Hi,

First, thanks this is an awesome app, I use it every day!

I was looking to try and integrate with the API, this is harder than most web APIs, you can't just send of a curl request, as:

1. all the API data needs to be decrypted locally. (via AES?, does the key come from the user's password?)
2. lots of the data is sent over websockets

Looking at this application, it looks like most of the API work is done under utils/api/*, with utils/api/stream.js for the websocket data.

Given the above, I was wondering if you would consider moving this logic to a NPM package, that this application could then use and other external tools (and maybe the android app too!) could also use.

The reason I ask is I would like to make a command line TUI and not having to redo the decryption and notification logic would be great, particularly if this ever changes in the future.

Yes - all encryption is does locally. This is on purpose - while it's more difficult ot integrate, it protects your data. We have zero-knowledge storage as PulseSMS is unable to decrypt your keys.

We abstract all of our APIs, as you said, in the utils/api/ directories and our websockets (which are not strictly necessary for API use, but is helpful for realtime updates) under utils/api/stream.js

The missing link you want is likely in utils/crypto.js which handles all the encryption. Keys are generated on your phone and stored in firebase - your password & account_id are a part of your key and complete the security loop. These can be retrieved via the api.

(Note: this isn't the best security, but it's good enough for text messages)

My recommendation is to watch the network requests when you login - that's where the keys are distributed and your account is locally unlocked.

Let me know if you have questions - I'll leave this issue open.

With all that said, I have no plans to move any logic here into an NPM package - but I encourage you to do so. The licensing here is pretty permissive, so you should be fine to do what you need to.