README

Invitation infrastructure for modern apps

Vortex handles the complete invitation lifecycle — sending invites via email/SMS/share links, tracking clicks and conversions, managing referral programs, and optimizing your invitation flows with A/B testing. Learn more about Vortex →

Why This SDK?

This backend SDK securely signs user data for Vortex components. Your API key stays on your server, while the signed token is passed to the frontend where Vortex components render the invitation UI.

• Keep your API key secure — it never touches the browser
• Sign user identity for attribution — know who sent each invitation
• Control what data components can access via scoped tokens
• Verify webhook signatures for secure event handling

How It Works

Vortex uses a split architecture: your backend signs tokens with the SDK, and your frontend renders components that use those tokens to securely interact with Vortex.

┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   Your Server   │     │  User Browser   │     │  Vortex Cloud   │
│    (this SDK)   │     │   (component)   │     │                 │
└────────┬────────┘     └────────┬────────┘     └────────┬────────┘
         │                       │                       │
         │  1. generateToken()   │                       │
         │◄──────────────────────│                       │
         │                       │                       │
         │  2. Return token      │                       │
         │──────────────────────►│                       │
         │                       │                       │
         │                       │  3. Component calls   │
         │                       │     API with token    │
         │                       │──────────────────────►│
         │                       │                       │
         │                       │  4. Render UI,        │
         │                       │     send invitations  │
         │                       │◄──────────────────────│
         │                       │                       │

Integration Flow

1. Install the backend SDK [backend]

Add this SDK to your PHP project

composer require teamvortexsoftware/vortex-php-sdk

2. Initialize the client [backend]

Create a Vortex client with your API key (keep this on the server!)

<?php
use TeamVortexSoftware\VortexSDK\VortexClient;

$client = new VortexClient(getenv('VORTEX_API_KEY'));

3. Generate a token for the current user [backend]

When a user loads a page with a Vortex component, generate a signed token on your server

$token = $client->generateToken([
    'user' => ['id' => $currentUser->id]
]);

4. Pass the token to your frontend [backend]

Include the token in your page response or API response

return response()->json(['vortexToken' => $token]);

5. Render a Vortex component with the token [frontend]

Use the React/Angular/Web Component with the token

import { VortexInvite } from "@teamvortexsoftware/vortex-react";

<VortexInvite token={vortexToken} />

6. Vortex handles the rest [vortex]

The component securely communicates with Vortex servers, displays the invitation UI, sends emails/SMS, tracks conversions, and reports analytics

Security Model

⚠️ Important: Your Vortex API key is a secret that grants full access to your account. It must never be exposed to browsers or client-side code.

By signing tokens on your server, you:

• Keep your API key secret (it never leaves your server)
• Control exactly what user data is shared with components
• Ensure invitations are attributed to real, authenticated users
• Prevent abuse — users can only send invitations as themselves

When Signing is Optional

Token signing is controlled by your component configuration in the Vortex dashboard. If "Require Secure Token" is enabled, requests without a valid token will be rejected. If disabled (e.g., for public referral programs), components work without backend signing.

Quick Start

Generate a secure token for Vortex components

<?php
use TeamVortexSoftware\VortexSDK\VortexClient;

$client = new VortexClient(getenv('VORTEX_API_KEY'));

// Generate a token for the current user
$token = $client->generateToken([
    'user' => ['id' => 'user-123', 'email' => 'user@example.com']
]);

// Pass the token to your frontend component

Installation

composer require teamvortexsoftware/vortex-php-sdk

Initialization

$client = new VortexClient(getenv('VORTEX_API_KEY'));

Environment Variables

Core Methods

These are the methods you'll use most often.

generateToken()

Generate a signed token for use with Vortex widgets

Signature:

generateToken(array $payload, ?array $options = null): string

Parameters:

Returns: string — Signed JWT token

Example:

$vortex = new VortexClient($_ENV['VORTEX_API_KEY']);
$token = $vortex->generateToken(['user' => ['id' => 'user-123']]);
$token = $vortex->generateToken([
'component' => 'widget-abc',
'user' => ['id' => 'user-123', 'name' => 'Peter'],
'scope' => 'workspace_456',
'vars' => ['company_name' => 'Acme']
]);
$token = $vortex->generateToken(
['user' => ['id' => 'user-123']],
['expiresIn' => '1h']  // or 3600 for seconds
);
public function generateToken(array $payload, ?array $options = null): string

Added in v0.8.0

getInvitation()

Get a specific invitation by ID public function getInvitation(string $invitationId): array

Signature:

getInvitation(string $invitationId): array

Parameters:

Returns: array — The invitation data

Added in v0.1.0

acceptInvitation()

Accept a single invitation (recommended method) This is the recommended method for accepting invitations.

Signature:

acceptInvitation(string $invitationId, array $user): array

Parameters:

Returns: array — The accepted invitation result

Example:

$user = ['email' => 'user@example.com', 'name' => 'John Doe'];
$result = $client->acceptInvitation('inv-123', $user);
public function acceptInvitation(string $invitationId, array $user): array

Added in v0.6.0

All Methods

getInvitationsByTarget(string $targetType, string $targetValue): array

revokeInvitation(string $invitationId): array

acceptInvitations(array $invitationIds, array $userOrTarget): array

$user = ['email' => 'user@example.com', 'name' => 'John Doe'];
$result = $client->acceptInvitations(['inv-123'], $user);
$target = ['type' => 'email', 'value' => 'user@example.com'];
$result = $client->acceptInvitations(['inv-123'], $target);
public function acceptInvitations(array $invitationIds, array $userOrTarget): array

deleteInvitationsByScope(string $scopeType, string $scope): array

getInvitationsByScope(string $scopeType, string $scope): array

reinvite(string $invitationId): array

getAutojoinDomains(string $scopeType, string $scope): array

$result = $client->getAutojoinDomains('organization', 'acme-org');
foreach ($result['autojoinDomains'] as $domain) {
echo "Domain: " . $domain['domain'] . "\n";
}
public function getAutojoinDomains(string $scopeType, string $scope): array

configureAutojoin(
        string $scope,
        string $scopeType,
        array $domains,
        string $componentId,
        ?string $scopeName = null,
        ?array $metadata = null
    ): array

$result = $client->configureAutojoin(
'acme-org',
'organization',
['acme.com', 'acme.org'],
'component-123',
'Acme Corporation'
);
public function configureAutojoin(
string $scope,
string $scopeType,
array $domains,
string $componentId,
?string $scopeName = null,
?array $metadata = null
): array

Types

Webhooks

Webhooks let your server receive real-time notifications when events happen in Vortex. Use them to sync invitation state with your database, trigger onboarding flows, update your CRM, or send internal notifications.

Setup

1. Go to your Vortex dashboard → Integrations → Webhooks tab
2. Click "Add Webhook"
3. Enter your endpoint URL (must be HTTPS in production)
4. Copy the signing secret — you'll use this to verify webhook signatures
5. Select which events you want to receive

Verifying Webhooks

Always verify webhook signatures using VortexWebhooks::verifySignature() to ensure requests are from Vortex. The signature is sent in the X-Vortex-Signature header.

Example: Laravel webhook handler

<?php
use TeamVortexSoftware\VortexSDK\VortexWebhooks;
use Illuminate\Http\Request;

class WebhookController extends Controller
{
    public function handleVortex(Request $request)
    {
        $webhooks = new VortexWebhooks(env('VORTEX_WEBHOOK_SECRET'));

        $payload = $request->getContent();
        $signature = $request->header('X-Vortex-Signature');

        // Verify the signature
        if (!$webhooks->verifySignature($payload, $signature)) {
            return response()->json(['error' => 'Invalid signature'], 400);
        }

        // Parse the event
        $event = $webhooks->parseEvent($payload);

        switch ($event['type']) {
            case 'invitation.accepted':
                // User accepted an invitation — activate their account
                Log::info('Accepted: ' . json_encode($event['data']));
                break;
            case 'member.created':
                // New member joined via invitation
                Log::info('New member: ' . json_encode($event['data']));
                break;
        }

        return response()->json(['received' => true]);
    }
}

Common Use Cases

Activate users on acceptance

When invitation.accepted fires, mark the user as active in your database and trigger your onboarding flow.

Track invitation performance

Monitor email.delivered, email.opened, and link.clicked events to measure invitation funnel metrics.

Sync team membership

Use member.created and group.member.added to keep your internal membership records in sync.

Alert on delivery issues

Watch for email.bounced events to proactively reach out via alternative channels.

Supported Events

Error Handling

All SDK errors extend Exception.