Integration Patterns

Integration Patterns

Recommended backend patterns for @gwop/sdk

View as Markdown

These patterns show the smallest production-minded backend shape for a Gwop integration:

  • one shared SDK client
  • thin app-owned adapters around Gwop
  • local JWT verification with cached JWKS
  • webhook-driven state transitions
  • app-owned routes, persistence, and entitlements

Architecture

Agent -> app routes -> app services -> thin Gwop adapters -> @gwop/sdk -> Gwop

Your backend owns the API surface and business rules. Gwop owns identity, invoices, sessions, JWKS, and webhook signatures.

Design rules

  1. Bootstrap the SDK once and share it.
  2. Keep auth, invoice, and webhook code in app-owned adapters so upstream details stay isolated.
  3. Verify JWTs locally, then use sid for a live session check when revocation matters.
  4. Store both merchant and public invoice IDs.
  5. Trust webhook state transitions only after verifying the raw request body.

These patterns are demonstrated end-to-end in the Agentrouter sample app, a headless LLM store built on @gwop/sdk.

Next pages

Shared SDK Client

Bootstrap one client and keep identity request options explicit

Wallet Auth

Create challenges, exchange them for JWTs, and manage sessions

JWT Verification

Verify access tokens locally and refresh JWKS on key rotation

Subscription Checkout

Create invoices and carry both IDs through your app model

Webhook Verification

Validate signed deliveries before mutating local state