Authentication & Security

Authentication and token management for the Zipwire CLI

The Zipwire CLI uses API tokens for authentication. This guide covers how to authenticate, manage tokens securely, and troubleshoot auth issues.

Authentication Methods

For interactive use, login via your browser:

zw auth login

This will:

Open your default browser automatically
Redirect you to Zipwire's login page
Ask you to sign in with your passkey or wallet
Generate an API token
Save it automatically to ~/.config/zw/config.yaml

Manual Token Entry

If you already have an API token, set it directly:

zw auth login --token your-api-token

To get an API token:

Log into Zipwire web app
Go to Account Settings
Find the API Tokens section
Generate or copy your token

Checking Your Authentication Status

zw auth status

Output shows:

✓ Authenticated
Token: zw_...

If not authenticated:

✗ Not authenticated

Logging Out

Clear your stored token:

zw auth logout

This removes the token from your config file. You'll need to authenticate again before using the CLI.

Token Management

Where Your Token is Stored

Your token is stored in:

~/.config/zw/config.yaml

Important: This file contains sensitive information. Protect it like you would a password or private key.

Security Best Practices

Never commit tokens to version control

# Add to .gitignore
echo "~/.config/zw/" >> ~/.gitignore

Use environment variables in scripts

export ZW_API_TOKEN="your-token"
zw auth login --token $ZW_API_TOKEN

Rotate tokens regularly
- Generate a new token
- Update your config
- Delete the old token from the web app
Use different tokens for different contexts
- One token for your local development
- A different token for CI/CD pipelines
- Separate tokens for different machines if needed

Using Tokens in CI/CD

For automated workflows (GitHub Actions, GitLab CI, etc.), use environment variables:

# GitHub Actions example
jobs:
  track-time:
    runs-on: ubuntu-latest
    steps:
      - run: zw auth login --token ${{ secrets.ZW_API_TOKEN }}
      - run: zw journal track "CI/CD job" -d 1h

Troubleshooting Authentication

"Invalid API Key" Error

Verify your token:

Check the token in your config: cat ~/.config/zw/config.yaml
Ensure it hasn't expired
Generate a new token in the web app if needed
Update with: zw auth login --token <new-token>

"Not Authenticated" Error

You need to authenticate first:

zw auth login

Token Accidentally Leaked

If you accidentally expose your token (e.g., in a commit):

Delete the token immediately from your config
Revoke it in the web app (Account Settings > API Tokens)
Generate a new token
Update your config with the new token

Multiple Machines

Each machine needs its own authentication. Authenticate on each machine separately:

# On machine 1
zw auth login

# On machine 2
zw auth login

You can use the same API token on multiple machines, or create separate tokens for isolation.

Config File Format

The CLI stores configuration in YAML format:

# ~/.config/zw/config.yaml
api-base-url: https://api.zipwire.io
api-token: zw_your_token_here_...
output-format: human
no-color: false

You can edit this file directly if needed, but it's safer to use zw auth login or zw config commands.

For more configuration options, see the Configuration guide.

PreviousGetting Started with the CLI NextConfiguration

Last updated 8 hours ago

hashtagAuthentication Methods

hashtagBrowser-Based Login (Recommended)

hashtagManual Token Entry

hashtagChecking Your Authentication Status

hashtagLogging Out

hashtagToken Management

hashtagWhere Your Token is Stored

hashtagSecurity Best Practices

hashtagUsing Tokens in CI/CD

hashtagTroubleshooting Authentication

hashtag"Invalid API Key" Error

hashtag"Not Authenticated" Error

hashtagToken Accidentally Leaked

hashtagMultiple Machines

hashtagConfig File Format