Skip to main content

White-label Mode

Applicable Scenarios

Provide AI development environments for employees or external users. Users do NOT need Tencent Cloud accounts, nor do they need to directly log in to the Tencent Cloud console — they only interact with the enterprise/platform's own domain, with zero awareness of Tencent Cloud. Can integrate with existing SSO/LDAP systems or self-owned account systems to achieve unified login. Supports a massive number of users with horizontal scaling capability, suitable for medium-to-large enterprises and ToC products.

Core problem this solves: Your users only interact with your product — they have no awareness that Tencent Cloud powers it underneath. Each user gets a fully isolated CloudBase environment. Your platform manages environments and credentials centrally, entirely transparent to users.

Onboarding Flow

White-label mode onboarding has two steps:

Step 1: Provision and manage CloudBase environments

Use Tencent Cloud APIs to create and manage CloudBase environments for your users. On first login, automatically create a dedicated environment and store the user-ID-to-environment-ID mapping.

→ See Environment & Resource Management API

Step 2: Connect MCP / Skill to Agent

Create an API Key for each user's environment, then configure CLOUDBASE_API_KEY + CLOUDBASE_ENV_ID in the Agent tool's MCP. Users can then operate CloudBase directly from the Agent with no login flow required.

→ See the "Configure MCP and Skill" section below

Solution Overview

The enterprise/platform manages the mapping between users and CloudBase environments, assigning each user a dedicated isolated environment, and securely delivering access credentials (API Key or temporary credentials) to the user's Agent tool:

  • Users log in with self-owned accounts (employee ID, enterprise email, platform account, etc.) without needing Tencent Cloud accounts
  • Users can be internal employees or C-end users/customers of the platform
  • Each user has an independent CloudBase environment — databases, cloud functions, and storage are fully isolated; users cannot see each other's data
  • The platform manages environment creation, API Key issuance, and lifecycle via API
  • The user's Agent tool accesses the dedicated environment using the platform-issued credentials, with no Tencent Cloud login required

Quickly Build an AI Development Platform

If you need to build an AI development platform similar to Lovable, Bolt.new, or Vercel v0, you can quickly set it up based on our open-source project. For details, see Vibe Coding Platform Solution.

Overall Architecture

Isolation guarantee: Each API Key is bound to a specific environment ID by the CloudBase platform and enforced server-side. Even if an API Key is leaked, it can only access that user's own environment — lateral access to other users' data is not possible.

Credential Method Comparison

White-label mode supports three MCP credential methods. API Key is recommended:

MethodUse caseUser awarenessSetup complexity
API Key (Recommended)Platform issues credentials; no login action needed from userNoneLowest
Custom Auth CodeUser completes a one-time login via the platform's own domainUser clicks a branded linkMedium
Temporary CredentialsPlatform server controls credential lifecycle, refreshed periodicallyNoneMedium

Configure MCP and Skill

White-label mode supports three connection methods. API Key is recommended — it's the simplest, requiring no login flow.

Simplest integration method. The platform creates an API Key for each user's environment and injects it into the MCP config. Users need no login or authorization flow at all.

Create an API Key

Call the Tencent Cloud CreateApiKey API to create an api_key type credential for the user's environment:

// Example: create an API Key for a user's environment
const result = await tcbClient.CreateApiKey({
  EnvId: userEnvId,       // the user's CloudBase environment ID
  KeyType: "api_key",     // server-side admin-level credential
  KeyName: `user-${userId}`,
  // ExpireIn: 7776000    // optional: validity period in seconds; omit for no expiry
});
// result.ApiKey is the plaintext token — returned only once, store it securely
Security Notice

api_key grants full admin access to the environment. Use it only server-side or in MCP configs — never expose it to clients or commit it to code repositories. Rotate periodically. Max 5 per environment.

You can also create one manually: CloudBase Console → Environment → API Key

MCP Configuration

Set CLOUDBASE_API_KEY and CLOUDBASE_ENV_ID in the Agent tool's MCP environment variables:

Client

Configure your AI tool to connect with CloudBase capabilities. Supports local and hosted connection. See connection modes.

Step 1: Install / Configure CloudBase

Use project template (recommended) - Template includes MCP configuration and AI rulesView templates

Install in one click:

Add to Cursor

Or manual configuration:

Or add this configuration to .cursor/mcp.json:

json
1{
2  "mcpServers": {
3    "cloudbase": {
4      "command": "npx",
5      "args": [
6        "@cloudbase/cloudbase-mcp@latest"
7      ],
8      "env": {
9        "INTEGRATION_IDE": "Cursor",
10        "CLOUDBASE_API_KEY": "<API Key for the user's environment>",
11        "CLOUDBASE_ENV_ID": "<the user's environment ID>"
12      }
13    }
14  }
15}
Need help?View Cursor docs

Step 2: Chat with AI

Enter the following in your AI chat in order:

prompt
Install CloudBase Skills: run npx skills add tencentcloudbase/cloudbase-skills -y
Use CloudBase Skills: Use CloudBase to operate the environment, configured via API Key

CLOUDBASE_API_KEY has the highest priority — no TENCENTCLOUD_* credentials or device-code login needed.

Large-scale / ToC Scenarios (Pay-as-you-go)

In addition to the "one environment per user (¥19.9/month)" plan, the White-label Mode also supports pay-as-you-go billing, which is more suitable for ToC products or scenarios with a large number of users:

  • No per-user fee: No need to purchase the ¥19.9/month CloudBase Personal plan for each user
  • Environment isolation still effective: Even with pay-as-you-go billing, each user's environment remains fully isolated
  • Billed by actual usage: Only pay for actual database reads/writes, cloud function invocations, storage, traffic, etc.
  • Extremely low cost: Low-activity users generate almost no cost, making it suitable for ToC products

The pay-as-you-go mode requires contacting the CloudBase product team to enable. Please contact us via the CloudBase Console or through business development channels.

Responsibilities of All Parties

RoleResponsibilities
Enterprise / PlatformUser identity authentication, create CloudBase environments for users, maintain user↔environment mapping, issue API Keys or temporary credentials and deliver them to the user's Agent tool
Agent (user side)Access the user's dedicated CloudBase environment using platform-issued credentials (API Key / temporary credentials), execute development tasks
Tencent Cloud CloudBaseProvide environment isolation, API Key permission enforcement, environment creation and resource management infrastructure

Verify Isolation Effect

After configuration is complete, verify that isolation is working:

  1. Call DescribeEnvs with User A's API Key — confirm only User A's environment is visible
  2. Attempt to access User B's environment resources with User A's credentials — should return a permission denied error
  3. In the Agent's MCP, confirm that only resources within the user's own environment (database, cloud functions, storage) can be operated