Manage authentication for Treasure AI. Supports both browser-based OAuth and API key authentication.
tdx auth # Show authentication status
tdx auth status # Alias for tdx auth
tdx auth setup # Setup authentication interactively
tdx auth clear # Remove credentials from system keychainDisplay current authentication status and validate credentials:
tdx auth
tdx auth --profile prodShows the active profile, credential type (OAuth or API key), and validates by calling the TD API.
Interactive authentication setup. Choose between browser-based OAuth (recommended) or API key:
tdx auth setup
tdx auth setup --site ap01
tdx auth setup --profile prod
tdx auth setup --account-name td7060 # SSO login for a specific account- Select your Treasure AI site
- Choose "Sign in with browser"
- Optionally enter an account name for SSO routing
- Browser opens for authentication
- After login, tokens are saved to system keychain
OAuth tokens are stored securely in the system keychain and used automatically for subsequent commands.
OAuth opens a local callback server on 127.0.0.1:43594 to receive the authorization response. The server times out after 2 minutes.
- Select your Treasure AI site
- Choose "Use an API key"
- Enter your API key (found at Console > API Keys)
- Key is validated and saved to system keychain
Remove all credentials (API key and OAuth tokens) from the system keychain:
tdx auth clear
tdx auth clear --profile prod| Option | Description |
|---|---|
--site <site> | Target site (us01, ap01, eu01, ap02) |
--profile <name> | Profile to use |
--account-name <name> | Account name for SSO login (auth setup only) |
| Variable | Description |
|---|---|
TDX_ACCESS_TOKEN | Access token for Bearer authentication |
TDX_ACCESS_TOKEN_<PROFILE> | Profile-specific access token |
TDX_API_KEY | API key for TD1 authentication |
TDX_API_KEY_<PROFILE> | Profile-specific API key |
TD_OAUTH_CLIENT_ID | Override OAuth client ID (default: tdx) |