#Dodo payment typescript SDK issue

1 messages · Page 1 of 1 (latest)

thin solstice
#

I am using the dodo payment typescript sdk in the figma extension I am currently working on, now here are two issues.

1st is dodo payment sdk take x-stainless-os in header but figma extension runs in a sandbox so this value can't be retrieved, which is causing the following error
Access to fetch at 'https://test.dodopayments.com/licenses/validate' from origin 'null' has been blocked by CORS policy: Request header field x-stainless-os is not allowed by Access-Control-Allow-Headers in preflight response.

2nd is in the documentation (https://docs.dodopayments.com/api-reference/licenses/validate-license) it's written that you can omit the bearerToken if you are using https://test.dodopayments.com/licenses/validate or in case of sdk it's client.licenses.validate but if I omit it then it throws the following error Uncaught DodoPaymentsError: The DODO_PAYMENTS_API_KEY environment variable is missing or empty; either provide it, or instantiate the DodoPayments client with an bearerToken option, like new DodoPayments({ bearerToken: 'My Bearer Token' }).

the 2nd issue is not that severe, but I would really appreciate if you can resolve the 1st issue

image.png image.png
Dodo Payments Documentation
Validate License - Dodo Payments Documentation

This endpoint allows you to validate a license for the user.

wide violetBOT
# thin solstice I am using the dodo payment typescript sdk in the figma extension I am currently...

Issue 1 — CORS + x-stainless-os

This won’t work from a Figma extension (or any browser sandbox) using the TS SDK.

  • The SDK automatically adds x-stainless-os
  • Browsers trigger a preflight request
  • Dodo API does not allow that header in CORS
  • Result: blocked request (expected)

Fix (recommended):

  • Do not call Dodo API directly from the extension
  • Proxy through your backend:
Figma Extension → Your Backend → Dodo API
  • Call /licenses/validate from your server using the SDK or fetch
  • Return the result to the extension

Alternative (not ideal):

  • Manually call fetch without the SDK and avoid custom headers
  • Still may fail due to broader CORS restrictions

Issue 2 — bearerToken requirement

  • SDK always requires bearerToken (or env var)
  • “Optional token” in docs applies to raw HTTP usage, not the SDK

Fix:

new DodoPayments({ bearerToken: process.env.DODO_PAYMENTS_API_KEY })

Bottom line

  • SDK is server-side only
  • Figma extension = must use a backend proxy

Helpful Links

Dodo Payments Documentation
Validate License - Dodo Payments Documentation

This endpoint allows you to validate a license for the user.