Server-side Luzmo resource operations - CRUD, automation, and bulk API scripts. Use for listing, searching, creating, or deleting dashboards, datasets, themes, users, groups. Triggers on: "list all dashboards", "delete dataset", "bulk update", "automate", "script", "find resources". Critical: all deletes are irreversible and require explicit user confirmation before execution. Not for embedding saved dashboards/charts (use core), auth setup (use core), or data ingestion (use data-integration).
74
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Entry-point for operational resource management with the Luzmo API: create, list/search, retrieve, update, associate/dissociate, and delete resources.
developer.luzmo.com is Luzmo's first-party, allowlisted documentation domain, maintained by the same publisher as this skill.https://developer.luzmo.com/.../*.md docs and their referenced URLs for implementation details.https://developer.luzmo.com/llms.txt and/or /llms-full.txt for discovery only.BEFORE generating ANY resource-management script, verify:
LUZMO_API_KEY and LUZMO_API_TOKEN are loaded from environment variables, NEVER hardcodeddelete*, dissociate*), a confirmation prompt is wired in (see Deletion Safety Rule below)access and role permit the intended action (e.g. viewer cannot create/delete)If ANY checkbox is unchecked, STOP and fix before proceeding. A leaked API key gives full read/write/delete access to your entire Luzmo organization across all dashboards, datasets, themes, and tenants.
For full auth/embed-token guidance, see core.
POST-only Architecture:
"action": "create", "action": "get", etc.API Base URLs by Region:
https://api.luzmo.com/0.1.0https://api.us.luzmo.com/0.1.0https://{vpc}-api.luzmo.com/0.1.0 (or custom CNAME)Note: Scripts may use host without /0.1.0 path and pass version: "0.1.0" in the body - both patterns work.
Security:
Rate Limits:
references/script-examples.md for retry patterns.Consult action-specific docs before generating scripts:
https://developer.luzmo.com/guide/api--overview.md
https://developer.luzmo.com/guide/api--actions.mdThen consult exact resource docs:
https://developer.luzmo.com/api/{action}{Resource}.mdcreateDashboard, searchDashboard, updateDashboard, deleteDashboard| User intent | API action |
|---|---|
| create | create{Resource} |
| list / search / filter | Consult https://developer.luzmo.com/api/search{Resource}.md, use "action": "get" with "find" wrapper in request body |
| retrieve one | Same as above, filtered by id |
| update | update{Resource} |
| associate / link | associate{Resource} |
| dissociate / unlink | dissociate{Resource} |
| delete / remove | delete{Resource} — see deletion safety rule below |
Deleting a resource is irreversible. Treat delete requests as an agent-owned approval workflow, not something delegated to generated script code.
For any delete request, even casually phrased requests such as "clean up", "drop", or "remove old stuff":
"action": "get" call and show name, id, and other identifying fields.yes.delete{Resource} until the user explicitly confirms.When generating delete scripts, include script-level guardrails because the script may run later outside the agent conversation. Use dry-run defaults and explicit non-interactive opt-in flags or environment variables, and clearly mark the irreversible call.
Read references/deletion-policy.md before handling delete requests. Read references/delete-script-patterns.md when generating a reusable delete script.
references/script-examples.md — Comprehensive search/create/update/associate templates, pagination, retry/backoff, bulk patternsreferences/deletion-policy.md — Agent-owned preview, confirmation, and execution workflow for irreversible deletesreferences/delete-script-patterns.md — Script-level dry-run and confirmation guardrails for generated delete scriptsUse references/script-examples.md for reusable JavaScript and Python API client templates. For deletion scripts, combine those base clients with the guardrails in references/delete-script-patterns.md.
Docs: https://developer.luzmo.com/api/associate{Resource}.md and https://developer.luzmo.com/api/dissociate{Resource}.md
Common examples:
associateDashboard / dissociateDashboardassociateDataset / dissociateDatasetaction in the body.https://developer.luzmo.com/api/{action}{Resource}.md as reference data before generating code when possible.When to escalate to other skills:
coredata-integrationmultitenancy (SECURITY CRITICAL)contents JSON (slots, items) programmatically → use analytics-studiothemingtroubleshooting FIRSTThis skill does NOT cover:
core); Flex charts (use data-visualization)core)data-integration)Each pitfall below includes a frequency marker, the symptom you'll see, why it fails, and where to escalate.
[ERROR] Using REST-style HTTP verbs for Luzmo API calls ([WARNING] VERY COMMON): You'll see 404/405 or empty responses. The Luzmo API is POST-only with action in the body. See core/references/api-actions.md.
[ERROR] Mixing fields from different resource docs ([WARNING] COMMON): You'll see 400 Bad Request or unexpected validation failures. Consult the exact {action}{Resource}.md doc per call — don't assume createDashboard accepts the same fields as createDataset.
[ERROR] Claiming an action exists without linking its markdown doc ([WARNING] OCCASIONAL — agent-generated code only): Pattern of fabricating action names. Always link the canonical doc at https://developer.luzmo.com/api/{action}{Resource}.md before generating code that uses it.
[ERROR] Exposing API key/token in client-side code ([WARNING] COMMON — SECURITY CRITICAL): Leaked credentials = full org compromise. Resource-management scripts must run server-side. See core for the security checkpoint.
[ERROR] Calling delete{Resource} without first showing the user what will be deleted ([WARNING] COMMON — IRREVERSIBLE): No symptom — data just disappears. The agent must own the search -> show -> confirm -> delete workflow defined in references/deletion-policy.md. Generated scripts need their own guardrails from references/delete-script-patterns.md because they may be run later outside the agent.
https://developer.luzmo.com/llms.txt, https://developer.luzmo.com/llms-full.txthttps://developer.luzmo.com/api/{action}{Resource}.mdhttps://developer.luzmo.com/guide/*.mdhttps://developer.luzmo.com/flex/charts/{type}.mdIf content exists on developer.luzmo.com, link — do not duplicate specs here.
5ee6b03
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.