Skip to main content
Authenticate using the device flow — no client ID or secret needed:
This will:
  1. Display a one-time code in your terminal
  2. Open your browser to authorize
  3. Automatically save credentials to ~/.postiz/credentials.json

Auth Commands

API Key

Alternatively, set your Postiz API key as an environment variable:
You can get your API key from the Postiz Settings page.
OAuth2 credentials take priority over the API key when both are present.

Environment Variables

VariableRequiredDefaultDescription
POSTIZ_API_KEYNo*-Your Postiz API key
POSTIZ_API_URLNohttps://api.postiz.comCustom API endpoint (for self-hosted Postiz)
POSTIZ_AUTH_SERVERNohttps://cli-auth.postiz.comCustom auth server URL (for self-hosted auth server)
*Either OAuth2 (via postiz auth:login) or POSTIZ_API_KEY is required.

Self-Hosting the Auth Server

By default, postiz auth:login uses the hosted auth server at cli-auth.postiz.com. If you want to self-host the OAuth2 device flow server, you can run your own instance. The auth server mediates the OAuth2 device flow so CLI users can authenticate without needing client credentials.

Prerequisites

  • Node.js >= 18
  • PostgreSQL

How It Works

1. Clone the Repository

The auth server lives in the postiz-agent repository:

2. Create an OAuth App in Postiz

Go to Postiz Settings > Developer > OAuth Apps and create a new app. Set the callback URL to:

3. Set Up Postgres

Create a database. The server auto-creates the device_requests table on startup.

4. Configure Environment

VariableRequiredDefaultDescription
DATABASE_URLYes-Postgres connection string
POSTIZ_OAUTH_CLIENT_IDYes-OAuth app client ID from Postiz
POSTIZ_OAUTH_CLIENT_SECRETYes-OAuth app client secret from Postiz
PORTNo3111Server port
SERVER_URLNohttp://localhost:{PORT}Public URL of this server
POSTIZ_FRONTEND_URLNohttps://platform.postiz.comPostiz frontend URL for OAuth redirects
POSTIZ_API_URLNohttps://api.postiz.comPostiz API URL for token exchange

5. Run the Server

6. Point the CLI to Your Server

Server Endpoints

MethodPathDescription
POST/device/codeStart a new device flow. Returns device_code, user_code, and verification_uri.
GET/device/verifyBrowser page where the user enters their code.
POST/device/verifyValidates user code and redirects to Postiz OAuth.
GET/device/callbackPostiz redirects here after authorization. Exchanges auth code for token.
POST/device/tokenCLI polls this with device_code. Returns token when auth completes.
GET/healthHealth check.

Deployment

Any platform that runs Node.js and can connect to Postgres works — Railway, Fly.io, Render, VPS, etc. The server is stateless beyond Postgres, so it scales horizontally. Run multiple instances behind a load balancer if needed.