Skip to main content

User sessions

The Trevi dashboard uses standard session authentication for signed-in users.

API authentication

SDK and MCP runtime APIs expect a bearer token. Use API clients to obtain a token via client_credentials grant.

Device flow

The CLI uses a device authorization flow. Users approve access at /cli/authorize after receiving a user code.

Internal service auth

Some internal endpoints are protected by API keys. These are intended for service-to-service calls only.