AuthKit bug

Hi Pica Support Team,

I'm integrating AuthKit into a Next.js App Router project and discovered a critical bug in the @picahq/authkit-token npm package (I am using the latest version).

The AuthKitToken.create() method is not generating a token string. Instead, it is returning a paginated JSON response containing my workspace's available integrations, which silently breaks the frontend useAuthKit React component because it fails to receive a valid token string.

I inspected the compiled source code of the SDK inside

node_modules/@picahq/authkit-token/dist/src/apis/link.api.jsand found the root cause:

The createEventLinkTokenApi function makes a POST request to /v1/authkit (which seems to be the endpoint to fetch configured workspace integrations) instead of an endpoint to mint a new token. It even paginates the response and returns an array called rows.

javascript

// From your node_modules/@picahq/authkit-token/dist/src/apis/link.api.js

const fetchAuthkitPage = async (page, pageLimit) => {

// BUG: This endpoint returns a list of configured apps, not a token

const response = await axios_1.default.post(`${url}/v1/authkit?limit=${pageLimit}&page=${page}`, payload || {}, { headers });

return response.data;

};

Workaround Used: We have bypassed the npm package entirely and are successfully generating tokens using a manual fetch to https://api.picaos.com/v1/authkit/tokens, which works perfectly and correctly returns the { token: "..." } payload.

Could you please have the engineering team update the Node.js SDK to hit the correct token generation endpoint (/v1/authkit/tokens) instead of the workspace config endpoint?

Thank you,