Skip to main content

Platform Access to TCB Solution

What CloudBase for Platform Is

A solution for platforms such as AI Coding, Vibe Coding, Agent (e.g., OpenClaw, Lovable, Bolt.new, Vercel v0, Figma Make), enabling any platform/Agent to configure and manage the backend on behalf of its users. The platform aims to provide end-users with a more seamless workflow and ready-to-use backend capabilities, while abstracting away the complexity of underlying resources such as databases, SCF, and COS—users can obtain a functional application through simple instructions or operations without needing to understand these concepts.

What You Get: TCB provides each of your tenants with a standalone environment, which includes databases, SCF, Static Hosting, and a unified HTTP access gateway. Resources are isolated between tenants, and you can automate management tasks—including creation, billing, deployment, database operations, and monitoring—through Tencent Cloud APIs.

Applicable Scenarios: SaaS, internal business platforms, multi-tenant systems, or AI Coding / Vibe Coding platforms—that require providing isolated backend capabilities for each customer/tenant and managing them via APIs rather than solely through consoles.

Management Unit: Based on environments. One environment = a complete set of resources for one tenant (database, SCF, HTTP access service, Static Hosting, etc.), typically one tenant per environment. All capabilities are managed programmatically via the Tencent Cloud TCB API.

Relationship Between Tencent Cloud Accounts and Environments: Adopts the Large Account Model—You use one Tencent Cloud account (master account or a sub-user with TCB permissions) to create multiple environments under this account. Each tenant corresponds to one environment, and resources and billing for all environments belong to this account, facilitating unified management and consolidated billing for you. The number of environments is subject to account quota limitations. Before creation, you can query the upper limit of environments via the API Query Environment Quota Limit; if you need to adjust the limit, you can contact us.

The hierarchy among accounts, environments, and resources is as follows:

Creating Environment and Billing

Create an environment for the new tenant and manage its billing and quotas.

Operation Steps

Step 1: Confirm Preconditions

Before creation, you need to use the following APIs to confirm account status and available resources:

Step 2: Call CreateEnv to create an environment

Call the CreateEnv API. The API will automatically place an order and deduct payment. Key parameters:

ParameterDescription
PackageIdPackage ID, such as baas_personal; can be obtained via DescribeBaasPackageList
AliasEnvironment alias
ResourcesResource types to be activated together, see the table below
PeriodPurchase duration (month, default is 1)
TagsEnvironment tags for permission isolation and resource grouping; recommended to tag by tenant ID and business line

Resources optional values:

ValueDescription
flexdbDocument Database (NoSQL), compatible with MongoDB-style APIs
storageCOS (Cloud storage)
functionSCF (including HTTP-triggered functions)

Select from the above types based on business needs; other resources (such as MySQL) can be activated on-demand after environment creation.

Step 3: Wait for delivery and confirm the status

Environment delivery is an asynchronous process. Call DescribeEnvs to poll until the environment status becomes available. After confirmation, you can further query usage and billing:

Quota Considerations: Both COS resources and SCF (non-Shanghai regions) have account-level or region-level quota limits. When planning to create a large number of environments in batches, we recommend conducting a quota assessment with the TCB team in advance.

Environment Lifecycle API Reference

Deploying Backend Services for Tenants

Requests pass through the HTTP access service unified entry point and are routed to the corresponding SCF. Supports REST API, WebSocket long connections, and container image deployment.

The complete invocation process from obtaining environment information to becoming publicly accessible:

Operation Steps

Step 1: Obtain or create log configuration

Select based on the deployment method:

Code Package Deployment (ZIP / COS): Invoke DescribeEnvs, retrieve LogsetId / TopicId from EnvInfo.LogServices[0], then pass them in as ClsLogsetId / ClsTopicId when creating a function for log delivery.

Image Deployment: You need to manually create a logset and log topic:

  1. Invoke CreateLogset to create a logset and obtain the returned LogsetId
  2. Invoke CreateTopic to create a log topic, pass in the LogsetId from the previous step, and obtain the returned TopicId

When creating a function subsequently, pass in LogsetId / TopicId as ClsLogsetId / ClsTopicId.

Step 2: Package and upload the code

Package the function directory into a ZIP file and Base64 encode it, with a limit of 50 MB. If it exceeds this limit, upload it to COS first, then reference it via CosBucketName / CosObjectName / CosBucketRegion (the bucket name does not include the -appid suffix, and the path starts with /).

Step 3: Create or update the function

Invoke CreateFunction or UpdateFunctionCode. Required parameters: Type: 'HTTP', Namespace (TCB environment ID), and Handler. For WebSocket functions, ProtocolType: 'WS' is additionally required. Refer to WebSocket Functions for details.

Step 4: Wait for function readiness

Poll ListFunctions until Status = Active is returned.

Step 5: Configure HTTP access service route

Invoke CreateCloudBaseGWAPI. Key parameters: EnableUnion: true, Path, ServiceId (environment ID), Type: 6, Name (function name), AuthSwitch: 2 (disable authentication), PathTransmission: 2 (path passthrough), EnableRegion: true, and Domain.

Step 6: Wait for service readiness

Poll DescribeCloudBaseGWAPI until APISet[0].UnionStatus = 1 is returned to obtain the external access address.

(Optional) Bind a custom domain name

Invoke BindCloudBaseAccessDomain with ServiceId (environment ID), Domain, and BindFlag: 2. For HTTPS, pass CertId (certificates must be pre-applied in the SSL Certificate Console). If using Tencent Cloud DNSPod for resolution, check whether the CNAME record exists via DescribeRecordFilterList. If it does not exist, create it by calling CreateRecord.

The above Cloud APIs can be uniformly initiated via the management-side SDK commonService; alternatively, directly use Tencent Cloud SDK 3.0 to invoke SCF APIs, supporting multiple languages including Python, Java, PHP, Go, Node.js, .NET, C++, and Ruby.

SCF API Reference

Pass the TCB environment ID in Namespace to operate functions in the corresponding environment. For complete parameters, see SCF API Overview.

WebSocket Functions

WebSocket Functions require the following additional parameters in CreateFunction beyond those of ordinary HTTP functions:

ProtocolType: 'WS',
ProtocolParams: {
  WSParams: {
    IdleTimeOut: 7200   // Connection idle timeout, 10–7200 sec
  }
},
Timeout: 7200           // Function timeout, must be >= IdleTimeOut, 15–7200 sec

CAUTION: The function timeout must be ≥ the idle timeout; otherwise, creation will fail.

Single-instance multi-concurrency (session-based for WebSocket, request-based for ordinary HTTP):

InstanceConcurrencyConfig: {
  DynamicEnabled: 'FALSE',
  MaxConcurrency: 10,
  Type: 'Session-Based',        // Session-Based for WebSocket; Request-Based for HTTP
  SessionConfig: {
    SessionExpireTime: 7200,
    IdleSessionExpireTime: 3600,
    SessionDestroyStrategy: 'IdleDestroy',
    SessionKeyType: 'Header',
    SessionKey: 'x-ws-session'
  },
  InstanceIsolationEnabled: 'FALSE'
}

Container Image Deployment

Image deployment is suitable for scenarios with complex dependencies, large size, or requiring custom runtime environments. It can also be deployed via CLI.

Preconditions:

  1. Authorize Image Pull: Grant the policy QcloudAccessForSCFRoleInPullImage to the SCF role (one-time operation): Click to Authorize
  2. Prepare Image Repository: Create a repository in Tencent Cloud Container Registry (TCR); refer to Retrieving Access Credentials and Pushing Images.
  3. Image Requirements: Linux-based amd64 image, listening on port 9000 within the container.

When building on Apple Silicon Mac or other ARM-based machines, must add --platform linux/amd64; otherwise, the function will fail to start after deployment due to architecture mismatch:

docker build --platform linux/amd64 -t your-image-name .

During deployment, replace Code.ZipFile with Code.ImageConfig in CreateFunction:

Code: {
  ImageConfig: {
    ImageType: 'personal',   // Personal Edition Repository
    ImageUri: 'ccr.ccs.tencentyun.com/your-ns/your-image:tag',
    // RegistryId: ''        // To be filled for Enterprise Edition repository
  }
}

Refer to: ImageConfig Parameter Description

HTTP Access Service API Reference

Domain and Secure Domain

Bind custom domains and certificates to the tenant environment's Static Hosting or HTTP Access Service; configure an allowlist of frontend secure domains that can initiate TCB requests.

Operation Steps

Step 1: Apply for SSL certificate

Before binding an HTTPS domain, you need to apply for or upload a certificate in the SSL Certificate Console and obtain the CertId.

Step 2: Bind a custom domain name

Select the corresponding API based on the purpose:

Step 3: Configure DNS CNAME

After binding, point your own domain to the access domain provided by CloudBase (e.g., xxx.tcbaccess.tencentcloudbase.com) via a CNAME record at your domain registrar. If using Tencent Cloud DNSPod, you can perform this operation via API:

  1. Check whether the CNAME record already exists: DescribeRecordFilterList
  2. If it does not exist, create a record: CreateRecord with Value set to the access domain

Access takes effect only after both domain binding and DNS resolution are completed.

Step 4: Configure Security Domain (Optional)

Secure domains control which frontend domains can initiate requests to TCB. Add the tenant's frontend domains to the allowlist:

Domain API Reference

Database

Each environment provides two types of database capabilities, with tenants isolated by environment.

  • Document Database (FlexDB / NoSQL): Stores data in collections and documents, compatible with MongoDB-style APIs, supports collection CRUD operations and index management. During environment creation, select flexdb in Resources to enable it.
  • Relational Database (MySQL): Supports standard SQL and DDL, table structure management; frontend can access via Web SDK using Supabase-style API.
  • Permissions and Security: Supports database-level ACL and table-level security rules to control read/write scopes and row-level access.

Document Database

Operation Steps

Step 1: Activate

During environment creation, pass flexdb in Resources to enable it together without additional operations.

Step 2: Create Collection

Call CreateTable to create a collection, passing EnvId and the collection name.

Step 3: Manage Indexes and Permissions

  • Query or modify collection indexes: UpdateTable
  • Configure read/write permissions and security rules to control tenant data access scope

Document Database API Reference

MySQL

Operation Steps

Step 1: Enable MySQL

Call CreateMySQL to enable. The API is asynchronous; poll for results through the following API:

Step 2: Initialize Table Structure

After the service is enabled, execute DDL statements such as creating tables and indexes through RunSql.

Step 3: Configure Accounts and Access Permissions

MySQL API Reference

Lifecycle Management (tcb.tencentcloudapi.com):

Account Management (cynosdb.tencentcloudapi.com):

Connection and Clusters (cynosdb.tencentcloudapi.com):

Backup (cynosdb.tencentcloudapi.com):

Monitoring and Logs

View monitoring curves and HTTP access service running status by environment, and search CLS logs for troubleshooting and usage analysis.

Operation Steps

Step 1: Query Monitoring Data

Select granularity as needed:

Step 2: Search Logs

Select the corresponding log search method based on the SCF deployment method:

Code package deployment (ZIP / COS): Call SearchClsLog, and pass in:

  • EnvId: Environment ID
  • Time range
  • QueryString: Follow CLS syntax, such as module:database, src:app

A maximum of 100 results can be returned per request, supporting cursor-based pagination (up to 10,000 results).

Image Deployment: Logs for image-deployed SCF are queried through CLS (Log Service). Call SearchLog, passing in the TopicId and time range configured when creating the function.

Monitoring and Logs API Reference

Development and Integration Method

Based on your technology stack and scenarios, you can choose the following methods to manage environments and resources:

MethodApplicable ScenariosDocumentation
Management-side SDK (Node.js)Integration in own systems or scripts, recommended as the preferred choiceManagement-side SDK Documentation
Management Plane APIDirectly invoke REST APIs and integrate with existing backend systemsTCB API Introduction
MCP ToolAI Coding platforms (Cursor, Claude Code, etc.), where AI Agents invoke CloudBase capabilitiesCloudBase MCP, Using Skills

MCP provides two connection modes: local mode and hosted mode. For details, see Connection Modes:

Local Mode (recommended): MCP Server starts up locally via npx, offering the most comprehensive features (including file upload, template download, and other capabilities dependent on the local file system). Requires Node.js to be installed locally.

{
  "mcpServers": {
    "cloudbase": {
      "command": "npx",
      "args": ["@cloudbase/cloudbase-mcp@latest"],
      "env": {
        "CLOUDBASE_ENV_ID": "<env_id>",
        "TENCENTCLOUD_SECRETID": "<SecretId>",
        "TENCENTCLOUD_SECRETKEY": "<SecretKey>"
      }
    }
  }
}

Hosted Mode: MCP Server runs on Tencent Cloud. The IDE connects via HTTP without requiring local Node.js installation, but does not support local file operations (such as downloading templates to the local machine).

{
  "mcpServers": {
    "cloudbase": {
      "type": "http",
      "url": "https://tcb-api.cloud.tencent.com/mcp/v1?env_id=<env_id>",
      "headers": {
        "X-TencentCloud-SecretId": "<SecretId>",
        "X-TencentCloud-SecretKey": "<SecretKey>"
      }
    }
  }
}

Hosted mode supports disabling specified plugins via the URL parameter disable_plugins (e.g., &disable_plugins=rag&disable_plugins=env); Available plugins: env, database, functions, hosting, storage, setup, rag, cloudrun, gateway, security-rule, capi, etc.; For the complete list of tools, see MCP Tools Documentation.

  1. Environment Creation and Billing: Completes the creation and billing activation of a single-tenant environment and supports usage query.
  2. Deploy Backend: Deploys HTTP-triggered SCF to provide API or WebSocket capabilities to external systems.
  3. HTTP Access Service and Domains: Configure routing and custom domains to achieve external exposure and access control.
  4. Database and Permissions: Provision databases and create tables for tenants, and configure permissions and security rules.
  5. Monitoring and Logging: Perform troubleshooting and usage analysis through monitoring curves and CLS logs.

Terminology

TermDescription
EnvironmentA complete set of resources for one tenant (database, SCF, HTTP access service, Static Hosting, etc.), typically one tenant per environment.
HTTP-triggered SCFOn-demand executed cloud functions that expose URLs via HTTP access services, suitable for REST APIs and lightweight logic.
HTTP Access ServiceA unified HTTP entry point that routes requests to HTTP-triggered SCF (referred to as such in Tencent Cloud documentation).

Reference Resources

Official Documentation

AI Coding / MCP

Platform Access Integration