Partner Connect SDK

Promise-based JavaScript SDK for secure cross-origin communication between partner apps and LearnCard

The Partner Connect SDK transforms complex postMessage communication into clean, modern Promise-based functions. It handles the entire cross-origin message lifecycle, including request queuing, origin validation, and timeout management.

Features

• 🔒 Secure: Multi-layered origin validation prevents unauthorized access

• 🎯 Type-safe: Full TypeScript support with comprehensive type definitions

• ⚡ Promise-based: Modern async/await API eliminates callback complexity

• 🧹 Clean: Abstracts away all postMessage implementation details

• 📦 Lightweight: Zero dependencies, ~8KB minified

• 🛡️ Robust: Built-in timeout handling and structured error management

Installation

npm install @learncard/partner-connect

pnpm add @learncard/partner-connect

yarn add @learncard/partner-connect

Quick Start

import { createPartnerConnect } from '@learncard/partner-connect';

// Initialize the SDK
const learnCard = createPartnerConnect({
  hostOrigin: 'https://learncard.app'
});

// Request user identity (SSO)
try {
  const identity = await learnCard.requestIdentity();
  console.log('User DID:', identity.user.did);
  console.log('JWT Token:', identity.token);
} catch (error) {
  if (error.code === 'LC_UNAUTHENTICATED') {
    console.log('User is not logged in');
  }
}

API Reference

Factory Function

createPartnerConnect(options)

Creates a new Partner Connect SDK instance.

Parameters:

• options (PartnerConnectOptions): Configuration options

Returns: PartnerConnect instance

Example:

Configuration

PartnerConnectOptions

Core Methods

requestIdentity()

Request user identity from LearnCard for Single Sign-On authentication.

Returns: Promise<IdentityResponse>

Example:

Response Type:

sendCredential(credential)

Send a verifiable credential to the user's LearnCard wallet.

Parameters:

• credential (unknown): The verifiable credential to send

Returns: Promise<SendCredentialResponse>

Example:

launchFeature(featurePath, initialPrompt?)

Launch a feature in the LearnCard host application.

Parameters:

• featurePath (string): Path to the feature (e.g., '/ai/topics')

• initialPrompt (string, optional): Initial prompt or data

Returns: Promise<void>

Example:

askCredentialSearch(verifiablePresentationRequest)

Request credentials from the user's wallet using query criteria.

Parameters:

• verifiablePresentationRequest (VerifiablePresentationRequest): Query specification

Returns: Promise<CredentialSearchResponse>

Example:

askCredentialSpecific(credentialId)

Request a specific credential by ID.

Parameters:

• credentialId (string): The ID of the credential to request

Returns: Promise<CredentialSpecificResponse>

Example:

requestConsent(contractUri)

Request user consent for data access permissions.

Parameters:

• contractUri (string): URI of the consent contract

Returns: Promise<ConsentResponse>

Example:

initiateTemplateIssue(templateId, draftRecipients?)

Initiate a template-based credential issuance flow.

Parameters:

• templateId (string): ID of the template/boost to issue

• draftRecipients (string[], optional): Array of recipient DIDs

Returns: Promise<TemplateIssueResponse>

Example:

destroy()

Clean up the SDK and remove event listeners.

Returns: void

Example:

Security Model

The Partner Connect SDK implements comprehensive security measures:

Origin Validation

Strict Enforcement:

• Incoming messages must exactly match the configured host origin

• No wildcard (*) origins are ever used

• Query parameter overrides are validated against whitelist

Configuration Hierarchy:

1. Default: https://learncard.app (security anchor)

2. Query Parameter Override: ?lc_host_override=https://staging.learncard.app

3. Configured Origin: From hostOrigin option

Example:

Message Security

• Protocol Verification: Messages must match expected protocol version

• Request ID Tracking: Only tracked requests are processed

• Timeout Protection: Requests automatically timeout to prevent hanging

• Cleanup on Destroy: Pending requests are properly rejected

Error Handling

All SDK methods reject with structured LearnCardError objects:

Error Codes

Error Handling Patterns

Advanced Configuration

Multiple Origins (Staging Support)

Native App Support

For Capacitor/Ionic apps:

Custom Timeouts

Browser Support

• Chrome/Edge: 90+

• Firefox: 88+

• Safari: 14+

• Mobile: iOS Safari 14+, Android Chrome 90+

Required APIs:

• postMessage

• Promise

• URLSearchParams

• addEventListener

Migration Guide

From Manual postMessage

Before (80+ lines of boilerplate):

After (3 lines):

Benefits:

• 85% code reduction in typical integrations

• Type safety with full TypeScript support

• Better error handling with structured error codes

• Security improvements with origin validation

• No manual cleanup required

Examples

SSO Authentication Flow

Credential Gating (Premium Content)

Credential Issuance (Certificate Award)

Related Documentation

• LearnCard Core SDK - Backend credential operations

• LearnCard Network - Network integration

• Creating Connected Websites - Integration guide

• App Store Development - LearnCard app ecosystem