# Tyro Health SDK setup

There is a three-step process to get you started with the Tyro Health SDK:

1)Set up the transaction SDK 
2)Submit transaction details  
3)Record Transaction Outcome  

# 1)Set up the transaction SDK

## Requirements:

| **Requirement** | **Notes** |
|  --- | --- |
| **API KEY** | An API Key  grants you access to a business and all related providers resources.API Keys can only be created by a business admin.  How to obtain an API Key:Once the admin is logged into the  Tyro Health Online portal  1. Go to ‘Business settings’ and navigate to the ‘API keys’ tab,2. Select ‘Generate a new key’ and the API Key will be displayed.  |
| **App ID** | This is your Tyro Health  unique Identifier. Issued by our partner integration team. Please contact healthpartnerships@tyro.com |
| **App Version** | This is typically aligned to your software release version. Used for debug and support efforts. This value is determined by you. |


> Note: The Business Admin API key carries many privileges and should remain secret and not exposed to end users or on client-side code.


## Environments

Tyro Health has to two environments for partner integration:

1. Non- Prod/ testing environment (stg):This represents a production like environment but uses test account details and stubs to simulate responses from funders. It is also recommended that you set the Environment to staging when testing the SDK in development.
2. Production (prod): Tyro Health production environment.


## Domain whitelist

For security purposes, Tyro Health Online must whitelist your origin domain names. To add your domains to our content security policy, please contact healthpartnerships@tyro.com or reach out to your partner manager.

Allowlist requests must be submitted by Monday for activation on Thursday during our weekly release cycle. Please plan ahead to avoid delays.

:::warning Warning

Until partners domains are registered, you will get a CORS error for any unregistered originating domains.

:::

## Installation

There are two options to install theTyro Health transaction SDK:

Installation via NPM/Yarn or,
Download the SDK via unpkg.com

> Note: If you intend to use the SDK as a JavaScript module you will need to install the NPM/Yarn package. If you will be using the SDK with a `<script>` tag or other URL direction method then you will need to install the unpkg.com version.


#### Option 1:Installation via NPM/Yarn


```js
npm install @medipass/partner-sdk
// or, with yarn:
yarn add @medipass/partner-sdk
```

Or

#### Option 2:Download the SDK via unpkg.com

 https://unpkg.com/@medipass/partner-sdk@1.10.1/umd/@medipass/partner-sdk.min.js 

### Using the JavaScript Module


```js
import medipassSDK from '@medipass/partner-sdk';
// or: const medipassSDK = require('@medipass/partner-sdk');

medipassSDK.setConfig({
  env: 'stg',
  apiKey: '[insert your API key here]',
  appId: '[insert your App ID here]',
  appVersion: '[insert your App version here]'
});

medipassSDK.renderCreateTransaction({}, {
  onSuccess: function (transaction) {
    // handle successful submission of transaction
  },
  onError: function (error) {
    // handle errored submission of transaction
  },
  onCancel: function () {
    // handle when create transaction flow has been cancelled
  }
});
```

### Using a `<script>` tag


```html
<html>
<head>
  <script src="https://unpkg.com/@medipass/partner-sdk@1.10.1/umd/@medipass/partner-sdk.min.js"></script>
</head>
<body>
  <script>
    MedipassTransactionSDK.setConfig({
      env: 'stg',
      apiKey: '[insert your API key here]',
      appId: '[insert your App ID here]',
      appVersion: '[insert App version key here]'
    });

    MedipassTransactionSDK.renderCreateTransaction({}, {
      onSuccess: data => {
        // handle success
      },
      onError: data => {
        // handle error
      },
      onCancel: () => {
        // handle cancel
      }
    });
  </script>
</body>
</html>
```

## Short-lived SDK token

In order to mitigate potential risks of unauthorised API keys, Tyro Health provides the option of a short-lived SDK authentication token.

To use the short-lived token you will need to follow the below three step process:

1. On your server-side, use the Business Admin API key to call:


**Resource** POST `<base-url>/v3/auth/token`

Where base-url:

Staging: stg-api-au.medipass.io

**Required headers**

- authorization: `Bearer <Business_Admin_API_key>`
- `x-appid`: your App ID


**Payload**


```javascript
{
    "audience": "aud:business-sdk",
    "expiresIn": "1h"    // e.g. 30m, 1h, 6h, 24h. Defaults to 1h, max is 24h.
}
```

1. The response will contain a short-lived token that is restricted to SDK features. For example, it can't be used to generate more tokens, update business details or create other users in a business.



```javascript
{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2ZXIiOjEsImlhdCI6MTU5Mzc1NzI1MCwiZXhwIjoxNTkzNzYwODUwLCJhdWQiOiJhdWQ6YnVzaW5lc3Mtc2RrIiwic3ViIjoiNTc0M2NiNWI1YjI0Y2MxNDAwOTk5MTcwIiwianRpIjoiNVctZDZLIn0.YbbogFjmk7-BT15aY7vqHfFcXpH5Smr9LT96hHUjlWQ"
}
```

1. Return this token to your portal, and use it for the SDK apiKey field.