Skip to main content
reqflo login authenticates your local CLI session with Reqflo. You need to be logged in to run journeys in the Cloud Runner, access private journeys, and resolve cloud-managed secret references.

When to use it

  • Before your first cloud run (reqflo run <journey> --cloud).
  • When you need to access a private journey or one that uses secret references.
  • When setting up a CI environment — use a non-interactive token flow instead of the browser login.

Key concepts

Interactive vs. token login. In a terminal on your own machine, reqflo login opens a browser for OAuth. In CI or non-interactive environments, authenticate using an API token via the REQFLO_TOKEN environment variable or the --token flag. Secret resolution. Secret references are resolved by the Cloud Runner (cloud runs) or your local environment (local runs). When running locally, secrets must be available in your local environment. reqflo login itself does not pull secret values to your machine — it only establishes your identity. Session persistence. After logging in, credentials are stored in your local config so you don’t need to log in before every command. Run reqflo logout to clear the session.

How it works

1

Run reqflo login

reqflo login
This opens your browser to complete the OAuth flow. Once complete, the CLI stores your credentials locally.
2

Verify your session

reqflo whoami
Prints the account you’re authenticated as.
3

Run a cloud journey

reqflo run my-journey --cloud
The CLI uses your stored credentials to authorize the Cloud Runner execution.

Examples

Interactive login (local development): 
reqflo login
Non-interactive login using a token (CI/CD): 
export REQFLO_TOKEN=your-api-token
reqflo run my-journey --cloud
Or pass the token inline: 
reqflo run my-journey --cloud --token $REQFLO_TOKEN
Generate API tokens from your Reqflo account settings. Treat tokens like passwords — use environment variables or secrets management in CI rather than hardcoding them.
Log out: 
reqflo logout