CLI Reference
whatalo login
Authenticate the CLI with your Whatalo developer account using a browser-based Device Flow.
Syntax
whatalo login [options]Options
| Flag | Type | Description |
|---|---|---|
--portal-url <url> | string | Developer Portal URL |
--force | boolean | Re-authenticate even if already logged in |
How It Works
whatalo login uses the RFC 8628 Device Authorization Grant so your credentials are entered in the browser, never in the terminal.
Step-by-step flow
- Without
--force, the CLI first checks for an existing valid session. If one exists, it prints:Already logged in as [email protected]. Use --force to re-authenticate. - If no valid session exists (or
--forceis used), the CLI requests a device code from the portal - Your browser opens automatically at the verification URI showing a user code
- Approve the request in the browser
- The CLI polls every 5 seconds until the browser confirms approval
- On success, tokens are saved to
~/.whatalo/session.json
Token storage
| Location | Permissions |
|---|---|
~/.whatalo/ (directory) | 700 |
~/.whatalo/session.json (file) | 600 |
The access token has a 1-hour TTL and is automatically refreshed. The refresh token lasts 30 days and rotates on every use.
Examples
Authenticate for the first time:
whatalo loginForce re-authentication (useful when switching accounts):
whatalo login --forceAuthenticate against a self-hosted portal:
whatalo login --portal-url https://developers.your-company.comError Messages
| Message | Cause |
|---|---|
Already logged in as {email}. Use --force to re-authenticate. | Valid session already exists |
The confirmation code has expired. Please try again. | Browser verification took longer than allowed |
Access was denied. Please try again. | User rejected the request in the browser |
Login failed: {message} | Network error or portal returned an unexpected response |
Related Commands
whatalo logout— Sign outwhatalo whoami— Verify your current session