Cloud API
This page describes the Cloud API discovery entrypoints that the website currently publishes for automated clients and integrations.
The rule is simple: publish only capabilities that already exist and are documented. The site does not advertise private admin endpoints, unstable surfaces, or nonexistent OAuth or MCP discovery metadata.
Discovery entrypoints
- API catalog:
https://qiugeapp.zhangqiu.pro/.well-known/api-catalog - OpenAPI:
https://qiugeapp.zhangqiu.pro/.well-known/qiuge-cloud-api.openapi.json - Health endpoint:
https://qiugeapi.zhangqiu.pro/api/cloud/health
Current authentication model
The Cloud API currently uses platform-account login and bearer tokens for authenticated requests.
That means:
- bearer-token authentication is documented
/.well-known/openid-configurationis not published/.well-known/oauth-authorization-serveris not published/.well-known/oauth-protected-resourceis not published
The reason is direct: the production service is not a standards-based OAuth or OIDC authorization server yet.
Documented public subset
Public
GET /api/cloud/healthPOST /api/cloud/auth/register-code/requestPOST /api/cloud/auth/registerPOST /api/cloud/auth/login
Authenticated
POST /api/cloud/auth/refreshGET /api/cloud/mePATCH /api/cloud/meGET /api/cloud/subscription/plansGET /api/cloud/quotaPOST /api/cloud/ai/credential-leasesPOST /api/cloud/ai/usage-reports
Boundaries
/api/cloud/admin/*is operator-only and outside the public discovery scope- this page documents the stable public subset, not every internal route
- automated clients should start from the API catalog and then follow
service-descandservice-doc