vtex-io-auth-and-policies
Originally fromvtexdocs/ai-skills
Installation
SKILL.md
Authorization & Policy Design
When this skill applies
Use this skill when a VTEX IO app needs explicit permissions to call external services, consume VTEX resources, or expose access-controlled behavior.
- Adding an external API integration
- Consuming VTEX resources that require declared permissions
- Reviewing whether a route or client needs policy changes
- Tightening app permissions around an existing integration
Do not use this skill for:
- service runtime tuning
- HTTP handler structure
- frontend UI authorization behavior
- broader trust-boundary or sensitive-data modeling
- choosing between
AUTH_TOKEN,STORE_TOKEN, andADMIN_TOKEN