Scrydon
Client SDK

Client SDK

Call deployed Scrydon workflows and the platform data / AI / action surface from your own apps

The Client SDK (@scrydon/sdk) is for first-party apps acting on behalf of an end user. It authenticates with OAuth 2.0 + PKCE and exposes typed modules for workflows, chat, knowledge, storage, and the platform data / ai / action surface.

For server-to-server execution — backends, cron jobs, CI, internal services — call the workflow API directly with a static x-api-key. There is no separate server SDK; see Execution → Programmatic Execution.

TypeScript / JavaScript

Browser, TanStack Start / Next.js, and Node.js. Full type safety, OAuth/PKCE auth, React hooks.

What the SDK exposes

SurfaceWhat it does
client.authOAuth 2.0 + PKCE: signIn()handleCallback()getSession() / signOut() / onAuthStateChange()
client.workflowstrigger({ workflowId, inputs }), triggerAsync(...), getStatus(executionId)
client.chatStreaming chat against a deployed chat surface
client.knowledgequery() / ingest() against the workspace KB
client.storageupload() / getUrl() for the workspace storage
client.webhooksIn-process pub/sub for webhook payloads
client.dataPlatform data SDK — knowledge, memex, storage, memory
client.aiPlatform ai SDK — capability-resolved LLM calls
client.actionPlatform action SDK — workflow execute, email send, SMS, function execute

Authentication model

The Client SDK uses OAuth 2.0 with PKCE — no client secret in the browser, no static API key. The flow:

Generates the PKCE challenge, stores the verifier in sessionStorage, returns the https://scrydon.com/oauth/authorize?… URL. You navigate the user there.

They land on your redirectUri with ?code= and ?state= in the query string.

The SDK reads window.location.href (or whatever you pass), exchanges code for tokens, parses the ID token, and returns a ScrydonSession.

Every module call adds Authorization: Bearer <accessToken> automatically until the token expires.

const client = new ScrydonClient({
  baseUrl: 'https://scrydon.com',
  clientId: 'your-oauth-client-id',
  redirectUri: 'https://your-app.com/auth/callback',
})

// Sign in
window.location.assign(await client.auth.signIn())

// On callback page
const session = await client.auth.handleCallback()
// → { user: { id, email, name? }, accessToken, expiresAt }

When NOT to use this SDK

You are…Use instead
A backend service running on a scheduleDirect curl with x-api-key to /api/workflows/{id}/execute
A CI step or cron jobSame — x-api-key
Building an integration that other apps installThe Authoring SDKdefineVendor etc.

Where to next

TypeScript reference

Full API reference: every module, every method, errors, React hooks.

Programmatic execution

Server-to-server execution with x-api-key.

Authoring SDK

Build your own integrations, ontologies, and process flows.

On this page

On this page

What the SDK exposesAuthentication modelWhen NOT to use this SDKWhere to next
Edit on GitHubCreate documentation issue