Authenticate using an API Token to Invariant

swGenerate an API token from the Invariant Web UI under Settings -> API Tokens. See Create an API token.

Important

Always store Invariant API Tokens in a secure location, such as a secret manager, to prevent unauthorized access. Avoid hardcoding tokens directly into your codebase or sharing them in public repositories. Properly managing API tokens helps protect your organization’s data and ensures compliance with security best practices.

Use Environment Variables

Export the token and your organization name as environment variables which the invariant CLI will read.

export INVARIANT_API_TOKEN=<your_api_token>
export INVARIANT_ORGANIZATION_NAME=<your_org_name>

# Example: Run analysis and get condensed output
invariant run --condensed

Environment variables can also be provided on the same line as the command.

INVARIANT_API_TOKEN=<your_api_token> INVARIANT_ORGANIZATION_NAME=<your_org_name> \
invariant run --condensed

Use Auth File

Invariant can read the API token from ~/.invariant_creds.

# Create a credentials file at the default location
echo '{"INVARIANT_API_TOKEN": "<your_api_token>", "INVARIANT_ORGANIZATION_NAME": "<your_org_name>"}' > ~/.invariant_creds
chmod 600 ~/.invariant_creds

invariant run --condensed

If your system does not have a home directory, Invariant will fall back to .invariant_creds in the current working directory.

See Settings and CLI Reference for details.

See also REST API which also describes API Token usage.

Use Environment Variables​

Use Auth File​

Use Environment Variables

Use Auth File