Binboi

Binboi docs

Documentation center

Product docs for tunnels, tokens, webhooks, logs, and the self-hosted control plane.

Getting Started

Introduction Quick Start Installation Authentication

Using Binboi

CLI HTTP Tunnels Requests

Debugging

Webhooks API Keys Logs

Operations

Regions Troubleshooting

Quick path

Install the CLI, create a dashboard token, and open a public URL for `localhost` in minutes.

binboi login --token <token>
binboi start 3000 my-app

API Keys

Manage dashboard-issued access tokens for the Binboi CLI.

The Access Tokens page is the lifecycle center for CLI credentials. It is where users create tokens, review their names and prefixes, monitor last-used time, and revoke access cleanly when a machine or workflow should no longer authenticate.

Creating keys Viewing keys Revoking keys Key safety

Create

Creating keys

A good API key workflow starts with clear ownership and naming.

Create one token per machine, environment, or automation workflow.

Use names that explain ownership, such as `Local M3 Air`, `Payments staging VM`, or `GitHub Actions smoke test`.

Copy the full token immediately after creation because the product shows it only once.

Use a newly created key

bash

binboi login --token <new-token>
binboi whoami

Review

Viewing and managing keys

The dashboard should help you understand token lifecycle without exposing the full secret again.

Fields worth showing in the UI

Field	Why it matters	Example
Name	Helps identify the owner or machine.	`M2 MacBook`
Prefix	Safe partial identifier for support and debugging.	`binboi_pat_2e9c4d93`
Created time	Useful for cleanup and audit review.	`Mar 30, 2026 21:55`
Last used	Helps spot stale or forgotten credentials.	`Apr 1, 2026 09:12`
Status	Shows whether the token is active or revoked.	`ACTIVE`

Revoke

Revoking keys

Revocation is the simplest way to recover from token sprawl, machine turnover, or leaked credentials.

Revoke tokens when a machine is retired, reimaged, transferred, or no longer trusted.

Revoke immediately if a token appears in screenshots, shell history, or shared chat logs.

Prefer creating a replacement token rather than trying to keep one credential alive across too many environments.

Safety

Security notes for API keys

The safest token workflow is usually the simplest one.

Storage model

Binboi stores token prefixes and secure hashes in the database, not the raw token. The full value is returned only once at creation time.

Do not reuse the same token across every laptop, staging box, and CI runner.

Use the dashboard list to identify old credentials before they become a liability.

Use `binboi whoami` during support or onboarding to verify which account and plan a machine is authenticating as.