VVEREID Docs
sdks

CLI — vereid

The vereid CLI is a single static binary for local development against VEREID — auth, verify, webhooks, log tailing, and code-gen.

Last updated 2026-05-20

The vereid CLI is the fastest way to interact with VEREID from a terminal. It is the same binary we use internally for support — every read-only command works against any tenant you have an API key for; mutating commands prompt for confirmation by default.

Install

# macOS / Linux
brew install vereid/tap/vereid
 
# Windows
scoop bucket add vereid https://github.com/vereid/scoop-bucket
scoop install vereid
 
# Any platform
curl -sSL https://install.vereid.com | bash
 
# Or grab a release directly
gh release download -R vereid/cli -p '*Darwin*arm64*'

Sign in

vereid login

This opens a browser to auth.vereid.com and stores a refresh token at ~/.config/vereid/credentials.json (or %APPDATA%\vereid\credentials.json on Windows). The token is scoped to the developer-console scopes (developer:*) and cannot perform end-user actions on your behalf.

To use an API key directly (e.g. in CI):

export VEREID_API_KEY=vk_test_••••••••••••

The CLI prefers the env var when present.

Top-level commands

CommandPurpose
vereid login / logoutManage credentials.
vereid whoamiPrint the active identity + tenant.
vereid keys ls / create / revokeManage API keys.
vereid verify createCreate a verification session and print the hosted URL.
vereid verify get <id>Print a session by id.
vereid verify tailStream verification events in real time.
vereid webhooks ls / create / deleteManage webhook endpoints.
vereid webhooks tailStream every webhook delivery, including signature header.
vereid webhooks replay <delivery>Replay a parked delivery.
vereid logs tail [--type=...]Stream the audit log.
vereid openapiPrint the live OpenAPI spec.
vereid codegen <lang>Generate typed bindings from the spec.

Add --help to any command for the full flag list.

Verify session — full example

vereid verify create \
  --tier=T1 --tier=T2 \
  --reference=user_42 \
  --redirect-url=https://yourapp.com/done
 
# → opens browser to the hosted URL; tails the session until completion.

The CLI uses the same fixture set as the test mode of the API, so you can drive a deterministic pass/fail end-to-end with no real document upload.

Tail webhook deliveries (local dev)

vereid webhooks tail --endpoint=we_01HZ... --forward=http://localhost:3000/webhooks/vereid

--forward proxies every delivery from VEREID into your local server with the original vereid-signature header preserved, so your handler verifies cleanly without a public tunnel.

Code generation

vereid codegen ts > vereid.d.ts
vereid codegen go > internal/vereid/types.go
vereid codegen python > vereid_models.py

Wraps the live OpenAPI spec with openapi-typescript, oapi-codegen, or datamodel-code-generator respectively. Output is deterministic given the spec — commit the result.

Environments

The CLI supports multiple profiles:

vereid login --profile=prod
vereid login --profile=staging
vereid --profile=staging verify create --tier=T1

Profiles are stored side-by-side under ~/.config/vereid/. There is no implicit default — you must pick a profile or set VEREID_PROFILE.

Offline mode

For air-gapped CI, the CLI accepts a pre-downloaded OpenAPI spec via VEREID_OPENAPI_PATH=./openapi.yaml. All codegen, verify create --dry-run, and webhooks verify commands work without network access.

Updates

vereid upgrade

Checks GitHub releases for a newer signed binary, validates its cosign signature against github.com/vereid/cli's OIDC identity, and replaces itself in place. The signature check is mandatory and cannot be bypassed.

Where to next

  • @vereid/js — programmatic equivalent for Node and the browser.
  • Webhooks — wire format and replay window.
  • Migrating from Persona — the CLI's vereid persona import subcommand maps an Inquiry export to verification sessions.