Skip to main content
Most unblocked commands — including the MCP server and every context-* command — need to call the Unblocked API on your behalf. Authentication is how you grant that access.

Interactive auth

unblocked auth
Runs the browser-based authentication flow:
  1. The CLI opens your default browser to sign in to Unblocked.
  2. After you authorize the session, the browser hands a token back to the CLI.
  3. The CLI caches that token locally. Subsequent commands reuse it until it expires or you sign out with unblocked uninstall.
The install-mcp.sh quick install script triggers this flow automatically at the end of its run. If you installed with install.sh (CLI only), run unblocked auth manually before using any other command.

Headless auth with an API token

In environments without a browser — CI runners, containers, remote shells — use an Unblocked API token instead of interactive auth. Set the token in the environment before running other unblocked commands: 
export UNBLOCKED_API_TOKEN=...   # personal or team token from Unblocked settings
unblocked context-research --query "..."
The same tokens that power Unblocked MCP in CI also work for the CLI. See the per-agent guides for how to generate personal or team API tokens — for example the headless automation section of the Claude Code install guide.

Signing out

To clear the cached credentials along with all other local Unblocked state, run unblocked uninstall.