Getting into the Cobo developer hub feels a bit like unlocking a secure vault, and at its heart is the login and authentication process. It’s not just about typing in a password; it’s about choosing the right key for the right door, ensuring your access is both secure and efficient.
Cobo's Wallet-as-a-Service (WaaS) 2.0 offers a few distinct ways to authenticate your CLI, and understanding them is key to smooth sailing. Think of it like having different passes for different areas – each with its own purpose and security level.
Your Cobo Portal Account: The Familiar Key
This is perhaps the most straightforward method. Logging in with your Cobo Portal account essentially grants the CLI the same permissions you have when you're browsing the portal yourself. It’s perfect for managing your apps – creating them, publishing them, keeping them updated. It’s like using your main ID to access most facilities.
To get started, you’ll run a simple command, cobo login --user. What happens next is quite neat: the CLI will present you with a browser URL and a setup code. You’ll be prompted to open your browser, where you’ll verify that the code matches what you see on your screen. It’s a little handshake to ensure it’s really you. Once confirmed, you select your organization, hit ‘Confirm,’ and you’re in. It’s a very visual and reassuring process.
API Keys: The Specialized Tool
For those who need more granular control or automated access, API keys are the way to go. When you use an API key, the CLI gets access based on the specific permissions you’ve configured for that key. This is where you can really tailor access, granting only what’s necessary.
To use this, you’ll first need to generate an API key and its corresponding secret using cobo keys generate. Then, it’s crucial to register this key on Cobo Portal. Remember, if you generate a new key pair, you’ll need to update it in Cobo Portal too. A handy shortcut, cobo open developer, can whisk you directly to the developer console in your browser, making this registration process much quicker. The golden rule here? Only grant the permissions your API key truly needs. It’s a fundamental security practice.
Org Access Tokens: For App-Specific Access
Org Access Tokens are a bit more specialized, designed to give your Cobo Portal App access to an organization’s resources. If you’re testing your app locally with the CLI, this is your go-to.
Before you can acquire one, you need to create and submit your app to Cobo. This involves a couple of steps: cobo app init to get things started, followed by cobo app upload to send it over.
Once your app is submitted, you can acquire the token with cobo login --org. Similar to the user login, you’ll get a browser URL and a setup code. You’ll verify the code in your browser and then grant the necessary permissions. What’s interesting here is that after you submit the authorization request, your organization’s admin will need to give it the final nod. Once approved, the token is saved securely in your project’s .env file.
And because security is an ongoing effort, you can refresh your Org Access Token with the --refresh-token flag: cobo login --org --refresh-token. It’s a good habit to keep these tokens up-to-date.
Switching and Checking Your Authentication
Life isn't always static, and neither is your authentication method. Cobo CLI makes it easy to switch between these methods using the cobo auth command. Just replace <METHOD> with apikey, user, or org. For instance, to switch to API key authentication, you'd type cobo auth apikey.
Curious about which method you're currently using? A quick cobo auth command will tell you. It’s all about making sure you’re always in control and aware of how you’re connecting.
Ultimately, choosing the right authentication method is about balancing your security needs with your workflow. Whether it’s the broad access of your portal account, the precise control of an API key, or the app-focused nature of an Org Access Token, Cobo provides the flexibility to connect securely and efficiently.