Authentication

UI Inspect supports two authentication methods:

API key authentication

API keys are used for CLI tools, CI/CD pipelines, and programmatic access.

API keys use the format uii_<64-character-hex> and are sent as Bearer tokens:

# CLI usage
export UI_INSPECT_TOKEN="uii_your-full-api-key"
npx ui-inspect build --project your-project-id

# HTTP usage
curl -H "Authorization: Bearer uii_your-full-api-key" \
  http://localhost:3000/api/trpc/project.list

API keys are hashed before storage. If you lose the key, you'll need to create a new one.

Action	How
List keys	Dashboard → Settings → API Keys
Create key	`apiKey.create` mutation or dashboard
Revoke key	`apiKey.revoke` mutation or dashboard

Revoking a key immediately invalidates it across all services.

The web dashboard and browser extension use session-based authentication via Better Auth.

Provider	Status	Configuration
Email/Password	Built-in	No config needed
Google OAuth	Optional	Set `AUTH_GOOGLE_ID` and `AUTH_GOOGLE_SECRET`

.env

AUTH_GOOGLE_ID="your-google-client-id"
AUTH_GOOGLE_SECRET="your-google-client-secret"

Never commit tokens to your repository. Use your CI provider's secret management:

env:
  UI_INSPECT_TOKEN: ${{ secrets.UI_INSPECT_TOKEN }}

variables:
  UI_INSPECT_TOKEN: $UI_INSPECT_TOKEN # Set in CI/CD Settings → Variables

Set UI_INSPECT_TOKEN in Project Settings → Environment Variables.

API keys inherit the permissions of the user who created them:

Role	Permissions
Owner	Full access, manage team, billing
Admin	Manage projects, members, settings
Member	Create/edit comparisons, approve baselines
Viewer	Read-only access to all data