: VeltSelfHostingResponse
Resolver contract: WhensaveCommentsruns as a save-resolver handler, the inboundeventmay be aResolverActionsor aCommentResolverSaveEventmember (or a raw string), and the request may includetargetComment?: PartialComment— the comment the action occurred on (request context only, never persisted). SeeSaveCommentResolverRequest.
deleteComment
- Deletes a single comment annotation from MongoDB.
- Params: DeleteCommentRequest (SH)
- Returns: VeltSelfHostingResponse
Reactions
Access viaawait sdk.selfHosting.getReactions().
getReactions
- Fetches reactions for a document from MongoDB.
- Params: GetReactionsRequest (SH)
- Returns: VeltSelfHostingResponse
saveReactions
- Persists reactions to MongoDB.
- Params: SaveReactionsRequest (SH)
- Returns: VeltSelfHostingResponse
- The reacting user is set via
from(renamed fromuserin v1.0.5, matching the frontendPartialReactionAnnotation.from).
deleteReaction
- Deletes a single reaction from MongoDB.
- Params: DeleteReactionRequest (SH)
- Returns: VeltSelfHostingResponse
Attachments
Access viaawait sdk.selfHosting.getAttachments().
getAttachment
- Fetches an attachment record by organization and attachment ID.
- Params: positional —
organizationId(string),attachmentId(number) - Returns: VeltSelfHostingResponse
saveAttachment
- Persists attachment metadata, optionally uploading the file body to S3.
- Params: SaveAttachmentRequest (SH) plus optional positional
fileData(Buffer),fileName(string),mimeType(string) - Returns: VeltSelfHostingResponse
deleteAttachment
- Deletes an attachment record (and S3 object, if applicable).
- Params: DeleteAttachmentRequest (SH)
- Returns: VeltSelfHostingResponse
Users
Access viaawait sdk.selfHosting.getUsers().
getUsers
- Fetches users from MongoDB.
- Params: GetUsersSelfHostingRequest (SH)
- Returns: VeltSelfHostingResponse
Recorder
Access viaawait sdk.selfHosting.getRecorder().
getRecorderAnnotations
- Fetches recorder annotations from MongoDB.
- Params: GetRecorderAnnotationsRequest (SH)
- Returns: VeltSelfHostingResponse
saveRecorderAnnotation
- Saves a single recorder annotation.
- Params: SaveRecorderAnnotationRequest (SH)
- Returns: VeltSelfHostingResponse
deleteRecorderAnnotation
- Deletes a recorder annotation.
- Params: DeleteRecorderAnnotationRequest (SH)
- Returns: VeltSelfHostingResponse
Notifications
Access viaawait sdk.selfHosting.getNotifications().
getNotifications
- Fetches notifications for a user from MongoDB.
- Params: GetNotificationsSelfHostingRequest (SH)
- Returns: VeltSelfHostingResponse
saveNotifications
- Persists one or more notifications to MongoDB.
- Params: SaveNotificationsRequest (SH)
- Returns: VeltSelfHostingResponse
deleteNotification
- Deletes a notification from MongoDB.
- Params: DeleteNotificationRequest (SH)
- Returns: VeltSelfHostingResponse
Activities
Access viaawait sdk.selfHosting.getActivities().
getActivities
- Fetches activity logs from MongoDB.
- Params: GetActivitiesSelfHostingRequest (SH)
- Returns: VeltSelfHostingResponse
saveActivities
- Persists activity log entries to MongoDB.
- Params: SaveActivitiesRequest (SH)
- Returns: VeltSelfHostingResponse
Token
Access via the synchronoussdk.selfHosting.token property (no await).
getToken
- Generates a Velt auth token for a user.
- Params: positional —
organizationId(string),userId(string),email(string, optional),isAdmin(boolean, optional) - Returns: VeltSelfHostingResponse
Note: getToken takes positional arguments — not a request object.
verifyToken
sdk.selfHosting.verifyToken verifies the auth credential the Velt frontend forwards to endpoint-based resolvers. It is database-free (it does not open or query MongoDB), fail-closed (every error path returns { verified: false }, never throws), and authentication only (claims are returned verbatim; it makes no authorization decision).
In
@veltdev/node@1.0.7, VeltSDK.initialize still validates the top-level
database config before you can access sdk.selfHosting. Include your
self-hosting database config when initializing the SDK. The verifyToken
method itself remains database-free after initialization.Optional dependency:npm install jose@^5(optionalpeerDependency, pinned^5for Node 18 — jose v6 needs the WebCrypto global absent on Node 18). Ifjoseis missing and the built-in JWT path is used,verifyTokenreturns{ verified: false, errorCode: 'DEPENDENCY_MISSING' }. The customverifycallback path needs no dependency.
Configuration
ConfigureresolverAuth on VeltSDK.initialize. Provide the built-in jwt path, a custom verify callback, or both. When both are set, the custom callback takes priority.
- JWT / JWKS
- Custom verify callback
Usage
CallverifyToken from your endpoint-based resolver route, then branch on result.verified.
options override the configured resolverAuth (the jwt block is deep-merged):
- Params: inline options object with
headers,token, and per-callResolverAuthConfigoverrides. This parameter shape is not exported as a named SDK type. - Returns:
VerifyTokenResult
ResolverAuthService class (also exported from @veltdev/node) for advanced callers who need to construct it directly; sdk.selfHosting.verifyToken is the standard entry point.
Error codes
On failure,result.errorCode is one of the ResolverAuthErrorCode values (also exported as the readonly string[] const RESOLVER_AUTH_ERROR_CODES).
| Code | When |
|---|---|
NOT_CONFIGURED | Neither jwt nor a verify callback is configured. |
MISSING_TOKEN | No token found in headers, or wrong scheme. |
EXPIRED | JWT exp claim has passed (beyond leeway). |
INVALID_SIGNATURE | Signature verification failed, or malformed token. |
CLAIM_MISMATCH | Configured issuer/audience wrong or absent; or a required claim is missing. |
ALGORITHM_NOT_ALLOWED | alg=none; algorithm outside the allowlist; mixed symmetric+asymmetric allowlist; missing allowlist. |
KEY_RESOLUTION_FAILED | No usable key; JWKS URL is not HTTPS; JWKS fetch failed or returned non-2xx; redirect downgrade detected. |
DEPENDENCY_MISSING | Built-in JWT path used but jose is not installed. |
VERIFICATION_FAILED | Custom callback threw or returned falsy; unexpected internal error (fail-closed catch-all). |
Security guarantees
alg=noneis always rejected, even if present in the allowlist.- Mixed symmetric+asymmetric allowlists are refused (prevents HS/RS confusion).
- A PEM placed in
jwt.secretis refused. - JWKS is fetched only over HTTPS —
httpis rejected pre-fetch, and a redirect downgrade is rejected. - JWKS responses are cached per URL with a 5-minute TTL (not per
kid). - The token-header
algis checked against the allowlist before any JWKS fetch. - The
errorfield is generic and code-based — it never contains the token or secret.
REST API Backend
Thesdk.api.* namespace gives you parity with Velt’s REST APIs across 18 services. Each method takes a fully-typed TypeScript request object and returns the raw Velt API response. API methods need apiKey and authToken and do not use MongoDB or AWS S3, although @veltdev/node@1.0.7 still validates the top-level database config at initialization.
Every sdk.api.* method requires an organizationId in its request payload. Velt enforces data isolation per-organization server-side.
Field Allowlist
The REST add/update methods onactivities, commentAnnotations, and notifications accept an optional second argument, FieldFilterOptions. Pass { filterUnknownFields: true } to narrow the request to exactly the fields the corresponding Velt backend endpoint accepts. See the note at the top of each service section for the behavior summary; the per-endpoint field lists are below.
Exported filter utilities
The field-allowlist module is exported from@veltdev/node so advanced callers can reuse the same logic.
pickKnownFields(data, keys)— keeps only own-enumerable keys present inkeys; values kept by reference (no recursion); non-object/array/null inputs returned unchanged.filterRequest(request, spec)— applies aFilterSpecrecursively; never mutates input; fail-open (returns the original request on any error).- Eight per-method specs are exported:
ADD_ACTIVITIES_SPEC,UPDATE_ACTIVITIES_SPEC,ADD_COMMENT_ANNOTATIONS_SPEC,UPDATE_COMMENT_ANNOTATIONS_SPEC,ADD_COMMENTS_SPEC,UPDATE_COMMENTS_SPEC,ADD_NOTIFICATIONS_SPEC,UPDATE_NOTIFICATIONS_SPEC.
Allowlisted fields per endpoint
WhenfilterUnknownFields: true, only these keys survive (unknown keys dropped):
| Spec (endpoint) | Top-level keys | Nested item filtering |
|---|---|---|
ADD_ACTIVITIES_SPEC (/v2/activities/add) | organizationId, documentId, activities | activities[]: id, featureType, actionType, actionUser, targetEntityId, isActivityResolverUsed, targetSubEntityId, changes, entityData, entityTargetData, displayMessageTemplate, displayMessageTemplateData, actionIcon |
UPDATE_ACTIVITIES_SPEC (/v2/activities/update) | organizationId, activities | activities[]: id, changes, entityData, entityTargetData, displayMessageTemplate, displayMessageTemplateData, actionIcon |
ADD_COMMENT_ANNOTATIONS_SPEC (/v2/commentannotations/add) | organizationId, documentId, commentAnnotations, verifyUserPermissions, createDocument, createOrganization | commentAnnotations[]: location, annotationId, targetElement, commentData, comments, status, commentType, type, assignedTo, priority, context, visibility, lastUpdated, createdAt, pageInfo, isPageAnnotation, positionX, positionY, screenWidth, screenHeight, screenScrollHeight, screenScrollTop — its comments[]/commentData[] use the annotation comment-data set (below) |
UPDATE_COMMENT_ANNOTATIONS_SPEC (/v2/commentannotations/update) | organizationId, documentId, annotationIds, locationIds, userIds, updateUsers, updatedData | updatedData: location, targetElement, from, status, assignedTo, priority, context, visibility, createdAt, lastUpdated |
ADD_COMMENTS_SPEC (/v2/commentannotations/comments/add) | organizationId, documentId, annotationId, commentData, comments, verifyUserPermissions, createDocument, createOrganization | commentData[]/comments[]: comment-data set (below) |
UPDATE_COMMENTS_SPEC (/v2/commentannotations/comments/update) | organizationId, documentId, annotationId, commentIds, userIds, updatedData | updatedData: commentText, commentHtml, from, createdAt, taggedUserContacts, isCommentResolverUsed, isCommentTextAvailable, lastUpdated, context, attachments |
ADD_NOTIFICATIONS_SPEC (/v2/notifications/add) | organizationId, documentId, notificationId, actionUser, isNotificationResolverUsed, displayHeadlineMessageTemplate, displayHeadlineMessageTemplateData, displayBodyMessage, displayBodyMessageTemplate, displayBodyMessageTemplateData, notifyUsers, notificationSourceData, location, metadata, notifyAll, createDocument, createOrganization, verifyUserPermissions, context, isCrossOrganizationEnabled | the notification is the request itself — nested open-typed dicts pass through whole |
UPDATE_NOTIFICATIONS_SPEC (/v2/notifications/update) | organizationId, documentId, locationId, userId, verifyUserPermissions, notifications | notifications[]: id, actionUser, displayHeadlineMessageTemplate, displayHeadlineMessageTemplateData, displayBodyMessage, displayBodyMessageTemplate, displayBodyMessageTemplateData, notifyUsers, notificationSourceData, location, metadata, context, readByUserIds, persistReadForUsers |
- Annotation-level
commentData/comments(ANNOTATION_COMMENT_DATA_KEYS):commentText,commentHtml,commentId,from,lastUpdated,createdAt,taggedUserContacts,isCommentResolverUsed,isCommentTextAvailable,triggerNotification,triggerActivities,agent— carries the trigger flags but notcontext/attachments. - Comments-endpoint
commentData/comments(COMMENT_DATA_KEYS):commentText,commentHtml,commentId,from,lastUpdated,createdAt,taggedUserContacts,isCommentResolverUsed,isCommentTextAvailable,context,attachments,agent— carriescontext/attachmentsbut not the trigger flags.
UPDATE_NOTIFICATIONS_SPEC intentionally excludes isRead/isArchived — they are absent from the backend UpdateNotificationsSchemaV2 and unsupported by /v2/notifications/update, so they are dropped when filtering is on.Organizations
Namespace:sdk.api.organizations
addOrganizations
- Creates one or more organizations.
- Params: AddOrganizationsRequest
- Returns: VeltApiResponse
getOrganizations
- Retrieves organizations. Optionally filter by IDs with pagination.
- Params: GetOrganizationsRequest
- Returns: GetOrganizationsResponse
updateOrganizations
- Updates organization properties.
- Params: UpdateOrganizationsRequest
- Returns: VeltApiResponse
deleteOrganizations
- Deletes one or more organizations.
- Params: DeleteOrganizationsRequest
- Returns: VeltApiResponse
updateOrganizationDisableState
- Enables or disables one or more organizations.
- Params: UpdateOrganizationDisableStateRequest
- Returns: VeltApiResponse
Folders
Namespace:sdk.api.folders
addFolder
- Creates one or more folders inside an organization.
- Params: AddFolderRequest
- Returns: VeltApiResponse
getFolders
- Retrieves folders. Optionally filter by folder ID with depth control.
- Params: GetFoldersRequest
- Returns: GetFoldersResponse
updateFolder
- Updates folder properties.
- Params: UpdateFolderRequest
- Returns: VeltApiResponse
deleteFolder
- Deletes a folder.
- Params: DeleteFolderRequest
- Returns: VeltApiResponse
updateFolderAccess
- Updates access type for one or more folders.
- Params: UpdateFolderAccessRequest
- Returns: VeltApiResponse
Documents
Namespace:sdk.api.documents
addDocuments
- Creates one or more documents.
- Params: AddDocumentsRequest
- Returns: VeltApiResponse
getDocuments
- Retrieves documents with optional filters and pagination.
- Params: GetDocumentsRequest
- Returns: GetDocumentsResponse
updateDocuments
- Updates document properties.
- Params: UpdateDocumentsRequest
- Returns: VeltApiResponse
deleteDocuments
- Deletes one or more documents.
- Params: DeleteDocumentsRequest
- Returns: VeltApiResponse
moveDocuments
- Moves documents into a folder.
- Params: MoveDocumentsRequest
- Returns: VeltApiResponse
updateDocumentAccess
- Updates access type for one or more documents.
- Params: UpdateDocumentAccessRequest
- Returns: VeltApiResponse
updateDocumentDisableState
- Enables or disables one or more documents.
- Params: UpdateDocumentDisableStateRequest
- Returns: VeltApiResponse
migrateDocuments
- Starts a document migration job.
- Params: MigrateDocumentsRequest
- Returns: MigrateDocumentsResponse
Note:migrateDocumentsis asynchronous and returns amigrationId. Poll completion withmigrateDocumentsStatus.
migrateDocumentsStatus
- Polls the status of a migration job.
- Params: MigrateDocumentsStatusRequest
- Returns: MigrateDocumentsStatusResponse
getDocumentsCount
- Return a document count for an organization (optionally scoped to a folder).
- Params: GetDocumentsCountRequest
- Returns: VeltApiResponse
Users
Namespace:sdk.api.users
addUsers
- Adds one or more users to an organization, document, or folder.
- Params: AddUsersRequest
- Returns: VeltApiResponse
getUsers
- Retrieves users with optional filters and pagination.
- Params: GetUsersRequest
- Returns: GetUsersResponse
updateUsers
- Updates user properties.
- Params: UpdateUsersRequest
- Returns: VeltApiResponse
deleteUsers
- Removes users from an organization.
- Params: DeleteUsersRequest
- Returns: VeltApiResponse
getUsersCount
- Count users in an org (optionally scoped to a document or all documents).
- Params: GetUsersCountRequest
- Returns: VeltApiResponse
getDocUsers
- Get document-level users (optionally including involved documents).
- Params: GetDocUsersRequest
- Returns: VeltApiResponse
addUserInvite
- Create an org/doc/folder user invite.
- Params: AddUserInviteRequest
- Returns: VeltApiResponse
respondToUserInvite
- Accept/reject/withdraw an invite.
- Params: RespondToUserInviteRequest
- Returns: VeltApiResponse
getUserInvites
- List invites for an org (paged).
- Params: GetUserInvitesRequest
- Returns: VeltApiResponse
getUserInvitations
- List invitations for a specific email (paged, filterable).
- Params: GetUserInvitationsRequest
- Returns: VeltApiResponse
getInvitedPendingUsersCount
- Count pending invited users by invite type.
- Params: GetInvitedPendingUsersCountRequest
- Returns: VeltApiResponse
User Groups
Namespace:sdk.api.userGroups
addUserGroups
- Creates one or more user groups.
- Params: AddUserGroupsRequest
- Returns: VeltApiResponse
addUsersToGroup
- Adds users to an existing group.
- Params: AddUsersToGroupRequest
- Returns: VeltApiResponse
deleteUsersFromGroup
- Removes users from a group, or removes all users.
- Params: DeleteUsersFromGroupRequest
- Returns: VeltApiResponse
Notifications
Namespace:sdk.api.notifications
Filtering unknown fields: The add/update methods below accept an optional
options?: FieldFilterOptions second argument. When { filterUnknownFields: true } is passed, unknown/custom keys are dropped before the request is sent, narrowing the payload to exactly the fields the Velt backend endpoint accepts. Open-typed objects (actionUser, context, metadata, user objects) pass through whole. Filtering is fail-open: if it errors, the original payload is sent, so a write is never blocked. UPDATE_NOTIFICATIONS_SPEC intentionally excludes isRead/isArchived — they are unsupported by /v2/notifications/update, so they are dropped when filtering is on. See Field Allowlist for the full per-endpoint field list.addNotifications
- Adds one or more notifications targeted to specific users.
- Params: AddNotificationsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
getNotifications
- Gets notifications for a user with optional filters and pagination.
- Params: GetNotificationsRequest
- Returns: GetNotificationsResponse
updateNotifications
- Updates existing notifications (e.g., mark as read).
- Params: UpdateNotificationsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
deleteNotifications
- Deletes one or more notifications.
- Params: DeleteNotificationsRequest
- Returns: VeltApiResponse
getNotificationConfig
- Gets notification preferences for a user.
- Params: GetNotificationConfigRequest
- Returns: GetNotificationConfigResponse
setNotificationConfig
- Sets notification preferences for one or more users.
- Params: SetNotificationConfigRequest
- Returns: VeltApiResponse
Comment Annotations
Namespace:sdk.api.commentAnnotations
Filtering unknown fields: The add/update methods below accept an optional
options?: FieldFilterOptions second argument. When { filterUnknownFields: true } is passed, request entity collections are narrowed to only the fields the Velt backend endpoint accepts, dropping unknown/custom keys before the request is sent. Open-typed objects (from, context, metadata, user objects) pass through whole — their nested contents are never filtered. Filtering is fail-open: if it errors, the original payload is sent, so a write is never blocked. See Field Allowlist for the full per-endpoint field list.addCommentAnnotations
- Creates comment annotations on a document.
- Params: AddCommentAnnotationsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
getCommentAnnotations
- Retrieves comment annotations for a document with optional filters and pagination.
- Params: GetCommentAnnotationsRequest
- Returns: GetCommentAnnotationsResponse
getCommentAnnotationsCount
- Gets total and unread annotation counts per document.
- Params: GetCommentAnnotationsCountRequest
- Returns: GetCommentAnnotationsCountResponse
updateCommentAnnotations
- Updates fields on existing annotations (e.g., resolve them).
- Params: UpdateCommentAnnotationsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
deleteCommentAnnotations
- Deletes comment annotations.
- Params: DeleteCommentAnnotationsRequest
- Returns: VeltApiResponse
addComments
- Adds comments to an existing annotation.
- Params: AddCommentsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
getComments
- Retrieves comments within a specific annotation.
- Params: GetCommentsRequest
- Returns: GetCommentsResponse
updateComments
- Updates comments within a specific annotation.
- Params: UpdateCommentsRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
deleteComments
- Deletes individual comments from an annotation.
- Params: DeleteCommentsRequest
- Returns: VeltApiResponse
Activities
Namespace:sdk.api.activities
Filtering unknown fields: The add/update methods below accept an optional
options?: FieldFilterOptions second argument. When { filterUnknownFields: true } is passed, request entity collections are narrowed to only the fields the Velt backend endpoint accepts, dropping unknown/custom keys before the request is sent. Open-typed objects (actionUser, entityData, context, metadata) pass through whole — their nested contents are never filtered. Filtering is fail-open: if it errors, the original payload is sent, so a write is never blocked. See Field Allowlist for the full per-endpoint field list.addActivities
- Logs activity events.
- Params: AddActivitiesRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
getActivities
- Retrieves activity events with optional filters and pagination.
- Params: GetActivitiesRequest
- Returns: GetActivitiesResponse
updateActivities
- Updates existing activity events.
- Params: UpdateActivitiesRequest
- Returns: VeltApiResponse
- Accepts an optional
options?: FieldFilterOptionssecond argument — pass{ filterUnknownFields: true }to drop unknown fields before sending (see the note above).
deleteActivities
- Deletes activity events for a document.
- Params: DeleteActivitiesRequest
- Returns: VeltApiResponse
Access Control
Namespace:sdk.api.accessControl
addPermissions
- Grants a user access to one or more resources.
- Params: AddPermissionsRequest
- Returns: VeltApiResponse
getPermissions
- Retrieves permissions for users on resources.
- Params: GetPermissionsRequest
- Returns: GetPermissionsResponse
removePermissions
- Revokes a user’s access to one or more resources.
- Params: RemovePermissionsRequest
- Returns: VeltApiResponse
generateSignature
- Generates a signed payload for the Permission Provider flow.
- Params: GenerateSignatureRequest
- Returns: GenerateSignatureResponse
generateToken
- Generates a JWT auth token for a user with embedded permissions.
- Params: GenerateTokenRequest
- Returns: GenerateTokenResponse
CRDT
Namespace:sdk.api.crdt
Supports text, map, array, and xml CRDT data types.
addCrdtData
- Stores CRDT (Yjs) editor data for a document.
- Params: AddCrdtDataRequest
- Returns: VeltApiResponse
getCrdtData
- Retrieves CRDT data for a document, optionally filtered by editor.
- Params: GetCrdtDataRequest
- Returns: GetCrdtDataResponse
updateCrdtData
- Updates existing CRDT editor data.
- Params: UpdateCrdtDataRequest
- Returns: VeltApiResponse
deleteCrdtData
- Delete CRDT editor data for a document. Omit
editorIdsto delete CRDT data for all editors of the document. - Params: DeleteCrdtDataRequest
- Returns: VeltApiResponse
Presence
Namespace:sdk.api.presence
addPresence
- Adds users to presence on a document.
- Params: AddPresenceRequest
- Returns: VeltApiResponse
updatePresence
- Updates presence status for one or more users.
- Params: UpdatePresenceRequest
- Returns: VeltApiResponse
deletePresence
- Removes users from presence on a document.
- Params: DeletePresenceRequest
- Returns: VeltApiResponse
Livestate
Namespace:sdk.api.livestate
broadcastEvent
- Broadcasts an ephemeral live-state event to all clients on a document.
- Params: BroadcastEventRequest
- Returns: VeltApiResponse
Recordings
Namespace:sdk.api.recordings
getRecordings
- Retrieves recording metadata for an organization or document with optional filtering and pagination.
- Params: GetRecordingsRequest
- Returns: GetRecordingsResponse
Rewriter
Namespace:sdk.api.rewriter
Supports OpenAI, Anthropic, and Gemini models.
askAi
- Calls the Velt AI rewriter with a model, prompt, and text.
- Params: AskAiRequest
- Returns: AskAiResponse
Note: askAi may take several seconds to respond. The SDK does not enforce a client-side timeout.
GDPR
Namespace:sdk.api.gdpr
deleteAllUserData
- Requests deletion of all data associated with one or more users.
- Params: DeleteAllUserDataRequest
- Returns: VeltApiResponse
Note:deleteAllUserDatais asynchronous and returns a job ID. Poll completion withgetDeleteUserDataStatus.
getAllUserData
- Exports all data for a single user (paginated).
- Params: GetAllUserDataRequest
- Returns: GetAllUserDataResponse
getDeleteUserDataStatus
- Polls the status of a deletion job.
- Params: GetDeleteUserDataStatusRequest
- Returns: GetDeleteUserDataStatusResponse
Workspace
Namespace:sdk.api.workspace
createWorkspace
- Creates a new Velt workspace.
- Params: CreateWorkspaceRequest
- Returns: VeltApiResponse
getWorkspace
- Retrieves details for the current workspace.
- Params: empty object
{} - Returns: GetWorkspaceResponse
createApiKey
- Creates a new API key for the workspace.
- Params: CreateApiKeyRequest
- Returns: VeltApiResponse
updateApiKey
- Renames an existing API key.
- Params: UpdateApiKeyRequest
- Returns: VeltApiResponse
getApiKeys
- Lists all API keys with optional pagination.
- Params: GetApiKeysRequest
- Returns: GetApiKeysResponse
getApiKeyMetadata
- Gets metadata for the current API key.
- Now posts to
/v2/workspace/apikeyconfig/get(previously/v2/workspace/apikeymetadata/get); the method name and signature (GetApiKeyMetadataRequest, which is{}) are unchanged — no caller changes required. - Params: empty object
{} - Returns: GetApiKeyMetadataResponse
resetAuthToken
- Rotates the auth token for an API key.
- Params: ResetAuthTokenRequest
- Returns: VeltApiResponse
getAuthTokens
- Lists auth tokens for an API key.
- Params: GetAuthTokensRequest
- Returns: GetAuthTokensResponse
addDomains
- Adds allowed domains to the workspace allow-list.
- Params: AddDomainsRequest
- Returns: VeltApiResponse
deleteDomains
- Removes allowed domains.
- Params: DeleteDomainsRequest
- Returns: VeltApiResponse
getDomains
- Lists allowed domains.
- Params: empty object
{} - Returns: GetDomainsResponse
getEmailStatus
- Checks email verification status for an owner.
- Params: GetEmailStatusRequest
- Returns: GetEmailStatusResponse
sendLoginLink
- Sends a passwordless login link to a user.
- Params: SendLoginLinkRequest
- Returns: VeltApiResponse
getEmailConfig
- Retrieves email service configuration.
- Params: empty object
{} - Returns: GetEmailConfigResponse
updateEmailConfig
- Updates email service configuration.
- Params: UpdateEmailConfigRequest
- Returns: VeltApiResponse
getWebhookConfig
- Retrieves webhook configuration.
- Params: empty object
{} - Returns: GetWebhookConfigResponse
updateWebhookConfig
- Updates webhook configuration.
- Params: UpdateWebhookConfigRequest
- Returns: VeltApiResponse
getRequestedDomains
- List requested additional domains.
- Params: GetRequestedDomainsRequest
- Returns: VeltApiResponse
acceptRejectAdditionalUrlRequest
- Accept/reject an additional-URL request.
- Params: AcceptRejectAdditionalUrlRequest
- Returns: VeltApiResponse
createDomainRequest
- Create a domain request.
- Params: CreateDomainRequest
- Returns: VeltApiResponse
copyApiKey
- Copy configuration from one API key to another.
- Params: CopyApiKeyRequest
- Returns: VeltApiResponse
updateApiKeyConfig
- Update API key config (private comments, JWT, AI model keys, etc.).
- Params: UpdateApiKeyConfigRequest
- Returns: VeltApiResponse
getNotificationConfig
- Get workspace notification service config.
- Params: GetWorkspaceNotificationConfigRequest
- Returns: VeltApiResponse
updateNotificationConfig
- Update notification service config.
- Params: UpdateWorkspaceNotificationConfigRequest
- Returns: VeltApiResponse
getPermissionProviderConfig
- Get permission-provider config.
- Params: GetPermissionProviderConfigRequest
- Returns: VeltApiResponse
updatePermissionProviderConfig
- Update permission-provider config.
- Params: UpdatePermissionProviderConfigRequest
- Returns: VeltApiResponse
getActivityConfig
- Get activity service config.
- Params: GetActivityConfigRequest
- Returns: VeltApiResponse
updateActivityConfig
- Update activity service config.
- Params: UpdateActivityConfigRequest
- Returns: VeltApiResponse
ensureWorkspaceAuthToken
- Ensure a workspace auth token exists.
- Params: EnsureWorkspaceAuthTokenRequest
- Returns: VeltApiResponse
getAdvancedWebhookConfig
- Get advanced webhook config.
- Params: GetAdvancedWebhookConfigRequest
- Returns: VeltApiResponse
updateAdvancedWebhookConfig
- Update advanced webhook config.
- Params: UpdateAdvancedWebhookConfigRequest
- Returns: VeltApiResponse
getAdvancedWebhookEndpoints
- List advanced webhook endpoints (paged).
- Params: GetAdvancedWebhookEndpointsRequest
- Returns: VeltApiResponse
createAdvancedWebhookEndpoint
- Create an advanced webhook endpoint.
- Params: CreateAdvancedWebhookEndpointRequest
- Returns: VeltApiResponse
updateAdvancedWebhookEndpoint
- Update an advanced webhook endpoint.
- Params: UpdateAdvancedWebhookEndpointRequest
- Returns: VeltApiResponse
deleteAdvancedWebhookEndpoint
- Delete an advanced webhook endpoint.
- Params: DeleteAdvancedWebhookEndpointRequest
- Returns: VeltApiResponse
getAdvancedWebhookEndpointSecret
- Get an endpoint’s signing secret.
- Params: GetAdvancedWebhookEndpointSecretRequest
- Returns: VeltApiResponse
Token
Namespace:sdk.api.token
getToken
- Generates a Velt auth token for a user via REST.
- Params: positional —
organizationId(string),userId(string),email(string, optional),isAdmin(boolean, optional) - Returns: VeltApiResponse
Note: getToken takes positional arguments — not a request object.
Approval Workflows
Namespace:sdk.api.approval
A new service for defining approval/review workflows (graphs of agent, human, and webhook nodes) and dispatching/resolving their executions and steps. 14 methods (routes live under /v2/workflow/*). Every type is Approval-prefixed. ApprovalService is also exported directly from @veltdev/node.
createDefinition
- Create a workflow definition (nodes, edges, groups, loops, triggers).
- Params: ApprovalCreateDefinitionRequest
- Returns: VeltApiResponse
updateDefinition
- Update a definition (create shape + optimistic
ifVersion). - Params: ApprovalUpdateDefinitionRequest
- Returns: VeltApiResponse
deleteDefinition
- Delete a definition.
- Params: ApprovalDeleteDefinitionRequest
- Returns: VeltApiResponse
getDefinition
- Get a single definition.
- Params: ApprovalGetDefinitionRequest
- Returns: VeltApiResponse
listDefinitions
- List definitions (paged).
- Params: ApprovalListDefinitionsRequest
- Returns: VeltApiResponse
dispatchExecution
- Dispatch (start) an execution of a definition.
- Params: ApprovalDispatchExecutionRequest
- Returns: VeltApiResponse
cancelExecution
- Cancel a running execution.
- Params: ApprovalCancelExecutionRequest
- Returns: VeltApiResponse
getExecution
- Get a single execution.
- Params: ApprovalGetExecutionRequest
- Returns: VeltApiResponse
getExecutionEvents
- Get a page of an execution’s lifecycle events.
- Params: ApprovalGetExecutionEventsRequest
- Returns: VeltApiResponse
listExecutions
- List executions.
- Params: ApprovalListExecutionsRequest
- Returns: VeltApiResponse
cancelStep
- Admin step-level cancel.
- Params: ApprovalCancelStepRequest
- Returns: VeltApiResponse
resolveStep
- Admin force-resolve a hung step.
- Params: ApprovalResolveStepRequest
- Returns: VeltApiResponse
recordAgentResolution
- Record one resolution against a blocking-agent step’s aggregator.
- Params: ApprovalRecordAgentResolutionRequest
- Returns: VeltApiResponse
recordReviewerDecision
- Record one reviewer’s decision against a human step’s aggregator.
- Params: ApprovalRecordReviewerDecisionRequest
- Returns: VeltApiResponse
Node & Graph Types
These node/graph/config interfaces are referenced by the request types above. They are not standalone data-model entries.Error Handling
The SDK exports five typed error classes:| Class | Extends | When thrown |
|---|---|---|
VeltSDKError | Error | Base class for all SDK errors |
VeltDatabaseError | VeltSDKError | MongoDB connection or query failures |
VeltValidationError | VeltSDKError | Missing or invalid request parameters |
VeltTokenError | VeltSDKError | Token generation failures |
VeltApiError | VeltSDKError | REST API call failures |
errorCode field:
INVALID_INPUT— Request data is malformed or missing required fieldsINTERNAL_ERROR— Server-side error during processingNOT_FOUND— Requested resource was not found
Data Models
Key interfaces and serializer helpers exported from@veltdev/node. All symbols are available at the package top level:
PartialUser and PartialAttachment referenced in the interfaces below are minimal pass-through shapes. PartialUser is { userId: string } (any additional fields the frontend sends are preserved but not strongly typed). Full user/attachment shapes are documented in the central Data Models reference.PartialCommentAnnotation
Represents a single comment annotation thread. Used as the payload shape when reading or writing annotation data in self-hosting event handlers.| Field | Type | Notes |
|---|---|---|
annotationId | string | Required. Stable identifier for the annotation thread. |
metadata | BaseMetadata | Optional context (document, org, API key). |
comments | Record<string, PartialComment> | Keyed by commentId string. |
from | PartialUser | User who created the annotation. |
assignedTo | PartialUser | User currently assigned to the annotation. |
targetTextRange | PartialTargetTextRange | Text selection the annotation is anchored to. |
resolvedByUserId | string | null | Three-state field — see below. |
[key] | unknown | Extra keys pass through serialization unchanged. |
PartialTargetTextRange
The text selection an annotation is anchored to. New interface in v1.0.2.| Field | Type | Notes |
|---|---|---|
text | string | Required. The selected text content the annotation references. |
resolvedByUserId Semantics
resolvedByUserId on PartialCommentAnnotation is a three-state field. TypeScript has no sentinel value, so the three states map to property presence and value:
| State | Representation | Meaning |
|---|---|---|
| Absent | Property not set on the object | No resolution information — do not write to the database |
Explicit null | resolvedByUserId: null | Annotation was un-resolved (cleared) |
| String | resolvedByUserId: "user-123" | Resolved by the user with this ID |
Object.hasOwn (or 'resolvedByUserId' in annotation) to distinguish absent from explicit null:
PartialComment
A single comment within an annotation thread. Round-trip serializers preserve unknown keys, so custom fields added by your application are not dropped.| Field | Type | Notes |
|---|---|---|
commentId | string | number | Required. Unique within the annotation. |
commentHtml | string | Raw HTML body of the comment. |
commentText | string | Plain-text body, used for search and notifications. |
attachments | Record<string, PartialAttachment> | Keyed by attachment ID. |
from | PartialUser | Author of the comment. |
to | PartialUser[] | Explicit recipients (direct-mention replies). |
taggedUserContacts | PartialTaggedUserContacts[] | Users @-mentioned in the comment body. |
[key] | unknown | Extra keys pass through serialization unchanged. |
BaseMetadata
Contextual identifiers attached to annotations and events. Provides both Velt-internal IDs and your application’s client-facing IDs for the same resources.| Field | Type | Notes |
|---|---|---|
apiKey | string | Velt project API key. |
documentId | string | Velt-internal document identifier. |
clientDocumentId | string | Your application’s document identifier. |
organizationId | string | Velt-internal organization identifier. |
clientOrganizationId | string | Your application’s organization identifier. |
folderId | string | Your application’s folder identifier. |
veltFolderId | string | Velt-internal folder identifier. |
documentMetadata | Record<string, unknown> | Arbitrary key-value metadata attached to the document. |
sdkVersion | string | null | SDK version string. null means version is known to be absent. New in v1.0.2. |
Distribution
The package ships both CommonJS (CJS) and ES Module (ESM) bundles with rolled-up.d.ts type definitions, making it compatible with all modern Node.js project setups.