> ## Documentation Index
> Fetch the complete documentation index at: https://jetemail.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How the CLI resolves API keys, and how to use it interactively or in CI.

`jetemail` resolves the API key in this order. First match wins.

1. `--api-key api_…` (and `--transactional-key transactional_…`) flag
2. `JETEMAIL_API_KEY` / `JETEMAIL_TRANSACTIONAL_KEY` environment variables
3. Saved config (`jetemail login` writes here)

This precedence lets you keep a personal key in `login` for everyday use, override it temporarily on the command line, and switch to a CI-scoped key via environment variables in pipelines.

## `login`

```sh theme={null}
jetemail login
```

Interactive flow:

1. Prompts for your `api_…` key.
2. Validates it by calling `GET /outbound/domains`.
3. Asks whether to also save a `transactional_…` key (used for `email send` / `email batch`).
4. Writes both to the config file.

Non-interactive:

```sh theme={null}
jetemail login --api-key api_xxxxxxxx --transactional-key transactional_xxxxxxxx
```

Skip the network round-trip with `--skip-validation` if you're somewhere with no network access during setup.

<Note>
  Management endpoints (`/outbound`, `/inbound`, `/webhooks`, etc.) require an `api_…` key. The transactional send endpoints (`/email`, `/email-batch`) require a separate `transactional_…` key. The CLI picks the right one for you per command.
</Note>

## `whoami`

```sh theme={null}
jetemail whoami
```

Prints which key is in use (masked), which layer it came from (flag, env, config), and re-validates against the API.

```
API key:           api_xxxx…wxyz (config)
Transactional key: transactional_xxxx…wxyz (env)

validating against API … ✓ key is valid
```

## `logout`

```sh theme={null}
jetemail logout          # confirms first
jetemail logout -y       # skip confirmation
```

Clears both keys from the config file. Your `base_url` override (if any) is preserved.

## Non-interactive contexts

For CI, cron, scripts, AI agents, set the environment variables and skip `login` entirely:

```sh theme={null}
export JETEMAIL_API_KEY="api_xxxxxxxx"
export JETEMAIL_TRANSACTIONAL_KEY="transactional_xxxxxxxx"

jetemail outbound suppression list
jetemail send --from no-reply@example.com --to alice@example.org --subject "hi" --text "hi"
```

Stdout stays clean JSON when stdout isn't a TTY, so it pipes into `jq`, log collectors, and other tools without extra flags.

## `doctor`

```sh theme={null}
jetemail doctor
```

Reports config file location, presence of each key, the layer each came from, and whether the API is reachable with the active key. Non-zero exit if any required check fails.

```
jetemail doctor
════════════════
  ✓  config file          /Users/you/Library/Application Support/com.JetEmail.jetemail/config.toml
  ✓  api key              api_xxxx…wxyz (config)
  ✓  transactional key    transactional_xxxx…wxyz (config)
  ✓  api reachable        GET /outbound/domains → 2xx

✓ everything looks good.
```

<Card title="Next: Config file" icon="gear" href="/cli/configuration" arrow="true">
  Where the config lives and how to edit it.
</Card>