Authentication
API Key
The primary authentication method:
import { Cmdop } from '@cmdop/sdk';
const client = new Cmdop({
apiKey: 'your-api-key',
});Get API Key
- Go to dashboard settingsÂ
- Click “Create Token”
- Set name and permissions
- Copy the generated key
Environment Variable
export CMDOP_API_KEY=cmdop_xxx...const client = new Cmdop({
apiKey: process.env.CMDOP_API_KEY,
});OAuth (Browser)
For browser applications with user login:
import { Cmdop } from '@cmdop/sdk';
const client = new Cmdop({
clientId: 'your-client-id',
});
// Redirect to login
await client.auth.login();
// After redirect back
const session = await client.auth.handleCallback();Token Refresh
The SDK automatically handles token refresh:
const client = new Cmdop({
apiKey: 'your-api-key',
// Automatic refresh enabled by default
autoRefresh: true,
});Current User
Get authenticated user info:
const user = await client.auth.me();
console.log(user.email);
console.log(user.name);
console.log(user.plan);Permissions
API keys can have scoped permissions:
| Permission | Description |
|---|---|
machines:read | List and view machines |
machines:write | Modify machines |
commands:execute | Execute commands |
files:read | Read files |
files:write | Write files |
Check Permissions
const permissions = await client.auth.permissions();
console.log(permissions);
// ['machines:read', 'commands:execute', ...]Security Best Practices
- Never expose API keys in client code
- Use environment variables
- Set minimum required permissions
- Rotate keys periodically
- Use OAuth for user-facing apps
Backend Proxy Pattern
// API Route (Next.js)
export async function POST(req: Request) {
const client = new Cmdop({
apiKey: process.env.CMDOP_API_KEY,
});
const { machineId, command } = await req.json();
const result = await client.commands.exec(machineId, command);
return Response.json(result);
}