Web / TypeScript SDK
@invonetwork/web-sdk is the official first-party SDK for integrating Invo into web platforms — web games, storefronts, and dashboards. It's the web analog of the Unity and Unreal plugins: a typed, versioned npm package that wraps Invo's currency purchase, item purchase, and passkey-verified send/transfer flows.
Not using a game engine? Start here.
If you're building on the web (React, Vue, plain JS, or any Node backend) rather than Unity or Unreal, this SDK is your integration path. Published on npm under the Invo-owned @invonetwork org.
Currency Purchase
Hosted checkout — real money to game currency, no payment UI to build
Item Purchase
Spend existing game currency on in-game items
Sends & Transfers
Move currency between players, approved by passkey
Passkeys
WebAuthn enroll/approve — the web alternative to SMS PINs
Install
npm install @invonetwork/web-sdkRequires Node ≥ 18 on the server (uses the global fetch). Ships ESM + CJS + TypeScript types.
Two entry points (the game secret never reaches the browser)
@invonetwork/web-sdk/server
Runs on your backend (Node ≥ 18). Holds the game secret.
Mints player tokens; initiates sends/transfers; currency purchase; item purchase.
@invonetwork/web-sdk
Runs in the browser. Holds only a short-lived player token.
Passkey enroll, approve, self-claim, device link.
Never import /server into browser code — it carries the game secret. The two entries are built separately for exactly this reason.
Get your account & game secret
Sign up, create your game, and copy its credentials (the game secret plus your WebAuthn RP ID / origins) in the Invo console for the environment you're building against:
| Environment | Console | API baseUrl |
|---|---|---|
| Testing / sandbox | https://dev.console.invo.network | https://sandbox.invo.network/sandbox |
| Production | https://console.invo.network | https://invo.network |
Build and test on sandbox first, then switch to production for launch. Each environment has its own game secret — keep it server-side only and never mix them. baseUrl must be https:// (http://localhost is allowed for local dev).
Quick start
1. Server — mint a player token
import { InvoServer } from "@invonetwork/web-sdk/server";
const invo = new InvoServer({
gameSecret: process.env.INVO_GAME_SECRET!, // server-side ONLY
baseUrl: "https://sandbox.invo.network/sandbox", // prod: https://invo.network
});
// Hand this short-lived (~15 min), game-scoped token to the browser.
const { token } = await invo.mintPlayerToken({ playerEmail: "p@example.com" });2. Browser — run a passkey flow
import { InvoClient } from "@invonetwork/web-sdk";
const invo = new InvoClient({
token, // fetched from your backend
baseUrl: "https://sandbox.invo.network/sandbox",
// Optional: auto re-mint + retry once if the token expires mid-session.
refreshToken: () => fetch("/invo/token", { method: "POST" }).then(r => r.json()).then(j => j.token),
});
await invo.enrollPasskey(); // once per user
await invo.approveSend(transactionId); // or approveTransfer(...)Currency purchase (real money in)
Server-side, no passkey. The recommended path is hosted checkout — Invo's page handles the card processor and 3-D Secure, so you never touch card data. Open the returned URL via redirect, WebView, or an <iframe>. Grant currency off the purchase.completed webhook.
const { checkoutUrl, sessionId } = await invo.createCheckout({
playerEmail: "p@example.com",
usdAmount: "20.00", // USD, 0 < x ≤ 999.99
rail: "platform", // optional: "platform" | "game" | "steam"
metadata: { yourOrderId: "ord_42" }, // echoed on the purchase.completed webhook
});
// → send the browser to checkoutUrl (single-use, ~15 min)See the Currency Purchase API for the direct rail selector, 3-D Secure, and order status.
Item purchase (spend game currency)
Spend the currency a player already owns to buy an in-game item — a balance debit, server-side only, no passkey or real money. Amounts are in game-currency units. Grant the item off the item.purchased webhook; Invo debits currency, your game owns the catalog.
const item = await invo.purchaseItem({
clientRequestId: crypto.randomUUID(), // idempotency key, unique per game
playerEmail: "p@example.com",
playerName: "P",
itemId: "sword_001",
itemName: "Legendary Sword",
itemQuantity: 1, // integer 1..1000
unitPrice: "100.00", // > 0 and ≤ 999999.99
totalPrice: "100.00", // must equal unitPrice × itemQuantity (±0.01)
});
// item.status === "success", item.newBalance, item.transactionId, item.orderIdDuplicates throw 409 (err.isDuplicateRequest); insufficient balance throws 400 (err.isInsufficientBalance). Full contract: Item Purchase.
Player balance
Read a player's currency balances server-side (game-secret), by email or player id.
const { balances, summary } = await invo.getPlayerBalance({ playerEmail: "p@example.com" });
// balances: [{ currencyName, availableBalance, reservedBalance, totalBalance, currencySymbol }]
// or look up by id: invo.getPlayerBalance({ playerId: 12345 })Full field reference: Get Player Balance.
Sends & transfers (move currency between players)
Initiate on the server, then have the sender approve in the browser with their passkey (or an SMS PIN if they're not enrolled). The recipient claims with their own passkey, or via a claim code.
// SERVER — initiate, then branch on how the sender must verify
const t = await invo.initiateTransfer({
clientRequestId: crypto.randomUUID(),
sourcePlayerName: "P", sourcePlayerEmail: "p@example.com", sourcePlayerPhone: "+15555550100",
targetPlayerEmail: "q@example.com", targetPlayerPhone: "+15555550111",
targetGameId: 123456, amount: "50",
});
// t.verificationMethod: "in_app" (passkey) | "sms" (PIN fallback) | undefined (guardian, HTTP 202)
// BROWSER — sender approves; recipient self-claims (fall back to claim code if not enrolled)
const approved = await invo.approveTransfer(t.transactionId); // returns claimCode
await invo.confirmReceiptTransfer(t.transactionId); // or use approved.claimCodeinitiateSend is the same shape with sender*/receiver* + receivingGameId. See Transfers and Sends.
"You have X to collect" (v0.4.0+). To badge a recipient, list their live unclaimed inbound transfers/sends with invo.getInboundPending({ playerEmail }) (or playerPhone) — the source of truth behind the transfer.claim_pending webhook. Match toPhone to the logged-in player.
Passkeys (WebAuthn)
Passkeys replace the SMS PIN for approving sends/transfers on the web. The browser SDK wraps navigator.credentials, base64url encoding, challenge round-trips, and error mapping.
await invo.enrollPasskey(); // once per user
// Interchangeable methods: prove an existing method (e.g. the Invo app device key)
// to authorize adding this passkey, then enroll.
await invo.linkDevice(linkId); // → { status: "authorized" }
await invo.enrollPasskey();Prerequisite: Invo sets your tenant's WebAuthn RP ID + allowed origins. You must serve your integration from one of those origins or passkeys won't validate. See Platform Step-Up (WebAuthn).
Webhooks — grant value here
Synchronous responses are for UX; reconcile and grant value off webhooks. They're HMAC-signed — verify X-Invo-Signature and dedupe on X-Invo-Idempotency-Key. Delivery is at-least-once, so keep your handler idempotent.
import { verifyWebhook, InvoError } from "@invonetwork/web-sdk/server";
// Pass the RAW request bytes + the X-Invo-Signature header.
let event;
try {
event = verifyWebhook(rawBody, signatureHeader, process.env.INVO_WEBHOOK_SECRET);
} catch (e) {
return respond(400); // InvoError: WEBHOOK_SIGNATURE_INVALID | WEBHOOK_TIMESTAMP_EXPIRED | WEBHOOK_MALFORMED
}
// De-dupe yourself on X-Invo-Idempotency-Key, then handle:
switch (event.event_type) {
case "purchase.completed": grantCurrency(event.data); break; // event.data is typed
case "item.purchased": grantItem(event.data); break;
}verifyWebhook does the constant-time HMAC-SHA256 check, enforces a 5-minute replay window, and accepts an array of secrets during rotation (verifyWebhook(body, sig, [oldSecret, newSecret])), returning a typed InvoWebhookEvent. The SDK verifies; you de-dupe on X-Invo-Idempotency-Key.
Edge / serverless (v0.4.0+). verifyWebhook uses node:crypto; on Cloudflare Workers, Deno, Vercel/Netlify Edge, or Bun use verifyWebhookAsync (Web Crypto) — same args, just await it — or the ready-made handler createWebhookHandler({ secret, onEvent }), which returns a Fetch-API (Request) => Promise<Response> (Next.js App Router, Workers, Deno, Hono, Bun).
Subscribe to every event with subscribed_events: ["*"] and filter server-side — new event types then reach you automatically. If you subscribe to a subset, you must include transfer.claim_pending (it's how you learn an inbound send/transfer is waiting to be collected — the most common integration gap).
| Event | Fires when |
|---|---|
| purchase.completed | A currency or item purchase cleared and the player was credited (every rail). |
| purchase.failed | A card purchase attempt failed — declined, abandoned 3-D Secure, or cancelled. |
| purchase.refunded | A purchase was refunded (full or partial); the balance was debited. |
| purchase.disputed | A card chargeback / dispute changed state (carries a dispute_status field). |
| purchase.fraud_warning | A pre-dispute fraud warning was raised on a card charge. |
| item.purchased | A player spent game currency on one of your in-game items. |
| transfer.sent | A send / transfer was initiated from a player. |
| transfer.received | A send / transfer was credited to the destination player. |
| transfer.claim_pending | An inbound send/transfer is awaiting your player’s claim — drives the "you have X to collect" notice. |
| transfer.claim_expired | An unclaimed send / transfer expired. |
| transfer.refunded | An expired / unclaimed transfer was refunded to the sender. |
| payout.status_changed | A partner payout moved to a new lifecycle state. |
| webhook.test | A test event you triggered from the console. |
Reserved (schema-defined, not currently emitted): purchase.dispute_lost, balance.updated — their effects surface through the purchase.* / transfer.* events above.
How SDK calls map to events: createCheckout/purchaseCurrency → purchase.* · purchaseItem → item.purchased · initiateSend/initiateTransfer → transfer.*. Full payloads, signature verification, retries & secret rotation: Receiving Webhooks.
Resilience & observability (v0.3.0+)
- Automatic retries on network errors,
429(honoringretry_after), and5xxwith exponential backoff. ConfiguremaxRetries(default 2,0disables) andretryBaseDelayMs. Only idempotent requests retry — single-use passkey POSTs never do. - Observability hooks —
onRequest/onResponse/onError(best-effort; a throwing hook never breaks a request). InvoError.requestIdcarries the backend request id for support tickets.- Cancellation (v0.4.0+) — every method takes an optional final
{ signal }(AbortSignal); an aborted call throwsInvoErrorcodeABORTEDand is never retried.
const invo = new InvoServer({
gameSecret: process.env.INVO_GAME_SECRET,
baseUrl: "https://sandbox.invo.network/sandbox",
maxRetries: 2, // default; 0 disables
hooks: {
onResponse: ({ status, durationMs, requestId }) => metrics(status, durationMs),
onError: ({ error, willRetry }) => log(error.code, error.requestId, willRetry),
},
});Errors
Every failure throws a typed InvoError with .code (when present), .status, .message, and .body, plus helpers:
| Helper | Meaning |
|---|---|
.isTokenExpired | Player token expired — re-mint + retry (automatic with refreshToken) |
.isReceiverNotEnrolled | Recipient has no passkey — fall back to claim-code entry |
.isInsufficientBalance | Item purchase 400 — required_amount + current_balance on .body |
.isDuplicateRequest | Idempotency-keyed request was a duplicate (409) |
.retryAfter | Seconds to back off on a 429 throttle |
.requestId | Backend request id (from the response headers) — quote it in support tickets |