Kizaki
ReferenceCLI

Auth And Access

Log in, manage team or CI access, issue application API keys, and work with async operational tooling.

This part of the CLI is about who can access Kizaki itself, who can access your app over HTTP, and how you inspect operational access surfaces like background effects.

Common Commands

kizaki login

kizaki keys create --name "CI pipeline"
kizaki keys list

kizaki api-keys create --scope read --name "Mobile app"
kizaki api-keys list
kizaki api-keys rotate <id> --grace-period 24h

kizaki effects status

The Important Split

These commands look similar, but they manage different systems.

  • kizaki login authenticates you to the Kizaki platform
  • kizaki keys manages platform or CI credentials
  • kizaki api-keys manages app-level tokens for your declared HTTP routes
  • kizaki effects lets you inspect async background delivery state

If a credential is meant to call your app's own external routes, it belongs under api-keys, not under keys.

Platform Keys

Use kizaki keys for automation that needs to work with the platform itself.

kizaki keys create --name "CI pipeline"
kizaki keys list
kizaki keys revoke <id>

That is the right tool for CI or deployment automation. It is not how you issue credentials to an external integration that should call your application's routes.

App API Keys

Use kizaki api-keys when you have declared apiKeys scopes in Inspire and need a token for a route consumer.

kizaki api-keys create --scope read --name "Warehouse sync"
kizaki api-keys create --scope writer --name "CRM importer" --expires 90d
kizaki api-keys list
kizaki api-keys list --scope read
kizaki api-keys revoke <id>
kizaki api-keys rotate <id> --grace-period 24h

The normal workflow is:

  1. declare scopes in apiKeys { ... }
  2. attach those scopes to routes with auth: apiKey(scope)
  3. mint or rotate tokens with kizaki api-keys

Effects

kizaki effects is related operationally, even though it is not an auth system. It is the main place to inspect background delivery state when routes, webhooks, or server workflows enqueue async work.

kizaki effects status
  • keep platform credentials and app API credentials separate
  • issue API keys only for declared route scopes
  • rotate machine credentials instead of reusing one long-lived token everywhere
  • use effects tooling when debugging async follow-up behavior from routes or webhooks

Related docs:

Deploy And Operations

Deploy app versions, manage environments, store secrets, and inspect logs.

How Kizaki Works

Kizaki turns one schema into a full application workflow: database shape, runtime rules, generated client surfaces, and deployment artifacts.

Elsewhere

FeedbackStudio

On this page

Common CommandsThe Important SplitPlatform KeysApp API KeysEffectsRecommended Usage