Authenticate

Before you can open a tunnel, the CLI needs an API key tied to your JustTunnel account. The default flow signs you in through your browser — no copy-pasting tokens.

Run justtunnel auth

justtunnel auth

The CLI does three things:

1. Prints a short user code to your terminal.
2. Opens your default browser to the JustTunnel verification page with that code pre-filled.
3. Polls in the background until you approve the request, then saves the API key locally.

You'll see something like:

Your code: WXYZ-1234

Opening browser to authenticate...

Approve the request in the browser. The CLI prints Authenticated as <you> (<plan>). and exits 0.

The API key is written to ~/.config/justtunnel/config.yaml (or %USERPROFILE%\.config\justtunnel\config.yaml on Windows). It is bound to your account; treat it like a password.

Verify

Run justtunnel status to confirm the CLI is authenticated and see your account info:

justtunnel status

Email:          you@example.com
Plan:           free
Active tunnels: 0

If you see not authenticated, your API key is missing or invalid — re-run justtunnel auth.

API key alternative (CI & automation)

For non-interactive environments — CI runners, headless servers, scripts — pass an API key directly:

justtunnel auth justtunnel_xxxxxxxxxxxxxxxxxxxxxx

You can also skip the persisted file entirely by setting an environment variable:

export JUSTTUNNEL_AUTH_TOKEN=justtunnel_xxxxxxxxxxxxxxxxxxxxxx
justtunnel 3000

Generate API keys from your account dashboard.

Multiple accounts

If you work across personal and team accounts, the CLI supports named contexts. One-line preview:

justtunnel --context team:acme 3000

See the dedicated guide for setting up and switching contexts: Switch between accounts →

Sign out

justtunnel logout

Removes the saved API key from your config file. Your account and any reserved subdomains are untouched — only this machine forgets the key.

Next

You're authenticated. Time to open something: Your first tunnel →