Getting Started
Installation
npm (recommended)
@alviere/core is published to the public npm registry:
npm install @alviere/core
CDN
Prebuilt dist files are also served from the Alviere CDN. Use versioned URLs for integrity-pinned deployments, or latest for always-current:
https://js.prd.alvierecdn.com/core/{version}/
https://js.prd.alvierecdn.com/core/latest/
Dev/staging builds are available at js.dev.alvierecdn.com with the same path structure.
Basic usage
import { AlviereCore } from '@alviere/core';
const core = new AlviereCore({
jwt: 'your-sierra-api-v3-jwt',
publicCertificate: 'your-rsa-public-key-pem',
publicCertificateId: 'your-certificate-id',
debug: true,
});
Making your first call
The following example creates an accounts service and fetches an account:
import { AlviereCore } from '@alviere/core';
const core = new AlviereCore({ jwt: 'your-jwt' });
// Downgrade the business JWT to a consumer-scoped token
const scopedJwt = await core.generateScopedToken('account-uuid-here');
// Re-configure with the scoped token
core.configure({ jwt: scopedJwt });
// Create a service and call it
const accounts = core.createAccountsService();
const account = await accounts.getAccount('account-uuid-here');
console.log(account);
Scoped tokens
Most service operations require a consumer-scoped JWT — a token whose sub claim is the target account UUID. Your backend provides a business-level JWT on login; call generateScopedToken to downgrade it to the consumer scope before making account-level API calls.
generateScopedToken optionally refreshes the AlviereCore instance's token automatically (autoUpdate defaults to true):
// Automatically updates core's internal JWT as well
const scopedJwt = await core.generateScopedToken('consumer-account-uuid');
// Or retrieve without updating
const scopedJwt = await core.generateScopedToken('consumer-account-uuid', false);
core.configure({ jwt: scopedJwt });
With encryption
For endpoints that require encrypted payloads (card data, sensitive PII), provide the RSA public certificate at initialization time:
const core = new AlviereCore({
jwt: 'your-jwt',
publicCertificate: 'your-rsa-public-key-pem',
publicCertificateId: 'your-certificate-id',
});
const payments = core.createPaymentsService();
await payments.processAddCardWithValidation('account-uuid', {
card_number: '4111111111111111',
name_on_card: 'Jane Doe',
expiry_date: '12/28',
security_code: '123',
zip_code: '10001',
});
Calls that require a certificate will throw if publicCertificate / publicCertificateId are not set.

