Authentication

predictor.sh uses two types of authentication:

User Authentication - Your account credentials (for CLI operations)
Endpoint Authentication - Bearer tokens for API requests

User Authentication

predictor login

This initiates an OAuth device flow:

A URL and code are displayed in your terminal
Open the URL in your browser
Enter the code and approve access
CLI receives your credentials automatically

predictor whoami

Shows your logged-in email and account tier.

Logout

predictor logout

Clears stored credentials from your system keychain.

Endpoint Authentication

Every endpoint gets a unique Bearer token for API authentication.

View Your Token

predictor token show

By default, the token is masked. To reveal:

predictor token show --reveal

Using the Token

Include the token in your API requests:

curl https://abc123.predictor.sh/v1/chat/completions \
  -H "Authorization: Bearer pred_your_token_here" \
  -H "Content-Type: application/json" \
  -d '{"messages": [...]}'

Rotate Token

If your token is compromised, generate a new one:

predictor token rotate

This invalidates the old token immediately. Update all clients using the old token.

Credential Storage

Platform

Location

macOS

System Keychain

Linux

Secret Service (libsecret)

Non-sensitive configuration is stored in ~/.predictor/config.yaml.

IP Allowlist

Restrict endpoint access to specific IP addresses in predictor.yaml:

allowed_ips:
  - "192.168.1.0/24"
  - "10.0.0.5"

Requests from non-allowed IPs receive a 403 Forbidden response.

PreviousQuickstart NextText Generation (LLM)

Last updated 1 day ago

User Authentication

Login

Verify Login

Logout

Endpoint Authentication

View Your Token

Using the Token

Rotate Token

Credential Storage

IP Allowlist