Get started

Authentication

Log in and manage credentials for the Astro AI CLI and API
View as Markdown

Authentication links the CLI and API to your Astro AI account. You need it to push agents to the registry, access private deployments, and call protected endpoints. Sign in with ast login (an account is required). If you don’t have one, sign up.

How it works

  1. You run ast login.
  2. The CLI shows you a short code (e.g. ABCD-EFGH) and a verification URL.
  3. You open the URL, enter the code, and sign in.
  4. The CLI polls until authentication completes, then stores the tokens.

Tokens are stored in the system keyring when available (macOS Keychain, Linux Secret Service, Windows Credential Manager). Otherwise they are stored in ~/.ast/credentials.json with restricted permissions.

CLI commands

CommandDescription
ast loginStart device flow and open browser to authenticate
ast login --no-browserPrint the verification URL instead of opening it
ast logoutClear stored credentials for the current profile
ast logout --allClear all stored credentials
ast whoamiShow current user and account info

Token lifecycle

  • Access token: Short-lived (~1 hour), used for API requests.
  • Refresh token: Long-lived; used to obtain new access tokens.

The CLI refreshes the access token automatically when it is close to expiry.

Next steps

After logging in you can switch between accounts. See Working with accounts.