腾讯云 CloudBase HTTP API 使用指南 - 原生应用与后端集成方案

http-api-cloudbase by tencentcloudbase/skills

600 周安装量

41 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/tencentcloudbase/skills --skill http-api-cloudbase

开发云服务 API

🇨🇳中文介绍

激活契约

优先使用场景

请求来自 Android、iOS、Flutter、React Native、非 Node 后端或必须通过原始 HTTP 调用 CloudBase 的管理脚本。

编写代码前请阅读

平台不支持 CloudBase SDK，或用户明确要求进行 HTTP API 集成。

同时请阅读

认证配置 -> ../auth-tool/SKILL.md
MySQL MCP 管理 -> ../relational-database-tool/SKILL.md

请勿用于

CloudBase Web SDK 流程、小程序 SDK 流程或 MCP 驱动的管理任务。

常见错误 / 注意事项

将 Web SDK 示例视为适用于原生应用。
不阅读 OpenAPI 定义而猜测端点。
将原始 HTTP API 集成与 MCP 管理逻辑混用。

最低检查清单

在实施前阅读 HTTP API 路由检查清单。

何时使用此技能

当您需要通过原始 HTTP API 调用 CloudBase 平台功能时，请使用此技能，例如：

非 Node 后端（Go、Python、Java、PHP 等）

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

如何使用此技能（针对编码代理）

明确场景
- 确认此代码将直接调用 HTTP 端点（而非 SDK）。
- 询问：
  - env – CloudBase 环境 ID
  - 认证方法（AccessToken、API Key 或 Publishable Key）
- 确认需要哪个 CloudBase 功能（数据库、函数、存储等）。
- 对于用户认证：如果未指定具体方法，始终默认使用手机短信验证——这是对中国用户最友好且最安全的选择。
确定基础 URL
- 根据区域（国内 vs 国际）使用正确的域名。
- 默认为国内上海区域。
设置认证
- 根据用例选择合适的认证方法。
- 在请求中添加 Authorization: Bearer <token> 请求头。
参考 OpenAPI Swagger 文档
- 必须使用 searchKnowledgeBase 工具 获取 OpenAPI 规范
- 使用该工具时，设置 mode=openapi 并指定 apiName：
  - mysqldb – MySQL RESTful API
  - functions – 云函数 API
  - auth – 认证 API
  - cloudrun – CloudRun API
  - storage – 存储 API
- 示例：searchKnowledgeBase({ mode: "openapi", apiName: "mysqldb" })
- 解析返回的 YAML 内容以了解确切的端点路径、参数、请求/响应模式
- 切勿发明端点或参数 - 始终参考 swagger 文档

CloudBase HTTP API 是一组通过 HTTP 协议访问 CloudBase 平台功能的接口，支持数据库、用户认证、云函数、云托管、云存储、AI 等。

OpenAPI Swagger 文档

⚠️ 重要：始终使用 searchKnowledgeBase 工具获取 OpenAPI Swagger 规范

在实现任何 HTTP API 调用之前，您应该：

使用 searchKnowledgeBase 工具获取 OpenAPI 文档：

searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })
可用的 API 名称： * mysqldb – MySQL RESTful API * functions – 云函数 API * auth – 认证 API * cloudrun – CloudRun API * storage – 存储 API
解析并使用 swagger 文档： * 提取确切的端点路径和 HTTP 方法 * 了解必需和可选参数 * 查看请求/响应模式 * 检查认证要求 * 验证错误响应格式
切勿发明 API 端点或参数 - 始终基于官方的 swagger 文档进行实现。

开始之前，请确保您拥有：

已创建并激活的 CloudBase 环境
认证凭证（AccessToken、API Key 或 Publishable Key）

CloudBase HTTP API 需要认证。根据您的用例选择合适的认证方法：

适用环境：客户端/服务器端
用户权限：已登录用户权限

如何获取：使用 searchKnowledgeBase({ mode: "openapi", apiName: "auth" }) 获取认证 API 规范

适用环境：服务器端
用户权限：管理员权限

有效期：长期有效
如何获取：从 CloudBase 平台/ApiKey 管理页面获取

⚠️ 警告：Token 是身份认证的关键凭证。请妥善保管。API Key 不得在客户端代码中使用。

适用环境：客户端/服务器端
用户权限：匿名用户权限

有效期：长期有效
如何获取：从 CloudBase 平台/ApiKey 管理页面获取

💡 注意：可以在浏览器中公开，用于请求可公开访问的资源，有效降低 MAU。

CloudBase HTTP API 使用统一的域名进行 API 调用。域名根据环境的区域而异。

对于国内区域（如上海 ap-shanghai）的环境，使用：

https://{your-env}.api.tcloudbasegateway.com

将 {your-env} 替换为实际的环境 ID。例如，如果环境 ID 是 cloud1-abc：

https://cloud1-abc.api.tcloudbasegateway.com

对于国际区域（如新加坡 ap-singapore）的环境，使用：

https://{your-env}.api.intl.tcloudbasegateway.com

将 {your-env} 替换为实际的环境 ID。例如，如果环境 ID 是 cloud1-abc：

https://cloud1-abc.api.intl.tcloudbasegateway.com

在请求中使用认证

将 token 添加到请求头中：

Authorization: Bearer <access_token/apikey/publishable_key>

在进行实际调用时，请将包括尖括号（< >）在内的整个部分替换为您获取到的密钥。例如，如果获取到的密钥是 eymykey，则填写为：

Authorization: Bearer eymykey

云函数调用示例

curl -X POST "https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME" \
  -H "Authorization: Bearer <access_token/apikey/publishable_key>" \
  -H "Content-Type: application/json" \
  -d '{"name": "张三", "age": 25}'

关于详细的 API 规范，请始终下载并参考上述提到的 OpenAPI Swagger 文件。

MySQL RESTful API 通过 HTTP 端点提供所有 MySQL 数据库操作。

支持三种域名访问模式：

https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{table}
https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{schema}/{table}
https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{instance}/{schema}/{table}

envId 是环境 ID
instance 是数据库实例标识符
schema 是数据库名称
table 是表名

如果使用系统数据库，推荐模式 1。

请求头	参数	描述	示例
Accept	`application/json`, `application/vnd.pgrst.object+json`	控制数据返回格式	`Accept: application/json`
Content-Type	`application/json`, `application/vnd.pgrst.object+json`	请求内容类型	`Content-Type: application/json`
Prefer	与操作相关的特性值	- `return=representation` 写操作，返回数据体和头部<br>- `return=minimal` 写操作，仅返回头部（默认）<br>- `count=exact` 读操作，指定计数<br>- `resolution=merge-duplicates` Upsert 操作，合并冲突<br>- `resolution=ignore-duplicates` Upsert 操作，忽略冲突	`Prefer: return=representation`
Authorization	`Bearer <token>`	认证 token	`Authorization: Bearer <access_token>`

GET /v1/rdb/rest/{table}

select: 字段选择，支持 * 或字段列表，支持类似 class_id(grade,class_number) 的连接查询
limit: 限制返回数量
offset: 分页偏移量
order: 排序字段，格式 field.asc 或 field.desc

# URL 编码前
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题' \
  -H "Authorization: Bearer <access_token>"

# URL 编码后
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98' \
  -H "Authorization: Bearer <access_token>"

Content-Range: 数据范围，例如 0-9/100（0=起始，9=结束，100=总数）

POST /v1/rdb/rest/{table}

请求体：JSON 对象或对象数组

💡 关于 _openid 的注意事项：当用户已登录（使用 AccessToken 认证）时，_openid 字段由服务器自动填充为当前用户的身份。在 INSERT 操作中，您无需手动设置此字段 - 服务器将根据已认证用户的会话自动填充。

curl -X POST 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "数学",
    "position": 1
  }'

PATCH /v1/rdb/rest/{table}

请求体：包含要更新字段的 JSON 对象

curl -X PATCH 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "高等数学",
    "position": 2
  }'

⚠️ 重要：UPDATE 操作需要 WHERE 子句。使用类似 ?id=eq.1 的查询参数来指定条件。

DELETE /v1/rdb/rest/{table}

curl -X DELETE 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>"

⚠️ 重要：DELETE 操作需要 WHERE 子句。使用查询参数来指定条件。

错误码与 HTTP 状态码

错误码	HTTP 状态	描述
INVALID_PARAM	400	无效的请求参数
INVALID_REQUEST	400	无效的请求内容：缺少权限字段、SQL 执行错误等
INVALID_REQUEST	406	不满足单条记录返回约束
PERMISSION_DENIED	401, 403	认证失败：401 表示身份认证失败，403 表示授权失败
RESOURCE_NOT_FOUND	404	数据库实例或表未找到
SYS_ERR	500	内部系统错误
OPERATION_FAILED	503	建立数据库连接失败
RESOURCE_UNAVAILABLE	503	由于某些原因数据库不可用

所有 POST、PATCH、DELETE 操作：请求头带有 Prefer: return=representation 表示有响应体，不带则表示仅有响应头。
POST、PATCH、DELETE 的响应体通常是 JSON 数组类型 []。如果请求头指定了 Accept: application/vnd.pgrst.object+json，则会返回 JSON 对象类型 {}。
如果指定了 Accept: application/vnd.pgrst.object+json 但数据量大于 1，将返回错误。

发起请求时，请进行 URL 编码。例如：

curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'

编码后的请求：

curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'

CloudBase 平台提供了一个在线调试工具，您可以在不编写代码的情况下测试 API 接口：

访问 API 文档页面
找到调试工具入口
填写环境 ID 和请求参数
点击发送请求查看响应

⚠️ 始终使用 searchKnowledgeBase 工具获取 OpenAPI Swagger 规范：

使用 searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })，并提供以下 API 名称：

auth – 认证 API
mysqldb – MySQL RESTful API
functions – 云函数 API
cloudrun – CloudRun API
storage – 存储 API

如何使用 OpenAPI 文档：

使用适当的 apiName 调用 searchKnowledgeBase 工具
解析返回的 YAML 内容以提取： * 端点路径（例如，/v1/rdb/rest/{table}） * HTTP 方法（GET、POST、PATCH、DELETE） * 路径参数、查询参数、请求体模式 * 响应模式和状态码 * 认证要求
使用提取的信息构建准确的 API 调用
切勿假设端点结构 - 始终根据 swagger 文档进行验证

可重用的 Shell 变量

env="your-env-id"
token="your-access-token-or-api-key"
base="https://${env}.api.tcloudbasegateway.com"

curl -X GET "${base}/v1/rdb/rest/table_name" \
  -H "Authorization: Bearer ${token}" \
  -H "Content-Type: application/json"

始终检查 HTTP 状态码和错误响应格式：

{
  "code": "ERROR_CODE",
  "message": "Error message details",
  "requestId": "request-unique-id"
}

🌟 重要：默认认证方法

当用户未指定具体的注册/登录方法时，始终使用手机短信验证作为默认和推荐的方法。这是因为：

✅ 对中国用户最友好

✅ 无需记住密码

✅ 同时适用于新用户（注册）和现有用户（登录）

✅ 通过 OTP 验证最安全

✅ CloudBase 默认支持

手机号验证码登录（原生应用） ⭐ 推荐

这是首选的原生移动应用（iOS/Android/Flutter/React Native）认证流程：

┌─────────────────────────────────────────────────────────────────────────┐
│  步骤 1：发送验证码                                                     │
│  POST /auth/v1/verification                                             │
│  请求体：{ "phone_number": "+86 13800138000", "target": "ANY" }          │
│  ⚠️ 重要：phone_number 必须包含 "+86 " 前缀和空格                        │
│  响应：{ "verification_id": "xxx", "expires_in": 600 }                 │
│  📝 保存 verification_id 供下一步使用！                                   │
└─────────────────────────────────────────────────────────────────────────┘
                                    ↓
┌─────────────────────────────────────────────────────────────────────────┐
│  步骤 2：验证验证码                                                     │
│  POST /auth/v1/verification/verify                                      │
│  请求体：{ "verification_id": "<saved_id>", "verification_code": "123456" }│
│  响应：{ "verification_token": "xxx" }                                  │
│  📝 保存 verification_token 供登录使用！                                 │
└─────────────────────────────────────────────────────────────────────────┘
                                    ↓
┌─────────────────────────────────────────────────────────────────────────┐
│  步骤 3：使用 Token 登录                                                │
│  POST /auth/v1/signin                                                   │
│  请求体：{ "verification_token": "<saved_token>" }                      │
│  响应：{ "access_token": "xxx", "refresh_token": "xxx" }               │
└─────────────────────────────────────────────────────────────────────────┘

⚠️ 关键注意事项：

手机号格式：必须是 "+86 13800138000"，国家代码后带空格
保存 verification_id：从步骤 1 返回，步骤 2 需要
保存 verification_token：从步骤 2 返回，步骤 3 需要

始终对包含特殊字符的查询参数进行 URL 编码
为 UPDATE 和 DELETE 操作包含 WHERE 子句
使用适当的 Prefer 请求头来控制响应格式
通过检查状态码和错误响应来优雅地处理错误
安全保管 token - 切勿在客户端代码中暴露 API Key
根据您的用例使用适当的认证方法： * AccessToken 用于用户特定操作 * API Key 用于服务器端管理操作 * Publishable Key 用于公共/匿名访问
手机号格式：始终使用带空格的国际格式："+86 13800138000"
验证流程：保存发送步骤中的 verification_id，在验证步骤中使用它

2026 年 1 月 22 日

🇺🇸English

Activation Contract

Use this first when

The request comes from Android, iOS, Flutter, React Native, non-Node backends, or admin scripts that must call CloudBase via raw HTTP.

Read before writing code if

The platform does not support a CloudBase SDK, or the user explicitly asks for HTTP API integration.

Then also read

Auth configuration -> ../auth-tool/SKILL.md
MySQL MCP management -> ../relational-database-tool/SKILL.md

Do NOT use for

CloudBase Web SDK flows, mini program SDK flows, or MCP-driven management tasks.

Common mistakes / gotchas

Treating Web SDK examples as valid for native Apps.
Guessing endpoints without reading OpenAPI definitions.
Mixing raw HTTP API integration with MCP management logic.

Minimal checklist

Read HTTP API Routing Checklist before implementation.

When to use this skill

Use this skill whenever you need to call CloudBase platform features via raw HTTP APIs , for example:

Non-Node backends (Go, Python, Java, PHP, etc.)
Integration tests or admin scripts that use curl or language HTTP clients
Direct database operations via MySQL RESTful API
Cloud function invocation via HTTP
Any scenario where SDKs are not available or not preferred

Do not use this skill for:

Frontend Web apps using @cloudbase/js-sdk (use CloudBase Web skills)
Node.js code using @cloudbase/node-sdk (use CloudBase Node skills)
Authentication flows (use CloudBase Auth HTTP API skill for auth-specific endpoints)

How to use this skill (for a coding agent)

Clarify the scenario
- Confirm this code will call HTTP endpoints directly (not SDKs).
- Ask for:
  - env – CloudBase environment ID
  - Authentication method (AccessToken, API Key, or Publishable Key)
- Confirm which CloudBase feature is needed (database, functions, storage, etc.).
- For user authentication : If no specific method is requested, always default to Phone SMS Verification - it's the most user-friendly and secure option for Chinese users.
Determine the base URL
- Use the correct domain based on region (domestic vs. international).
- Default is domestic Shanghai region.
Set up authentication
- Choose appropriate authentication method based on use case.
- Add Authorization: Bearer <token> header to requests.
Reference OpenAPI Swagger documentation
- MUST usesearchKnowledgeBase tool to get OpenAPI specifications

Overview

CloudBase HTTP API is a set of interfaces for accessing CloudBase platform features via HTTP protocol, supporting database, user authentication, cloud functions, cloud hosting, cloud storage, AI, and more.

OpenAPI Swagger Documentation

⚠️ IMPORTANT: Always usesearchKnowledgeBase tool to get OpenAPI Swagger specifications

Before implementing any HTTP API calls, you should:

UsesearchKnowledgeBase tool to get OpenAPI documentation:

searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })

Available API names :
- mysqldb - MySQL RESTful API
- functions - Cloud Functions API
- auth - Authentication API
- cloudrun - CloudRun API
- storage - Storage API
Parse and use the swagger documentation :
- Extract exact endpoint paths and HTTP methods
- Understand required and optional parameters

Prerequisites

Before starting, ensure you have:

CloudBase environment created and activated
Authentication credentials (AccessToken, API Key, or Publishable Key)

Authentication and Authorization

CloudBase HTTP API requires authentication. Choose the appropriate method based on your use case:

AccessToken Authentication

Applicable environments : Client/Server
User permissions : Logged-in user permissions

How to get : Use searchKnowledgeBase({ mode: "openapi", apiName: "auth" }) to get the Authentication API specification

API Key

Applicable environments : Server
User permissions : Administrator permissions

Validity : Long-term valid
How to get : Get from CloudBase Platform/ApiKey Management Page

⚠️ Warning: Tokens are critical credentials for identity authentication. Keep them secure. API Key must NOT be used in client-side code.

Publishable Key

Applicable environments : Client/Server
User permissions : Anonymous user permissions

Validity : Long-term valid
How to get : Get from CloudBase Platform/ApiKey Management Page

💡 Note: Can be exposed in browsers, used for requesting publicly accessible resources, effectively reducing MAU.

API Endpoint URLs

CloudBase HTTP API uses unified domain names for API calls. The domain varies based on the environment's region.

Domestic Regions

For environments in domestic regions like Shanghai (ap-shanghai), use:

https://{your-env}.api.tcloudbasegateway.com

Replace {your-env} with the actual environment ID. For example, if environment ID is cloud1-abc:

https://cloud1-abc.api.tcloudbasegateway.com

International Regions

For environments in international regions like Singapore (ap-singapore), use:

https://{your-env}.api.intl.tcloudbasegateway.com

Replace {your-env} with the actual environment ID. For example, if environment ID is cloud1-abc:

https://cloud1-abc.api.intl.tcloudbasegateway.com

Using Authentication in Requests

Add the token to the request header:

Authorization: Bearer <access_token/apikey/publishable_key>

:::warning Note

When making actual calls, replace the entire part including angle brackets (< >) with your obtained key. For example, if the obtained key is eymykey, fill it as:

Authorization: Bearer eymykey

:::

Usage Examples

Cloud Function Invocation Example

curl -X POST "https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME" \
  -H "Authorization: Bearer <access_token/apikey/publishable_key>" \
  -H "Content-Type: application/json" \
  -d '{"name": "张三", "age": 25}'

For detailed API specifications, always download and reference the OpenAPI Swagger files mentioned above.

MySQL RESTful API

The MySQL RESTful API provides all MySQL database operations via HTTP endpoints.

Base URL Patterns

Support three domain access patterns:

https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{table}
https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{schema}/{table}
https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{instance}/{schema}/{table}

Where:

envId is the environment ID
instance is the database instance identifier
schema is the database name
table is the table name

If using the system database, recommend pattern 1.

Request Headers

Header	Parameter	Description	Example
Accept	`application/json`, `application/vnd.pgrst.object+json`	Control data return format	`Accept: application/json`
Content-Type	`application/json`, `application/vnd.pgrst.object+json`	Request content type	`Content-Type: application/json`
Prefer

Query Records

GET /v1/rdb/rest/{table}

Query Parameters :

select: Field selection, supports * or field list, supports join queries like class_id(grade,class_number)
limit: Limit return count
offset: Offset for pagination
order: Sort field, format field.asc or field.desc

Example :

# Before URL encoding
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题' \
  -H "Authorization: Bearer <access_token>"

# After URL encoding
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98' \
  -H "Authorization: Bearer <access_token>"

Response Headers :

Content-Range: Data range, e.g., 0-9/100 (0=start, 9=end, 100=total)

Insert Records

POST /v1/rdb/rest/{table}

Request Body : JSON object or array of objects

💡 Note about_openid: When a user is logged in (using AccessToken authentication), the _openid field is automatically populated by the server with the current user's identity. You do NOT need to manually set this field in INSERT operations - the server will fill it automatically based on the authenticated user's session.

Example :

curl -X POST 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "数学",
    "position": 1
  }'

Update Records

PATCH /v1/rdb/rest/{table}

Request Body : JSON object with fields to update

Example :

curl -X PATCH 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "高等数学",
    "position": 2
  }'

⚠️ Important : UPDATE requires a WHERE clause. Use query parameters like ?id=eq.1 to specify conditions.

Delete Records

DELETE /v1/rdb/rest/{table}

Example :

curl -X DELETE 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>"

⚠️ Important : DELETE requires a WHERE clause. Use query parameters to specify conditions.

Error Codes and HTTP Status Codes

Error Code	HTTP Status	Description
INVALID_PARAM	400	Invalid request parameters
INVALID_REQUEST	400	Invalid request content: missing permission fields, SQL execution errors, etc.
INVALID_REQUEST	406	Does not meet single record return constraint
PERMISSION_DENIED	401, 403	Authentication failed: 401 for identity authentication failure, 403 for authorization failure
RESOURCE_NOT_FOUND	404	Database instance or table not found
SYS_ERR	500	Internal system error
OPERATION_FAILED	503	Failed to establish database connection
RESOURCE_UNAVAILABLE	503	Database unavailable due to certain reasons

Response Format

All POST, PATCH, DELETE operations: Request header with Prefer: return=representation means there is a response body, without it means only response headers.
POST, PATCH, DELETE response bodies are usually JSON array type []. If request header specifies Accept: application/vnd.pgrst.object+json, it will return JSON object type {}.
If Accept: application/vnd.pgrst.object+json is specified but data quantity is greater than 1, an error will be returned.

URL Encoding

When making requests, please perform URL encoding. For example:

Original request :

curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'

Encoded request :

curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'

Online Debugging Tool

CloudBase platform provides an online debugging tool where you can test API interfaces without writing code:

Visit the API documentation page
Find the debugging tool entry
Fill in environment ID and request parameters
Click send request to view response

API Documentation References

⚠️ Always usesearchKnowledgeBase tool to get OpenAPI Swagger specifications:

Use searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" }) with these API names:

auth - Authentication API
mysqldb - MySQL RESTful API
functions - Cloud Functions API
cloudrun - CloudRun API
storage - Storage API

How to use the OpenAPI documentation:

Call searchKnowledgeBase tool with the appropriate apiName
Parse the returned YAML content to extract:
- Endpoint paths (e.g., /v1/rdb/rest/{table})
- HTTP methods (GET, POST, PATCH, DELETE)
- Path parameters, query parameters, request body schemas
- Response schemas and status codes
- Authentication requirements
Use the extracted information to construct accurate API calls
Never assume endpoint structure - always verify against swagger documentation

Common Patterns

Reusable Shell Variables

env="your-env-id"
token="your-access-token-or-api-key"
base="https://${env}.api.tcloudbasegateway.com"

Common Request Pattern

curl -X GET "${base}/v1/rdb/rest/table_name" \
  -H "Authorization: Bearer ${token}" \
  -H "Content-Type: application/json"

Error Handling

Always check HTTP status codes and error response format:

{
  "code": "ERROR_CODE",
  "message": "Error message details",
  "requestId": "request-unique-id"
}

Common Authentication Flows

🌟 IMPORTANT: Default Authentication Method

When no specific signup/signin method is specified by the user, ALWAYS use Phone SMS Verification as the default and recommended method. It is:

✅ The most user-friendly for Chinese users

✅ No password to remember

✅ Works for both new users (registration) and existing users (login)

✅ Most secure with OTP verification

✅ Supported by default in CloudBase

Phone Number Verification Code Login (Native Apps) ⭐ RECOMMENDED

This is the preferred authentication flow for native mobile apps (iOS/Android/Flutter/React Native):

┌─────────────────────────────────────────────────────────────────────────┐
│  Step 1: Send Verification Code                                        │
│  POST /auth/v1/verification                                             │
│  Body: { "phone_number": "+86 13800138000", "target": "ANY" }          │
│  ⚠️ IMPORTANT: phone_number MUST include "+86 " prefix WITH SPACE      │
│  Response: { "verification_id": "xxx", "expires_in": 600 }             │
│  📝 SAVE verification_id for next step!                                 │
└─────────────────────────────────────────────────────────────────────────┘
                                    ↓
┌─────────────────────────────────────────────────────────────────────────┐
│  Step 2: Verify Code                                                    │
│  POST /auth/v1/verification/verify                                      │
│  Body: { "verification_id": "<saved_id>", "verification_code": "123456" }│
│  Response: { "verification_token": "xxx" }                              │
│  📝 SAVE verification_token for login!                                  │
└─────────────────────────────────────────────────────────────────────────┘
                                    ↓
┌─────────────────────────────────────────────────────────────────────────┐
│  Step 3: Sign In with Token                                             │
│  POST /auth/v1/signin                                                   │
│  Body: { "verification_token": "<saved_token>" }                        │
│  Response: { "access_token": "xxx", "refresh_token": "xxx" }           │
└─────────────────────────────────────────────────────────────────────────┘

⚠️ Critical Notes:

Phone number format : MUST be "+86 13800138000" with space after country code
Saveverification_id: Returned from Step 1, required for Step 2
Saveverification_token: Returned from Step 2, required for Step 3

Best Practices

Always use URL encoding for query parameters containing special characters
Include WHERE clauses for UPDATE and DELETE operations
Use appropriate Prefer headers to control response format
Handle errors gracefully by checking status codes and error responses
Keep tokens secure - never expose API Keys in client-side code
Use appropriate authentication method based on your use case:
- AccessToken for user-specific operations
- API Key for server-side admin operations
- Publishable Key for public/anonymous access
Phone number format : Always use international format with space: "+86 13800138000"
Verification flow : Save verification_id from send step, use it in verify step

Weekly Installs

571

Repository

tencentcloudbase/skills

GitHub Stars

First Seen

Jan 22, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykFail

Installed on

codex502

opencode501

gemini-cli493

github-copilot479

kimi-cli471

cursor469

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

140,500 周安装

Use the tool with mode=openapi and specify the apiName:

mysqldb - MySQL RESTful API
functions - Cloud Functions API
auth - Authentication API
cloudrun - CloudRun API
storage - Storage API

Example: searchKnowledgeBase({ mode: "openapi", apiName: "mysqldb" })

Parse the returned YAML content to understand exact endpoint paths, parameters, request/response schemas

Never invent endpoints or parameters - always reference the swagger documentation

Review request/response schemas

Check authentication requirements

Verify error response formats

Never invent API endpoints or parameters - always base your implementation on the official swagger documentation.

腾讯云 CloudBase HTTP API 使用指南 - 原生应用与后端集成方案

🇨🇳中文介绍

激活契约

优先使用场景

编写代码前请阅读

同时请阅读

请勿用于

常见错误 / 注意事项

最低检查清单

何时使用此技能

相关 Skills

如何使用此技能（针对编码代理）

概述

OpenAPI Swagger 文档

先决条件

认证与授权

AccessToken 认证

API Key

Publishable Key

API 端点 URL

国内区域

国际区域

在请求中使用认证

使用示例

云函数调用示例

MySQL RESTful API

基础 URL 模式

请求头

查询记录

插入记录

更新记录

删除记录

错误码与 HTTP 状态码

响应格式

URL 编码

在线调试工具

API 文档参考

常用模式

可重用的 Shell 变量

通用请求模式

错误处理

常见认证流程

手机号验证码登录（原生应用） ⭐ 推荐

最佳实践

🇺🇸English

Activation Contract

Use this first when

Read before writing code if

Then also read

Do NOT use for

Common mistakes / gotchas

Minimal checklist

When to use this skill

How to use this skill (for a coding agent)

Overview

OpenAPI Swagger Documentation

Prerequisites

Authentication and Authorization

AccessToken Authentication

API Key

Publishable Key

API Endpoint URLs

Domestic Regions

International Regions

Using Authentication in Requests

Usage Examples

Cloud Function Invocation Example

MySQL RESTful API

Base URL Patterns

Request Headers

Query Records

Insert Records

Update Records

Delete Records

Error Codes and HTTP Status Codes

Response Format

URL Encoding

Online Debugging Tool

API Documentation References

Common Patterns