Login Configuration
getLoginConfig
1. API Description
API feature: Query login policy configuration
API declaration: app.env.getLoginConfig(): Promise<Object>
This API has been supported since v5.1.0.
Queries the login policy configuration of the specified TCB environment, including the enable status of phone number SMS login, email login, username-password login, and anonymous login, as well as SMS verification code sending channel, MFA multi-factor authentication, and password update policy.
2. Input Parameters
N/A
3. Return Results
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Unique identifier of the request |
| EmailLogin | Yes | Boolean | Whether email login is enabled |
| AnonymousLogin | Yes | Boolean | Whether anonymous login is enabled |
| UserNameLogin | Yes | Boolean | Whether username-password login is enabled |
| PhoneNumberLogin | Yes | Boolean | Whether phone number SMS login is enabled |
| SmsVerificationConfig | Yes | SmsVerificationConfig | SMS verification code sending configuration, see below |
| MfaConfig | No | MfaConfig | MFA multi-factor authentication login configuration |
| PwdUpdateStrategy | No | PwdUpdateStrategy | Password update policy configuration |
SmsVerificationConfig
| Field | Required | Type | Description |
|---|---|---|---|
| Type | No | String | SMS sending channel type, e.g. default |
| Name | No | String | Custom APIs data source name |
| Method | No | String | Invocation method |
| SmsDayLimit | No | Number | Daily sending limit, -1 means unlimited |
MfaConfig
| Field | Required | Type | Description |
|---|---|---|---|
| On | No | String | MFA factor authentication, TRUE or FALSE |
| Sms | No | String | SMS verification, TRUE or FALSE |
| No | String | Email verification, TRUE or FALSE | |
| RequiredBindPhone | No | String | Mandatory phone number binding, TRUE or FALSE |
PwdUpdateStrategy
| Field | Required | Type | Description |
|---|---|---|---|
| FirstLoginUpdate | No | Boolean | Whether to force password change on first login |
| PeriodUpdate | No | Boolean | Whether to enable periodic forced password change |
| PeriodValue | No | Number | Period value for periodic password change |
| PeriodType | No | String | Period time unit, e.g. YEAR, MONTH, WEEK |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.getLoginConfig()
console.log('Email login:', res.EmailLogin)
console.log('Anonymous login:', res.AnonymousLogin)
console.log('Username-password login:', res.UserNameLogin)
console.log('Phone number SMS login:', res.PhoneNumberLogin)
}
test()
modifyLoginConfig
1. API Description
API feature: Modify login policy configuration
API declaration: app.env.modifyLoginConfig(params): Promise<Object>
This API has been supported since v5.1.0.
Modifies the login policy configuration of the specified TCB environment. Supports enabling or disabling phone number SMS login, email login, username-password login, and anonymous login. Also allows configuring SMS verification code sending channel, MFA multi-factor authentication, and password update policy. Changes take effect immediately and affect the login behavior of all end users under the environment.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| PhoneNumberLogin | Yes | Boolean | Phone number SMS login switch |
| EmailLogin | Yes | Boolean | Email login switch |
| UserNameLogin | Yes | Boolean | Username-password login switch |
| AnonymousLogin | Yes | Boolean | Anonymous login switch |
| SmsVerificationConfig | No | Object | SMS verification code sending configuration. If not passed, the current configuration will not be modified. See SmsVerificationConfig |
| MfaConfig | No | Object | MFA multi-factor authentication login configuration. If not passed, the current configuration will not be modified. See MfaConfig |
| PwdUpdateStrategy | No | Object | Password update policy configuration. If not passed, the current configuration will not be modified. See PwdUpdateStrategy |
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
// First, query the current configuration
const config = await app.env.getLoginConfig()
// Enable anonymous login
const res = await app.env.modifyLoginConfig({
PhoneNumberLogin: config.PhoneNumberLogin,
EmailLogin: config.EmailLogin,
UserNameLogin: config.UserNameLogin,
AnonymousLogin: true
})
console.log(res.RequestId)
}
test()
describeClient
1. API Description
API feature: Query application client details
API declaration: app.env.describeClient(id): Promise<Object>
This API has been supported since v5.1.0.
Retrieves the configuration of a specific client under the specified TCB environment, including OAuth credentials, token validity period, session control policy, etc. When the client ID equals the environment ID, the default client configuration for that environment is returned.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Id | Yes | String | Client unique identifier (Client ID), typically uses the environment ID |
3. Return Results
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Unique identifier of the request |
| Id | Yes | String | Client unique identifier (Client ID) |
| CreatedAt | No | String | Client creation time, ISO 8601 format |
| UpdatedAt | No | String | Client last modification time, ISO 8601 format |
| RefreshTokenExpiresIn | No | Number | Refresh Token validity period in seconds |
| AccessTokenExpiresIn | No | Number | Access Token validity period in seconds |
| MaxDevice | No | Number | Maximum number of concurrent sessions per user, -1 means unlimited |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.describeClient('your-env-id')
console.log('Client ID:', res.Id)
console.log('Refresh Token validity:', res.RefreshTokenExpiresIn, 'seconds')
console.log('Access Token validity:', res.AccessTokenExpiresIn, 'seconds')
console.log('Max sessions:', res.MaxDevice)
}
test()
modifyClient
1. API Description
API feature: Modify application client configuration
API declaration: app.env.modifyClient(params): Promise<Object>
This API has been supported since v5.1.0.
Uses an incremental update strategy, only updating non-empty fields passed in the request. Fields not included remain unchanged. Supports modifying token validity period, session control policy, and other configurations. When the client ID equals the environment ID and the client has not been created yet, a default client configuration will be automatically created.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Id | Yes | String | Client unique identifier (Client ID) |
| RefreshTokenExpiresIn | No | Number | Refresh Token validity period in seconds, range 1800~2592000, default 2592000 |
| AccessTokenExpiresIn | No | Number | Access Token validity period in seconds, minimum 1800, default 7200, should be less than RefreshTokenExpiresIn |
| MaxDevice | No | Number | Maximum number of concurrent sessions per user. -1 for unlimited, 0 for User-Agent based differentiation, 1~50 for precise limit |
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.modifyClient({
Id: 'your-env-id',
RefreshTokenExpiresIn: 2592000,
AccessTokenExpiresIn: 7200,
MaxDevice: 5
})
console.log(res.RequestId)
}
test()
getProviders
1. API Description
API feature: Get the list of third-party authentication sources
API declaration: app.env.getProviders(): Promise<Object>
This API has been supported since v5.1.0.
Queries the list of identity authentication sources under the specified TCB environment, including third-party login (OAuth, OIDC, SAML), WeChat Mini Program login, custom login, and email login. If a custom login or email login identity source has not been created, the API will automatically append a default disabled record.
2. Input Parameters
N/A
3. Return Results
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Unique identifier of the request |
| Total | No | Number | Total number of authentication sources |
| Data | No | Array<Provider> | List of third-party authentication sources |
Provider
| Field | Required | Type | Description |
|---|---|---|---|
| Id | Yes | String | Identity source unique identifier, 2-32 lowercase letters and digits |
| Config | Yes | Object | Identity source security authentication configuration, see ProviderConfig |
| Name | No | LocalizedMessage | Identity source name, supports internationalized multi-language configuration |
| Picture | No | String | Identity source icon URL |
| Homepage | No | String | Identity source official homepage URL |
| ProviderType | No | String | Identity source protocol type: OAUTH, OIDC, SAML, CUSTOM, EMAIL, etc. |
| On | No | String | Identity source enable status, TRUE or FALSE |
| AutoSignUpWithProviderUser | No | String | Whether to automatically register system users, TRUE, FALSE, UNSPECIFIED |
| TransparentMode | No | String | Whether to enable transparent mode, TRUE or FALSE |
| ReuseUserId | No | String | Whether to reuse third-party user ID, TRUE or FALSE |
| EmailConfig | No | EmailConfig | Email identity source specific configuration, only valid when ProviderType is EMAIL |
| Description | No | LocalizedMessage | Identity source description, supports internationalized multi-language configuration |
| AutoSignInWhenEmailMatch | No | String | Whether to enable automatic email-based login association, TRUE, FALSE, UNSPECIFIED |
| AutoSignInWhenPhoneNumberMatch | No | String | Whether to enable automatic phone number-based login association, TRUE, FALSE, UNSPECIFIED |
ProviderConfig
| Field | Type | Required | Description |
|---|---|---|---|
| Issuer | String | Recommended for OIDC | Unique identifier of the identity provider (Issuer URL), used to verify the iss field in the ID Token. Only required when ProviderType is OIDC. The value is typically the root URL of the third-party OIDC service, e.g. https://accounts.google.com. Once provided, the platform will automatically discover and populate endpoint addresses such as AuthorizationEndpoint, TokenEndpoint, UserinfoEndpoint, and JwksUri via /.well-known/openid-configuration |
| JwksUri | String | Required for OIDC | JSON Web Key Set URL, used to obtain public keys for verifying ID Token signatures. Only required when ProviderType is OIDC. If Issuer is already provided, this field will be auto-populated via Discovery |
| ClientId | String | Required for OIDC/OAUTH | Application client ID registered with the third-party identity provider. Required when ProviderType is OIDC or OAUTH, obtainable from the corresponding platform's developer console |
| ClientSecret | String | Required for OIDC/OAUTH | Application client secret registered with the third-party identity provider, used in conjunction with ClientId for authentication at the Token endpoint. Required when ProviderType is OIDC or OAUTH. Keep it secure to prevent leakage |
| RedirectUri | String | Required for OIDC/OAUTH | Callback URL after OAuth authorization is completed. Must exactly match the callback URL registered on the third-party platform. Required when ProviderType is OIDC or OAUTH. Example: https://envId.ap-shanghai.tcb-api.tencentcloudapi.com/auth/v1/callback |
| Scope | String | Required for OIDC/OAUTH | Permission scope requested from the third party, multiple scopes separated by spaces. Required when ProviderType is OIDC or OAUTH. For OIDC scenarios, at least openid should be included; append email, phone, etc. for additional information. If Issuer is provided and Scope is not specified, the scopes_supported from Discovery will be used automatically. Example: openid email name |
| AuthorizationEndpoint | String | Required for OIDC/OAUTH | Authorization endpoint URL, used to redirect users to the third-party login page. Required when ProviderType is OIDC or OAUTH. If Issuer is provided, this field will be auto-populated via Discovery |
| TokenEndpoint | String | Required for OIDC/OAUTH | Token endpoint URL, used to exchange authorization code for Access Token and ID Token. Required when ProviderType is OIDC or OAUTH. If Issuer is provided, this field will be auto-populated via Discovery |
| UserinfoEndpoint | String | As needed for OIDC/OAUTH | Userinfo endpoint URL, used to obtain basic user information (nickname, avatar, email, etc.) via Access Token. Required when ProviderType is OIDC or OAUTH and detailed user information is needed. If Issuer is provided, this field will be auto-populated via Discovery |
| ResponseType | String | No | Response type for the authorization request. Options: code (authorization code flow, recommended), token (implicit flow), id_token (direct ID Token return). Default is id_token for OIDC ProviderType, code for other types |
| SignoutEndpoint | String | No | Single sign-out endpoint URL. When configured, the user will be redirected to this URL on logout to invalidate the third-party IDP session. If not provided, only the platform session will be cleared on logout |
| TokenEndpointAuthMethod | String | No | Client authentication method at the Token endpoint. Options: CLIENT_SECRET_POST (credentials in request body), CLIENT_SECRET_BASIC (credentials via HTTP Basic Auth Header). Default is CLIENT_SECRET_POST |
| SamlMetadata | String | Required for SAML | SAML identity provider Metadata XML content, including entity ID, SSO endpoint URL, signing certificate, etc. Maximum 10KB. Only required when ProviderType is SAML, typically downloadable from the third-party IDP management console |
| RequestParametersMap | RequestParametersMap | No | Request parameter mapping configuration for handling non-standard OAuth protocol parameter transformations. By default, strictly follows the OAuth 2.0 standard. Configuration is needed when integrating with non-standard platforms such as WeChat or WeCom |
| ResponseParametersMap | ResponseParametersMap | No | Response parameter mapping configuration for handling non-standard OAuth protocol response parameter transformations. When integrating with non-standard platforms such as WeChat, third-party returned fields can be mapped to platform standard fields |
- OIDC type: It is recommended to provide
Issuer(auto-discovery of endpoints), or manually provideClientId,ClientSecret,RedirectUri,Scope,AuthorizationEndpoint,TokenEndpoint,JwksUri - OAUTH type: Required fields are
ClientId,ClientSecret,RedirectUri,Scope,AuthorizationEndpoint,TokenEndpoint - SAML type: Required field is
SamlMetadata - Other types (CUSTOM, EMAIL, etc.): All fields are optional
RequestParametersMap
Request parameter mapping for non-standard OAuth protocol parameter transformations. Can be empty by default. Configuration is needed when integrating with domestic platforms (e.g. WeChat, WeCom).
| Field | Required | Type | Description |
|---|---|---|---|
| ClientId | No | String | Mapped field name for OAuth standard client_id, e.g. appid for WeChat |
| ClientSecret | No | String | Mapped field name for OAuth standard client_secret |
| RedirectUri | No | String | Mapped field name for OAuth standard redirect_uri |
| GrantType | No | String | Parameter field name matching the OAuth authorization mode |
| ClientCredentials | No | String | OAuth authorization mode type, e.g. authorization_code, client_credentials |
| AccessToken | No | String | Mapped field name for access_token in OAuth response |
| ExpiresIn | No | String | Mapped field name for token validity period in OAuth response |
| AuthPosition | No | String | Request position for authentication info when obtaining token: URL, Headers, Body |
| RegisterUserRoleId | No | String | Role ID automatically bound when registering users through the identity source |
| RegisterUserAutoLicense | No | String | Whether to automatically grant a license when registering users, TRUE or FALSE, default FALSE |
| RegisterUserType | No | String | User type when registering: externalUser (external user) or internalUser (internal user), default externalUser |
ResponseParametersMap
Response parameter mapping for non-standard OAuth protocol response parameter transformations. Can be empty by default. Configuration is needed when integrating with domestic platforms (e.g. WeChat, WeCom).
| Field | Required | Type | Description |
|---|---|---|---|
| Sub | No | String | Mapped field name for user unique identifier (sub), corresponding to OIDC standard sub |
| Name | No | String | Mapped field name for user name, corresponding to OIDC standard name |
| Picture | No | String | Mapped field name for user avatar, must be a publicly accessible URL |
| Username | No | String | Mapped field name for user login name, corresponding to OIDC standard preferred_username |
| No | String | Mapped field name for user email, corresponding to OIDC standard email | |
| PhoneNumber | No | String | Mapped field name for user phone number, corresponding to OIDC standard phone_number |
| Groups | No | String | Mapped field name for user roles/groups, corresponding to OIDC standard groups, supports string array |
LocalizedMessage
Internationalized multi-language text structure, used for fields such as Name and Description of identity authentication sources. Different display texts can be configured for each language.
| Field | Required | Type | Description |
|---|---|---|---|
| Message | Yes | String | Default display text |
| Localized | No | Array<MessageLocalized> | Display text list for each language |
MessageLocalized
| Field | Required | Type | Description |
|---|---|---|---|
| Message | Yes | String | Display text for the language |
| Locale | Yes | String | Language identifier |
Example:
{
Message: 'WeChat Login',
Localized: [
{ Message: 'WeChat Login', Locale: 'en' },
{ Message: '위챗 로그인', Locale: 'ko' }
]
}
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.getProviders()
console.log('Total authentication sources:', res.Total)
res.Data?.forEach(provider => {
console.log(`${provider.Id} (${provider.ProviderType}): ${provider.On}`)
})
}
test()
addProvider
1. API Description
API feature: Add an identity authentication source
API declaration: app.env.addProvider(params): Promise<Object>
This API has been supported since v5.1.0.
Creates a new identity authentication source under the specified TCB environment, supporting standard protocols such as OAuth 2.0, OIDC, SAML 2.0, as well as custom login and email login. An error will be returned if the identity source ID already exists. Each environment allows a maximum of 20 authentication sources.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Name | Yes | LocalizedMessage | Identity source display name, supports internationalized multi-language configuration |
| ProviderType | Yes | String | Identity source protocol type: OAUTH, OIDC, SAML, WX_MICRO_APP, WX_QRCODE_MICRO_APP, WX_CLOUDBASE_MICRO_APP, WX_MP, WX_OPEN, WX_WORK_INTERNAL, WX_WORK_AGENT, WX_WORK_THIRD_PARTY, WX_WORK_THIRD_PARTY_ASSOCIATION, CUSTOM, EMAIL |
| Id | No | String | Identity source unique identifier, 2-32 lowercase letters and digits. System auto-generates if not provided |
| Picture | No | String | Identity source icon URL, 64×64 SVG format recommended |
| Homepage | No | String | Identity source official homepage URL |
| Config | No | Object | Identity authentication source protocol connection configuration, see ProviderConfig |
| TransparentMode | No | String | Whether to enable transparent mode, TRUE, FALSE, UNSPECIFIED, default FALSE |
| On | No | String | Identity source enable status, TRUE, FALSE, UNSPECIFIED, default TRUE |
| Description | No | LocalizedMessage | Identity source description, supports internationalized multi-language configuration |
| ReuseUserId | No | String | Whether to reuse third-party user ID as platform user ID, TRUE, FALSE, UNSPECIFIED |
| AutoSignInWhenEmailMatch | No | String | Whether to enable automatic email-based login association, default FALSE |
| AutoSignInWhenPhoneNumberMatch | No | String | Whether to enable automatic phone number-based login association, default TRUE |
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
// Add an OAuth identity authentication source
const res = await app.env.addProvider({
Name: { Message: 'My OAUTH Provider' },
ProviderType: 'OAUTH',
Id: 'myoauth',
Config: {
ClientId: 'your-client-id',
ClientSecret: 'your-client-secret',
AuthorizationEndpoint: 'https://www.example.com/auth',
TokenEndpoint: 'https://www.example.com/token',
UserinfoEndpoint: 'https://www.example.com/userinfo',
Scope: 'openid profile',
ResponseType: 'code',
TokenEndpointAuthMethod: 'CLIENT_SECRET_POST'
},
On: 'TRUE'
})
console.log(res.RequestId)
}
test()
modifyProvider
1. API Description
API feature: Modify an identity authentication source
API declaration: app.env.modifyProvider(params): Promise<Object>
This API has been supported since v5.1.0.
Updates the configuration of an existing identity authentication source, supporting modification of basic information, protocol connection configuration, login behavior control, and enable status. Uses an incremental update strategy, only updating fields that are passed in. Fields not included remain unchanged. For OIDC type, modifying the Issuer will automatically re-fetch endpoint configuration via Discovery. If a CUSTOM or EMAIL identity source does not exist, it will be automatically created upon invocation.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Id | Yes | String | Identity source unique identifier, 2-32 lowercase letters and digits |
| Name | No | LocalizedMessage | Identity source display name, supports internationalized multi-language configuration |
| Picture | No | String | Identity source icon URL |
| Homepage | No | String | Identity source official homepage URL |
| ProviderType | No | String | Identity source protocol type |
| Config | No | Object | Identity authentication source protocol connection configuration, see ProviderConfig |
| TransparentMode | No | String | Whether to enable transparent mode. When enabled, ReuseUserId is forced to TRUE and AutoSignUpWithProviderUser is forced to FALSE |
| On | No | String | Identity source enable status, TRUE, FALSE, UNSPECIFIED, default TRUE |
| Description | No | LocalizedMessage | Identity source description, supports internationalized multi-language configuration |
| ReuseUserId | No | String | Whether to reuse third-party user ID, TRUE, FALSE, UNSPECIFIED |
| AutoSignUpWithProviderUser | No | String | Whether to automatically register system users, TRUE, FALSE, UNSPECIFIED |
| EmailConfig | No | EmailConfig | Email identity source specific configuration, only valid when ProviderType is EMAIL |
| AutoSignInWhenEmailMatch | No | String | Whether to enable automatic email-based login association, default FALSE |
| AutoSignInWhenPhoneNumberMatch | No | String | Whether to enable automatic phone number-based login association, default TRUE |
EmailConfig
Email identity source specific configuration for configuring email sending method and custom templates. Only valid when ProviderType is EMAIL. Referenced by modifyProvider.
| Field | Required | Type | Description |
|---|---|---|---|
| On | No | String | Whether to use platform default sending, TRUE or FALSE |
| SmtpConfig | No | SmtpConfig | SMTP configuration |
| TemplateConfig | No | EmailTemplateConfig | Email template configuration |
SmtpConfig
Custom SMTP mail server connection configuration.
| Field | Required | Type | Description |
|---|---|---|---|
| SenderAddress | Yes | String | Sender email address, displayed as the From header in the email |
| ServerHost | Yes | String | SMTP server domain name or IP address, e.g. smtp.example.com |
| ServerPort | Yes | Number | SMTP server port. Common values: 465 (SSL), 587 (STARTTLS), 25 |
| AccountUsername | Yes | String | SMTP login account, typically the sender email address or SMTP username |
| AccountPassword | Yes | String | SMTP login password or authorization code. Keep it secure to prevent leakage |
| SecurityMode | No | String | Encryption mode: AUTO (auto-select), SSL, STARTSSL, NO_SSL, default AUTO |
EmailTemplateConfig
Email template configuration.
| Field | Required | Type | Description |
|---|---|---|---|
| RegisterSignIn | No | LocalizedTemplate | Registration/sign-in template |
| DefaultTpl | No | LocalizedTemplate | Default template |
Input restrictions: Templates must contain the {{.VerificationCode}} variable for displaying the verification code. Optional variables include {{.Usage}} (purpose description), {{.ExpireMinutes}} (expiration time), and {{.Email}} (recipient email). Templates must not contain script, javascript, onclick, onload, iframe, link tags, CSS expression, or CSS url().
LocalizedTemplate
Multi-language email template, specifying HTML template content by language code.
| Field | Required | Type | Description |
|---|---|---|---|
| ZhCN | No | String | Chinese template, HTML format. Must contain the {{.VerificationCode}} variable. Optional variables: {{.Usage}}, {{.ExpireMinutes}}, {{.Email}}. Must not contain script, javascript, onclick, onload, iframe, link tags, CSS expression, or CSS url() |
| EnUS | No | String | English template, HTML format. Same variables and restrictions as ZhCN |
Example:
{
RegisterSignIn: {
ZhCN: `
<h1>Verification Code</h1>
<p>Your verification code is: <strong>{{.VerificationCode}}</strong></p>
<p>Valid for 5 minutes</p>
`,
EnUS: `
<h1>Verification Code</h1>
<p>Your Verification Code Is: <strong>{{.VerificationCode}}</strong></p>
<p>expire in 5 min</p>
`
}
}
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
// Enable WeChat Open Platform login
const res = await app.env.modifyProvider({
Id: 'wx_open',
On: 'TRUE',
Config: {
ClientId: 'your-wechat-appid',
ClientSecret: 'your-wechat-appsecret'
}
})
console.log(res.RequestId)
}
test()
deleteProvider
1. API Description
API feature: Delete a third-party authentication source
API declaration: app.env.deleteProvider(id): Promise<Object>
This API has been supported since v5.1.0.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Id | Yes | String | Authentication source ID, 2-32 lowercase letters or digits, e.g. github |
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.deleteProvider('myoidc')
console.log(res.RequestId)
}
test()
createApiKey
1. API Description
API feature: Create an API Key
API declaration: app.env.createApiKey(params): Promise<Object>
This API has been supported since v5.1.0.
Creates an API Key access credential under the specified TCB environment. Two types are supported:
api_key: Server-side admin access credential with configurable validity period. Maximum 5 per environmentpublish_key: Frontend anonymous access credential with fixed validity period. Only one per environment
Upon successful creation, the API Key plaintext token is returned. This value is only returned once at creation time. Please keep it secure.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| KeyType | Yes | String | Key type: api_key or publish_key |
| KeyName | No | String | Custom key name. Descriptive names are recommended, e.g. server-prod |
| ExpireIn | No | Number | Key validity period in seconds, minimum 7200 seconds. 0 or not set means never expires |
3. Return Results
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Unique identifier of the request |
| KeyId | Yes | String | API Key unique identifier |
| Name | Yes | String | API Key name |
| ApiKey | No | String | API Key token value (JWT format), full plaintext only returned at creation |
| ExpireAt | No | String | Expiration time, ISO 8601 format |
| CreateAt | No | String | Creation time, ISO 8601 format |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.createApiKey({
KeyType: 'api_key',
KeyName: 'server-prod',
ExpireIn: 86400
})
console.log('KeyId:', res.KeyId)
console.log('ApiKey:', res.ApiKey) // Please keep it secure, only returned at creation
}
test()
describeApiKeyList
1. API Description
API feature: Query API Key list
API declaration: app.env.describeApiKeyList(params?): Promise<Object>
This API has been supported since v5.1.0.
Queries the list of API Key access credentials under the specified TCB environment with pagination, supporting type-based filtering. When type is not specified, only api_key type records are returned by default. Token values of api_key type are desensitized, while publish_key type returns full plaintext.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| KeyType | No | String | Key type filter: api_key or publish_key, default api_key |
| PageNumber | No | Number | Page number, starting from 1, default 1 |
| PageSize | No | Number | Number of items per page |
3. Return Results
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Unique identifier of the request |
| Data | No | Array<ApiKeyToken> | API Key list |
| Total | No | Number | Total count |
ApiKeyToken
| Field | Required | Type | Description |
|---|---|---|---|
| KeyId | No | String | API Key unique identifier |
| Name | No | String | API Key name |
| ApiKey | No | String | API Key token value, desensitized for api_key type in list queries |
| ExpireAt | No | String | Expiration time, ISO 8601 format |
| CreateAt | No | String | Creation time, ISO 8601 format |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
const res = await app.env.describeApiKeyList({
KeyType: 'api_key',
PageNumber: 1,
PageSize: 10
})
console.log('Total:', res.Total)
res.Data?.forEach(key => {
console.log(`${key.Name} (${key.KeyId}): expires ${key.ExpireAt}`)
})
}
test()
deleteApiKey
1. API Description
API feature: Delete an API Key
API declaration: app.env.deleteApiKey(keyId): Promise<Object>
This API has been supported since v5.1.0.
Deletes a specific API Key server access credential under the specified TCB environment. After deletion, the token corresponding to the key will be revoked, and requests made using that key will fail. This operation is idempotent — if the specified API Key does not exist, success is returned directly.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| KeyId | Yes | String | Key unique identifier, obtainable via the key list query API |
3. Return Results
| Field | Type | Description |
|---|---|---|
| RequestId | String | Unique identifier of the request |
4. Sample Code
const CloudBase = require('@cloudbase/manager-node')
const app = new CloudBase({ secretId: 'Your SecretId', secretKey: 'Your SecretKey', envId: 'your-env-id' })
async function test() {
// First, query the API Key list
const listRes = await app.env.describeApiKeyList({ KeyType: 'api_key' })
if (listRes.Data?.length) {
const res = await app.env.deleteApiKey(listRes.Data[0].KeyId)
console.log(res.RequestId)
}
}
test()