api-content_skill

This skill helps you design, call, secure, and manage Kuroco API endpoints and content CRUD with robust error handling.

1

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill diverta/kuroco-skills --skill api-content

  • metadata.json104 B
  • SKILL.md25.7 KB

Overview

This skill provides practical best practices for designing, implementing, and managing content with Kuroco Headless CMS APIs. It focuses on endpoint design, authentication options (Cookie, JWT, StaticToken), CORS, rate limiting, caching, and common CRUD operations for Topics content. The guidance helps build secure, performant API integrations and predictable content workflows.

How this skill works

The skill explains how to construct Kuroco API endpoints, set security policies, and choose appropriate authentication flows (cookie-based sessions, JWT tokens, or static tokens). It describes typical request/response patterns for list, details, insert, update, delete, and bulk operations, plus filter queries, file uploads, pagination (pageID/cnt), and error handling for 401/403/429/500. Practical code snippets illustrate fetch/axios usage, credentials handling, and header usage like X-RCMS-API-ACCESS-TOKEN.

When to use it

  • Implementing a content API for news, blogs, or member-driven pages using Topics and TopicsGroup models
  • Choosing an authentication model for web (Cookie) versus mobile/server (JWT or StaticToken)
  • Designing endpoints with caching and rate limits for high-traffic public content
  • Implementing client-side calls with pagination, filter, order_by, and robust error handling
  • Automating bulk updates or CSV imports for content migrations or large updates

Best practices

  • Use cookie auth with credentials: 'include' for same-site web apps; ensure domains/subdomains are configured for first-party cookies
  • Use JWT tokens for mobile or cross-origin clients and refresh_token logic for token lifecycle
  • Reserve StaticToken for server-to-server calls and rotate tokens if exposure is possible
  • Set precise CORS_ALLOW_ORIGINS (avoid '*') and CORS_ALLOW_CREDENTIALS when cookies are used
  • Set cache durations by content type (static news 86400s, real-time 0) and rely on auto cache invalidation on updates
  • Respect x-rcms-ratelimit-* headers and implement exponential backoff on 429 responses

Example use cases

  • Fetch paginated news list with pageID/cnt and display pageInfo (totalCnt, perPage, pageNo)
  • Create/update Topics entries with ext_col fields, tags, open_ymd/close_ymd for scheduled publishing
  • Authenticate users via login_challenge + token endpoints and attach X-RCMS-API-ACCESS-TOKEN to requests
  • Upload files, receive file_id, and attach to content ext_col file fields in insert or update calls
  • Apply filter queries like filter=subject contains 'important' and order_by=ymd desc for search pages

FAQ

Use StaticToken for server-side rendering or public APIs; for authenticated user flows prefer Cookie auth for web or JWT for native apps.

How do I avoid CORS and cookie issues across domains?

Host API and frontend on the same registered domain (subdomains allowed) and set CORS_ALLOW_CREDENTIALS plus specific origins; avoid wildcard origins.

What to do when receiving 429 rate limit errors?

Read x-rcms-ratelimit-reset header, delay retries accordingly, and implement exponential backoff or request batching.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational