Authentication

Quick Reference

Here’s a quick overview of all available authentication commands:

Command	Description
`compozy login`	Log in to Compozy Cloud
`compozy logout`	Log out and remove stored credentials
`compozy auth status`	Check authentication status
`compozy auth list`	List all active sessions
`compozy auth refresh`	Manually refresh authentication token
`compozy auth revoke <token_id>`	Revoke a specific token
`compozy auth revoke-all`	Revoke all active tokens

Authentication Methods

CLI Login

Authenticate using the Compozy CLI for local development and deployments.

API Keys

Use API keys for programmatic access and CI/CD integrations.

CLI Authentication

Use the following command to authenticate with Compozy Cloud:

compozy login

This will open your default browser to complete the authentication process.

Verify Authentication

Confirm your authentication status:

compozy auth status

Logout

To logout and remove stored credentials:

compozy logout

API Keys

API keys provide secure, programmatic access to Compozy services. They are especially useful for CI/CD pipelines and automated deployments.

Generate API Key

Visit the Compozy Cloud Dashboard
Navigate to Settings > API Keys
Click “Generate New Key”
Save the key securely - it won’t be shown again

Configure API Key

Set your API key using one of these methods:

export FLYZT_API_KEY=your_api_key_here

Key Management

Best practices for API key security:

Rotate keys regularly
Use different keys for different environments
Never commit keys to version control
Set appropriate key permissions and expiration

CI/CD Integration

For secure authentication in CI/CD pipelines:

name: Deploy Compozy Workflow

on:
  push:
    branches: [ main ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Deploy to Compozy Cloud
        env:
          FLYZT_API_KEY: ${{ secrets.FLYZT_API_KEY }}
        run: |
          compozy deploy

Token Management

View Active Sessions

List all active authentication sessions:

compozy auth list

Revoke Access

Revoke specific tokens or all active sessions:

# Revoke specific token
compozy auth revoke <token_id>

# Revoke all tokens
compozy auth revoke-all

Token Refresh

Tokens are automatically refreshed when needed. Manual refresh:

compozy auth refresh

Security Best Practices

Credential Storage

Use environment variables for API keys
Leverage secure credential managers
Never hardcode credentials in code

Access Control

Follow the principle of least privilege
Regularly audit access permissions
Remove unused credentials promptly

Environment Separation

Use different credentials per environment
Implement proper key rotation policies
Monitor credential usage patterns

Troubleshooting

Invalid Credentials

Verify your API key is correctly set
Check for environment variable conflicts
Ensure your token hasn’t expired
Try logging out and back in

Authentication Failures

Check your network connection
Verify your system time is accurate
Clear local credential cache
Contact support if issues persist

Token Expiration

Tokens automatically refresh when needed
Manual refresh with compozy auth refresh
Generate new API key if expired
Check token expiration status

Need Help?

Run compozy auth --help for detailed command information
Visit our Discord community for support
Check our troubleshooting guide
Contact Compozy Support for assistance

Getting Started

CLI Commands

Quick Reference

Authentication Methods

CLI Login

API Keys

CLI Authentication

API Keys

CI/CD Integration

Token Management

Security Best Practices

Troubleshooting

Need Help?

Getting Started

CLI Commands

​Quick Reference

​Authentication Methods

CLI Login

API Keys

​CLI Authentication

​API Keys

​CI/CD Integration

​Token Management

​Security Best Practices

​Troubleshooting

​Need Help?

Quick Reference

Authentication Methods

CLI Authentication

API Keys

CI/CD Integration

Token Management

Security Best Practices

Troubleshooting

Need Help?