Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tailor-platform/sdk/llms.txt

Use this file to discover all available pages before exploring further.

The Tailor Platform CLI supports multiple authentication methods to suit different workflows, from interactive development to automated CI/CD pipelines.

Login

Authenticate interactively using your browser: 
tailor-sdk login
This command:
  1. Starts a local OAuth2 callback server on port 8085
  2. Opens your default browser to the Tailor Platform login page
  3. Redirects back to the CLI after successful authentication
  4. Stores your access token and refresh token in ~/.config/tailor-platform/config.yaml
  5. Sets you as the current user
The login process times out after 5 minutes. If your browser doesn’t open automatically, copy and paste the URL shown in the terminal.

Example Output

$ tailor-sdk login
Opening browser for login:

https://auth.tailor.tech/oauth2/auth?...

Successfully logged in to Tailor Platform.

Logout

Revoke your current session and remove credentials: 
tailor-sdk logout
This command:
  1. Revokes your refresh token with the OAuth2 server
  2. Removes your user credentials from the config file
  3. Clears the current user selection

Example Output

$ tailor-sdk logout
Successfully logged out from Tailor Platform.
If you’re not logged in, the logout command will inform you without raising an error.

User Management

The CLI supports multiple user accounts and allows you to switch between them.

Show Current User

Display the currently active user: 
tailor-sdk user current
Output: 
user@example.com

List All Users

View all authenticated users: 
tailor-sdk user list
Output: 
[
  { "email": "user@example.com" },
  { "email": "admin@company.com" }
]

Switch Users

Change the active user without logging out: 
tailor-sdk user switch admin@company.com
Output: 
Current user set to "admin@company.com" successfully.
The user must already be logged in. Use tailor-sdk login to add a new user.

Personal Access Tokens

Personal Access Tokens (PATs) provide programmatic access without requiring browser-based login. They’re ideal for CI/CD pipelines, scripts, and automation.

List Tokens

View all your personal access tokens: 
tailor-sdk user pat list
Output (default): 
 token-name-1: read/write
 token-name-2: read
Output (JSON): 
tailor-sdk user pat list --json

[
  { "name": "token-name-1", "scopes": ["read", "write"] },
  { "name": "token-name-2", "scopes": ["read"] }
]

Create a Token

Generate a new personal access token: 
tailor-sdk user pat create ci-readonly
Options:
name
string
required
Unique name for the token
--write
boolean
default:"false"
Grant write permissions. Tokens are read-only by default. Short alias: -W
Output: 
Personal access token created successfully.

  name: ci-deploy
scopes: read/write
 token: tpp_xxxxxxxxxxxxx

Please save this token in a secure location. You won't be able to see it again.
Save the token immediately - it will not be shown again.

Update a Token

Rotate a token by deleting and recreating it: 
tailor-sdk user pat update ci-deploy --write
This generates a new token value while preserving the token name. The old token is immediately revoked.

Delete a Token

Revoke and remove a personal access token: 
tailor-sdk user pat delete ci-readonly

Using Personal Access Tokens

Set the TAILOR_PLATFORM_TOKEN environment variable to authenticate: 
export TAILOR_PLATFORM_TOKEN="tpp_xxxxxxxxxxxxx"
tailor-sdk apply
In CI/CD pipelines: 
env:
  TAILOR_PLATFORM_TOKEN: ${{ secrets.TAILOR_TOKEN }}
  TAILOR_PLATFORM_WORKSPACE_ID: ${{ vars.WORKSPACE_ID }}

steps:
  - name: Deploy to Tailor Platform
    run: |
      tailor-sdk generate
      tailor-sdk apply --yes
The deprecated TAILOR_TOKEN environment variable is still supported but will show a warning. Migrate to TAILOR_PLATFORM_TOKEN.

Workspace Profiles

Profiles associate a user with a workspace ID, making it easy to switch between development, staging, and production environments.

Create a Profile

tailor-sdk profile create production \
  --user admin@company.com \
  --workspace-id abc123-def456-...
Options:
name
string
required
Unique profile name (e.g., dev, staging, production)
--user
string
required
Email of an authenticated user. Short alias: -u
--workspace-id
string
required
Workspace ID to associate with this profile. Short alias: -w
Output: 
Profile "production" created successfully.

List Profiles

View all configured profiles: 
tailor-sdk profile list
Output: 
[
  {
    "name": "dev",
    "user": "user@example.com",
    "workspaceId": "dev-workspace-id"
  },
  {
    "name": "production",
    "user": "admin@company.com",
    "workspaceId": "prod-workspace-id"
  }
]

Update a Profile

Change the user or workspace ID associated with a profile: 
tailor-sdk profile update production \
  --workspace-id new-workspace-id

Delete a Profile

Remove a profile configuration: 
tailor-sdk profile delete staging

Using Profiles

Specify a profile with the --profile flag: 
tailor-sdk apply --profile production
Or set the default profile via environment variable: 
export TAILOR_PLATFORM_PROFILE="production"
tailor-sdk apply
Profiles automatically provide both the workspace ID and authentication token, eliminating the need to specify them separately.

Machine Users

Machine users are service accounts defined in your application’s Auth configuration. They provide scoped access tokens for server-to-server communication.

List Machine Users

View machine users defined in your application: 
tailor-sdk machineuser list --profile production

Get Machine User Token

Retrieve an access token for a machine user: 
tailor-sdk machineuser token backend-service --profile production
Output: 
{
  "access_token": "eyJhbGc...",
  "token_type": "Bearer",
  "expires_at": "2026-03-03T12:34:56Z"
}
Machine users must be defined in your tailor.config.ts Auth configuration and deployed before you can retrieve tokens.
Use machine user tokens in your application code: 
const response = await fetch('https://your-app.tailor.tech/api/data', {
  headers: {
    'Authorization': `Bearer ${accessToken}`
  }
});

Token Refresh

The CLI automatically refreshes expired access tokens using stored refresh tokens. This happens transparently when you run commands. If token refresh fails (e.g., refresh token expired): 
Failed to refresh token. Your session may have expired.
Please run 'tailor-sdk login' and try again.
Simply log in again to re-authenticate.

Authentication Priority

When multiple authentication methods are available, the CLI follows this priority:
  1. TAILOR_PLATFORM_TOKEN environment variable (highest priority)
  2. TAILOR_TOKEN environment variable (deprecated)
  3. Profile specified via --profile or TAILOR_PLATFORM_PROFILE
  4. Current user from ~/.config/tailor-platform/config.yaml
export TAILOR_PLATFORM_TOKEN="tpp_xxxxxxxxxxxxx"
tailor-sdk apply  # Uses environment token

Security Best Practices

  • Never commit tokens to version control
  • Use CI/CD secret management for TAILOR_PLATFORM_TOKEN
  • Rotate personal access tokens regularly
  • Use read-only tokens when write access isn’t needed
  • Use profiles for local development, tokens for CI/CD
  • Store config.yaml with restricted permissions (600)

Configuration File Structure

Credentials are stored in ~/.config/tailor-platform/config.yaml: 
version: 1
current_user: user@example.com

users:
  user@example.com:
    access_token: eyJhbGc...
    refresh_token: eyJhbGc...
    token_expires_at: '2026-03-10T12:34:56Z'
  admin@company.com:
    access_token: eyJhbGc...
    refresh_token: eyJhbGc...
    token_expires_at: '2026-03-10T12:34:56Z'

profiles:
  dev:
    user: user@example.com
    workspace_id: dev-workspace-id
  production:
    user: admin@company.com
    workspace_id: prod-workspace-id
The CLI automatically migrates legacy ~/.tailorctl/config files to the new format.

Troubleshooting

Login Browser Not Opening

If the browser doesn’t open automatically:
  1. Copy the URL from the terminal
  2. Paste it into your browser manually
  3. Complete the login flow

Port 8085 Already in Use

If port 8085 is occupied, the login will fail. Stop the conflicting process or wait for it to release the port.

Profile Not Found

Ensure the profile exists: 
tailor-sdk profile list
Create it if missing: 
tailor-sdk profile create <name> --user <email> --workspace-id <id>

User Not Found

Ensure you’re logged in: 
tailor-sdk user list
Log in if needed: 
tailor-sdk login

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us