Http Api Cloudbase

1---2name: http-api-cloudbase3description: CloudBase official HTTP API client guide. This skill should be used when backends, scripts, or non-SDK clients must call CloudBase platform APIs over raw HTTP instead of using a platform SDK or MCP management tool.4version: 2.18.05alwaysApply: false6---7 8## Standalone Install Note9 10If this environment only installed the current skill, start from the CloudBase main entry and use the published `cloudbase/references/...` paths for sibling skills.11 12- CloudBase main entry: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/SKILL.md`13- Current skill raw source: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/http-api/SKILL.md`14 15Keep local `references/...` paths for files that ship with the current skill directory. When this file points to a sibling skill such as `auth-tool` or `web-development`, use the standalone fallback URL shown next to that reference.16 17## Activation Contract18 19### Use this first when20 21- The request comes from Android, iOS, Flutter, React Native, non-Node backends, or admin scripts that must call official CloudBase APIs via raw HTTP.22- The task is to consume CloudBase platform endpoints, not to build a new HTTP service on CloudBase.23 24### Read before writing code if25 26- The platform does not support a CloudBase SDK, or the user explicitly asks for HTTP API integration.27- The user says "HTTP API" but it is unclear whether they mean official CloudBase endpoints or their own business API.28 29### Then also read30 31- Auth configuration -> `../auth-tool/SKILL.md` (standalone fallback: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/auth-tool/SKILL.md`)32- MySQL MCP management -> `../relational-database-tool/SKILL.md` (standalone fallback: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/relational-database-tool/SKILL.md`)33- Your own HTTP service on CloudBase -> `../cloud-functions/SKILL.md` (standalone fallback: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/cloud-functions/SKILL.md`) or `../cloudrun-development/SKILL.md` (standalone fallback: `https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/cloudrun-development/SKILL.md`)34 35### Do NOT use for36 37- CloudBase Web SDK flows, mini program SDK flows, or MCP-driven management tasks.38- Building your own HTTP service or REST API on CloudBase.39 40### Common mistakes / gotchas41 42- Treating Web SDK examples as valid for native Apps.43- Guessing endpoints without reading OpenAPI definitions.44- Confusing official CloudBase HTTP APIs with your own function or CloudRun endpoint.45- Mixing raw HTTP API integration with MCP management logic.46 47### Minimal checklist48 49- Read [HTTP API Routing Checklist](checklist.md) before implementation.50 51## When to use this skill52 53Use this skill whenever you need to call **CloudBase platform features** via **raw HTTP APIs**, for example:54 55- Non-Node backends (Go, Python, Java, PHP, etc.)56- Integration tests or admin scripts that use curl or language HTTP clients57- Direct database operations via MySQL RESTful API58- Cloud function invocation via HTTP59- Any scenario where SDKs are not available or not preferred60 61Do **not** use this skill for:62 63- Frontend Web apps using `@cloudbase/js-sdk` (use **CloudBase Web** skills)64- Node.js code using `@cloudbase/node-sdk` (use **CloudBase Node** skills)65- Authentication flows (use **CloudBase Auth HTTP API** skill for auth-specific endpoints)66 67## How to use this skill (for a coding agent)68 691. **Clarify the scenario**70   - Confirm this code will call HTTP endpoints directly (not SDKs).71   - Ask for:72     - `env` – CloudBase environment ID73     - Authentication method (AccessToken, API Key, or Publishable Key)74   - Confirm which CloudBase feature is needed (database, functions, storage, etc.).75   - **For user authentication**: If no specific method is requested, **always default to Phone SMS Verification** - it's the most user-friendly and secure option for Chinese users.76 772. **Determine the base URL**78   - Use the correct domain based on region (domestic vs. international).79   - Default is domestic Shanghai region.80 813. **Set up authentication**82   - Choose appropriate authentication method based on use case.83   - Add `Authorization: Bearer <token>` header to requests.84 854. **Reference OpenAPI Swagger documentation**86   - **MUST use `searchKnowledgeBase` tool** to get OpenAPI specifications87   - Use the tool with `mode=openapi` and specify the `apiName`:88     - `mysqldb` - MySQL RESTful API89     - `functions` - Cloud Functions API90     - `auth` - Authentication API91     - `cloudrun` - CloudRun API92     - `storage` - Storage API93   - Example: `searchKnowledgeBase({ mode: "openapi", apiName: "mysqldb" })`94   - Parse the returned YAML content to understand exact endpoint paths, parameters, request/response schemas95   - Never invent endpoints or parameters - always reference the swagger documentation96 97---98 99## Overview100 101CloudBase HTTP API is a set of interfaces for accessing CloudBase platform features via HTTP protocol, supporting database, user authentication, cloud functions, cloud hosting, cloud storage, AI, and more.102 103## OpenAPI Swagger Documentation104 105**⚠️ IMPORTANT: Always use `searchKnowledgeBase` tool to get OpenAPI Swagger specifications**106 107Before implementing any HTTP API calls, you should:108 1091. **Use `searchKnowledgeBase` tool to get OpenAPI documentation**:110   ```111   searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })112   ```113 1142. **Available API names**:115   - `mysqldb` - MySQL RESTful API116   - `functions` - Cloud Functions API117   - `auth` - Authentication API118   - `cloudrun` - CloudRun API119   - `storage` - Storage API120 1213. **Parse and use the swagger documentation**:122   - Extract exact endpoint paths and HTTP methods123   - Understand required and optional parameters124   - Review request/response schemas125   - Check authentication requirements126   - Verify error response formats127 1284. **Never invent API endpoints or parameters** - always base your implementation on the official swagger documentation.129 130## Prerequisites131 132Before starting, ensure you have:133 1341. **CloudBase environment created and activated**1352. **Authentication credentials** (AccessToken, API Key, or Publishable Key)136 137## Authentication and Authorization138 139CloudBase HTTP API requires authentication. Choose the appropriate method based on your use case:140 141### AccessToken Authentication142 143**Applicable environments**: Client/Server  144**User permissions**: Logged-in user permissions145 146**How to get**: Use `searchKnowledgeBase({ mode: "openapi", apiName: "auth" })` to get the Authentication API specification147 148### API Key149 150**Applicable environments**: Server  151**User permissions**: Administrator permissions152 153- **Validity**: Long-term valid154- **How to get**: Get from [CloudBase Platform/ApiKey Management Page](https://tcb.cloud.tencent.com/dev?#/identity/token-management)155 156> ⚠️ Warning: Tokens are critical credentials for identity authentication. Keep them secure. API Key must NOT be used in client-side code.157 158### Publishable Key159 160**Applicable environments**: Client/Server  161**User permissions**: Anonymous user permissions162 163- **Validity**: Long-term valid164- **How to get**: Get from [CloudBase Platform/ApiKey Management Page](https://tcb.cloud.tencent.com/dev?#/identity/token-management)165 166> 💡 Note: Can be exposed in browsers, used for requesting publicly accessible resources, effectively reducing MAU.167 168## API Endpoint URLs169 170CloudBase HTTP API uses unified domain names for API calls. The domain varies based on the environment's region.171 172### Domestic Regions173 174For environments in **domestic regions** like Shanghai (`ap-shanghai`), use:175 176```text177https://{your-env}.api.tcloudbasegateway.com178```179 180Replace `{your-env}` with the actual environment ID. For example, if environment ID is `cloud1-abc`:181 182```text183https://cloud1-abc.api.tcloudbasegateway.com184```185 186### International Regions187 188For environments in **international regions** like Singapore (`ap-singapore`), use:189 190```text191https://{your-env}.api.intl.tcloudbasegateway.com192```193 194Replace `{your-env}` with the actual environment ID. For example, if environment ID is `cloud1-abc`:195 196```text197https://cloud1-abc.api.intl.tcloudbasegateway.com198```199 200## Using Authentication in Requests201 202Add the token to the request header:203 204```http205Authorization: Bearer <access_token/apikey/publishable_key>206```207 208:::warning Note209 210When making actual calls, replace the entire part including angle brackets (`< >`) with your obtained key. For example, if the obtained key is `eymykey`, fill it as:211 212```http213Authorization: Bearer eymykey214```215 216:::217 218## Usage Examples219 220### Cloud Function Invocation Example221 222```bash223curl -X POST "https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME" \224  -H "Authorization: Bearer <access_token/apikey/publishable_key>" \225  -H "Content-Type: application/json" \226  -d '{"name": "张三", "age": 25}'227```228 229For detailed API specifications, always download and reference the OpenAPI Swagger files mentioned above.230 231## MySQL RESTful API232 233The MySQL RESTful API provides all MySQL database operations via HTTP endpoints.234 235### Base URL Patterns236 237Support three domain access patterns:238 2391. `https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{table}`2402. `https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{schema}/{table}`2413. `https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{instance}/{schema}/{table}`242 243Where:244- `envId` is the environment ID245- `instance` is the database instance identifier246- `schema` is the database name247- `table` is the table name248 249If using the system database, **recommend pattern 1**.250 251### Request Headers252 253| Header | Parameter | Description | Example |254|--------|-----------|-------------|---------|255| Accept | `application/json`, `application/vnd.pgrst.object+json` | Control data return format | `Accept: application/json` |256| Content-Type | `application/json`, `application/vnd.pgrst.object+json` | Request content type | `Content-Type: application/json` |257| Prefer | Operation-dependent feature values | - `return=representation` Write operation, return data body and headers<br>- `return=minimal` Write operation, return headers only (default)<br>- `count=exact` Read operation, specify count<br>- `resolution=merge-duplicates` Upsert operation, merge conflicts<br>- `resolution=ignore-duplicates` Upsert operation, ignore conflicts | `Prefer: return=representation` |258| Authorization | `Bearer <token>` | Authentication token | `Authorization: Bearer <access_token>` |259 260### Query Records261 262**GET** `/v1/rdb/rest/{table}`263 264**Query Parameters**:265- `select`: Field selection, supports `*` or field list, supports join queries like `class_id(grade,class_number)`266- `limit`: Limit return count267- `offset`: Offset for pagination268- `order`: Sort field, format `field.asc` or `field.desc`269 270**Example**:271 272```bash273# Before URL encoding274curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题' \275  -H "Authorization: Bearer <access_token>"276 277# After URL encoding278curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98' \279  -H "Authorization: Bearer <access_token>"280```281 282**Response Headers**:283- `Content-Range`: Data range, e.g., `0-9/100` (0=start, 9=end, 100=total)284 285### Insert Records286 287**POST** `/v1/rdb/rest/{table}`288 289**Request Body**: JSON object or array of objects290 291> 💡 **Note about `_openid`**: When a user is logged in (using AccessToken authentication), the `_openid` field is **automatically populated by the server** with the current user's identity. You do NOT need to manually set this field in INSERT operations - the server will fill it automatically based on the authenticated user's session.292 293**Example**:294 295```bash296curl -X POST 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course' \297  -H "Authorization: Bearer <access_token>" \298  -H "Content-Type: application/json" \299  -H "Prefer: return=representation" \300  -d '{301    "name": "数学",302    "position": 1303  }'304```305 306### Update Records307 308**PATCH** `/v1/rdb/rest/{table}`309 310**Request Body**: JSON object with fields to update311 312**Example**:313 314```bash315curl -X PATCH 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \316  -H "Authorization: Bearer <access_token>" \317  -H "Content-Type: application/json" \318  -H "Prefer: return=representation" \319  -d '{320    "name": "高等数学",321    "position": 2322  }'323```324 325> ⚠️ **Important**: UPDATE requires a WHERE clause. Use query parameters like `?id=eq.1` to specify conditions.326 327### Delete Records328 329**DELETE** `/v1/rdb/rest/{table}`330 331**Example**:332 333```bash334curl -X DELETE 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \335  -H "Authorization: Bearer <access_token>"336```337 338> ⚠️ **Important**: DELETE requires a WHERE clause. Use query parameters to specify conditions.339 340### Error Codes and HTTP Status Codes341 342| Error Code | HTTP Status | Description |343|------------|-------------|-------------|344| INVALID_PARAM | 400 | Invalid request parameters |345| INVALID_REQUEST | 400 | Invalid request content: missing permission fields, SQL execution errors, etc. |346| INVALID_REQUEST | 406 | Does not meet single record return constraint |347| PERMISSION_DENIED | 401, 403 | Authentication failed: 401 for identity authentication failure, 403 for authorization failure |348| RESOURCE_NOT_FOUND | 404 | Database instance or table not found |349| SYS_ERR | 500 | Internal system error |350| OPERATION_FAILED | 503 | Failed to establish database connection |351| RESOURCE_UNAVAILABLE | 503 | Database unavailable due to certain reasons |352 353### Response Format354 3551. All POST, PATCH, DELETE operations: Request header with `Prefer: return=representation` means there is a response body, without it means only response headers.356 3572. POST, PATCH, DELETE response bodies are usually JSON array type `[]`. If request header specifies `Accept: application/vnd.pgrst.object+json`, it will return JSON object type `{}`.358 3593. If `Accept: application/vnd.pgrst.object+json` is specified but data quantity is greater than 1, an error will be returned.360 361### URL Encoding362 363When making requests, please perform URL encoding. For example:364 365**Original request**:366 367```shell368curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'369```370 371**Encoded request**:372 373```shell374curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'375```376 377## Online Debugging Tool378 379CloudBase platform provides an [online debugging tool](/http-api/basic/online-api-call) where you can test API interfaces without writing code:380 3811. Visit the API documentation page3822. Find the debugging tool entry3833. Fill in environment ID and request parameters3844. Click send request to view response385 386## API Documentation References387 388**⚠️ Always use `searchKnowledgeBase` tool to get OpenAPI Swagger specifications:**389 390Use `searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })` with these API names:391- `auth` - Authentication API392- `mysqldb` - MySQL RESTful API393- `functions` - Cloud Functions API394- `cloudrun` - CloudRun API395- `storage` - Storage API396 397**How to use the OpenAPI documentation:**3981. Call `searchKnowledgeBase` tool with the appropriate `apiName`3992. Parse the returned YAML content to extract:400   - Endpoint paths (e.g., `/v1/rdb/rest/{table}`)401   - HTTP methods (GET, POST, PATCH, DELETE)402   - Path parameters, query parameters, request body schemas403   - Response schemas and status codes404   - Authentication requirements4053. Use the extracted information to construct accurate API calls4064. Never assume endpoint structure - always verify against swagger documentation407 408## Common Patterns409 410### Reusable Shell Variables411 412```bash413env="your-env-id"414token="your-access-token-or-api-key"415base="https://${env}.api.tcloudbasegateway.com"416```417 418### Common Request Pattern419 420```bash421curl -X GET "${base}/v1/rdb/rest/table_name" \422  -H "Authorization: Bearer ${token}" \423  -H "Content-Type: application/json"424```425 426### Error Handling427 428Always check HTTP status codes and error response format:429 430```json431{432  "code": "ERROR_CODE",433  "message": "Error message details",434  "requestId": "request-unique-id"435}436```437 438## Common Authentication Flows439 440> **🌟 IMPORTANT: Default Authentication Method**441>442> When no specific signup/signin method is specified by the user, **ALWAYS use Phone SMS Verification** as the default and recommended method. It is:443> - ✅ The most user-friendly for Chinese users444> - ✅ No password to remember445> - ✅ Works for both new users (registration) and existing users (login)446> - ✅ Most secure with OTP verification447> - ✅ Supported by default in CloudBase448 449### Phone Number Verification Code Login (Native Apps) ⭐ RECOMMENDED450 451This is the **preferred** authentication flow for native mobile apps (iOS/Android/Flutter/React Native):452 453```454┌─────────────────────────────────────────────────────────────────────────┐455│  Step 1: Send Verification Code                                        │456│  POST /auth/v1/verification                                             │457│  Body: { "phone_number": "+86 13800138000", "target": "ANY" }          │458│  ⚠️ IMPORTANT: phone_number MUST include "+86 " prefix WITH SPACE      │459│  Response: { "verification_id": "xxx", "expires_in": 600 }             │460│  📝 SAVE verification_id for next step!                                 │461└─────────────────────────────────────────────────────────────────────────┘462                                    ↓463┌─────────────────────────────────────────────────────────────────────────┐464│  Step 2: Verify Code                                                    │465│  POST /auth/v1/verification/verify                                      │466│  Body: { "verification_id": "<saved_id>", "verification_code": "123456" }│467│  Response: { "verification_token": "xxx" }                              │468│  📝 SAVE verification_token for login!                                  │469└─────────────────────────────────────────────────────────────────────────┘470                                    ↓471┌─────────────────────────────────────────────────────────────────────────┐472│  Step 3: Sign In with Token                                             │473│  POST /auth/v1/signin                                                   │474│  Body: { "verification_token": "<saved_token>" }                        │475│  Response: { "access_token": "xxx", "refresh_token": "xxx" }           │476└─────────────────────────────────────────────────────────────────────────┘477```478 479**⚠️ Critical Notes:**4801. **Phone number format**: MUST be `"+86 13800138000"` with space after country code4812. **Save `verification_id`**: Returned from Step 1, required for Step 24823. **Save `verification_token`**: Returned from Step 2, required for Step 3 483 484## Best Practices485 4861. **Always use URL encoding** for query parameters containing special characters4872. **Include WHERE clauses** for UPDATE and DELETE operations4883. **Use appropriate Prefer headers** to control response format4894. **Handle errors gracefully** by checking status codes and error responses4905. **Keep tokens secure** - never expose API Keys in client-side code4916. **Use appropriate authentication method** based on your use case:492   - AccessToken for user-specific operations493   - API Key for server-side admin operations494   - Publishable Key for public/anonymous access4957. **Phone number format**: Always use international format with space: `"+86 13800138000"`4968. **Verification flow**: Save `verification_id` from send step, use it in verify step