Authorization header.
Authentication Methods
There are two ways to authenticate:
Both methods use the same header format:
API Keys
API keys are the recommended authentication method for programmatic access.Creating a Key
1
Sign in
Go to app.cline.bot and sign in.
2
Open API Keys
Navigate to Settings > API Keys.
3
Create and copy
Create a new key. Copy it immediately as you will not be able to see it again.
Deleting a Key
You can revoke an API key at any time from the same Settings > API Keys page. Deleted keys stop working immediately. You can also manage keys programmatically through the Enterprise API:Account Auth Tokens
When you sign in to the Cline extension (VS Code, JetBrains) or CLI, an account auth token is generated and managed automatically. You do not need to handle these tokens manually. The Cline CLI uses these tokens when you authenticate via:Security Best Practices
Do:- Store API keys in environment variables or a secrets manager
- Use different keys for development and production
- Rotate keys periodically
- Delete keys you no longer use
- Commit keys to version control
- Share keys in chat or email
- Embed keys in client-side code (browsers, mobile apps)
- Log keys in application output
Using Environment Variables
Using a .env File
Custom Headers
The Cline API accepts optional headers for tracking and identification:Related
Getting Started
Create your first API key and make a request.
Enterprise API Keys
Manage API keys programmatically.

