Authentication

predictor.sh uses two types of authentication:

User Authentication - Your account credentials (for CLI operations)
Endpoint Authentication - Bearer tokens for API requests

User Authentication

predictor login

This initiates an OAuth device flow:

A URL and code are displayed in your terminal
Open the URL in your browser
Enter the code and approve access
CLI receives your credentials automatically

predictor whoami

Shows your logged-in email and account tier.

Logout

predictor logout

Clears stored credentials from your system keychain.

Endpoint Authentication

Every endpoint gets a unique Bearer token for API authentication.

View Your Token

predictor token show

By default, the token is masked. To reveal:

predictor token show --reveal

Using the Token

Include the token in your API requests:

curl https://abc123.predictor.sh/v1/chat/completions \
  -H "Authorization: Bearer pred_your_token_here" \
  -H "Content-Type: application/json" \
  -d '{"messages": [...]}'

Rotate Token

If your token is compromised, generate a new one:

predictor token rotate

This invalidates the old token immediately. Update all clients using the old token.

Credential Storage

Platform

Location

macOS

System Keychain

Linux

Secret Service (libsecret)

Non-sensitive configuration is stored in ~/.predictor/config.yaml.

IP Allowlist

Restrict endpoint access to specific IP addresses in predictor.yaml:

allowed_ips:
  - "192.168.1.0/24"
  - "10.0.0.5"

Requests from non-allowed IPs receive a 403 Forbidden response.

PreviousQuickstart NextText Generation (LLM)

Last updated 1 month ago

hashtagUser Authentication

hashtagLogin

hashtagVerify Login

hashtagLogout

hashtagEndpoint Authentication

hashtagView Your Token

hashtagUsing the Token

hashtagRotate Token

hashtagCredential Storage

hashtagIP Allowlist

User Authentication

Login

Verify Login

Logout

Endpoint Authentication

View Your Token

Using the Token

Rotate Token

Credential Storage

IP Allowlist