This GA SDK includes classes that help Brands Build on Bond. Note that when working with Bond, you'll create API Keys (for sandbox
or live
applications) to enable access to the platform. Then you're ready to build. You can even sign up for our sandbox yourself.
To use this SDK you can just import it using the steps under 'Installation'. But if you'd like to build the repo yourself, with or without sample files, you'll need:
Node installation will include NPM, which is responsible for dependency management.
To install the module in your repo use your terminal to type:
npm install bond-sdk-web
Then import the key classes in your Javascript code:
import { BondCards, BondExternalAccounts } from 'bond-sdk-web';
Or you can install the SDK from a CDN with js
import { BondCards, BondExternalAccounts } from 'cdn.bond.tech/sdk/web/v1/bond-sdk-web.js';
or in html
<script type="text/javascript" src="cdn.bond.tech/sdk/web/v1/bond-sdk-web.js"></script>
Bond archives all released versions of the SDK according to SemVer, and you can access any major-minor-patch version using URLs like the following:
<script type="text/javascript" src="cdn.bond.tech/sdk/web/v/1/0/1/bond-sdk-web.js"></script>
Before executing any request, you need to authorize the calls to the Bond API
- Make an authorized call from your backend with the correct customer_id to receive temporary tokens of {Identity, Authorization}. Use these limited in scope-and-time values to make requests from your app, not your own studio API keys.
cURL
curl --request POST \
--url https://api.bond.tech/api/v0/auth/key/temporary \
--header 'Content-Type: application/json' \
--header 'Identity: YOUR_IDENTITY' \
--header 'Authorization: YOUR_AUTHORIZATION' \
--data '{"customer_id": "YOUR_CUSTOMER_ID"}'
Python
import requests
url = "https://api.bond.tech/api/v0/auth/key/temporary"
headers = { "Content-type": "application/json", "Identity": "YOUR_IDENTITY", "Authorization": "YOUR_AUTHORIZATION" }
payload = { 'customer_id': 'YOUR_CUSTOMER_ID' }
response = requests.post(url, headers=headers, json=payload)
print(response.text)
Ruby
uri = URI.parse("https://api.bond.tech/api/v0/auth/key/temporary")
params = {'customer_id' => 'YOUR_CUSTOMER_ID'}
headers = {
'Content-Type'=>'application/json',
'Identity'=>'YOUR_IDENTITY',
'Authorization'=>'YOUR_AUTHORIZATION'
}
http = Net::HTTP.new(uri.host, uri.port)
response = http.post(uri.path, params.to_json, headers)
output = response.body
puts output
Node
const fetch = require("node-fetch");
let url = "https://api.bond.tech/api/v0/auth/key/temporary";
let options = {
method: "POST",
headers: {
"Content-Type": "application/json",
Identity: "YOUR_IDENTITY",
Authorization: "YOUR_AUTHORIZATION",
},
body: { customer_id: "YOUR_CUSTOMER_ID" },
};
fetch(url, options)
.then((res) => res.json())
.then((json) => console.log(json))
.catch((err) => console.error("error:" + err));
Javascript
// Client-side example for quick testing.
// You would call this from your backend in production
fetch("https://api.bond.tech/api/v0/auth/key/temporary", {
method: "POST",
headers: {
"Content-type": "application/json",
Identity: "YOUR_IDENTITY",
Authorization: "YOUR_AUTHORIZATION",
},
body: {
customer_id: "YOUR_CUSTOMER_ID",
},
});
Java
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://api.bond.tech/api/v0/auth/key/temporary")
.addHeader("Content-Type", "application/json")
.addHeader("Identity", "YOUR_IDENTITY")
.addHeader("Authorization", "YOUR_AUTHORIZATION")
.post(RequestBody
.create(MediaType
.parse("application/json"),
"{\"customer_id\": \"" + YOUR_CUSTOMER_ID + "\"}"
))
.build();
Response response = client.newCall(request).execute();
C#
var client = new RestClient("https://api.bond.tech/api/v0/auth/key/temporary");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Identity", "YOUR_IDENTITY");
request.AddHeader("Authorization", "YOUR_AUTHORIZATION");
request.AddParameter("application/json", {"customer_id": "YOUR_CUSTOMER_ID"}, ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Storing and processing card details including primary account number (PAN), CVV, expiration date, and personal identification number (PIN) involves complying with PCI DSS data security requirements. PCI compliance typically requires high overhead, so Bond created an SDK that vaults and tokenizes this card information. Using the below SDK, you can easily allow your customers to retrieve their card details, set PINs, and reset PINS without entering PCI scope, or worrying about seeing and storing your customers' sensitive card details.
This overview outlines usage. The docs
folder here provides Bond Cards SDK Documentation you can run. You can also check out the sample files to see sample implementation you can build and run.
This SDK relies heavily on Promises, making it easier to handle the asynchronous
requests made to the API. The SDK provides a BondCards
object containing
several methods which map to the calls and parameters described in BondCards's API documentation.
The following snippet is a generic example of how brands can use the SDK. If you need details for a specific module, refer to the sample files.
- Call the constructor (pass
{live: true}
to access the Live environment)
const bondCards = new BondCards({ live: false });
- You can now use the various methods from the SDK to reveal/manage PCI-sensitive
data for a particular Bond Card ID. Following the Promises notation, you should
use
.then()
/.catch()
to handle the successful and failed requests, respectively.
Most of the calls take an object as the only parameter but please refer to the API documentation to tune the query as intended.
bondCards
.show({
cardId: [BOND CARD ID],
identity: [TEMP IDENTITY TOKEN],
authorization: [TEMP AUTH TOKEN],
field: "number",
htmlSelector: "#num",
format: {
replaceThis: "(\\d{4})(\\d{4})(\\d{4})(\\d{4})",
withThis: "$1-$2-$3-$4",
},
})
.then((data) => {
// Handle data
})
.catch((error) => {
// Handle an error
});
- You can easily control loading with the various methods from the SDK. You should
use
.then()
/.catch()
to handle the successful and failed requests, respectively.
// Handle show loader
bondCards
.showMultiple(configuration)
.then((data) => {
// Handle hide loader
})
.catch((error) => {
// Handle hide loader
});
Money movement to cards may require external account linking to transfer funds from a customer's bank account to a card, or vice versa. The BondExternalAccounts
provides tooling to help link accounts to customers or business and their cards in your app.
This overview outlines usage. The docs
folder here provides Bond External Accounts SDK Documentation you can run. There are also sample files you can explore.
Call the constructor (pass { live: true }
to access the Live environment)
const bondExternalAccounts = new BondExternalAccounts({ live: false});
Account linking starts a flow to connect an external account through online identity verfication and account selection. This can be done via OAuth with a two-step process. Please note that implementing an OAuth flow via the Bond SDK requires pre-registering a redirectUri
with the Bond Support team and requires localStorage
access within the user's browser. External accounts can be linked without the Bond SDK by following this guide. Initialize the Bond SDK flow in your app with:
bondExternalAccounts
.linkAccount({
customerId: CUSTOMER_ID, // or business_id: BUSINESS_ID
identity: TEMP_IDENTITY_TOKEN,
authorization: TEMP_AUTH_TOKEN,
redirectUri: REGISTERED_REDIRECT_URI,
})
Once the OAuth flow is initiated, the user will be navigated to the selected institution's site to continue the verification process. Upon completion, they will be redirected back to the configured redirectUri
. From this page, the SDK is re-initialized to finalize the account linking process:
bondExternalAccounts
.handleOAuthRedirect({
identity: TEMP_IDENTITY_TOKEN,
authorization: TEMP_AUTH_TOKEN,
})
Alternatively, a non-OAuth account linking flow can be initiated in one step with:
bondExternalAccounts
.linkAccount({
customerId: CUSTOMER_ID, // or business_id: BUSINESS_ID
identity: TEMP_IDENTITY_TOKEN,
authorization: TEMP_AUTH_TOKEN,
})
Customers may need to undertake a microdeposit to verify their account. Start this flow with:
bondExternalAccounts
.microDeposit({
accountId: ACCOUNT_ID,
linkedAccountId: LINKED_ACCOUNT_ID,
identity: TEMP_IDENTITY_TOKEN,
authorization: TEMP_AUTH_TOKEN,
})
Delete linked external accounts with:
bondExternalAccounts
.deleteExternalAccount({
accountId: LINKED_ACCOUNT_ID,
identity: TEMP_IDENTITY_TOKEN,
authorization: TEMP_AUTH_TOKEN,
})
The following script aliases are available:
npm run doc
: Run JSDoc to create a 'docs' folder with automatically generated documentation for the source code.npm run build
: Create a production build minified and transpiled js bundle without any sample code.npm run start
: Lint SDK and Sample files, then Deploy a web server from the root folder atlocalhost:8080
to run the html samples. Note thewebpack
config and sample scripts expectIDENTITY
andAUTHORIZATION
values in the environment.
Contact your Bond support representative or the developer experience team at devex-eng@bond.tech with questions, concerns, or feature requests regarding this SDK.