i99dash docs
Develop

Authentication

Sign in to publish with an SSH key, where the token lives, and how to provision CI / headless machines.

You need to sign in to publish a mini-app. You do not need to for local development — the dev-server has no network dependency on the i99dash backend.

Since v5.6.0 the CLI signs in with an SSH key (the GitHub model): you register a public key once in the web console, and i99dash login proves you hold the matching private key by signing a one-time challenge. Your password and your private key never leave the machine. (The old OAuth device-code flow was removed — there is no fallback.)

Upgrading from a pre-5.6.0 CLI? Run i99dash upgrade first, then register an SSH key as below. i99dash login no longer opens a browser.

Generate a key (skip if you already have one)

ssh-keygen -t ed25519

Only ed25519 keys are supported. The private key stays on your machine; only the public key is ever uploaded.

Register the public key

In the web console open Account → SSH keys and paste the contents of ~/.ssh/id_ed25519.pub. This is the one bootstrap step the CLI can't do for you — exactly like adding a key to GitHub.

Sign in

i99dash login

The CLI signs the server's one-time challenge with your private key and stores the returned access token in your OS keychain. Flags:

  • --key <path> — use a non-default key (default ~/.ssh/id_ed25519).
  • --passphrase <pass> — for a passphrase-protected key.

Confirm with i99dash whoami. i99dash status shows your apps and review state.

Once you're signed in you can manage the rest of your keys from the CLI: i99dash keys list, i99dash keys add <path-to-pub>, and i99dash keys remove <id>. Only the first key has to be added in the web console (the CLI can't authenticate before it has a key). A key is per-public-key, so adding one machine never disturbs the others.

Where the token lives

PlatformStore
macOSKeychain Access, service i99dash.sdk, account default
WindowsCredential Manager, generic credential i99dash.sdk
Linux (with libsecret)libsecret collection default, schema i99dash.sdk
Linux (without libsecret)~/.config/i99dash/sdk.json, mode 0600, with console warning

Check via i99dash whoami.

Log out

i99dash logout   # clear the local token

Logout only removes the token from your machine. There's no long-lived server-side credential to revoke — the access token is short-lived. To stop a key from being able to sign in at all, remove it with i99dash keys remove <id> (or in the web console under Account → SSH keys).

CI / headless machines

Give the runner its own ed25519 key (don't reuse a developer's), register the public key once in the web console, and add the private key to your CI secrets. Then sign in at the start of the job — login mints a fresh access token per run:

i99dash login --key "$RUNNER_SSH_KEY_PATH"
i99dash publish

If you'd rather inject an already-minted token (for a short-lived job), set I99DASH_TOKEN instead — the CLI prefers it over the keychain:

export I99DASH_TOKEN="<access token>"

Running i99dash login --ci on a runner does nothing but remind you to set I99DASH_TOKEN — a guard for scripts that invoke login by accident.

What the CLI does with the credential

Exhaustively — the network calls with the credential attached:

  1. GET /api/v1/dev/me (identity probe).
  2. POST /api/v1/mini-apps/upload-url (publish).
  3. PUT <presigned url> (publish, no auth header — the presigned URL is the credential).
  4. POST /api/v1/mini-apps/submit (publish).
  5. GET /api/v1/mini-apps/mine (listing your apps; optional).

Nothing else.

Local development

Fixture grammar, control panel, and how to run the dev-server alongside your framework's own.

Beta testing

Publish a build to a small group of Telegram-verified testers before the public catalog. TestFlight-style workflow for i99dash mini-apps.

On this page

Interactive (recommended)Generate a key (skip if you already have one)Register the public keySign inWhere the token livesLog outCI / headless machinesWhat the CLI does with the credential