CLI authentication

Every CLI command needs a loomta_sk_… key. Pick the option that fits your setup:

The easiest way. Run one command and the CLI opens a browser, you approve, done.

loomta auth:login

The CLI prints a short code (LMT-XXXX-XXXX), opens https://loomta.com/cli-auth in your browser, and waits while you sign in and choose a workspace. Once approved it saves the key to ~/.loomta/credentials.json automatically.

No browser available? (SSH, container, headless server) — add --no-browser. The CLI prints a URL and code you can open on any device:

loomta auth:login --no-browser

Option 2 — Paste an API key

Got an existing loomta_sk_… key from the dashboard? Pass it directly:

loomta auth:login --api-key loomta_sk_xxx

The CLI validates the key against the API before saving it to ~/.loomta/credentials.json. Good for CI pipelines that mint their own key via the dashboard Settings → API Keys.

Option 3 — Environment variable

No saved file at all — set the key in the environment. This always wins over a saved file, making it safe for containers and CI runners.

export LOOMTA_API_KEY=loomta_sk_xxx

Optionally override the API host (useful for local dev or staging):

export LOOMTA_API_URL=https://api.loomta.com

Resolution order

When a command runs, the CLI checks in this order and stops at the first match:

LOOMTA_API_KEY environment variable (+ optional LOOMTA_API_URL)
~/.loomta/credentials.json written by auth:login

The credentials file


Path	`~/.loomta/credentials.json`
Permissions	`0600` (owner read/write); `~/.loomta` directory is `0700`
Shape	`{ "apiKey": "loomta_sk_…", "apiUrl": "https://api.loomta.com" }`

Check and clear

loomta auth:status   # validates the current key and shows its source (env | file)
loomta auth:logout   # deletes ~/.loomta/credentials.json

auth:logout removes the saved file only — it does not revoke the key on the server.