SMLL Docs

Authentication

Log in, manage sessions, and understand the CLI's device auth flow.

Login

The CLI uses a browser-based device auth flow — no passwords are entered in the terminal.

smll login

This will:

  1. Open your default browser to the SMLL authentication page
  2. If you're not already signed in, you'll be redirected to the login page
  3. Click Authorize CLI to grant access
  4. The browser redirects back to a local callback server and your token is saved

If the browser doesn't open automatically, the CLI prints the URL so you can open it manually.

Custom API URL

For self-hosted or development environments:

smll login --api-url http://localhost:8080 --frontend-url http://localhost:3000

You can also set the API URL permanently with the SMLL_API_URL environment variable.

Session tokens

When you authorize the CLI, a session token is created with the following properties:

  • 256 bits of entropy (32 random bytes)
  • 90-day expiry from creation
  • Stored locally in ~/.smll/credentials.json (file permissions 0600)
  • Server stores a SHA-256 hash — the raw token is never stored server-side

Verify your identity

smll whoami
# User ID:  1bbb50f9-b319-45c8-ac4e-fd0a893affc0
# Email:    you@example.com
# API URL:  https://api.smll.io

Logout

Remove your stored credentials:

smll logout
# Credentials removed.

This deletes ~/.smll/credentials.json. To also revoke the server-side session token, use the Devices page in your account settings before logging out.

Managing sessions

Go to User Settings > Devices in the web dashboard to see all active CLI sessions. From there you can:

  • See device names, IP addresses, and last-used timestamps
  • Revoke any session to immediately invalidate its token

Revoked tokens return a 401 Unauthorized error on the next CLI command.

On this page

LoginCustom API URLSession tokensVerify your identityLogoutManaging sessions