Skip to main content
Key commands:Run c1i help in your terminal to show all available commands.Run c1i <command> --help or c1i <command> -h for help with a specific command.

Overview

c1i interacts with the C1 API to manage users, apps, accounts, entitlements, tasks, and access requests. Usage:

Global flags

Docs

Explore C1 API documentation and schemas. These commands do not require authentication. Usage:
Search C1 documentation by keyword. Usage:

page

Fetch a full documentation page by path. Usage:

endpoints

List all available API endpoints. Optionally filter by a pattern. Usage:

endpoint

Show the full request and response schema for a specific API endpoint. Usage:

openapi

Dump the raw OpenAPI spec in YAML format. Usage:

skill

Export a self-contained skill file that teaches AI coding agents how to use c1i. The output covers all commands, output formats, API discovery workflows, and common endpoints. Usage:
Examples:
For step-by-step setup instructions for Claude Code, Cursor, and other agents, see Use c1i with AI agents.

Auth

Manage authentication credentials. Usage:

login

Authenticate to C1. Opens a browser for OAuth device flow authorization, or accepts credentials directly. Usage:
Examples:
For non-interactive scripts and CI environments, you can skip stored credentials entirely by setting C1I_CLIENT_ID and C1I_CLIENT_SECRET (alongside C1I_URL) as environment variables. Both must be set; partial values are ignored. See Credential storage for the full precedence order.

logout

Remove stored c1i credentials for the current URL from both the OS keyring and the file fallback. Environment variables (C1I_CLIENT_ID, C1I_CLIENT_SECRET) are not affected. Usage:

status

Check whether valid C1 credentials are stored and working. Reports which source (environment, keyring, or file) served the active credentials. Usage:

whoami

Show the authenticated principal — user ID, display name, email, and counts of roles, permissions, and tenant feature flags. Useful for agents and scripts that need to confirm identity before making other API calls. Usage:
By default, whoami returns a compact summary. Use --verbose when you need the full role and permission lists.

Credential storage

c1i reads credentials from the first source that has them, in this order:
  1. Environment variablesC1I_CLIENT_ID and C1I_CLIENT_SECRET (combined with C1I_URL). Both must be set. Used for non-interactive scripts, CI, and containers. Never written to disk.
  2. OS keyring — Keychain (macOS), Credential Manager (Windows), or Secret Service (Linux). Default when available.
  3. File fallback — a 0600 JSON file under your config directory:
    • Linux: ~/.config/c1i/credentials/
    • macOS: ~/Library/Application Support/c1i/credentials/
    • Windows: %AppData%\c1i\credentials\
The file fallback is used automatically when no OS keyring is available — typical on headless Linux servers, Docker or LXC containers, CI runners, and WSL without a desktop environment. c1i auth login writes to the keyring when it can and to the file otherwise; c1i auth status reports the active source.

Users

Manage C1 users.

list

Search and list C1 users. Outputs NDJSON. Usage:
Example:

Apps

Manage applications.

list

List applications. Outputs NDJSON. Usage:

Accounts

Manage application accounts (app users).

list

Search and list accounts for an application. Outputs NDJSON. Usage:

set-owner

Set the owner of an application account. Usage:

Entitlements

Manage application entitlements.

list

Search and list application entitlements. Outputs NDJSON. Usage:

Tasks

Manage access request tasks. Usage:

list

Search and list access request tasks. Outputs NDJSON. Usage:

approve

Approve an access request task. Usage:

deny

Deny an access request task. Usage:

comment

Add a comment to a task. Usage:

Requests

Create access requests. Usage:

create grant

Create a grant access request. Usage:

create revoke

Create a revoke access request. Usage:

Connectors

Manage connectors.

list

List connectors for an application. Outputs NDJSON. Usage:

API

Make raw C1 API requests. This is an escape hatch for accessing any API endpoint not covered by the built-in commands. Usage:
Examples:
If you call a POST-only endpoint with GET (for example a /search/* path with no --body), c1i prints a one-line hint suggesting --body or --method=POST so you can recover without consulting the schema.

Pagination and limits

c1i list commands (and c1i api --paginate) auto-paginate by default — they keep fetching pages until the cursor is empty, so you don’t have to manage tokens manually. Three flags control how much data flows: Examples:
c1i api --path X --limit N without --paginate errors immediately — the non-paginated path returns a single response, so there’s nothing to cap.

Version

Print the c1i version. Usage:
You can also use c1i --version.

Completion

Generate a shell completion script. Output is the script itself, which you can write to a file or source directly. Supported shells are bash, zsh, fish, and PowerShell. Usage:
Examples:
For shell-specific install steps, run c1i completion <shell> --help.