Installation
Install from npm
npm install @trymellon/js
Entry points
| Import | Exports | Use case |
|---|
@trymellon/js | TryMellon, types, utilities | Core SDK — Vanilla JS, Svelte, Node |
@trymellon/js/react | TryMellonProvider, useAuthenticate, useRegister, useEnroll | React 18+ hooks & provider |
@trymellon/js/vue | provideTryMellon, useAuthenticate, useRegister, useEnroll | Vue 3 Composition API composables |
@trymellon/js/angular | TryMellonService, provideTryMellon | Angular standalone service & DI |
@trymellon/js/ui | <trymellon-auth>, <trymellon-auth-modal> | Web Components (zero-framework drop-in) |
@trymellon/js/umd | window.TryMellon | UMD bundle — via <script> tag |
Initialize the client
import { TryMellon } from '@trymellon/js'
const clientResult = TryMellon.create({
appId: 'YOUR_APP_ID', // Required: Application ID from dashboard
publishableKey: 'cli_xxxx', // Required: Client ID (safe for browser)
apiBaseUrl: 'https://api.trymellonauth.com', // Optional, default
timeoutMs: 30000, // Optional, default 30000
maxRetries: 3, // Optional, default 3
retryDelayMs: 1000, // Optional, default 1000
})
if (!clientResult.ok) {
console.error(clientResult.error.message);
throw clientResult.error;
}
const client = clientResult.value;
Where to get your credentials
- Sign up at the TryMellon dashboard.
- Create an Application — you’ll receive an App ID (UUID) and a Client ID (starts with
cli_).
- Add your domain to Allowed Origins so the API accepts requests from your frontend.
Configuration options
| Option | Required | Default | Description |
|---|
appId | Yes | — | Application ID. Sent as X-App-Id header. |
publishableKey | Yes | — | Client ID for client-side auth (safe for the browser). |
apiBaseUrl | No | 'https://api.trymellonauth.com' | API base URL. Override for self-hosted or staging environments. |
timeoutMs | No | 30000 | HTTP request timeout (ms). Range: 1000–300000. |
maxRetries | No | 3 | Retries for transient network errors. Range: 0–10. |
retryDelayMs | No | 1000 | Delay between retries (ms). Range: 100–10000. |
logger | No | console | Custom logger implementing the Logger interface. |
sandbox | No | false | Skip API & WebAuthn calls; return a fixed token instantly. See Sandbox mode. |
sandboxToken | No | SANDBOX_SESSION_TOKEN | Custom token returned in sandbox mode. |
enableTelemetry | No | false | Opt-in anonymous event + latency tracking. |
origin | No | window.location.origin | Override the Origin header sent with API requests. Required in Node.js / SSR where window is not available. |
contextHashStorage | No | sessionStorage | Custom storage for the context hash used by enrollment flows. Must implement getItem / setItem. Useful for SSR or test environments. |
Runtime compatibility
| Environment | Supported |
|---|
| Modern browsers (Chrome, Safari, Firefox, Edge) | Yes |
| Node.js 18+ (SSR/server validation) | Yes |
| Edge runtimes (Cloudflare Workers, Vercel Edge) | Yes |
| React Native | No (WebAuthn requires a browser) |
The SDK uses only globalThis.crypto and standard fetch — no Node-specific APIs.
For register and authenticate options you can use externalUserId (camelCase).