Back to Details

http-api-cloudbase

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

When to use this skill

何时使用该技能

Use this skill whenever you need to call CloudBase platform features via raw HTTP APIs, for example:
  • Non-Node backends (Go, Python, Java, PHP, etc.)
  • Integration tests or admin scripts that use curl or language HTTP clients
  • Direct database operations via MySQL RESTful API
  • Cloud function invocation via HTTP
  • Any scenario where SDKs are not available or not preferred
Do not use this skill for:
  • Frontend Web apps using 
    @cloudbase/js-sdk
    (use CloudBase Web skills)
  • Node.js code using 
    @cloudbase/node-sdk
    (use CloudBase Node skills)
  • Authentication flows (use CloudBase Auth HTTP API skill for auth-specific endpoints)
当你需要通过原生HTTP API调用CloudBase平台功能时,即可使用该技能,例如:
  • 非Node.js后端(Go、Python、Java、PHP等)
  • 使用curl或语言HTTP客户端的集成测试或管理脚本
  • 通过MySQL RESTful API直接操作数据库
  • 通过HTTP调用云函数
  • 任何无法使用或不偏好使用SDK的场景
请勿在以下场景使用该技能:
  • 使用
    @cloudbase/js-sdk
    的前端Web应用(请使用CloudBase Web相关技能)
  • 使用
    @cloudbase/node-sdk
    的Node.js代码(请使用CloudBase Node相关技能)
  • 身份验证流程(针对身份验证特定端点,请使用CloudBase Auth HTTP API技能)

How to use this skill (for a coding agent)

如何使用该技能(面向编码Agent)

  1. Clarify the scenario
    • Confirm this code will call HTTP endpoints directly (not SDKs).
    • Ask for: 
      • env
        – CloudBase environment ID
      • Authentication method (AccessToken, API Key, or Publishable Key)
    • Confirm which CloudBase feature is needed (database, functions, storage, etc.).
    • For user authentication: If no specific method is requested, always default to Phone SMS Verification - it's the most user-friendly and secure option for Chinese users.
  2. Determine the base URL
    • Use the correct domain based on region (domestic vs. international).
    • Default is domestic Shanghai region.
  3. Set up authentication
    • Choose appropriate authentication method based on use case.
    • Add 
      Authorization: Bearer <token>
      header to requests.
  4. Reference OpenAPI Swagger documentation
    • MUST use 
      searchKnowledgeBase
      tool       to get OpenAPI specifications
    • Use the tool with 
      mode=openapi
      and specify the 
      apiName
      : 
      • mysqldb
        - MySQL RESTful API
      • functions
        - Cloud Functions API
      • auth
        - Authentication API
      • cloudrun
        - CloudRun API
      • storage
        - Storage API
    • Example: 
      searchKnowledgeBase({ mode: "openapi", apiName: "mysqldb" })
    • Parse the returned YAML content to understand exact endpoint paths, parameters, request/response schemas
    • Never invent endpoints or parameters - always reference the swagger documentation
  1. 明确场景
    • 确认代码将直接调用HTTP端点(而非SDK)。
    • 询问以下信息: 
      • env
        – CloudBase环境ID
      • 身份验证方式(AccessToken、API Key或Publishable Key)
    • 确认需要使用的CloudBase功能(数据库、函数、存储等)。
    • 用户身份验证:如果未指定具体方法,始终默认使用手机短信验证——这对中国用户来说是最友好且安全的选项。
  2. 确定基础URL
    • 根据地域(国内/国际)使用正确的域名。
    • 默认使用国内上海地域。
  3. 配置身份验证
    • 根据使用场景选择合适的身份验证方式。
    • 在请求中添加
      Authorization: Bearer <token>
      请求头。
  4. 参考OpenAPI Swagger文档
    • 必须使用
      searchKnowledgeBase
      工具      获取OpenAPI规范
    • 使用该工具时设置
      mode=openapi
      并指定
      apiName
      • mysqldb
        - MySQL RESTful API
      • functions
        - 云函数API
      • auth
        - 身份验证API
      • cloudrun
        - CloudRun API
      • storage
        - 云存储API
    • 示例:
      searchKnowledgeBase({ mode: "openapi", apiName: "mysqldb" })
    • 解析返回的YAML内容,了解确切的端点路径、参数、请求/响应 schema
    • 切勿自行编造端点或参数——始终参考Swagger文档

Overview

概述

CloudBase HTTP API is a set of interfaces for accessing CloudBase platform features via HTTP protocol, supporting database, user authentication, cloud functions, cloud hosting, cloud storage, AI, and more.
CloudBase HTTP API是一套允许通过HTTP协议访问CloudBase平台功能的接口,支持数据库、用户身份验证、云函数、云托管、云存储、AI等功能。

OpenAPI Swagger Documentation

OpenAPI Swagger文档

⚠️ IMPORTANT: Always use 
searchKnowledgeBase
tool to get OpenAPI Swagger specifications
Before implementing any HTTP API calls, you should:
  1. Use 
    searchKnowledgeBase
    tool to get OpenAPI documentation    :
    searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })
  2. Available API names:
    • mysqldb
      - MySQL RESTful API
    • functions
      - Cloud Functions API
    • auth
      - Authentication API
    • cloudrun
      - CloudRun API
    • storage
      - Storage API
  3. Parse and use the swagger documentation:
    • Extract exact endpoint paths and HTTP methods
    • Understand required and optional parameters
    • Review request/response schemas
    • Check authentication requirements
    • Verify error response formats
  4. Never invent API endpoints or parameters - always base your implementation on the official swagger documentation.
⚠️ 重要提示:请始终使用
searchKnowledgeBase
工具获取OpenAPI Swagger规范
在实现任何HTTP API调用前,你应该:
  1. 使用
    searchKnowledgeBase
    工具获取OpenAPI文档
    searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })
  2. 可用的API名称
    • mysqldb
      - MySQL RESTful API
    • functions
      - 云函数API
    • auth
      - 身份验证API
    • cloudrun
      - CloudRun API
    • storage
      - 云存储API
  3. 解析并使用Swagger文档
    • 提取确切的端点路径和HTTP方法
    • 了解必填和可选参数
    • 查看请求/响应schema
    • 检查身份验证要求
    • 验证错误响应格式
  4. 切勿自行编造API端点或参数——你的实现必须始终基于官方Swagger文档。

Prerequisites

前置条件

Before starting, ensure you have:
  1. CloudBase environment created and activated
  2. Authentication credentials (AccessToken, API Key, or Publishable Key)
开始前,请确保你已具备:
  1. 已创建并激活CloudBase环境
  2. 身份验证凭证(AccessToken、API Key或Publishable Key)

Authentication and Authorization

身份验证与授权

CloudBase HTTP API requires authentication. Choose the appropriate method based on your use case:
CloudBase HTTP API需要身份验证。请根据你的使用场景选择合适的方式:

AccessToken Authentication

AccessToken身份验证

Applicable environments: Client/Server
User permissions: Logged-in user permissions
How to get: Use 
searchKnowledgeBase({ mode: "openapi", apiName: "auth" })
to get the Authentication API specification
适用环境:客户端/服务器
用户权限:已登录用户权限
获取方式:使用
searchKnowledgeBase({ mode: "openapi", apiName: "auth" })
获取身份验证API规范

API Key

API Key

Applicable environments: Server
User permissions: Administrator permissions
⚠️ Warning: Tokens are critical credentials for identity authentication. Keep them secure. API Key must NOT be used in client-side code.
适用环境:服务器
用户权限:管理员权限
⚠️ 警告:凭证是身份验证的关键信息,请妥善保管。API Key绝不能在客户端代码中使用。

Publishable Key

Publishable Key

Applicable environments: Client/Server
User permissions: Anonymous user permissions
💡 Note: Can be exposed in browsers, used for requesting publicly accessible resources, effectively reducing MAU.
适用环境:客户端/服务器
用户权限:匿名用户权限
💡 注意:可在浏览器中暴露,用于请求公开可访问的资源,有效降低MAU。

API Endpoint URLs

API端点URL

CloudBase HTTP API uses unified domain names for API calls. The domain varies based on the environment's region.
CloudBase HTTP API使用统一域名进行API调用,域名根据环境地域不同而变化。

Domestic Regions

国内地域

For environments in domestic regions like Shanghai (
ap-shanghai
), use:
text
https://{your-env}.api.tcloudbasegateway.com
Replace 
{your-env}
with the actual environment ID. For example, if environment ID is 
cloud1-abc
:
text
https://cloud1-abc.api.tcloudbasegateway.com
对于位于国内地域(如上海
ap-shanghai
)的环境,使用:
text
https://{your-env}.api.tcloudbasegateway.com
{your-env}
替换为实际的环境ID。例如,若环境ID为
cloud1-abc
text
https://cloud1-abc.api.tcloudbasegateway.com

International Regions

国际地域

For environments in international regions like Singapore (
ap-singapore
), use:
text
https://{your-env}.api.intl.tcloudbasegateway.com
Replace 
{your-env}
with the actual environment ID. For example, if environment ID is 
cloud1-abc
:
text
https://cloud1-abc.api.intl.tcloudbasegateway.com
对于位于国际地域(如新加坡
ap-singapore
)的环境,使用:
text
https://{your-env}.api.intl.tcloudbasegateway.com
{your-env}
替换为实际的环境ID。例如,若环境ID为
cloud1-abc
text
https://cloud1-abc.api.intl.tcloudbasegateway.com

Using Authentication in Requests

在请求中使用身份验证

Add the token to the request header:
http
Authorization: Bearer <access_token/apikey/publishable_key>
:::warning Note
When making actual calls, replace the entire part including angle brackets (
< >
) with your obtained key. For example, if the obtained key is 
eymykey
, fill it as:
http
Authorization: Bearer eymykey
:::
将凭证添加到请求头中:
http
Authorization: Bearer <access_token/apikey/publishable_key>
:::warning 注意
进行实际调用时,请将包含尖括号(
< >
)的整个部分替换为你获取的密钥。例如,若获取的密钥为
eymykey
,请填写为:
http
Authorization: Bearer eymykey
:::

Usage Examples

使用示例

Cloud Function Invocation Example

云函数调用示例

bash
curl -X POST "https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME" \
  -H "Authorization: Bearer <access_token/apikey/publishable_key>" \
  -H "Content-Type: application/json" \
  -d '{"name": "张三", "age": 25}'
For detailed API specifications, always download and reference the OpenAPI Swagger files mentioned above.
bash
curl -X POST "https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME" \
  -H "Authorization: Bearer <access_token/apikey/publishable_key>" \
  -H "Content-Type: application/json" \
  -d '{"name": "张三", "age": 25}'
如需详细的API规范,请始终下载并参考上述OpenAPI Swagger文件。

MySQL RESTful API

MySQL RESTful API

The MySQL RESTful API provides all MySQL database operations via HTTP endpoints.
MySQL RESTful API通过HTTP端点提供所有MySQL数据库操作。

Base URL Patterns

基础URL模式

Support three domain access patterns:
  1. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{table}
  2. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{schema}/{table}
  3. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{instance}/{schema}/{table}
Where:
  • envId
    is the environment ID
  • instance
    is the database instance identifier
  • schema
    is the database name
  • table
    is the table name
If using the system database, recommend pattern 1.
支持三种域名访问模式:
  1. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{table}
  2. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{schema}/{table}
  3. https://{envId}.api.tcloudbasegateway.com/v1/rdb/rest/{instance}/{schema}/{table}
其中:
  • envId
    是环境ID
  • instance
    是数据库实例标识符
  • schema
    是数据库名称
  • table
    是表名
如果使用系统数据库,推荐使用模式1

Request Headers

请求头

HeaderParameterDescriptionExample
Accept
application/json
, 
application/vnd.pgrst.object+json
Control data return format
Accept: application/json
Content-Type
application/json
, 
application/vnd.pgrst.object+json
Request content type
Content-Type: application/json
PreferOperation-dependent feature values- 
return=representation
Write operation, return data body and headers<br>- 
return=minimal
Write operation, return headers only (default)<br>- 
count=exact
Read operation, specify count<br>- 
resolution=merge-duplicates
Upsert operation, merge conflicts<br>- 
resolution=ignore-duplicates
Upsert operation, ignore conflicts
Prefer: return=representation
Authorization
Bearer <token>
Authentication token
Authorization: Bearer <access_token>
请求头参数描述示例
Accept
application/json
, 
application/vnd.pgrst.object+json
控制数据返回格式
Accept: application/json
Content-Type
application/json
, 
application/vnd.pgrst.object+json
请求内容类型
Content-Type: application/json
Prefer依赖操作的特性值- 
return=representation
写入操作,返回数据体和请求头<br>- 
return=minimal
写入操作,仅返回请求头(默认)<br>- 
count=exact
读取操作,指定计数<br>- 
resolution=merge-duplicates
插入更新操作,合并冲突<br>- 
resolution=ignore-duplicates
插入更新操作,忽略冲突
Prefer: return=representation
Authorization
Bearer <token>
身份验证凭证
Authorization: Bearer <access_token>

Query Records

查询记录

GET 
/v1/rdb/rest/{table}
Query Parameters:
  • select
    : Field selection, supports 
    *
    or field list, supports join queries like 
    class_id(grade,class_number)
  • limit
    : Limit return count
  • offset
    : Offset for pagination
  • order
    : Sort field, format 
    field.asc
    or 
    field.desc
Example:
bash
undefined
GET 
/v1/rdb/rest/{table}
查询参数:
  • select
    : 字段选择,支持
    *
    或字段列表,支持关联查询如
    class_id(grade,class_number)
  • limit
    : 限制返回数量
  • offset
    : 分页偏移量
  • order
    : 排序字段,格式为
    field.asc
    field.desc
示例:
bash
undefined

Before URL encoding

URL编码前

curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'
-H "Authorization: Bearer <access_token>"
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'
-H "Authorization: Bearer <access_token>"

After URL encoding

URL编码后

curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'
-H "Authorization: Bearer <access_token>"

**Response Headers**:
- `Content-Range`: Data range, e.g., `0-9/100` (0=start, 9=end, 100=total)
curl -X GET 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'
-H "Authorization: Bearer <access_token>"

**响应头**:
- `Content-Range`: 数据范围,例如`0-9/100`(0=起始,9=结束,100=总数)

Insert Records

插入记录

POST 
/v1/rdb/rest/{table}
Request Body: JSON object or array of objects
💡 Note about 
_openid
: When a user is logged in (using AccessToken authentication), the 
_openid
field is automatically populated by the server with the current user's identity. You do NOT need to manually set this field in INSERT operations - the server will fill it automatically based on the authenticated user's session.
Example:
bash
curl -X POST 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "数学",
    "position": 1
  }'
POST 
/v1/rdb/rest/{table}
请求体: JSON对象或对象数组
💡 关于
_openid
的说明: 当用户已登录(使用AccessToken身份验证)时,服务器会自动填充
_openid
字段为当前用户的身份标识。你无需在INSERT操作中手动设置该字段——服务器会根据已验证用户的会话自动填充。
示例:
bash
curl -X POST 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "数学",
    "position": 1
  }'

Update Records

更新记录

PATCH 
/v1/rdb/rest/{table}
Request Body: JSON object with fields to update
Example:
bash
curl -X PATCH 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "高等数学",
    "position": 2
  }'
⚠️ Important: UPDATE requires a WHERE clause. Use query parameters like 
?id=eq.1
to specify conditions.
PATCH 
/v1/rdb/rest/{table}
请求体: 包含待更新字段的JSON对象
示例:
bash
curl -X PATCH 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -H "Prefer: return=representation" \
  -d '{
    "name": "高等数学",
    "position": 2
  }'
⚠️ 重要提示: UPDATE操作必须包含WHERE子句。使用查询参数如
?id=eq.1
指定条件。

Delete Records

删除记录

DELETE 
/v1/rdb/rest/{table}
Example:
bash
curl -X DELETE 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>"
⚠️ Important: DELETE requires a WHERE clause. Use query parameters to specify conditions.
DELETE 
/v1/rdb/rest/{table}
示例:
bash
curl -X DELETE 'https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1' \
  -H "Authorization: Bearer <access_token>"
⚠️ 重要提示: DELETE操作必须包含WHERE子句。使用查询参数指定条件。

Error Codes and HTTP Status Codes

错误码与HTTP状态码

Error CodeHTTP StatusDescription
INVALID_PARAM400Invalid request parameters
INVALID_REQUEST400Invalid request content: missing permission fields, SQL execution errors, etc.
INVALID_REQUEST406Does not meet single record return constraint
PERMISSION_DENIED401, 403Authentication failed: 401 for identity authentication failure, 403 for authorization failure
RESOURCE_NOT_FOUND404Database instance or table not found
SYS_ERR500Internal system error
OPERATION_FAILED503Failed to establish database connection
RESOURCE_UNAVAILABLE503Database unavailable due to certain reasons
错误码HTTP状态码描述
INVALID_PARAM400请求参数无效
INVALID_REQUEST400请求内容无效:缺少权限字段、SQL执行错误等
INVALID_REQUEST406不符合单条记录返回约束
PERMISSION_DENIED401, 403身份验证失败:401表示身份验证失败,403表示授权失败
RESOURCE_NOT_FOUND404数据库实例或表不存在
SYS_ERR500内部系统错误
OPERATION_FAILED503无法建立数据库连接
RESOURCE_UNAVAILABLE503数据库因某些原因不可用

Response Format

响应格式

  1. All POST, PATCH, DELETE operations: Request header with 
    Prefer: return=representation
    means there is a response body, without it means only response headers.
  2. POST, PATCH, DELETE response bodies are usually JSON array type 
    []
    . If request header specifies 
    Accept: application/vnd.pgrst.object+json
    , it will return JSON object type 
    {}
    .
  3. If 
    Accept: application/vnd.pgrst.object+json
    is specified but data quantity is greater than 1, an error will be returned.
  1. 所有POST、PATCH、DELETE操作:请求头中包含
    Prefer: return=representation
    表示会有响应体,否则仅返回响应头。
  2. POST、PATCH、DELETE的响应体通常为JSON数组类型
    []
    。如果请求头指定
    Accept: application/vnd.pgrst.object+json
    ,则会返回JSON对象类型
    {}
  3. 若指定
    Accept: application/vnd.pgrst.object+json
    但数据量大于1,则会返回错误。

URL Encoding

URL编码

When making requests, please perform URL encoding. For example:
Original request:
shell
curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'
Encoded request:
shell
curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'
发送请求时,请进行URL编码。例如:
原始请求:
shell
curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%张三%&title=eq.文章标题'
编码后请求:
shell
curl -i -X GET 'https://{{host}}/v1/rdb/rest/course?select=name,position&name=like.%%E5%BC%A0%E4%B8%89%&title=eq.%E6%96%87%E7%AB%A0%E6%A0%87%E9%A2%98'

Online Debugging Tool

在线调试工具

CloudBase platform provides an online debugging tool where you can test API interfaces without writing code:
  1. Visit the API documentation page
  2. Find the debugging tool entry
  3. Fill in environment ID and request parameters
  4. Click send request to view response
CloudBase平台提供了在线调试工具,无需编写代码即可测试API接口:
  1. 访问API文档页面
  2. 找到调试工具入口
  3. 填写环境ID和请求参数
  4. 点击发送请求查看响应

API Documentation References

API文档参考

⚠️ Always use 
searchKnowledgeBase
tool to get OpenAPI Swagger specifications:
Use 
searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })
with these API names:
  • auth
    - Authentication API
  • mysqldb
    - MySQL RESTful API
  • functions
    - Cloud Functions API
  • cloudrun
    - CloudRun API
  • storage
    - Storage API
How to use the OpenAPI documentation:
  1. Call 
    searchKnowledgeBase
    tool with the appropriate 
    apiName
  2. Parse the returned YAML content to extract:
    • Endpoint paths (e.g., 
      /v1/rdb/rest/{table}
      )
    • HTTP methods (GET, POST, PATCH, DELETE)
    • Path parameters, query parameters, request body schemas
    • Response schemas and status codes
    • Authentication requirements
  3. Use the extracted information to construct accurate API calls
  4. Never assume endpoint structure - always verify against swagger documentation
⚠️ 请始终使用
searchKnowledgeBase
工具获取OpenAPI Swagger规范:
使用
searchKnowledgeBase({ mode: "openapi", apiName: "<api-name>" })
,并使用以下API名称:
  • auth
    - 身份验证API
  • mysqldb
    - MySQL RESTful API
  • functions
    - 云函数API
  • cloudrun
    - CloudRun API
  • storage
    - 云存储API
如何使用OpenAPI文档:
  1. 使用合适的
    apiName
    调用
    searchKnowledgeBase
    工具
  2. 解析返回的YAML内容,提取:
    • 端点路径(如
      /v1/rdb/rest/{table}
    • HTTP方法(GET、POST、PATCH、DELETE)
    • 路径参数、查询参数、请求体schema
    • 响应schema和状态码
    • 身份验证要求
  3. 使用提取的信息构建准确的API调用
  4. 切勿假设端点结构——始终根据Swagger文档进行验证

Common Patterns

常见模式

Reusable Shell Variables

可复用的Shell变量

bash
env="your-env-id"
token="your-access-token-or-api-key"
base="https://${env}.api.tcloudbasegateway.com"
bash
env="your-env-id"
token="your-access-token-or-api-key"
base="https://${env}.api.tcloudbasegateway.com"

Common Request Pattern

常见请求模式

bash
curl -X GET "${base}/v1/rdb/rest/table_name" \
  -H "Authorization: Bearer ${token}" \
  -H "Content-Type: application/json"
bash
curl -X GET "${base}/v1/rdb/rest/table_name" \
  -H "Authorization: Bearer ${token}" \
  -H "Content-Type: application/json"

Error Handling

错误处理

Always check HTTP status codes and error response format:
json
{
  "code": "ERROR_CODE",
  "message": "Error message details",
  "requestId": "request-unique-id"
}
始终检查HTTP状态码和错误响应格式:
json
{
  "code": "ERROR_CODE",
  "message": "Error message details",
  "requestId": "request-unique-id"
}

Common Authentication Flows

常见身份验证流程

🌟 IMPORTANT: Default Authentication Method
When no specific signup/signin method is specified by the user, ALWAYS use Phone SMS Verification as the default and recommended method. It is:
  • ✅ The most user-friendly for Chinese users
  • ✅ No password to remember
  • ✅ Works for both new users (registration) and existing users (login)
  • ✅ Most secure with OTP verification
  • ✅ Supported by default in CloudBase
🌟 重要提示:默认身份验证方式
当用户未指定具体的注册/登录方式时,始终使用手机短信验证作为默认推荐方式。它:
  • ✅ 对中国用户最友好
  • ✅ 无需记住密码
  • ✅ 适用于新用户(注册)和现有用户(登录)
  • ✅ 基于OTP验证,安全性高
  • ✅ CloudBase默认支持

Phone Number Verification Code Login (Native Apps) ⭐ RECOMMENDED

手机号验证码登录(原生应用)⭐ 推荐

This is the preferred authentication flow for native mobile apps (iOS/Android/Flutter/React Native):
┌─────────────────────────────────────────────────────────────────────────┐
│  Step 1: Send Verification Code                                        │
│  POST /auth/v1/verification                                             │
│  Body: { "phone_number": "+86 13800138000", "target": "ANY" }          │
│  ⚠️ IMPORTANT: phone_number MUST include "+86 " prefix WITH SPACE      │
│  Response: { "verification_id": "xxx", "expires_in": 600 }             │
│  📝 SAVE verification_id for next step!                                 │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│  Step 2: Verify Code                                                    │
│  POST /auth/v1/verification/verify                                      │
│  Body: { "verification_id": "<saved_id>", "verification_code": "123456" }│
│  Response: { "verification_token": "xxx" }                              │
│  📝 SAVE verification_token for login!                                  │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│  Step 3: Sign In with Token                                             │
│  POST /auth/v1/signin                                                   │
│  Body: { "verification_token": "<saved_token>" }                        │
│  Response: { "access_token": "xxx", "refresh_token": "xxx" }           │
└─────────────────────────────────────────────────────────────────────────┘
⚠️ Critical Notes:
  1. Phone number format: MUST be 
    "+86 13800138000"
    with space after country code
  2. Save 
    verification_id
    : Returned from Step 1, required for Step 2
  3. Save 
    verification_token
    : Returned from Step 2, required for Step 3
这是原生移动应用(iOS/Android/Flutter/React Native)的首选身份验证流程:
┌─────────────────────────────────────────────────────────────────────────┐
│  步骤1:发送验证码                                        │
│  POST /auth/v1/verification                                             │
│  请求体: { "phone_number": "+86 13800138000", "target": "ANY" }          │
│  ⚠️ 重要提示:phone_number必须包含"+86 "前缀(带空格)      │
│  响应: { "verification_id": "xxx", "expires_in": 600 }             │
│  📝 保存verification_id用于下一步!                                 │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│  步骤2:验证验证码                                                    │
│  POST /auth/v1/verification/verify                                      │
│  请求体: { "verification_id": "<saved_id>", "verification_code": "123456" }│
│  响应: { "verification_token": "xxx" }                              │
│  📝 保存verification_token用于登录!                                  │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│  步骤3:使用凭证登录                                             │
│  POST /auth/v1/signin                                                   │
│  请求体: { "verification_token": "<saved_token>" }                        │
│  响应: { "access_token": "xxx", "refresh_token": "xxx" }           │
└─────────────────────────────────────────────────────────────────────────┘
⚠️ 关键注意事项:
  1. 手机号格式:必须为
    "+86 13800138000"
    ,国家代码后带空格
  2. 保存
    verification_id
    :从步骤1返回,步骤2需要用到
  3. 保存
    verification_token
    :从步骤2返回,步骤3需要用到

Best Practices

最佳实践

  1. Always use URL encoding for query parameters containing special characters
  2. Include WHERE clauses for UPDATE and DELETE operations
  3. Use appropriate Prefer headers to control response format
  4. Handle errors gracefully by checking status codes and error responses
  5. Keep tokens secure - never expose API Keys in client-side code
  6. Use appropriate authentication method based on your use case:
    • AccessToken for user-specific operations
    • API Key for server-side admin operations
    • Publishable Key for public/anonymous access
  7. Phone number format: Always use international format with space: 
    "+86 13800138000"
  8. Verification flow: Save 
    verification_id
    from send step, use it in verify step
  1. 对包含特殊字符的查询参数始终进行URL编码
  2. UPDATE和DELETE操作必须包含WHERE子句
  3. 使用合适的Prefer请求头控制响应格式
  4. 通过检查状态码和错误响应优雅处理错误
  5. 妥善保管凭证——绝不在客户端代码中暴露API Key
  6. 根据使用场景选择合适的身份验证方式
    • AccessToken用于用户特定操作
    • API Key用于服务器端管理操作
    • Publishable Key用于公开/匿名访问
  7. 手机号格式:始终使用带空格的国际格式:
    "+86 13800138000"
  8. 验证码流程:保存发送步骤返回的
    verification_id
    ,在验证步骤中使用