Authentication

Code CLI supports four authentication methods for connecting to AI providers.

API Key Authentication

Terminal

bash

codecli auth login
# Select provider, enter API key

API keys are stored in ~/.config/codecli/auth.json and never sent to third parties.

OAuth Authentication

Some providers support browser-based OAuth. Code CLI opens your browser, you authorize, and tokens are stored and refreshed automatically.

Well-Known Authentication

Terminal

bash

codecli auth login https://your-org.com
# Fetches and executes .well-known/codecli from the domain

Organizations can host a config at .well-known/codecli that defines default providers and auth endpoints.

Provider-Specific Setup

Provider	Env Variable	Auth Method
Anthropic	ANTHROPIC_API_KEY	API key or OAuth
OpenAI	OPENAI_API_KEY	API key
Google	GOOGLE_API_KEY	API key or OAuth
AWS Bedrock	AWS_ACCESS_KEY_ID	AWS credentials
Ollama	(none — local)	No auth needed
Groq	GROQ_API_KEY	API key
Mistral	MISTRAL_API_KEY	API key

Managing Credentials

Terminal

bash

codecli auth list      # List all configured providers
codecli auth logout    # Remove credentials for current provider
codecli provider list   # List all available providers
codecli provider models # List available models

#Authentication

#API Key Authentication

#OAuth Authentication

#Well-Known Authentication

#Provider-Specific Setup

#Managing Credentials

Authentication

API Key Authentication

OAuth Authentication

Well-Known Authentication

Provider-Specific Setup

Managing Credentials