skyflowapi · aadarsh-st · May 22, 2026 · May 22, 2026 · May 22, 2026 · May 22, 2026
diff --git a/samples/deprecated/service-account/bearer-token-expiry-example.ts b/samples/deprecated/service-account/bearer-token-expiry-example.ts
@@ -0,0 +1,102 @@
+import {
+    Credentials,
+    DetokenizeOptions,
+    DetokenizeRequest,
+    DetokenizeResponse,
+    Env,
+    LogLevel,
+    RedactionType,
+    Skyflow,
+    SkyflowError,
+    VaultConfig,
+    SkyflowConfig,
+    DetokenizeData
+} from 'skyflow-node';
+
+/**
+* This example demonstrates how to configure and use the Skyflow SDK
+* to detokenize sensitive data stored in a Skyflow vault.
+* It includes setting up credentials, configuring the vault, and
+* making a detokenization request. The code also implements a retry
+* mechanism to handle unauthorized access errors (HTTP 401).
+*/
+async function detokenizeData(skyflowClient: Skyflow, vaultId: string) {
+    try {
+        // Creating a list of tokens to be detokenized
+        const detokenizeData: DetokenizeData[] = [
+            {
+                token: '<YOUR_TOKEN_VALUE_1>',
+                redactionType: RedactionType.PLAIN_TEXT
+            },
+            {
+                token: '<YOUR_TOKEN_VALUE_2>',
+                redactionType: RedactionType.PLAIN_TEXT
+            }
+        ];
+
+        // Building a detokenization request
+        const detokenizeRequest: DetokenizeRequest = new DetokenizeRequest(
+            detokenizeData
+        );
+
+        // Configuring detokenization options
+        const detokenizeOptions: DetokenizeOptions = new DetokenizeOptions();
+        detokenizeOptions.setContinueOnError(false); // Stop on error
+        detokenizeOptions.setDownloadUrl(false);    // Disable download URL generation
+
+        // Sending the detokenization request and receiving the response
+        const response: DetokenizeResponse = await skyflowClient
+            .vault(vaultId)
+            .detokenize(detokenizeRequest, detokenizeOptions);
+
+        // Printing the detokenized response
+        console.log('Detokenization successful:', response);
+    } catch (err) {
+        throw err;
+    }
+}
+
+async function main() {
+    try {
+        // Setting up credentials for accessing the Skyflow vault
+        const credentials: Credentials = {
+            credentialsString: '<YOUR_CREDENTIALS_STRING>', // Credentials string for authentication
+        };
+
+        // Configuring the Skyflow vault with necessary details
+        const primaryVaultConfig: VaultConfig = {
+            vaultId: '<YOUR_VAULT_ID>',          // Vault ID
+            clusterId: '<YOUR_CLUSTER_ID>',      // Cluster ID
+            env: Env.PROD,                       // Environment set to PROD
+            credentials: credentials             // Setting credentials
+        };
+
+        // Creating a Skyflow client instance with the configured vault
+        const skyflowConfig: SkyflowConfig = {
+            vaultConfigs: [primaryVaultConfig],
+            logLevel: LogLevel.ERROR,            // Setting log level to ERROR
+        };
+
+        const skyflowClient: Skyflow = new Skyflow(skyflowConfig);
+
+        // Attempting to detokenize data using the Skyflow client
+        try {
+            await detokenizeData(skyflowClient, primaryVaultConfig.vaultId);
+        } catch (err) {
+            // Retry detokenization if the error is due to unauthorized access (HTTP 401)
+            if (err instanceof SkyflowError && err.error?.http_code === 401) {
+                console.warn('Unauthorized access detected. Retrying...');
+                await detokenizeData(skyflowClient, primaryVaultConfig.vaultId);
+            } else {
+                // Rethrow the exception for other error codes
+                throw err;
+            }
+        }
+    } catch (err) {
+        // Handling any exceptions that occur during the process
+        console.error('An error occurred:', err);
+    }
+}
+
+// Invoke the main function
+main();
diff --git a/samples/deprecated/service-account/scoped-token-generation-example.ts b/samples/deprecated/service-account/scoped-token-generation-example.ts
@@ -0,0 +1,50 @@
+/*
+  Copyright (c) 2022 Skyflow, Inc.
+*/
+// v1 nomenclature: roleIDs (uppercase D) — deprecated alias for roleIds in BearerTokenOptions
+import {
+  generateBearerTokenFromCreds,
+  isExpired,
+  LogLevel,
+} from 'skyflow-node';
+
+let bearerToken: string = '';
+
+const cred = {
+  clientId: '<YOUR_CLIENT_ID>',
+  clientName: '<YOUR_CLIENT_NAME>',
+  keyId: '<YOUR_KEY_ID>',
+  tokenUri: '<YOUR_TOKEN_URI>',
+  privateKey: '<YOUR_PRIVATE_KEY>',
+};
+
+function getScopedBearerTokenFromCreds() {
+  return new Promise((resolve, reject) => {
+    try {
+      // v1: roleIDs (uppercase D) — deprecated key, emits WARN, still works
+      const options = {
+        roleIDs: ['<YOUR_ROLE_ID>'] as string[],
+        logLevel: LogLevel.WARN,
+      };
+      if (!isExpired(bearerToken)) resolve(bearerToken);
+      else {
+        generateBearerTokenFromCreds(JSON.stringify(cred), options as any)
+          .then(response => {
+            bearerToken = response.accessToken;
+            resolve(bearerToken);
+          })
+          .catch(error => {
+            reject(error);
+          });
+      }
+    } catch (e) {
+      reject(e);
+    }
+  });
+}
+
+const tokens = async () => {
+  console.log(await getScopedBearerTokenFromCreds());
+};
+
+tokens();
diff --git a/samples/deprecated/vault-api/credentials-options.ts b/samples/deprecated/vault-api/credentials-options.ts
@@ -0,0 +1,150 @@
+import {
+    Credentials,
+    DeleteRequest,
+    Env,
+    InsertOptions,
+    InsertRequest,
+    LogLevel,
+    Skyflow,
+    VaultConfig,
+    SkyflowConfig,
+    SkyflowError,
+    DeleteResponse,
+    StringCredentials
+} from 'skyflow-node';
+
+/**
+ * Skyflow Secure Data Deletion Example
+ * 
+ * This example demonstrates how to:
+ * 1. Configure Skyflow client credentials
+ * 2. Set up vault configurations
+ * 3. Create and perform delete requests
+ * 4. Handle response and errors
+ */
+const VAULT_ID    = '<VAULT_ID>';
+const CLUSTER_ID  = '<CLUSTER_ID>';
+const SETUP_TOKEN = 'BEARER_TOKEN';
+
+async function setup(): Promise<[string, string]> {
+    const setupClient = new Skyflow({
+        vaultConfigs: [{ vaultId: VAULT_ID, clusterId: CLUSTER_ID, env: Env.DEV,
+            credentials: { token: SETUP_TOKEN } }],
+        logLevel: LogLevel.WARN,
+    });
+    const insertOpts = new InsertOptions(); insertOpts.setReturnTokens(false);
+    const insertResp = await setupClient.vault(VAULT_ID).insert(
+        new InsertRequest('table1', [
+            { card_number: '4111111111111112' },
+            { card_number: '4111111111111112' },
+        ]), insertOpts
+    );
+    const idV1 = insertResp.insertedFields![0].skyflowId!;
+    const idV2 = insertResp.insertedFields![1].skyflowId!;
+    console.log('Setup: inserted IDs:', idV1, idV2);
+    return [idV1, idV2];
+}
+
+async function performSecureDataDeletion() {
+    const [insertedIdV1, insertedIdV2] = await setup();
+
+    try {
+        // Step 1: Configure Skyflow client Credentials
+        const cred: Record<string, string> = {
+            clientID: '<YOUR_CLIENT_ID>',    // Client identifier
+            clientName: '<YOUR_CLIENT_NAME>',                          // Client name
+            keyID: '<YOUR_KEY_ID>',        // Key identifier
+            tokenURI: '<YOUR_TOKEN_URI>', // Token URI
+            privateKey: '<YOUR_PRIVATE_KEY>',
+        };
+
+        // v1 credentialsString — old field names (clientID, keyID, tokenURI)
+        const stringCredentials: StringCredentials = {
+            credentialsString: JSON.stringify(cred),
+        };
+        const skyflowCredentials: Credentials = stringCredentials;
+
+        // v2 credentialsString — new canonical field names (clientId, keyId, tokenUri)
+        const credV2: Record<string, string> = {
+            clientId: cred.clientID,
+            clientName: cred.clientName,
+            keyId: cred.keyID,
+            tokenUri: cred.tokenURI,
+            privateKey: cred.privateKey,
+        };
+        const stringCredentialsV2: StringCredentials = {
+            credentialsString: JSON.stringify(credV2),
+        };
+        const skyflowCredentialsV2: Credentials = stringCredentialsV2;
+
+        // Step 2: Configure Vaults
+        // Individual vault credentials take priority over skyflowCredentials
+        const primaryVaultConfig: VaultConfig = {
+            vaultId: VAULT_ID,
+            clusterId: CLUSTER_ID,
+            env: Env.DEV,
+            credentials: { token: SETUP_TOKEN }, // per-vault credential overrides skyflowCredentials
+        };
+
+        // Step 3: Configure Skyflow Client
+        const skyflowConfig: SkyflowConfig = {
+            vaultConfigs: [primaryVaultConfig],
+            skyflowCredentials: skyflowCredentials, // Used if no individual credentials are passed
+            logLevel: LogLevel.WARN,
+        };
+
+        // Initialize Skyflow Client
+        const skyflowClient: Skyflow = new Skyflow(skyflowConfig);
+
+        // Step 4: Prepare Delete Request for Primary Vault (uses v1 skyflowCredentials)
+        const primaryDeleteIds: Array<string> = [insertedIdV1];
+
+        const primaryTableName: string = 'table1';
+
+        const primaryDeleteRequest: DeleteRequest = new DeleteRequest(
+            primaryTableName,
+            primaryDeleteIds,
+        );
+
+        // Perform Delete Operation for Primary Vault
+        const primaryDeleteResponse: DeleteResponse = await skyflowClient
+            .vault(VAULT_ID)
+            .delete(primaryDeleteRequest);
+
+        console.log('Primary Vault Deletion Successful (v1 credentialsString):', primaryDeleteResponse);
+
+        // Step 5: v2 credentialsString (clientId/keyId/tokenUri — new canonical names)
+        const skyflowConfigV2: SkyflowConfig = {
+            vaultConfigs: [{
+                vaultId: VAULT_ID,
+                clusterId: CLUSTER_ID,
+                env: Env.DEV,
+                credentials: { token: SETUP_TOKEN },
+            }],
+            skyflowCredentials: skyflowCredentialsV2, // v2 field names
+            logLevel: LogLevel.WARN,
+        };
+        const skyflowClientV2: Skyflow = new Skyflow(skyflowConfigV2);
+
+        const secondaryDeleteResponse: DeleteResponse = await skyflowClientV2
+            .vault(VAULT_ID)
+            .delete(new DeleteRequest('table1', [insertedIdV2]));
+
+        console.log('Secondary Vault Deletion Successful (v2 credentialsString):', secondaryDeleteResponse);
+
+    } catch (error) {
+        // Comprehensive Error Handling
+        if (error instanceof SkyflowError) {
+            console.error('Skyflow Specific Error:', {
+                code: error.error?.http_code,
+                message: error.message,
+                details: error.error?.details
+            });
+        } else {
+            console.error('Unexpected Error:', error);
+        }
+    }
+}
+
+// Invoke the secure data deletion function
+performSecureDataDeletion();
diff --git a/samples/deprecated/vault-api/detokenize-records.ts b/samples/deprecated/vault-api/detokenize-records.ts
@@ -0,0 +1,81 @@
+import {
+    Credentials,
+    DetokenizeOptions,
+    DetokenizeRequest,
+    DetokenizeResponse,
+    Env,
+    LogLevel,
+    RedactionType,
+    Skyflow,
+    SkyflowError,
+    VaultConfig,
+    SkyflowConfig,
+    DetokenizeData,
+    SkyflowRecordError,
+} from 'skyflow-node';
+
+// v1 nomenclature: setDownloadURL (uppercase) on DetokenizeOptions
+async function performDetokenization() {
+    try {
+        const credentials: Credentials = {
+            token: 'BEARER_TOKEN',
+        };
+
+        const primaryVaultConfig: VaultConfig = {
+            vaultId: '<VAULT_ID>',
+            clusterId: '<CLUSTER_ID>',
+            env: Env.DEV,
+            credentials: credentials,
+        };
+
+        const skyflowConfig: SkyflowConfig = {
+            vaultConfigs: [primaryVaultConfig],
+            logLevel: LogLevel.WARN,
+        };
+
+        const detokenizeOptions: DetokenizeOptions = new DetokenizeOptions();
+        detokenizeOptions.setContinueOnError(true);
+
+        // v1: setDownloadURL uppercase — deprecated setter, still works
+        (detokenizeOptions as any).setDownloadURL(false);
+        // v1: getDownloadURL uppercase — deprecated getter, still works
+        console.log('v1 getDownloadURL:', (detokenizeOptions as any).getDownloadURL());
+
+        const skyflowClient: Skyflow = new Skyflow(skyflowConfig);
+
+        const detokenizeData: DetokenizeData[] = [
+            {
+                token: '8561-9339-2309-3015',
+                redactionType: RedactionType.PLAIN_TEXT,
+            },
+        ];
+
+        const detokenizeRequest: DetokenizeRequest = new DetokenizeRequest(detokenizeData);
+
+        const response: DetokenizeResponse = await skyflowClient
+            .vault(primaryVaultConfig.vaultId)
+            .detokenize(detokenizeRequest, detokenizeOptions);
+
+        console.log('Detokenization successful:', response);
+
+        if (response.errors != null) {
+            response.errors.forEach((err: SkyflowRecordError) => {
+                // v1: access request_ID (deprecated)
+                console.log('v1 request_ID:', (err as any).request_ID);
+            });
+        }
+
+    } catch (error) {
+        if (error instanceof SkyflowError) {
+            console.error('Skyflow Specific Error:', {
+                code: error.error?.http_code,
+                message: error.message,
+                details: error.error?.details,
+            });
+        } else {
+            console.error('Unexpected Error:', error);
+        }
+    }
+}
+
+performDetokenization();