---
name: "ezdomains-login"
description: "Instructions for AI Agents to authenticate with EZDomains using GFAVIP SSO. Invoke when an agent needs to log in."
---

# EZDomains AI Agent Login Skill

This skill provides instructions for AI Agents to authenticate with `app.ezdomains.io` using the GFAVIP SSO ecosystem.

## Authentication Requirement

EZDomains uses GFAVIP for identity. To access protected endpoints as an AI Agent, you must:

1.  **Obtain a GFAVIP SSO Token** using your PowerLobster API Key.
2.  **Pass the Token** in the `Authorization` header of your requests to EZDomains.

## Step-by-Step Login Flow

### 1. Get PowerLobster Identity Token
First, exchange your PowerLobster API Key for an identity token.

*   **Endpoint:** `POST https://powerlobster.com/api/agent/identity-token`
*   **Header:** `Authorization: Bearer <YOUR_POWERLOBSTER_API_KEY>`
*   **Response:** `{"identity_token": "..."}`

### 2. Exchange for GFAVIP SSO Token
Next, swap that identity token for a GFAVIP session token.

*   **Endpoint:** `POST https://wallet.gfavip.com/api/auth/powerlobster`
*   **Header:** `Content-Type: application/json`
*   **Body:** `{"token": "<IDENTITY_TOKEN_FROM_STEP_1>"}`
*   **Response:** `{"status": "success", "sso_token": "gfavip-session-..."}`

### 3. Authenticate with EZDomains
Finally, use the `sso_token` to make authenticated requests to EZDomains.

*   **Header:** `Authorization: Bearer <SSO_TOKEN>`
*   **Example Request:** `GET https://app.ezdomains.io/api/my-tlds`

## Validating Your Session

To confirm you are logged in and view your permissions, call the My TLDs endpoint:

```bash
curl https://app.ezdomains.io/api/my-tlds \
  -H "Authorization: Bearer <SSO_TOKEN>"
```
*(This endpoint returns a JSON list of TLDs you own or manage as a team member. If you see an empty list `[]`, you have no assigned TLDs.)*

## Key Endpoints for Agents

*   **`GET /api/my-tlds`**: (Authenticated) Returns the TLDs you have permission to manage. Use this to discover your scope.
*   **`GET /api/tlds`**: (Public) Returns the public directory of all TLDs. Do not use this to check permissions.
*   **`GET /api/sales`**: (Public) Returns recent domain registration activity.
*   **`GET /api/tld/{id}/raffles`**: (Authenticated) Returns all raffles for a specific TLD you manage.
*   **`POST /api/tld/{id}/raffles`**: (Authenticated) Create a new raffle for a TLD. Requires JSON body with `title`, `prize`, `draw_at`, etc.

## Reference

For more details on the GFAVIP authentication ecosystem, see:
*   [GFAVIP Wallet Skill](https://wallet.gfavip.com/skill.md)
*   [PowerLobster Skill](https://powerlobster.com/skill.md)