Authentication
Boltic CLI uses a secure OAuth 2.0 flow with browser-based authentication for enhanced security and user experience.
Login
# Interactive browser login
boltic login
# Login with a Permanent Access Token (PAT)
boltic login --token YOUR_PAT_TOKEN --account-id YOUR_ACCOUNT_ID
How the Authentication Flow Works
- Browser Launch — The CLI opens your default browser to the Boltic login page.
- OAuth Flow — Complete authentication in your browser (email/password or SSO).
- Token Exchange — The CLI automatically exchanges the authorization code for access tokens.
- Secure Storage — Tokens are encrypted and stored in your system's native keychain.
Secure Token Storage
Your credentials are stored in your system's native keychain:
| Platform | Storage Location |
|---|---|
| macOS | Keychain Access (boltic-cli service) |
| Windows | Credential Manager (boltic-cli service) |
| Linux | Secret Service API (boltic-cli service) |
Stored credentials:
| Key | Description |
|---|---|
token | Bearer token for API authentication |
session | Session cookie for web requests |
account_id | Your Boltic account identifier |
Logout
# Clear all stored credentials
boltic logout
Check Authentication Status
# Any command requiring auth will prompt login if not authenticated
boltic integration list