Authentication

The CLI needs an API token to call the MONOid API. You can get a key from the app and then provide it via login, environment variable, or a flag.

Where to get an API key

Create and manage API keys under Settings > API Keys in the MONOid app. For details (scopes, expiry, security), see API & Webhooks.

The CLI uses the first available source in this order:

--token — Pass the token on the command line (highest precedence). Example: monoid --token mo_... organisations list
MONOID_API_TOKEN — Set in your environment. Example: export MONOID_API_TOKEN="mo_..."
Stored credentials — After monoid login, the token is saved under ~/.config/monoid/credentials.json and used when neither --token nor MONOID_API_TOKEN is set.

To store your token so you don't have to pass it every time:

monoid login

You'll be prompted to enter your API token. Alternatively, pass it as an argument:

monoid login mo_your_token_here

The CLI checks the token against the API before saving it.

To confirm the token works and see the current user and scopes:

monoid whoami

To remove the stored token:

monoid logout

This deletes the credentials file; it does not revoke the key in the app. Revoke keys under Settings > API Keys if needed.

Do not commit tokens — Keep them out of version control and shared configs.
Use minimum scopes — Prefer read-only keys when you only need to read data.
Use expiry dates — Set an expiry on keys when possible and rotate them periodically.

For more on key management and webhooks, see API & Webhooks. For HTTP details and request/response shapes, see the API Reference.

Now that you are authenticated, continue with Quick Start.