Authentication
Binboi uses two credential types: account sessions (browser/dashboard) and Personal Access Tokens (PATs) for the CLI and API.
Sign In to the Dashboard
Visit binboi.com/login and enter your email and password. A session cookie (binboi_token) is set on your browser for 7 days.
New users must verify their email before signing in. The verification link is sent from noreply@miransas.com.
Personal Access Tokens
For CLI and programmatic access, generate a PAT from the dashboard:
- Sign in to binboi.com
- Open Access Tokens
- Click Generate Token, give it a name, and copy the value
A token looks like:
binboi_pat_a1b2c3d4_x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4
The full token is shown only once. Store it in a password manager.
Log In with the CLI
binboi login --token binboi_pat_a1b2c3d4_x9y8z7w6...The token is saved to ~/.binboi/config.json and used for every subsequent command.
Verify Your Session
binboi whoamiOutput:
Logged in as sardor@example.com (FREE plan)
Server: https://api.binboi.com
Plan Limits
| Plan | Max tokens | Max concurrent tunnels | |-------|------------|------------------------| | Free | 3 | 1 | | Pro | 25 | 10 | | Scale | Unlimited | Unlimited |
When you hit the token limit, the API returns 403 TOKEN_LIMIT_REACHED. Revoke an old token or upgrade to continue.
Revoke a Token
From the dashboard, click the token row and select Revoke. The token is invalidated immediately and any active tunnels using it are closed.
Security
- Tokens are hashed with argon2id at rest — only the public prefix (
binboi_pat_xxxx) is stored in plain text - Tokens do not expire automatically — revoke them when you stop using them
- Each request is logged with the token prefix for audit purposes