For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
预约演示登录免费开始
  • 入门
    • 概览
    • 工作原理
    • 快速开始
    • 自助设置
    • 项目结构
Checking status...
SOC2Soc 2 Type II
© 2026 Fern • Birch Solutions, Inc., a Postman company

Documentation

SDKsDocsAsk FernCLI Reference

API Definitions

OpenAPIAsyncAPIOpenRPCgRPC

Resources

BlogSupportPricing

Company

Brand KitPrivacy PolicyTerms of Service
LogoLogo
预约演示登录免费开始
在本页
  • Credential sources
  • Supported auth schemes
  • Auth strategies
  • Help output
入门

Authentication

Beta
||以 Markdown 格式查看|
此页面是否有帮助?
在仪表板中编辑
上一个

Features

下一个

OpenAPI extensions

Early access

The CLI generator is in early access. Reach out to get started.

Each generated CLI reads authentication credentials from the security schemes declared in your OpenAPI spec. Credentials can come from environment variables, CLI flags, files, or a combination of these through fallback chains.

Without a credential, the CLI still works — you can explore the command tree, view help, and use --dry-run.

Credential sources

The CLI supports several ways to supply credentials, configured at build time.

SourceDescription
Environment variableRead from an env var (the most common option).
CLI flagAuto-registered as a --<flag-name> global flag.
FileRead trimmed contents from a file path (~ is expanded).
LiteralBaked into the binary at compile time.
Fallback chainTry multiple sources in order; first non-empty value wins.

A typical fallback chain lets the CLI flag override the env var, which in turn overrides a file:

$# CLI flag takes priority
$box users get-current-user --api-token sk-123
$
$# Otherwise falls back to the environment variable
$export BOX_API_KEY=sk-123
$box users get-current-user
$
$# Otherwise reads from a file
$echo "sk-123" > ~/.box/token
$box users get-current-user

Supported auth schemes

The CLI supports every scheme type that OpenAPI’s securitySchemes defines:

SchemeHow the CLI applies it
Bearer (http: bearer)Sends Authorization: Bearer <token>.
API key (apiKey)Sends the key in the configured header (for example, X-Auth-Token).
Basic (http: basic)Sends Authorization: Basic <base64(user:pass)>. Each field has its own credential source.
OAuth 2Treated as bearer — sends Authorization: Bearer <token>.

Auth strategies

When a spec declares multiple security schemes, the CLI composes them according to one of these strategies:

StrategyBehavior
AutoDefault. Infers the right composition from the spec’s security blocks.
AnyThe API accepts any one of the declared schemes. The first scheme with a credential wins.
AllThe API requires every scheme simultaneously (for example, HMAC signature plus API key).
RoutingPer-operation dispatch. Each endpoint’s security block determines which schemes to use.

Operations that declare security: [] (an empty list) opt out of authentication entirely — no credentials are sent regardless of what’s configured.

Help output

Every generated CLI includes a dynamically rendered Authentication: section in its --help output listing every scheme, the expected env var or flag, and whether a credential is detected.