# 1688 Product Master Reference

## 1. Runtime scrape mapping from original curl

Original browser call target:

- `POST /ecom/tasks/scrape`

Runtime script behavior:

1. Exchange client key:
   - `POST /auth/skill-credit/session`
   - body: `{ "clientKey": "<CLIENT_KEY>" }`
2. Use returned `accessToken`:
   - `Authorization: Bearer <accessToken>`
3. Call scrape:
   - `POST /ecom/tasks/scrape`
   - `Content-Type: application/json`
   - payload fields:
     - `url`
     - `optimizeImages`
     - `optimizeTitles`
     - `optimizeVariants`
     - `needTranslate`
4. If runtime session is expired (`401/403`), `@clawd/auth-runtime` will refresh token and retry once automatically.

The extra browser headers in the original curl (`sec-*`, `origin`, cookies, etc.) are not required by this skill flow.

## 2. Notes

- `clientKey` plaintext is only returned at key creation time.
- Store the returned `clientKey` securely and inject it as `CLIENT_KEY`.
- `/auth/skill-credit/clients*` endpoints are owner management APIs and are out of this runtime skill scope.