What's New
External Command Authentication (@auth command)
A new @auth command delegates token acquisition to any CLI tool you already have installed. Resterm runs the command, captures stdout, and injects the result as an auth header.
Example:
# @auth command argv=["gh","auth","token"] cache_key=github-cli
GET https://api.github.com/user
Accept: application/vnd.github+json
The argv parameter takes a JSON array with the command and its arguments. By default, Resterm treats stdout as a plaintext token and sends it with a Bearer scheme. For commands that return structured output, set format=json and specify paths to the relevant fields:
# @auth command argv=["mycli","auth","print","--json"] format=json token_path=access_token type_path=token_type expires_in_path=expires_in cache_key=myapi
GET https://example.com/projects
What's changed
- New
@auth command- run any CLI tool and inject its output as an auth header. Supports plaintext and JSON output formats. - Token caching - set
cache_keyto reuse tokens across requests. Resterm tracks expiry from JSON responses or falls back to a manual ttl you specify. - Custom header injection - use
header=X-Registry-Tokenor similar to send the token somewhere other than Authorization. - Scheme override - force a specific scheme (e.g.
scheme=Token) regardless of what the command returns. - Timeout support - set
timeout=5sto kill commands that hang. - Shell blocking - direct shell invocations (bash, sh, zsh, etc.) are rejected
- Editor autocomplete hints - typing
@authnow shows suggestions for all auth types and their parameters. - Unquoted JSON fix - bare JSON values like
argv=["gh","auth","token"]now parse correctly without needing outer quotes.