Install and authenticate the Apex CLI
Install apex, sign in with the default browser OAuth flow, and use API-key fallbacks for headless environments.
The Apex CLI is the command-line interface for experiment operations, draft workspace edits, GitOps pushes, QA evidence, tracking checks, and agent handoffs. Use apex as the canonical binary. drip is kept as a compatibility alias.
Prerequisites
- Node.js 18 or newer.
- An Apex account with access to the shop or workspace you want to manage.
- For API-key fallback login, an Apex API key that starts with
apx_.
Install
npm install -g @drip-apex/apex-cli
apex --helpFor local package development, build and link from the monorepo:
npm --prefix packages/cli install
npm --prefix packages/cli run build
cd packages/cli
npm linkDefault browser login
Run login in an interactive terminal:
apex loginBy default, the CLI starts a short-lived callback server on 127.0.0.1, opens Apex at /cli/login, and includes a one-time state, local callback URL, and machine name. Approve the CLI login in your browser. Apex posts the generated API key back to the local callback, the CLI validates it by reading one experiment, and then stores credentials at ~/.drip/credentials.json with file mode 0600.
If the browser does not open automatically, the CLI prints the login URL. Open that URL manually in the same browser session where you are signed in to Apex.
Manual and API-key login
Use --manual when you want the CLI to prompt for a key instead of starting browser login:
apex login --manualUse --api-key for non-interactive shells:
apex login --api-key apx_your_key_hereUse --base-url only when you are targeting a non-production Apex environment:
apex login --base-url https://app.example.testIn CI or agent runners, prefer environment variables over prompts:
DRIP_API_KEY=apx_your_key_here apex whoami --jsonDRIP_API_KEY takes priority over stored credentials. DRIP_BASE_URL can override the API base URL for the process; otherwise the CLI uses https://app.drip-apex.com.
Verify or clear auth
apex whoami
apex experiments list --limit 5
apex logoutapex whoami validates the current key against the API and prints only a redacted key preview. apex logout removes the stored credential file, but it does not revoke the API key in Apex.
Troubleshooting
- Browser login fails in CI: use
apex login --api-key <key>or setDRIP_API_KEY. - Login returns exit code
4: inspect the JSONerror.details.retrycommand and rerun only after confirming you meant to use API-key login. - Validation fails with
401: check that the key is valid and starts withapx_. - Validation fails with
403: the key exists, but it lacks permission to read experiments. - Validation is rate-limited: retry later and check the server-side rate-limit configuration if this happens on first login.