Skip to content

Getting started

Platform-admin operators drive /admin-api/* through the nayaone-admin CLI. The REST surface remains available as a fallback/alternative integration option (PRD-407/DO-7).

Binaries are Forge-only (PRD-383 WS-C). GitHub Releases carry OpenAPI spec assets, not the CLI binary.

Terminal window
# Auth: HTTP Basic with username `x-api-token` and password = your NayaOne API token.
# Download to the CWD, then move into place with sudo (never curl as root).
curl -fsSL -u "x-api-token:${N1_API_TOKEN}" -o nayaone-admin \
"https://nayaone.cloud/api/forge-registry/_system/n1-admin/generic/nayaone-admin/latest/nayaone-admin-$(uname | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')"
chmod +x nayaone-admin
sudo mv nayaone-admin /usr/local/bin/nayaone-admin
nayaone-admin version

Source: n1-cloud-admin-cli/README.md.

nayaone-admin and nayaone share the same config profile file (~/.n1/config.json, mode 0600). There is no second mint surface.

ModeWhen to useHow
OAuth 2.1 + PKCEInteractive operator sessionsnayaone login (or nayaone-admin login — idempotent against the shared profile)
x-api-tokenCI / service accountsnayaone-admin profile set <name> --api-token <value>
Terminal window
# Confirm identity (OAuth bearer → OIDC userinfo; X-Api-Token → GET /api/me)
nayaone-admin whoami
# Smoke an admin-api operation
nayaone-admin api adminListOrganizations

If you already ran nayaone login, skip re-login — nayaone-admin whoami returns the same subject. JWT issuer convergence is pinned by admin-api’s request-host-derived baseURLForJwt (PRD-316/DO-12).

You must be a member of the Cloudflare Access group n1-cloud-platform-admins (same group that gates nayaone.cloud/admin/*PRD-398). Every /admin-api route also enforces requirePlatformAdmin server-side.

  • Browse the generated CLI reference (~210 operationIds).
  • Read the operator guides for converge, credential health, member-sync, and fleet reroll.