# Authentication

Sign the Wavedash CLI in to your account from a browser, a CI runner, or an API token.

Source: https://docs.wavedash.com/cli/authentication

The CLI needs to sign in before it can access your games or push builds. You sign in once per machine — credentials are stored in your home directory.

## Browser login

```bash
wavedash auth login
```

Opens your browser for OAuth. After you authorize, the CLI writes an API key to its credentials file. Use this option on any machine with a browser.

## Headless / CI login

Machines without a browser — build servers, CI runners — have two options. Generate an API key in the [Developer Portal](https://wavedash.com/dev-portal) first.

### Pass a token directly

```bash
wavedash auth login --token YOUR_API_KEY
```

Writes the token to the credentials file, same as browser login.

### Use `WAVEDASH_TOKEN`

```bash
export WAVEDASH_TOKEN=your_api_key
```

When set, `WAVEDASH_TOKEN` takes priority over the credentials file, so there's no separate login step on every run. This is usually the right choice for CI pipelines and ephemeral runners.

## Status and logout

```bash
wavedash auth status
wavedash auth logout
```

`auth status` reports whether you're signed in, where the credentials came from (file or environment variable), and prints a masked key preview. `auth logout` removes the stored credentials — it does not unset `WAVEDASH_TOKEN`.

## Next steps

With the CLI installed and signed in, set up your project's [`wavedash.toml`](/cli/configuration).
