Raster

CLI

Sign in over OAuth, then browse, search, upload, and organize your Raster libraries from a terminal or CI pipeline with the Raster command-line client.

The Raster CLI is a command-line client for the REST API. It signs in over OAuth by default and covers the full asset workflow — list, search, upload, download, tag, transfer, and delete — from a terminal or a CI pipeline.

The CLI is in Alpha. Commands and flags may change before the 1.0 release.

Install

npm install -g @raster-app/cli

Run a single command without installing — the command is raster:

npx -p @raster-app/cli raster whoami

Authenticate

raster auth login

raster auth login signs you in over OAuth, tied to your user account. When a browser is available, it opens a browser authorization-code flow and captures the result on a local loopback redirect. Over SSH or on a headless machine it falls back to the device authorization grant: it prints a short user code and the URL https://raster.app/device, which you approve in a browser on any device. Pass --browser or --device to force either flow.

The CLI prints the authorization URL ("Visit <url>") before opening the browser, so you can open it yourself in a browser on the same machine.

OAuth tokens are stored in ~/.config/raster/config.json with owner-only permissions. The CLI refreshes the access token automatically before it expires and rotates the refresh token. When the saved login can no longer refresh, re-run raster auth login.

API keys for CI and automation

For CI and scripts, sign in with an organization API key:

raster auth login --api-key pk_...

Or set RASTER_API_KEY in the environment. The active credential resolves from the --api-key flag, then RASTER_API_KEY, then a stored OAuth token, then a config-file apiKey. An ambient RASTER_API_KEY therefore takes precedence over a stored OAuth session — handy for scripts and CI. raster auth status shows which credential is in use; for an API key it also names the organization it reaches. raster auth logout revokes the OAuth token (if any) and clears stored credentials.

Org and library

An API key is scoped to one organization and a set of libraries, so the CLI takes the org and library from the key:

  • --org is optional — the organization comes from the key.
  • --library is optional when the key has a single library. When the key can reach several, commands that act on one library ask you to pass --library <id> and list the choices.

Pass --org / --library to override, or to pick a library when the key spans more than one. A key supplied via RASTER_API_KEY works without auth login. If a key's library access changes, re-run raster auth login to refresh, or pass --library.

A broad user-scope OAuth login reaches every organization you belong to. Because no single org is implied, commands that act on one organization need you to choose it: pass --org <id>, set RASTER_ORG, or set a defaultOrg in the config file. Without a selection the command stops with a clear error. Run raster whoami to list the organizations you can reach. An org-scoped OAuth login and an API key resolve their single organization automatically.

Global flags

These work on every command, before or after the subcommand.

FlagPurpose
--api-key <key>API key (overrides RASTER_API_KEY and the config file)
--org <organizationId>Organization id (derived from an API key or an org-scoped OAuth login; for a broad OAuth login pass this, set RASTER_ORG, or a config defaultOrg)
--library <libraryId>Library id (derived from the key when it has one library)
--jsonPrint the raw API payload to stdout and nothing else
--verboseLog each request to stderr (method, path, masked key, status, duration)

Commands

Asset ids are always positional. --library selects the library when the key can reach more than one. raster <command> --help lists every flag.

auth

CommandDescriptionExample
raster auth loginSign in over OAuth (browser when available, otherwise a device code; force with --device/--browser), or validate an API key with --api-key.raster auth login
raster auth logoutRevoke the OAuth token (if any) and remove stored credentials.raster auth logout
raster auth statusShow which credential is in use and its source (issuer and scope for OAuth; the organization for an API key).raster auth status

whoami

raster whoami

Show the organizations, plan, and libraries the current credential can access. A broad user-scope OAuth login lists every organization you can reach, so you can pick one with --org. An org-scoped OAuth login and an API key show their single organization.

libraries

CommandDescriptionExample
raster libraries lsList libraries in the organization (--page, --page-size).raster libraries ls
raster libraries create --name <name>Create a library (--slug optional).raster libraries create --name "Brand"
raster libraries rename --name <name>Rename the library.raster libraries rename --name "Brand assets"

assets

CommandDescriptionExample
raster assets lsList assets; filter with --tag (up to 5), page with --page/--page-size.raster assets ls --library brand --tag sunset
raster assets get <assetId>Show one asset's metadata.raster assets get asset_123
raster assets search <query>Search across the organization (--library scopes to one).raster assets search "golden hour"
raster assets download <assetId>Download the file (-o path, --force to overwrite).raster assets download asset_123 -o photo.png
raster assets upload <files...>Upload local files (batched at 20 per request).raster assets upload ./photos/*.png
raster assets rm <assetIds...>Move assets to trash (--yes skips the prompt).raster assets rm asset_123 asset_456
raster assets describe <assetId> --text <text>Set an asset's description.raster assets describe asset_123 --text "Hero shot"
raster assets transfer <assetIds...> --to <libraryId>Move assets to another library.raster assets transfer asset_123 --to archive

tags

CommandDescriptionExample
raster tags lsList tags in the library (--limit).raster tags ls --library brand
raster tags add <assetIds...> --tag <tag...>Add tags to assets.raster tags add asset_123 --tag launch
raster tags rm <assetIds...> --tag <tag...>Remove tags from assets.raster tags rm asset_123 --tag launch

orgs

raster orgs create --email <email> [--name <name>] [--save]

Create an organization and library with no account, the anonymous flow documented at POST /libraries. Prints the claim URL; --save stores the minted key.

Output and scripting

Human-readable tables print to stdout; progress and notes go to stderr, so stdout stays pipeable. Add --json for machine-readable output — e.g. raster assets search "sunset" --json | jq '.hits[].id'.

Exit codes are stable across releases:

CodeMeaning
0Success
1Unexpected error
2Usage error (bad flags or arguments)
3Authentication (missing or rejected key)
4Not found
5Validation or conflict
6File too large
7Network failure

Environment variables

VariablePurpose
RASTER_API_KEYAPI key (overrides a stored OAuth token; sits below --api-key, above a config-file key)
RASTER_ORGDefault organization id for an OAuth login when --org is omitted
RASTER_CONFIG_HOMEConfig directory override (default ~/.config/raster)
RASTER_AUTH_ISSUEROAuth authorization-server issuer (default https://raster.app; a raster.app host or localhost only)
RASTER_OAUTH_CLIENT_IDPin a client id to skip dynamic client registration

On this page