APM 인증 센터 API

v1.0.0

APM 플랫폼의 인증 센터 API 모음. 계정/이메일/휴대폰 기반 로그인, 관리자/공급업체/사용자 로그인, 토큰 갱신, 인증 코드 발송, 토큰 검증 등 19개 엔드포인트를 포함합니다. 요청 헤더(v/p/t/lang), MD5 서명 규칙, authcode 헤더(HH + access_...

⭐ 0· 40·0 current·0 all-time

by@apmzoom

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description describe an authentication API and the skill's files document 19 auth endpoints. The single required env var (APM_USER_TOKEN) is consistent with needing an access token for authenticated calls. However, the Base URL is an AWS execute-api domain (44k2t5n59e.execute-api.ap-northeast-2.amazonaws.com) that does not obviously match the declared GitHub homepage; you should confirm the endpoint is owned by the project/operator.

✓

Instruction Scope

SKILL.md and per-endpoint docs only describe constructing headers, MD5 signatures, and calling endpoints. There are no instructions to read unrelated local files, access other credentials, or send data to third-party endpoints beyond the documented Base URL. The docs do instruct storing/reading an access token in the APM_USER_TOKEN env var and using it as authcode for calls.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files — no software is downloaded or written to disk by an installer step.

ℹ

Credentials

Only one env var (APM_USER_TOKEN) is required, which is proportionate for an API client. Two small concerns: (1) the docs instruct storing the access token into that env var (persisting a credential), and (2) the skill requires the env var as a declared requirement even though tokens can be obtained via the login endpoints. Both are explainable but worth reviewing before granting an agent access to that env var.

✓

Persistence & Privilege

The skill does not request always:true or other privileged persistence. It is user-invocable and can be used autonomously by the agent (platform default), which is expected for skills; nothing here elevates privilege beyond normal.

What to consider before installing

This skill is mostly documentation for an authentication API and asks only for one token (APM_USER_TOKEN). Before installing: (1) verify that the Base URL (the execute-api.amazonaws.com hostname) is legitimately operated by the project shown on the GitHub homepage — an unrelated API host is a red flag; (2) be cautious about storing a long-lived access token in an environment variable accessible to agents — prefer short-lived tokens or provide credentials only at runtime; (3) confirm you trust the skill owner to handle any tokens you expose, since the agent will use the token to call the remote API; (4) because this is instruction-only, there is no install footprint, but double-check that behavior (headers, signing) matches your service contract. If you cannot verify ownership of the API endpoint or are uncomfortable exposing APM_USER_TOKEN to the agent, do not install or grant the env var.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvAPM_USER_TOKEN

Primary envAPM_USER_TOKEN

latestvk972e0wk70b9mpj7z513cerwp1850hmv

40downloads

0stars

1versions

Updated 2d ago

v1.0.0

MIT-0

APM 인증 센터 API

APM 플랫폼의 인증 센터 API 모음. 계정/이메일/휴대폰 기반 로그인, 관리자/공급업체/사용자 로그인, 토큰 갱신, 인증 코드 발송, 토큰 검증 등 19개 엔드포인트를 포함합니다. 요청 헤더(v/p/t/lang), MD5 서명 규칙, authcode 헤더(HH + access_token) 사용법을 문서화. Base URL: https://44k2t5n59e.execute-api.ap-northeast-2.amazonaws.com

공통 규약

Base URL: https://44k2t5n59e.execute-api.ap-northeast-2.amazonaws.com
요청 헤더: v=7.0.1, p=1, t=<unix초>, lang=zh-cn
인증 헤더: authcode: "HH " + access_token (로그인 계열 제외)
서명: sign = MD5(<params> + <salt>).toUpperCase() — 엔드포인트별 salt는 각 문서 참조
성공 코드: code=100, 결과는 result 필드
페이지네이션: last_update_time 커서 방식, page_size=20

엔드포인트 목록 (19개)

ids_admin_app_tool_login — 관리자 APP 도구 로그인 · POST /ids/admin_app_tool_login
ids_admin_desk_tool_login — 관리자 데스크탑 도구 로그인 · POST /ids/admin_desk_tool_login
ids_admin_login — 관리자 로그인 · POST /ids/admin_login
ids_captcha_img — 인증 코드 이미지 획득 · GET /ids/captcha_img
ids_m_login_account — 판매자 로그인-계정/비밀번호 · POST /ids/m_login_account
ids_m_login_email — 판매자 로그인-이메일 인증 코드 · POST /ids/m_login_email
ids_m_login_tel — 판매자 로그인-휴대폰 번호 인증 코드 · POST /ids/m_login_tel
ids_refresh_token — access_token 갱신 · POST /ids/refresh_token
ids_send_email_code — 이메일 인증 코드 발송 · POST /ids/send_email_code
ids_send_email_code_r — 이메일 인증 코드 발송(회원가입) · POST /ids/send_email_code_r
ids_send_tel_code — SMS 인증 코드 발송 · POST /ids/send_tel_code
ids_send_tel_code_r — SMS 인증 코드 발송(회원가입) · POST /ids/send_tel_code_r
ids_suppliers_login — 공급업체 로그인 · POST /ids/suppliers_login
ids_u_login_account — 사용자 로그인-계정/비밀번호 · POST /ids/u_login_account
ids_u_login_email — 사용자 로그인-이메일 인증 코드 · POST /ids/u_login_email
ids_u_login_tel — 사용자 로그인-휴대폰 번호 인증 코드 · POST /ids/u_login_tel
ids_u_login_to_ce — 사용자 로그인-계정/비밀번호(CE) · POST /ids/u_login_to_ce
ids_verfy_t — Token 검증 · POST /ids/verfy_t
ids_verfy_ttoken — Token 검증 · POST /ids/verfy_ttoken

사용법

필요한 엔드포인트 문서를 확인 (파일명 = 엔드포인트 이름)
ids_*_login_* 중 하나로 access_token 획득 (APM_USER_TOKEN 환경변수에 저장)
요청 헤더에 authcode: "HH " + $APM_USER_TOKEN 추가
해당 문서의 서명 규칙에 따라 sign 계산 후 호출

원본 문서: https://github.com/apmzoom-ai/apm-skills

Comments

Loading comments...