TencentCloudBase / auth-http-api-cloudbase

Install for your project team

Run this command in your project directory to install the skill for your entire team:

mkdir -p .claude/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d .claude/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path ".claude/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".claude/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Project Skills

This skill will be saved in .claude/skills/auth-http-api-cloudbase/ and checked into git. All team members will have access to it automatically.

Important: Please verify the skill by reviewing its instructions before using it.

Install skill for Codex

Run one of these commands to install the skill depending on your needs:

Project Local ($CWD/.codex/skills)

mkdir -p .codex/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d .codex/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path ".codex/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".codex/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

User Global (~/.codex/skills)

mkdir -p ~/.codex/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d ~/.codex/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path "$HOME/.codex/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.codex/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
REPO	`$CWD/.codex/skills`	Project directory. Teams can check in skills most relevant to a working folder here.
REPO	`$CWD/../.codex/skills`	A folder above CWD. Organizations can check in skills relevant to a shared area.
REPO	`$REPO_ROOT/.codex/skills`	Top-most root folder. Relevant to everyone using the repository.
USER	`$CODEX_HOME/skills`	Personal folder (`~/.codex/skills`). Curate skills that apply to any repository.

Install skill for GitHub Copilot

Run one of these commands to install the skill depending on your needs:

Project (.github/skills)

mkdir -p .github/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d .github/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path ".github/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".github/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Personal (~/.copilot/skills)

mkdir -p ~/.copilot/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d ~/.copilot/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path "$HOME/.copilot/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.copilot/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Project	`.github/skills/`	Repository-specific skills. Checked into git for the whole team.
Personal	`~/.copilot/skills/`	Personal skills available across all your projects.

Install skill for Google Antigravity

Run one of these commands to install the skill depending on your needs:

Workspace (.agent/skills)

mkdir -p .agent/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d .agent/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path ".agent/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".agent/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Global (~/.gemini/antigravity/skills)

mkdir -p ~/.gemini/antigravity/skills/auth-http-api-cloudbase && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/2905" && unzip -o skill.zip -d ~/.gemini/antigravity/skills/auth-http-api-cloudbase && rm skill.zip

New-Item -Path "$HOME/.gemini/antigravity/skills/auth-http-api-cloudbase" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/2905" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.gemini/antigravity/skills/auth-http-api-cloudbase" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Workspace	`.agent/skills/`	Workspace-specific skills for project workflows and conventions.
Global	`~/.gemini/antigravity/skills/`	Personal skills available across all workspaces.

Use when you need to implement CloudBase Auth v2 over raw HTTP endpoints (login/signup, tokens, user operations) from backends or scripts that are not using the Web or Node SDKs.

Security Coding

0 views

0 installs

Source: https://github.com/TencentCloudBase/awesome-cloudbase-examples/tree/master/miniprogram/cloudbase-ai-video/.claude/skills/auth-http-api

Skill Content

---
name: auth-http-api-cloudbase
description: Use when you need to implement CloudBase Auth v2 over raw HTTP endpoints (login/signup, tokens, user operations) from backends or scripts that are not using the Web or Node SDKs.
alwaysApply: false
---

## When to use this skill

Use this skill whenever you need to call **CloudBase Auth** via **raw HTTP APIs**, for example:

- Non-Node backends (Go, Python, Java, PHP, etc.)
- Integration tests or admin scripts that use curl or language HTTP clients
- Gateways or proxies that sit in front of CloudBase and manage tokens themselves

Do **not** use this skill for:

- Frontend Web login with `@cloudbase/js-sdk@2.x` (use **CloudBase Web Auth** skill)
- Node.js code that uses `@cloudbase/node-sdk` (use **CloudBase Node Auth** skill)
- Non-auth CloudBase features (database, storage, etc.)

## How to use this skill (for a coding agent)

1. **Clarify the scenario**
   - Confirm this code will call HTTP endpoints directly (not SDKs).
   - Ask for:
     - `env` – CloudBase environment ID
     - `clientId` / `clientSecret` – HTTP auth client credentials
   - Confirm whether the flow is login/sign-up, anonymous access, token management, or user operations.

2. **Set common variables once**
   - Use a shared set of shell variables for base URL and headers, then reuse them across scenarios.

3. **Pick a scenario from this file**
   - For login / sign-up, start with Scenarios 1–3.
   - For token lifecycle, use Scenarios 4–6.
   - For user info and profile changes, use Scenario 7.

4. **Never invent endpoints or fields**
   - Treat the URLs and JSON shapes in this file as canonical.
   - If you are unsure, consult the HTTP API docs under `/source-of-truth/auth/http-api/登录认证接口.info.mdx` and the specific `*.api.mdx` files.

## HTTP API basics

- **Base URL pattern**

  - `https://${env}.ap-shanghai.tcb-api.tencentcloudapi.com/auth/v1/...`

- **Common headers**

  - `x-device-id` – device or client identifier
  - `x-request-id` – unique request ID for tracing
  - `Authorization` – `Bearer <access_token>` for user endpoints
  - Or HTTP basic auth (`-u clientId:clientSecret`) for client-credential style endpoints

- **Reusable shell variables**

```bash
env="your-env-id"
deviceID="backend-service-1"
requestID="$(uuidgen || echo manual-request-id)"
clientId="your-client-id"
clientSecret="your-client-secret"
base="https://${env}.ap-shanghai.tcb-api.tencentcloudapi.com/auth/v1"
```

## Core concepts (HTTP perspective)

- CloudBase Auth uses **JWT access tokens** plus **refresh tokens**.
- HTTP login/sign-up endpoints usually return both `access_token` and `refresh_token`.
- Most user-management endpoints require `Authorization: Bearer ${accessToken}`.
- Verification flows (SMS/email) use separate `verification` endpoints before sign-up.

## Scenarios (flat list)

### Scenario 1: Sign-in with username/password

```bash
curl "${base}/signin" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{"username":"test@example.com","password":"your password"}'
```

- Use when the user already has a username (phone/email/username) and password.
- Response includes `access_token`, `refresh_token`, and user info.

### Scenario 2: SMS sign-up with verification code

1. **Send verification code**

```bash
curl "${base}/verification" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{"phone_number":"+86 13800000000"}'
```

2. **Verify code**

```bash
curl "${base}/verification/verify" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{"verification_code":"000000","verification_id":"<from previous step>"}'
```

3. **Sign up**

```bash
curl "${base}/signup" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{
    "phone_number":"+86 13800000000",
    "verification_code":"000000",
    "verification_token":"<from verify>",
    "name":"手机用户",
    "password":"password",
    "username":"username"
  }'
```

- Use this pattern for SMS or email-based registration; adapt fields per docs.

### Scenario 3: Anonymous login

```bash
curl "${base}/signin-anonymously" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{}'
```

- Returns tokens for an **anonymous user** that you can later upgrade via sign-up.

### Scenario 4: Exchange refresh token for new access token

```bash
curl "${base}/token" \
  -X POST \
  -H "x-device-id: ${deviceID}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{"grant_type":"refresh_token","refresh_token":"<refresh_token>"}'
```

- Use when the frontend or another service sends you a refresh token and you need a fresh access token.

### Scenario 5: Introspect and validate a token

```bash
curl "${base}/token/introspect?token=${accessToken}" \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}"
```

- Use for backend validation of tokens before trusting them.
- Response indicates whether the token is active and may include claims.

### Scenario 6: Revoke a token (logout)

```bash
curl "${base}/revoke" \
  -X POST \
  -H "x-request-id: ${requestID}" \
  -u "${clientId}:${clientSecret}" \
  --data-raw '{"token":"${accessToken}"}'
```

- Call when logging a user out from the backend or on security events.

### Scenario 7: Basic user operations (me, update password, delete)

```bash
# Get current user
curl "${base}/user/me" \
  -H "Authorization: Bearer ${accessToken}"

# Change password
curl "${base}/user/password" \
  -X PATCH \
  -H "Authorization: Bearer ${accessToken}" \
  --data-raw '{"old_password":"old","new_password":"new"}'
```

- Other endpoints:
  - `DELETE ${base}/user/me` – delete current user.
  - `${base}/user/providers` plus bind/unbind APIs – manage third-party accounts.
- Always secure these operations and log only minimal necessary data.

TencentCloudBase / auth-http-api-cloudbase

Install for your project team

Download skill

Enable skills in Claude

Upload to Claude

Install skill for Codex

Install skill for GitHub Copilot

Install skill for Google Antigravity

Skill Content