Skip to end of metadata
Go to start of metadata


Thank you for your interest in the Amplify CLI. This documentation covers the Amplify CLI up to version 1.5.X.

As always we seek to provide the best solutions possible to help you achieve your business needs. We recommend trying out the Axway CLI, which replaces the Amplify CLI and provides a richer feature set with a more robust experience. Check out the documentation [Doc Link] for more information on how to download and try it out.


The Amplify CLI auth command allows you to authenticate with the Amplify Platform under one or more accounts and switch between them.



  • lslist - Lists all authenticated accounts
  • login - Log in to the Amplify Platform
  • logout - Log out of all or specific accounts
  • switch - Select default account and organization

ls, list

Displays a list of all authenticated accounts.


  • --json - Outputs accounts as JSON


Log into the Amplify Platform using Proof Key for Code Exchange (PKCE), client secret key, username/password, or signed JSON Web Token (JWT) file.

You can be logged into multiple accounts with varying client IDs at the same time.


  • --client-id  - The CLI specific client ID
  • --client-secret <key> - A secret key issued by Axway
  • --force - Re-authenticate even if the account is already authenticated
  • --json - Outputs authenticated account as JSON
  • --no-launch-browser - Display the authentication URL instead of opening it in the default web browser
  • --password - Password to authenticate with
  • --secret-file <path> - Path to the PEM key issued by Axway
  • --username - Username to authenticate with

Proof Key for Code Exchange (PKCE)

PKCE is the default authentication method. It will open a web browser to the Amplify Platform login page.

Client secret key

This method requires a client secret key to be issued by Axway ID. This method is intended to be used for service accounts that are not associated to a platform account.


Allows you to authenticate using Axway ID username and password which is different from your Amplify Platform username and password. This username and password is issued by Axway ID.

Specifying the --username option without a value will initiate interactive prompting for the username and password:

While it's not advised for security reasons, you can specify the username and password options:

Signed JWT

This method requires a signed PEM file to be issued by Axway ID. This method is intended to be used for service accounts that are not associated to a platform account.

Authentication expiration

When logging into the Amplify Platform via the web browser, you will have a web browser session and local access tokens. The web browser session will expire after a short period of inactivity in the Amplify Platform website.

The access token will expire after a short period after it has been issued. The access token will automatically renew within a longer period of time since the token was issued. If too much time has passed, then the user must re-authenticate.


Revokes access tokens for one, multiple, or all accounts.


  • --all - Revoke all accounts
  • --json - Outputs revoked accounts as JSON


Once authenticated into at least one account, you can set the default account and organization to use for amplify commands.


  • --account <name> - The account to switch to
  • --json - Outputs selected account as JSON
  • --org <id|name> - The organization to switch to
  • No labels