Build
Authentication
Three ways to authenticate with Floom.
1. Browser sign-in#
Google OAuth at floom.dev/login. Creates a session for the browser UI. No API access; use agent tokens for programmatic calls.
2. CLI device flow#
Runs when you execute floom setup. Opens a browser confirmation page; the CLI polls until you approve. The resulting token is saved to ~/.floom/config.json.
# Opens a browser page to authorise your CLI. Run once per machine.
npx @floomhq/cli@latest setup
# Token is saved to ~/.floom/config.json
# Or export it manually:
export FLOOM_API_KEY=<your-agent-token>3. Agent tokens#
Create at floom.dev/tokens. Use in the Authorization: Bearer header for REST calls, or as the FLOOM_API_KEY env var for the CLI.
| Scope | Allows |
|---|---|
| read | List apps, fetch metadata, view executions. |
| run | Run any owned private app. Run public apps (no auth needed for those). |
| publish | Deploy apps, set secrets, delete secrets. |
Tokens do not expire. Revoke them from the tokens page at any time.