This guide covers how to install, configure, authenticate, and use a CLI generated by the SDK generator. The generated CLI is a Go-based command-line tool that wraps a generated Go SDK, giving you terminal access to every operation in the underlying API. To generate a CLI, see Generate CLI from your collection or specification.
The generated CLI requires installing Go on your system.
To ensure you have the right setup, do the following:
go.mod file to find the minimum version that needs to be installed.go version command. You should see output similar to the following, confirming that Go is installed and showing the version number:After receiving the generated CLI source code, build it from the project root. Run the following commands in your terminal:
An executable binary is created in the current directory. Run it directly, replacing <cli-name> with the actual name of the generated CLI binary:
To make the CLI available system-wide, move the binary to a directory in your PATH:
After installation, you can invoke the CLI from any directory:
Every command and subcommand supports the --help flag. Use it to discover available commands, flags, and usage instructions:
If the API requires authentication, the CLI provides a setup-auth command with subcommands for each supported authentication method. Run setup-auth --help to see which methods are available for your generated CLI:
All authentication credentials are stored locally in a JSON file at the following path:
Where cli-name is the name of your generated CLI binary (for example, ~/.my-api/credentials).
0700 (owner-only access).0600 (owner read/write only).setup-auth once (or when credentials change).To configure a username and password for Basic auth, run the following command, replacing the arguments with your actual credentials:
If you omit the password argument, the CLI will prompt you to enter it securely (input is hidden):
To configure an API key, run the following command, replacing the arguments with your actual API key value:
If you omit the value, the CLI prompts for it securely (input is hidden):
OAuth authentication is managed through the setup-auth oauth subcommand group:
To configure machine-to-machine authentication using OAuth 2.0 Client Credentials, run the following command, replacing the arguments with your actual client ID and secret:
The following flags are available to configure the client credentials flow:
OAuth client ID
OAuth client secret
OAuth token endpoint base URL
The client ID and secret are saved to the credentials file and used automatically for all subsequent API calls that require OAuth authentication.
For interactive user authentication using OAuth 2.0 Authorization Code, run the following command, replacing the arguments with your actual values:
The following flags are available to configure the authorization code flow:
Comma-separated list of OAuth scopes to request.
Local port for the OAuth callback server.
Override the saved OAuth client ID.
Override the saved OAuth client secret.
To complete the authorization code flow, the CLI performs the following steps:
http://127.0.0.1:<port>/callback.~/.cli-name/credentials alongside your client ID and secret.Your OAuth application must be configured to allow http://127.0.0.1:<port>/callback as a redirect URI (default port is 8777).
The following is an example of what the authorization code flow looks like in practice:
The config command enables you to manage CLI configuration settings such as the base URL for API requests.
The configuration system allows you to customize CLI behavior through config files, environment variables, or command-line subcommands, with a clear precedence order for resolving conflicting values.
Configuration values are resolved in the following priority order (highest first):
my-api, the prefix is MY_API_). Example: MY_API_BASE_URL../config/config.yaml relative to where the CLI is invoked.The config command includes the following subcommands for managing configuration values:
To set a configuration value in the local config file, run the following command, replacing the key and value with your configuration setting:
This creates ./config/config.yaml (if it doesn’t exist) and writes the key-value pair.
To read a configuration value (resolved from any source), run the following command, replacing the key with your configuration setting:
To list all configuration keys and their current resolved values, run the following command:
To edit the config file in your default editor ($EDITOR or $VISUAL), run the following commands:
You can override any configuration key using environment variables. The environment variable name is formed by taking the CLI name (uppercase, hyphens → underscores) as a prefix, followed by the key name (uppercase).
The following table shows examples of how configuration keys map to environment variables to a CLI.
The CLI follows a hierarchical structure with command groups and individual commands, uses flags for parameters, supports JSON request bodies, and outputs responses as pretty-printed JSON to facilitate easy integration with other tools.
The generated CLI organizes API operations into a two-level hierarchy as follows:
Where:
users, projects, billing).list, get, create, delete).Commands accept flags that map to API parameters. All parameter types (path, query, and header) will map to a flag. Required flags are enforced, and the CLI will error if they’re missing.
Flags accept different value types depending on the API schema:
For API operations that accept a request body (POST, PUT, PATCH), use the --body or --body-file flags:
The --body and --body-file flags are mutually exclusive. Use --help on any command to see the expected body schema and an example.
All command responses are printed to stdout as pretty-printed JSON:
Errors and warnings are printed to stderr, so you can safely pipe output to other tools:
Alongside the CLI binary and source code, the generator produces a skills/ directory containing one Markdown skill file per CLI command. These files are designed to be consumed by AI agents (such as Cursor, Copilot, or custom LLM-based tooling) so they can understand how to invoke each CLI command without guesswork. For more information on how AI agents can interact with the generated skills, see Use generated CLIs with AI agents.
Each skill file is located at skills/<group>-<command>/SKILL.md and follows a structured format:
A typical skill file contains the following sections:
name and description, giving the agent a quick summary of what the command does.--body or --body-file, with inline and file-based examples.The skill files serve as structured documentation that AI agents can read to understand exactly how to construct CLI commands. Rather than relying on the agent to parse --help output at runtime, the skills provide all the information upfront in a format optimized for LLM consumption.
These are some common ways to use the generated skills with AI agents:
skills/ folder) in your workspace. Agents like Cursor can read the skill files to learn how to call any CLI command on your behalf.skills/ directory. Each file is self-contained and tells the agent exactly which flags are required, what types they expect, and how to pass a request body.The name of the generated CLI binary is derived from your SDK configuration:
goModuleName is provided in the CLI language options (for example, github.com/my-org/my-api-cli), the last path segment (my-api-cli) is used as the CLI name.sdkName is provided (for example, MyCli), the SDK name is converted to kebab-case (my-cli) and used as the CLI name.go-cli is used.The following examples show how different configurations affect the CLI name and Go module path:
If you encounter issues with the generated CLI, refer to the following troubleshooting tips.
You used an invalid key with config set or config get. Run <cli-name> config --help to view the list of available configuration keys.
Verify that the credentials file exists and contains the expected values:
Make sure you’re using the correct CLI name in the path (the directory name matches the CLI binary name, prefixed with a dot).
The config file is read from ./config/config.yaml relative to the directory where you invoke the CLI. If you need to use a different base URL, you can also set it using environment variables instead:
The CLI attempts to open your default browser automatically. If it fails, copy the authorization URL printed to stderr and open it manually. Make sure the redirect URI http://127.0.0.1:<port>/callback is registered in your OAuth application settings.
If port 8777 is already in use, specify a different port:
Remember to update the redirect URI in your OAuth application settings to match.