Authentication Modes
The CLI supports two public auth modes:
| Mode | Best for |
|---|
OAuth via trigify login | Local development and interactive usage |
API key via TRIGIFY_API_KEY or --api-key | CI, scripts, and headless execution |
OAuth Login
Start an interactive login flow:
The CLI opens a browser window, completes the OAuth flow, and stores credentials locally for later commands.
Stored Credentials
Credentials are stored in an OS-appropriate config directory:
| Platform | Path |
|---|
| macOS and Linux | ~/.config/trigify/credentials.json |
| Windows | %APPDATA%/trigify/credentials.json |
Re-authenticate
Force a fresh login even if a valid session already exists:
Custom Base URL
Point OAuth at a non-production API base:
trigify login --base-url https://trigify-api-staging.up.railway.app
API Key Authentication
Use an API key for one-off commands:
trigify --api-key trig_your_api_key search list
export TRIGIFY_API_KEY=trig_your_api_key
trigify search list
API keys are the preferred option for CI and other non-interactive environments.
Environment Variables
| Variable | Description |
|---|
TRIGIFY_API_KEY | Default API key for headless authentication |
XDG_CONFIG_HOME | Override the config root on macOS/Linux |
APPDATA | Windows config root override |
export TRIGIFY_API_KEY=trig_your_api_key
trigify whoami
Logout
Remove stored OAuth credentials from disk:
Identity And Verification
Check which account and organisation the CLI is currently using:
This is the fastest way to verify that OAuth or API key authentication is pointing at the expected workspace.
Troubleshooting
Session already exists
If trigify login reports that you are already authenticated, either keep using the current session or run:
Local session expired
Expired OAuth sessions are refreshed automatically when possible. If refresh fails, re-run:
Wrong environment
If commands are returning unexpected data, ensure your API key belongs to the correct organisation.