CLI Authentication

The CLI uses OAuth 2.1 Authorization Code with PKCE.

nylio login

By default, the CLI opens a browser and waits for the OAuth callback on http://127.0.0.1:39123/callback. If you do not want the CLI to open a browser automatically:

nylio login --print-url

Session state

Check the locally stored session without making an API request:

nylio auth status
nylio whoami

Logout

Clear local credentials:

nylio logout

Environment and overrides

BETTER_AUTH_URL changes the default API origin
NYLIO_OAUTH_CLI_CLIENT_ID overrides the OAuth client id
--api-base-url <url> overrides the API origin per command

Notes

Access tokens refresh automatically when a refresh token is available.
If the stored token is missing or expired without a refresh token, the CLI asks you to log in again.
The CLI requests the public API audience, not the MCP audience.

Start Here

CLI

MCP

Format

API Reference

Authentication

CLI Authentication

Session state

Logout

Environment and overrides

Notes

Start Here

CLI

MCP

Format

API Reference

​CLI Authentication

​Login

​Session state

​Logout

​Environment and overrides

​Notes

CLI Authentication

Login

Session state

Logout

Environment and overrides

Notes