TypeScript SDK API reference

Every client method, argument, and return type.

Construction

import { Cohesion } from "@cohesionauth/sdk";

const client = new Cohesion({
  apiKey: process.env.COHESION_API_KEY!,
  baseUrl: "https://api.cohesionauth.com",          // default
  receiptsBaseUrl: "https://receipts.cohesionauth.com", // default (oversight receipts host)
  timeout: 30000,                                   // default (milliseconds)
  maxRetries: 3,                                    // default, exponential backoff
});

receiptsBaseUrl configures the host for getReceipt(). Oversight receipts are served by a dedicated worker on receipts.cohesionauth.com, a separate host from the scoring API base. Only getReceipt() uses it; every other method targets baseUrl.

Methods

score(params, options?) => Promise<ScoreResponse>

Wraps POST /v1/score.

scoreBatch(params, options?) => Promise<BatchScoreResponse>

Wraps POST /v1/score/batch.

operatorProfile(operatorId) => Promise<OperatorProfile>

Wraps GET /v1/operator/:id/profile.

organizationDashboard() => Promise<OrganizationDashboard>

Wraps GET /v1/organization/dashboard.

maintenanceRecommend(params) => Promise<MaintenanceRecommendation>

Wraps POST /v1/maintenance/recommend.

complianceReport(params) => Promise<ComplianceReport>

Wraps GET /v1/compliance/report.

getReceipt(decisionId) => Promise<OversightReceiptResponse>

GETs https://receipts.cohesionauth.com/v1/decisions/:id/receipt (configurable via receiptsBaseUrl). Returns the signed, exportable oversight receipt for a decision produced by the DRS gate path (gate() / decisionScore()). Pass the ai_decision_log_id the gate returned. The response surfaces receipt.chain_anchor.verified_at_issuance (always true on an issued receipt) and signature.receipt_hmac (hex HMAC over the canonical receipt). The worker returns 404 for an unknown or cross-tenant decision id and 409 when the row predates the field-covering evidence chain or fails verification. Call it from server-side code; the receipt host does not currently send CORS headers, so a browser request to it is preflight-blocked.

A receipt attaches to the gate path that produces one. The score() (JIS) path does not yet yield a receipt; a future canonical-evidence-record migration will make score() receipt-eligible too.

adminKeyRotate() => Promise<KeyRotationResponse>

Wraps POST /v1/admin/key/rotate.

adminKeyRevoke() => Promise<KeyRevocationResponse>

Wraps POST /v1/admin/key/revoke.

adminAuditLog(params?) => Promise<AuditEvent[]>

Wraps GET /v1/admin/audit-log.

Errors

Typed error classes:

Next step

Cookbook for end-to-end recipes.