update client docs for baas use

Author: wixysam

README.md

@@ -1,6 +1,21 @@
 # Base44 JavaScript SDK
 
-The Base44 SDK provides a JavaScript interface for building apps on the Base44 platform. When Base44 generates your app, the generated code uses the SDK to authenticate users, manage your app's data, interact with AI agents, and more. You can then use the same SDK to modify and extend your app.
+The Base44 SDK provides a JavaScript interface for building apps on the Base44 platform. 
+
+You can use it in two ways:
+
+- **Inside Base44 apps**: When Base44 generates your app, the SDK is already set up and ready to use.
+- **External apps**: Use the SDK to build your own frontend or backend that uses Base44 as a backend service.
+
+## Installation
+
+Install the SDK via npm:
+
+```bash
+npm install @base44/sdk
+```
+
+> **Note**: In Base44-generated apps, the SDK is already installed for you.
 
 ## Modules
 
@@ -12,11 +27,15 @@ The SDK provides access to Base44's functionality through the following modules:
 - **[`connectors`](https://docs.base44.com/sdk-docs/interfaces/connectors)**: Manage OAuth connections and access tokens for third-party services.
 - **[`entities`](https://docs.base44.com/sdk-docs/interfaces/entities)**: Work with your app's data entities using CRUD operations.
 - **[`functions`](https://docs.base44.com/sdk-docs/interfaces/functions)**: Execute backend functions.
-- **[`integrations`](https://docs.base44.com/sdk-docs/type-aliases/integrations)**: Pre-built server-side functions for external services.
+- **[`integrations`](https://docs.base44.com/sdk-docs/type-aliases/integrations)**: Pre-built integrations for external services.
 
-## Example
+## Quick starts
 
-Here's a quick look at working with data in the SDK, using the `entities` module to create, update, and list records. In this example, we're working with a custom `Task` entity:
+How you get started depends on your context:
+
+### Inside a Base44 app
+
+In Base44-generated apps, the client is pre-configured. Just import and use it:
 
 ```typescript
 import { base44 } from "@/api/base44Client";
@@ -37,6 +56,45 @@ await base44.entities.Task.update(newTask.id, {
 const tasks = await base44.entities.Task.list();
 ```
 
+### External apps
+
+When using Base44 as a backend for your own app, create and configure the client yourself:
+
+```typescript
+import { createClient } from '@base44/sdk';
+
+// Create a client for your Base44 app
+const base44 = createClient({
+  appId: 'your-app-id'  // Find this in the Base44 editor URL
+});
+
+// Read public data (anonymous access)
+const products = await base44.entities.Products.list();
+
+// Authenticate a user (token is automatically set)
+await base44.auth.loginViaEmailPassword('user@example.com', 'password');
+
+// Now operations use the authenticated user's permissions
+const userOrders = await base44.entities.Orders.list();
+```
+
+### Service role
+
+For backend code that needs admin-level access, use the service role. Service role is only available in Base44-hosted backend functions:
+
+```typescript
+import { createClientFromRequest } from 'npm:@base44/sdk';
+
+Deno.serve(async (req) => {
+  const base44 = createClientFromRequest(req);
+
+  // Access all data with admin-level permissions
+  const allOrders = await base44.asServiceRole.entities.Orders.list();
+
+  return Response.json({ orders: allOrders });
+});
+```
+
 ## Learn more
 
 For complete documentation, guides, and API reference, visit the **[Base44 SDK Documentation](https://docs.base44.com/sdk-getting-started/overview)**.
@@ -45,13 +103,17 @@ For complete documentation, guides, and API reference, visit the **[Base44 SDK D
 
 ### Build the SDK
 
+Build the SDK from source:
+
 ```bash
 npm install
 npm run build
 ```
 
 ### Run tests
 
+Run the test suite:
+
 ```bash
 # Run all tests
 npm test
@@ -64,6 +126,7 @@ npm run test:coverage
 ```
 
 For E2E tests, create a `tests/.env` file with:
+
 ```
 BASE44_APP_ID=your_app_id
 BASE44_AUTH_TOKEN=your_auth_token

src/client.ts

@@ -25,12 +25,14 @@ export type { Base44Client, CreateClientConfig, CreateClientOptions };
  *
  * This is the main entry point for the Base44 SDK. It creates a client that provides access to the SDK's modules, such as {@linkcode EntitiesModule | entities}, {@linkcode AuthModule | auth}, and {@linkcode FunctionsModule | functions}.
  *
- * Typically, you don't need to call this function because Base44 creates the client for you. You can then import and use the client to make API calls. The client takes care of managing authentication for you.
+ * How you get a client depends on your context:
+ * - **Inside a Base44 app:** The client is automatically created and configured for you. Import it from `@/api/base44Client`.
+ * - **External app using Base44 as a backend:** Call `createClient()` directly in your code to create and configure the client.
  *
  * The client supports three authentication modes:
- * - **Anonymous**: Access modules anonymously without authentication using `base44.moduleName`. Operations are scoped to public data and permissions.
- * - **User authentication**: Access modules with user-level permissions using `base44.moduleName`. Operations are scoped to the authenticated user's data and permissions.
- * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations can access any data available to the app's admin. Can only be used in the backend. Typically, you create a client with service role authentication using the {@linkcode createClientFromRequest | createClientFromRequest()} function in your backend functions.
+ * - **Anonymous**: Access modules without authentication using `base44.moduleName`. Operations are scoped to public data and permissions.
+ * - **User authentication**: Access modules with user-level permissions using `base44.moduleName`. Operations are scoped to the authenticated user's data and permissions. Use `base44.auth.loginViaEmailPassword()` or other auth methods to get a token.
+ * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations can access any data available to the app's admin. Only available in Base44-hosted backend functions. Create a client with service role authentication using {@linkcode createClientFromRequest | createClientFromRequest()}.
  *
  * For example, when using the {@linkcode EntitiesModule | entities} module:
  * - **Anonymous**: Can only read public data.
@@ -265,7 +267,7 @@ export function createClient(config: CreateClientConfig): Base44Client {
     /**
      * Provides access to service role modules.
      *
-     * Service role authentication provides elevated permissions for server-side operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication has access to the data and operations available to the app's admin.
+     * Service role authentication provides elevated permissions for backend operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication has access to the data and operations available to the app's admin.
      *
      * @throws {Error} When accessed without providing a serviceToken during client creation.
      *
@@ -296,7 +298,9 @@ export function createClient(config: CreateClientConfig): Base44Client {
 /**
  * Creates a Base44 client from an HTTP request.
  *
- * The client is created by automatically extracting authentication tokens from a request to a backend function. Base44 inserts the necessary headers when forwarding requests to backend functions.
+ * This function is designed for use in Base44-hosted backend functions. For frontends and external backends, use {@linkcode createClient | createClient()} instead.
+ *
+ * When used in a Base44-hosted backend function, `createClientFromRequest()` automatically extracts authentication tokens from the request headers that Base44 injects when forwarding requests. The returned client includes service role access using `base44.asServiceRole`, which provides admin-level permissions.
  *
  * To learn more about the Base44 client, see {@linkcode createClient | createClient()}.
  *

src/client.types.ts

@@ -41,10 +41,13 @@ export interface CreateClientConfig {
   appId: string;
   /**
    * User authentication token. Used to authenticate as a specific user.
+   *
+   * Inside Base44 apps, the token is managed automatically. For external apps, use auth methods like {@linkcode AuthModule.loginViaEmailPassword | loginViaEmailPassword()} which set the token automatically.
    */
   token?: string;
   /**
-   * Service role authentication token. Use this in the backend when you need elevated permissions to access data available to the app's admin or perform admin operations. This token should be kept secret and never exposed in the app's frontend. Typically, you get this token from a request to a backend function using {@linkcode createClientFromRequest | createClientFromRequest()}.
+   * Service role authentication token. Provides elevated permissions to access data available to the app's admin. Only available in Base44-hosted backend functions. Automatically added to client's created using {@linkcode createClientFromRequest | createClientFromRequest()}.
+   * @internal
    */
   serviceToken?: string;
   /**