Authentication
Login
Authenticate with browser-based device flow:tpcrequests a device code.- Your browser opens.
- You sign in to The Prompting Company.
- You approve the CLI.
- The CLI stores your session locally.
Non-interactive authentication
For CI, scripts, and other headless environments where browser login is not available, the CLI reads credentials from environment variables. Two schemes are supported and they map to different request headers:| Variable | Header sent | Use for |
|---|---|---|
TPC_API_TOKEN | Authorization: Bearer <token> | OAuth bearer tokens — for example, the session token issued by tpc auth login. |
TPC_API_KEY | x-api-key: <key> | API keys created via the dashboard. See API authentication for how to create one. |
TPC_API_TOKEN and TPC_API_KEY are set, the CLI uses TPC_API_TOKEN and prints a warning to stderr.
When neither variable is set, the CLI falls back to the session created by tpc auth login.