Skip to main content
The ResQ TypeScript SDK lives in the resq-software/npm workspace. It publishes a UI component library plus seven standalone utility packages under the @resq-sw/* scope. The packages are Effect-based, with zero or peer dependencies where it matters.
PackagePurpose
@resq-sw/httpHTTP client utilities
@resq-sw/securityAuth and crypto helpers
@resq-sw/dsaZero-dependency data structures
@resq-sw/loggerStructured logging
@resq-sw/rate-limitingRate-limiting primitives
@resq-sw/decoratorsMethod decorators
@resq-sw/helpersCross-cutting utilities
Install only what you need — every package is independently versioned and tree-shakable. See the README for the canonical per-package API.

Install

npm install @resq-sw/http @resq-sw/security

Authenticate

You can call POST /login directly with fetch while you’re getting set up. The packages provide higher-level wrappers — see the package READMEs for their current API. 
const res = await fetch("https://api.resq.software/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    username: process.env.RESQ_USERNAME,
    password: process.env.RESQ_PASSWORD,
  }),
});

if (!res.ok) {
  throw new Error(`login failed: ${res.status}`);
}

const { token, expires_at } = (await res.json()) as {
  token: string;
  expires_at: number;
};
Treat expires_at (Unix seconds) as authoritative — refresh proactively when fewer than 60 seconds remain. See Authentication for rotation guidance.

First call

const res = await fetch("https://api.resq.software/evidence", {
  headers: { Authorization: `Bearer ${token}` },
});

if (!res.ok) {
  throw new Error(`evidence list failed: ${res.status}`);
}

const evidence = await res.json();

Errors

The API rejects with HTTP status codes; bodies follow the envelope at Errors. For retry/backoff, the @resq-sw/rate-limiting and @resq-sw/http packages provide ready-made primitives — refer to the resq-software/npm README for their current shape.

Browser

The packages ship native ESM and tree-shake cleanly. In the browser:
  • Never embed long-lived credentials in client JavaScript.
  • Issue short-lived operator tokens server-side and hand them to the page.
  • Use a same-site, HTTP-only cookie or sessionStorage (memory only) to hold the token; clear on logout.

Next

API reference

Full endpoint catalog for both APIs.

Other SDKs

Python, Rust, .NET, and more.