ActionXM CLI

Appearance

Authentication

ActionXM CLI uses a secure device authorization flow — similar to how gh auth login works. Your password is never entered in the terminal.

Login

bash
actionxm auth login

This will:

  1. Generate a one-time code
  2. Open your browser to the ActionXM verification page
  3. Wait for you to enter the code and approve access
Open https://app.action-xm.com/device in your browser
and enter code: ABCD-1234

⠋ Waiting for authorization...
✓ Logged in as alice@acme.com
Active site: Acme Store (acme-store.example.com)

How it works

The device authorization flow (inspired by RFC 8628):

  1. CLI requests a device code from the API
  2. API returns a short user code and verification URL
  3. You open the URL in your browser and enter the code
  4. After approving, CLI receives a JWT token (valid for 7 days)
  5. Token is stored securely in ~/.config/actionxm/config.json

Check status

bash
actionxm auth status
Authenticated
Email: alice@acme.com
Name:  Alice Johnson
Role:  admin

Logout

bash
actionxm auth logout
✓ Logged out from alice@acme.com

Token storage

Tokens are stored in ~/.config/actionxm/config.json with restrictive file permissions (0600 — owner read/write only). The token is a standard JWT valid for 7 days.

WARNING

Never share your config file or commit it to version control. Add ~/.config/actionxm/ to your global gitignore.

Self-hosted instances

If you're running ActionXM on your own infrastructure, set the API URL before logging in:

bash
actionxm config set api_url https://analytics.yourcompany.com
actionxm auth login

ActionXM Analytics Platform