intertool

Authentication

How authentication works in the Intertool API.

Overview

Intertool uses GitHub OAuth for authentication. The API accepts bearer tokens issued during the OAuth flow.

CLI authentication

The CLI handles authentication automatically:

intertool login --url https://your-registry.example.com

This opens a browser, completes the OAuth flow, and stores the token locally.

API token usage

For direct API access, include the token as a Bearer header:

curl -H "Authorization: Bearer <token>" \
  https://your-registry.example.com/api/skills

Roles

Intertool supports three roles:

RolePermissions
ownerFull access: manage settings, users, all skills, transfer ownership
adminManage settings, users, all skills
memberPublish, edit own skills, install any skill

Roles are assigned by admins in the registry settings. The first user to sign in becomes the owner.

GitHub org restriction

Admins can restrict access to members of a specific GitHub organization. When enabled, only users who belong to the configured org can sign in.

Member invitations

Admins can invite new members by email. The invited person receives an email with a link to accept or decline the invitation.

How it works

  1. An admin enters an email address in Settings > Members and clicks Invite
  2. The invitee receives an email with an "Accept Invitation" link
  3. Clicking the link opens the invitation page at /invite?token=...
  4. The invitee signs in via OAuth (GitHub or Google) and accepts the invitation
  5. They are added as a member with the role specified by the admin

Invitations expire after 7 days. Admins can revoke pending invitations at any time.

Auto-accept

If the invitee's OAuth email matches the invitation email, the invitation is automatically accepted during sign-in. No manual acceptance is needed.

Email transport configuration

One of the following must be configured for invitations to work:

Resend (recommended)

Set the RESEND_API_KEY environment variable with your Resend API key.

SMTP (self-hosted fallback)

Set all of the following environment variables:

VariableDescription
SMTP_HOSTSMTP server hostname
SMTP_PORTSMTP port (default: 587)
SMTP_USERSMTP username
SMTP_PASSSMTP password

Optional

VariableDescription
EMAIL_FROMSender address (default: noreply@{your-domain})

API endpoints

MethodEndpointDescription
POST/api/membersSend an invitation ({ "email": "...", "role": "member" })
GET/api/invitations/[token]View invitation details (public)
POST/api/invitations/[token]Accept or decline ({ "action": "accept" } or { "action": "decline" })
DELETE/api/invitations/[token]Revoke an invitation (admin only)

API Overview

Programmatic access to the Intertool registry.

On this page

OverviewCLI authenticationAPI token usageRolesGitHub org restrictionMember invitationsHow it worksAuto-acceptEmail transport configurationAPI endpoints