Opens your browser for authentication and saves credentials locally. Use this to set up authentication or switch workspaces.
Syntax How It Works
Prompts to select region (if needed)
Opens browser for OAuth authentication
Redirects to Tinybird login page
Receives authentication token
Saves token to .env.local
Updates baseUrl in config (if region changed)
Output Example Select your Tinybird region: › Europe (api.tinybird.co) US East (api.us-east.tinybird.co) Opening browser for authentication... ✓ Logged in as [email protected] ✓ Workspace: my-workspace ✓ Region: Europe ✓ Credentials saved to .env.local
When to Use Run login when:
Setting up a new project (after init)
Token expired or invalid
Switching to different workspace
Working on a cloned repository
Changing regions
Authentication Flow Browser Window Login opens your default browser:
https://ui.tinybird.co/auth/cli Sign in to Tinybird [Google] [GitHub] [Email]
OAuth Callback After authentication, browser shows:
✓ Authentication successful! You can close this window and return to your terminal.
Credentials Saved Token saved to .env.local:
TINYBIRD_TOKEN = p.eyJ1IjogIjEyMzQ1Njc4LTEyMzQtMTIzNC0xMjM0LTEyMzQ1Njc4OTBhYiIsICJpZCI6ICI5ODc2NTQzMi0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYWIifQ.abcdef123456
Region Selection If no region configured, login prompts:
Select your Tinybird region: › Europe (api.tinybird.co) US East (api.us-east.tinybird.co)
Saved to config:
{ "baseUrl" : "https://api.tinybird.co" }
Switching Regions To change region, delete baseUrl from config and re-login:
# Remove baseUrl edit tinybird.config.json # Login again (will prompt for region) tinybird login
Token Storage Credentials are stored in:
.env.localTINYBIRD_TOKEN = p.your_token_here
.envTINYBIRD_TOKEN = p.your_token_here
System environment (CI/CD)export TINYBIRD_TOKEN = p . your_token_here
Never commit .env.local or .env files to version control. These contain your API token.
Token Scopes Login tokens have ADMIN scope with full permissions:
Create/read/update/delete datasources
Create/read/update/delete pipes
Manage branches
Manage tokens
Deploy to production
For limited access, create scoped tokens in the Tinybird dashboard.
Re-authentication Tokens don’t expire, but you may need to re-authenticate:
# Token revoked or invalid tinybird build
# Login again tinybird login
Workspace Switching To switch workspaces:
# Login with different account tinybird login # Select different workspace in browser
New token replaces old one in .env.local.
Headless/CI Environments For environments without browser access:
Set Token Manually # Get token from Tinybird UI: https://ui.tinybird.co/tokens export TINYBIRD_TOKEN = p . your_token_here # Or create .env.local echo "TINYBIRD_TOKEN=p.your_token_here" > .env.local
CI/CD Setup Set as secret in your CI platform:
GitHub Actions
GitLab CI
CircleCI
env : TINYBIRD_TOKEN : ${{ secrets.TINYBIRD_TOKEN }}
Examples Initial Setup # Initialize project npx tinybird init --skip-login # Authenticate tinybird login # Start development tinybird dev
Cloned Repository # Clone repo git clone https://github.com/your/repo cd repo # Install dependencies npm install # Authenticate tinybird login # Ready to develop tinybird dev
Switch Workspace # Login with different account tinybird login # Verify workspace tinybird info
Refresh Credentials # Token expired or revoked tinybird login
Verification Verify login succeeded:
Workspace: Name: my-workspace Email: [email protected] Region: Europe Token: p.eyJ1IjogIjEyMzQ... (valid)
Security Best Practices Protect Tokens # Ensure .env.local is gitignored echo ".env.local" >> .gitignore echo ".env" >> .gitignore # Verify git status # Should not show .env files
Token Rotation Regularly rotate tokens for security:
Revoke old token in dashboard: https://ui.tinybird.co/tokens
Run tinybird login to get new token
Update CI secrets
Limited Scopes For production, use scoped tokens:
// Create scoped token with limited permissions const { token } = await client . tokens . createJWT ({ name: "ci-deploy" , expiresAt: new Date ( Date . now () + 90 * 24 * 60 * 60 * 1000 ), // 90 days scopes: [ { type: "DATASOURCES:READ" , resource: "*" }, { type: "PIPES:READ" , resource: "*" }, ], });
Troubleshooting Browser Doesn’t Open Error: Could not open browser Please visit: https://ui.tinybird.co/auth/cli?code=ABC123
Manually open the URL in your browser.
No Config Found Error: No tinybird config found. Run 'npx tinybird init' first.
Run init before login:
Authentication Timeout Error: Authentication timed out
Try again:
Token Already Exists Login overwrites existing token:
⚠ Existing credentials will be replaced ✓ Credentials saved to .env.local
init : Initialize project (includes optional login)info : View current workspace and tokendeploy : Deploy to production (requires valid token)
Login is interactive and requires browser access. For CI/CD, manually set TINYBIRD_TOKEN environment variable.