Skip to main content
The CLI supports two auth modes: browser-based session login for interactive use and a project API key for CI and headless environments.

inf auth login

Sign in through your browser using the OAuth 2.0 device authorization flow. Opens a verification URL, displays a user code, and polls until you approve in the browser. 
inf auth login
After sign-in, the CLI stores a session token in ~/.inf/config.json and activates an organization (team). If your account belongs to multiple teams, inf auth login prompts you to choose one in an interactive terminal.

Options

OptionRequiredDescription
--team <id-or-slug>NoActivate a specific team by ID, slug, or exact team name

Team selection

Use --team when you know which team you want to activate, or when running in a non-interactive shell. 
inf auth login --team acme
You can pass a team ID, slug, or exact team name: 
inf auth login --team team_abc123
inf auth login --team acme
inf auth login --team "Acme Research"
If the selected team is different from the previously active team, the CLI clears the stored active project and then tries to auto-select a project from the newly active team. You can always run inf project list and inf project switch <id> to pick a different project.
In non-interactive environments, inf auth login cannot prompt for a team. If you belong to multiple teams and omit --team, the CLI falls back to the first team returned by the auth API. Pass --team <id-or-slug> to make the selected team deterministic.
Session login requires a browser, so inf auth login is not suitable for CI or other headless environments. Use inf auth set-key or the INF_API_KEY env var there instead.

inf auth set-key

Store a project API key on disk for headless or CI authentication. 
inf auth set-key <key>

Arguments

ArgumentRequiredDescription
keyYesA project API key (starts with sk-inference-)
After saving, the CLI validates the key by fetching the project list. A successful fetch auto-selects the first project as active.

Example

inf auth set-key sk-inference-...

inf auth status

Show who you’re signed in as, which auth method the CLI is using, the active team and project, and the API URL. 
inf auth status

inf auth logout

Sign out, clear the session token / API key from ~/.inf/config.json, and forget the active project and team. 
inf auth logout

Credential resolution order

When multiple credentials are present, the CLI picks the first match:
  1. INF_API_KEY environment variable
  2. API key stored via inf auth set-key
  3. Session token stored via inf auth login
inf instrument is the one exception — it rejects INF_API_KEY and requires a session login, because it needs to fetch your project’s default API key on your behalf. Unset INF_API_KEY and run inf auth login before running inf instrument.

Configuration

The CLI stores configuration at ~/.inf/config.json, created automatically on first login. Tokens are stored with 0600 permissions.

Environment variables

VariableDescriptionDefault
INF_API_KEYAPI key for authentication. Takes precedence over stored credentials
INF_API_URLOverride the API base URLhttps://observability-api.inference.net
INF_PROJECT_IDOverride the active project for any invocation (equivalent to --project <id> global)