Getting started
Install the DALP CLI, connect it to a DALP instance, and verify your first authenticated command.
The DALP CLI (@settlemint/dalp-cli) gives operators and integrators terminal access to a DALP instance. Authenticate through the browser, store a platform API key locally, and run asset and identity commands. For automation, pass --format json to get machine-readable output for scripts or AI agents.
Prerequisites
Before you start, you need:
- Node.js 20 or later, or Bun, on the machine where you run the CLI.
- The base URL of the DALP instance you want to manage.
- A user account that can sign in to that DALP instance and has access to the target organisation.
Installation
Install the CLI globally with npm or Bun. Both install the same dalp binary:
npm install -g @settlemint/dalp-clibun add -g @settlemint/dalp-cliAfter installation, the dalp command is available in your terminal. Verify it with dalp --version.
Configure the platform URL
The login command needs a DALP instance URL. Pass it with --url each time, or save it once with dalp config set apiUrl so later logins need no flag. To override for one shell session only, export DALP_URL before logging in.
## One-off inline login
dalp login --url https://dalp.example.com
## Save to config for repeated use
dalp config set apiUrl https://dalp.example.com
dalp login
## Override for the current shell session
export DALP_URL=https://dalp.example.com
dalp loginAuthenticate with device flow
The CLI uses the OAuth 2.0 Device Authorization Grant. You do not type your password into the terminal.
dalp login --url https://dalp.example.comDuring login, the CLI:
- Requests a device code from the DALP instance.
- Opens the verification URL in your browser, or prints the URL and user code if the browser cannot open automatically.
- Polls the DALP instance until you approve or deny the device request.
- Uses the approved session to create a CLI API key.
- Stores the API key locally for later commands.
The device code can expire before you approve it. If that happens, run dalp login again.
Verify your session
Run whoami after login:
dalp whoamiThe command calls the authenticated user endpoint and returns the current user and active organisation. If no credentials are stored, authenticated commands fail with NOT_AUTHENTICATED and tell you to run dalp login.
Credential storage
The CLI stores credentials differently by operating system:
| Platform | Storage | Behaviour |
|---|---|---|
| macOS | System Keychain | Stores the API key under the dalp-cli service. |
| Linux and Windows | ~/.config/dalp/credentials.json | Writes the credential file with 0600 permissions and refuses credentials with broader permissions. |
To sign out, run dalp logout. The CLI revokes the API key on the DALP instance and removes the local credentials:
dalp logoutConfiguration sources
The CLI resolves settings from four sources: CLI flags (highest priority), then environment variables, then a project .dalprc.json, then the global ~/.config/dalp/config.json. Use dalp config to read and write the global file:
| Priority | Source | Example |
|---|---|---|
| 1 | CLI flags | dalp login --url https://dalp.example.com |
| 2 | Environment variables | DALP_URL, DALP_ORG |
| 3 | Project config | .dalprc.json in the current directory |
| 4 | Global config | ~/.config/dalp/config.json |
# View all config
dalp config get
# View a single key
dalp config get apiUrl
# Set values
dalp config set format json
dalp config set defaultOrg my-org-slugOutput formats
Every command accepts --format to control the shape of its response. The default is toon (human-readable tables). Use json for scripts, yaml for config review, and md for Markdown reports:
| Format | Flag | Use case |
|---|---|---|
toon | --format toon | Human-readable tables. Default. |
json | --format json | Machine-readable output for scripts and jq. |
yaml | --format yaml | Configuration and review artifacts. |
md | --format md | Markdown reports. |
To avoid passing the flag each time, save a default format to your global config:
dalp config set format jsonFirst commands to run
After login, start with read-only inspection before any write operations. These calls confirm the session, system state, and organisation context:
# View your user profile and active organisation
dalp whoami
# List tokens in the system
dalp tokens list
# List users
dalp users list
# View system information
dalp system list
# Search across the platform
dalp search-results "bond"Pass --format json when piping into automation:
dalp tokens list --format jsonNext steps
- Command reference lists commands and options.
- Scripting and automation explains how to use the CLI in scripts and CI pipelines.
- AI agent integration explains how to use the CLI with LLMs, MCP servers, and AI coding agents.