Skip to content

Authentication

Nexrall's API is authenticated with a bearer token in the Authorization header:

Authorization: Bearer <token>

Getting a token

  • Interactively, sign in through the Nexrall CLI or the VS Code extension — both handle the login flow for you and store the resulting token locally.
  • For CI or server-to-server use, set the token as an environment variable rather than relying on an interactive login:
sh
export NEXRALL_TOKEN=<token>

An explicit NEXRALL_TOKEN environment variable always takes precedence over any locally saved interactive session — this is the recommended way to authenticate in CI.

Token scope

A token is tied to your Nexrall account and has the same permissions your account has in the app — it does not carry elevated or reduced permissions on its own.

Keeping tokens safe

  • Never commit a token to a repository or client-side code.
  • In GitHub Actions, store it as a repository secret (for example, NEXRALL_TOKEN) and reference it in your workflow's secrets context.
  • Treat a leaked token like a leaked password — it grants the same access your account has.

Built by Maxrall, Inc.