Sign in & get an API key
Your first step is to sign into the Waypoint web app and obtain a credential the CLI can use. There are two credential types — a short-lived bootstrap token and a permanent API key — and this page covers both.
Sign in with a magic link
Open the web app at https://waypoint.gowithdante.com.
You'll see a single card titled "Sign in or create an account to access your projects" with one email field and one button:
- Enter your email address.
- Click Send me a sign-in link.
- Check your inbox and click the sign-in link. It takes you back to the app, already signed in.
The same button works whether you're a brand-new user or returning — your account is created the first time the system sees your email. Each link is single-use; request a fresh one if you need to sign in again.
Magic link is the only enabled sign-in method right now. You may see references to Google or password sign-in elsewhere, but those paths are switched off in the current app — use the magic link.
When you land in an empty workspace (no projects yet), the app shows an onboarding walkthrough. That walkthrough is the easiest way to get a CLI credential, described next.
Get a credential for the CLI
The CLI needs a credential to talk to the Waypoint service. You can get one two ways. Most new users should use the bootstrap path (a); the manual API-key path (b) is there for CI, a second machine, or when you'd rather manage keys explicitly.
(a) Bootstrap token — the onboarding walkthrough
The onboarding walkthrough auto-mints a single-use bootstrap token for you and presents a ready-to-paste command that installs the CLI and logs in. You don't have to visit any settings page.
-
The token looks like
wpkx_live_…and is short-lived (roughly a 20-minute time-to-live). The walkthrough re-mints it automatically as it nears expiry. -
The walkthrough shows a combined install-and-login command. You'll run it in the next step; it looks like:
curl -sSfL https://software.gowithdante.com/install.sh | sh && waypoint login --bootstrap wpkx_live_<token> -
Behind the scenes, the CLI redeems the bootstrap token once and receives a permanent API key, which it stores for you. The bootstrap token itself can't be reused after that.
The bootstrap token is a one-time, short-lived hand-off from the app to the CLI. You never have to copy or store it long-term — the CLI exchanges it for a permanent key automatically.
(b) API key — Settings → API Keys
For a permanent credential you manage yourself, generate an API key:
- Go to Settings → API Keys (
/settings/api-keys). - Optionally enter a Device label (for example
laptoporci-runner; it defaults toCLI). - Click Generate key.
The raw key is shown exactly once, in a modal, with a copy button and a ready-to-paste command:
waypoint login --key wpk_live_<key>
Copy the key immediately — Waypoint never shows it again. An API key looks like wpk_live_….
As the API Keys page notes: these keys identify you, not a workspace. The CLI uses them to act on every workspace you belong to. Treat them like passwords. The page also lists your existing keys by device, prefix, and state, with a Revoke action.
Bootstrap token vs. API key
Bootstrap token (wpkx_live_…) | API key (wpk_live_…) | |
|---|---|---|
| Lifetime | Short (~20 min) | Permanent (until revoked) |
| Uses | Single-use | Reusable |
| How you get it | Auto-minted by the onboarding walkthrough | Generated manually in Settings → API Keys |
| Best for | First-time onboarding (happy path) | CI, a second machine, explicit key management |
| Login flag | waypoint login --bootstrap … | waypoint login --key … |
Both end with the CLI holding a permanent API key. Once you have a credential, continue to Install & authenticate the CLI.