# SkinsNode Agent Instructions

These instructions apply to AI agents reading public SkinsNode documentation or helping a developer integrate with SkinsNode.

## Primary Sources

Prefer these resources, in this order:

1. `https://skinsnode.com/openapi.json` for endpoint, request, and response shape.
2. `https://skinsnode.com/docs/api-reference.md` for concise human and agent-readable API behavior.
3. `https://skinsnode.com/docs/ai-agent-integration.md` for implementation workflow and security rules.
4. `https://skinsnode.com/brand-facts.json` for canonical brand and entity facts.

## Security Rules

- Never place `x-client-secret` in browser code, mobile apps, public repositories, logs, analytics, or client-visible config.
- Use server-side environment variables or a secret manager for SkinsNode credentials.
- Verify `order.updated` webhook signatures with the raw request body before processing the event.
- Treat order creation as asynchronous. A `202 Accepted` response means the order was accepted for processing, not completed.

## Integration Pattern

1. Fetch catalog with `GET /v1/catalog`.
2. Use the item `id` as `catalogItemId`.
3. Create an order with `POST /v1/orders`.
4. Persist the returned order locally.
5. Process signed webhooks as the primary status source.
6. Poll `GET /v1/orders/{externalId}` as a fallback.

Contact `https://t.me/tek9nino` for credentials and onboarding.