CLI — Authentication

Updated May 02, 2026

Interactive login

splithook auth

Opens a browser window at https://splithook.com/cli/auth. After logging in, the CLI receives a tunnel token and stores it at ~/.splithook/credentials.json.

{
  "token": "sht_01j3k9xxxxxxxxxxxxxxxx",
  "workspace": "demo-workspace",
  "email": "you@acme.dev"
}

Non-interactive (CI / Docker)

Generate a tunnel token from the dashboard: Settings → Tunnel tokens → New token.

Paste it into the CLI:

splithook auth --token sht_01j3k9xxxxxxxxxxxxxxxx

Or set the environment variable (takes precedence over the credentials file):

export SPLITHOOK_TOKEN=sht_01j3k9xxxxxxxxxxxxxxxx
splithook tunnel --endpoint ab3dkf7z --to localhost:3000

Viewing the current identity

splithook whoami
# Authenticated as you@acme.dev (workspace: demo-workspace)

Logging out

splithook auth logout
# Credentials removed from ~/.splithook/credentials.json

The tunnel token is not revoked server-side. To revoke it, go to Settings → Tunnel tokens → revoke the token there.

Token scopes

Tunnel tokens are scoped to a single endpoint. A token issued for ab3dkf7z cannot subscribe to events from another endpoint, even in the same workspace. Generate a separate token per endpoint if you run multiple tunnels.