Superserve uses the OAuth 2.0 Device Authorization Grant for CLI authentication. No passwords are entered in the terminal - you authorize in your browser.
Log in via browser
The CLI will:
- Display a short confirmation code
- Open
console.superserve.ai/device in your browser
- Wait for you to authorize
Once you approve in the browser, the CLI is authenticated. Credentials are stored locally at ~/.superserve/auth.json with owner-only permissions (0600).
Log in with an API key
For CI/CD pipelines or environments without a browser, use an API key directly:
superserve login --api-key your-api-key
Log out
This removes ~/.superserve/auth.json.
How it works
CLI requests a device code
The CLI calls the Superserve API and receives a short user code and a verification URL.
Browser opens
The CLI opens console.superserve.ai/device in your browser with the code pre-filled.
You authorize
Log in (if needed) and click Authorize Device to approve the CLI.
CLI receives a token
The CLI polls the API until you authorize, then saves the access token to ~/.superserve/auth.json.
superserve login again.
Already logged in? The CLI checks your existing credentials before starting the device flow. If your token is still valid, you won’t be prompted again.
