--- name: weber-cash version: 1.0.0 description: Track recurring business costs in Weber Cash and automate the public subscription and domain API. homepage: https://app.weber.cash/ metadata: {"category":"subscription-operations","api_base":"https://app.weber.cash/api/public/v1","files":{"skill.md":"https://app.weber.cash/skill.md","skill.json":"https://app.weber.cash/skill.json","skill.jsonl":"https://app.weber.cash/skill.jsonl","agents":"https://app.weber.cash/agents","llms.txt":"https://app.weber.cash/llms.txt"}} --- # Weber Cash Weber Cash is a web app and public REST API for recurring business costs. The public API covers workspaces, subscriptions, and domains. The broader app also models contracts, invoices, budgets, and a cash calendar for humans. ## Skill Files | File | URL | | --- | --- | | **skill.md** (this file) | `https://app.weber.cash/skill.md` | | **skill.json** (metadata) | `https://app.weber.cash/skill.json` | | **skill.jsonl** (discovery records) | `https://app.weber.cash/skill.jsonl` | | **Agents page** | `https://app.weber.cash/agents` | | **llms.txt** | `https://app.weber.cash/llms.txt` | ## Base URLs - App: `https://app.weber.cash/` - Agents: `https://app.weber.cash/agents` - Public API: `https://app.weber.cash/api/public/v1` ## Security Rules - Only send Weber Cash API keys to `https://app.weber.cash/api/public/v1`. - Keep keys server-side only. Do not embed them in browser code or public repositories. - Use scoped keys with the minimum permissions needed. - Prefer workspace-bound keys when an automation should only touch one workspace. - Do not use internal session routes or dashboard APIs for agent automation. ## Human Setup Required 1. Create an account at `https://app.weber.cash/register`. 2. Sign in at `https://app.weber.cash/login`. 3. Open `https://app.weber.cash/dashboard/settings`. 4. Create a scoped API key for `/api/public/v1/*`. 5. Copy the raw key immediately. It is shown only once. API keys currently use the `stk_` prefix. ## Authentication Preferred header: ```http Authorization: Bearer stk_your_prefix_your_secret ``` Query parameter authentication is not supported. ## Public API Surface Use only the public API under `/api/public/v1/*`. Available resource groups today: - Workspaces: list, create, update, delete - Subscriptions: list, create, update, cancel - Domains: list, create, update, cancel Current non-goals for external agents: - session-based dashboard endpoints - Stripe billing endpoints - registrar credential management - import preview and commit over the public API ## Scope Model - `WORKSPACES_READ`: Read workspaces available to the API key. - `WORKSPACES_WRITE`: Create, update, and delete workspaces the key can access. - `SUBSCRIPTIONS_READ`: Read subscription records, excluding domains. - `SUBSCRIPTIONS_WRITE`: Create, update, and cancel subscription records. - `DOMAINS_READ`: Read tracked domains and their renewal state. - `DOMAINS_WRITE`: Create, update, and cancel tracked domains. - `IMPORTS_WRITE`: Reserved for import workflows; public import endpoints are not exposed yet. ## Tenant Safety Rules - Every request is user-scoped through the API key owner. - Workspace-bound keys must not access or mutate other workspaces. - Payment method IDs must belong to the same user and workspace as the target record. - Subscription reads exclude domain-backed records; use the domains endpoints for tracked domains. - Deleting a subscription or domain through the public API performs cancellation behavior rather than hard deletion.