TDM Protocol

Stable wire contract for TDM SDKs, gateway clients, and protocol-first integrations

Public DTOs, schemas, headers, and payment-required response shapes

Documentation • API Reference • GitHub • X/Twitter

████████╗ ██████╗  ███╗   ███╗
╚══██╔══╝ ██╔══██╗ ████╗ ████║
   ██║    ██║  ██║ ██╔████╔██║
   ██║    ██║  ██║ ██║╚██╔╝██║
   ██║    ██████╔╝ ██║ ╚═╝ ██║
   ╚═╝    ╚═════╝  ╚═╝     ╚═╝

TDM Protocol [OPEN CONTRACT]
DTOs + Schemas + Headers
Mode: protocol-first | Docs: todealmarket.com/docs

---

What Is TDM Protocol?

tdm-protocol is the stable public contract layer between:

• public SDKs and integrations
• the live TDM gateway
• private payment and treasury implementation

The goal is simple:

• keep the outside contract open and stable
• keep control-plane internals private

What It Includes

• POST /authorize request and response shapes
• checkout request and status DTOs
• session tank and delegated-session DTOs
• payout request and payout-wallet DTOs
• payment-required response body shape for framework integrations
• shared X-TDM-* payment-required response headers
• zod schemas for request/response validation
• gateway URL and API-path validation helpers

Install

npm install tdm-protocol

Validate An Authorize Payload

import {
  AuthorizePaymentRequestSchema,
  AuthorizationResponseSchema,
} from "tdm-protocol";

const request = AuthorizePaymentRequestSchema.parse({
  requestId: "req_demo_1",
  tokenOrUuid: "demo-user",
  operation: "demo:authorize",
  priceUsd: "0.05",
});

const response = AuthorizationResponseSchema.parse({
  allowed: true,
  authorizationId: "auth_demo_1",
  charged: true,
});

console.log(request, response);

Use Shared Payment-Required Headers

import { TDM_PAYMENT_REQUIRED_HEADERS } from "tdm-protocol";

const headers = new Headers({
  [TDM_PAYMENT_REQUIRED_HEADERS.paymentRequired]: "1",
  [TDM_PAYMENT_REQUIRED_HEADERS.operation]: "demo:route",
  [TDM_PAYMENT_REQUIRED_HEADERS.checkoutUrl]:
    "https://tdm.todealmarket.com/checkout/res_demo_123",
});

console.log(headers);

Mental Model

Use the split below:

• tdm-protocol: what the outside world can rely on
• tdm-sdk: ergonomic wrappers around that contract
• private gateway / treasury repos: how TDM actually decides, settles, audits, and recovers

That means:

• protocol-first integrations should depend on tdm-protocol
• JavaScript developer UX should usually depend on tdm-sdk
• private control-plane code should stay outside the public contract layer

Current Public Contract Areas

• authorize
• checkout
• session tanks
• payout DTOs and wallet status
• payment options
• bridge metadata
• payment-required response metadata
• API response envelope helpers

Where This Is Used

The public SDK reads these definitions directly for:

• gateway request validation
• authorize clients
• checkout clients
• session tank clients
• framework-mode payment-required responses

Boundary Rule

If a field or payload is visible to third-party developers, docs, or examples, it belongs in tdm-protocol.

If a module exists to:

• operate treasury
• enforce private payout policy
• inspect internal runtime state
• support internal telemetry or audits
• back unfinished dashboards or operator-only tooling

it does not belong in tdm-protocol.