Authentication
Slo supports three model providers: OpenAI, Anthropic, and Kimi For Coding. You connect a provider the first time you launch Slo, or at any time by typing /auth inside the TUI.
Supported providers
| Provider | Auth methods | Default model |
|---|---|---|
| OpenAI (recommended) | OAuth (browser) or API key | gpt-5.4 |
| Anthropic | OAuth (browser) or API key | Claude models |
| Kimi For Coding | API key only | — |
First launch
Run slo or slo /path/to/project. On first launch, Slo automatically shows an authentication modal where you pick your provider and enter your credentials. You will not need to run a separate command.
OpenAI (recommended)
OpenAI is the recommended provider. It supports two authentication methods.
OAuth (browser-based)
Choose OAuth when prompted. Slo opens your browser and starts a local callback server at localhost:1455/auth/callback. After you approve access in the browser, the token is written to your credentials file automatically.
API key
Choose API key when prompted, then paste your key from platform.openai.com.
- Go to platform.openai.com
- Navigate to API keys under your account
- Create a new secret key
- Paste it into the Slo authentication modal
Usage is billed at standard OpenAI API rates.
Anthropic
Anthropic supports the same two authentication methods as OpenAI.
OAuth (browser-based)
Choose OAuth when prompted. Slo opens your browser and starts a local callback server at localhost:53692/callback. After you approve access, credentials are stored automatically.
API key
Choose API key when prompted, then paste your key from console.anthropic.com.
Subscription warning
Claude.ai Pro and Team subscriptions do not work with Slo. Slo requires the Anthropic API with usage-based billing enabled.
If your Anthropic account has API credits, that works. A plain Claude.ai subscription without API access will not.
Kimi For Coding
Kimi For Coding uses API key authentication only — there is no OAuth option.
When prompted, enter your Kimi API key. Slo connects to https://api.kimi.com/coding/v1.
Where credentials are stored
Slo stores credentials at:
~/.slo/global/authentication.json
The file is created with permissions 0o600 (owner read/write only). The parent directory ~/.slo/ is created with permissions 0o700.
The file uses this structure:
{
"schema_version": 1,
"providers": {
"openai": {
"provider": "openai",
"auth_type": "oauth",
"access_token": "...",
"refresh_token": "...",
"expires_at": "2026-06-30T05:26:15Z",
"subject": "...",
"scope": "openid profile email offline_access",
"created_at": "2026-06-25T05:26:15Z"
}
}
}
For API key authentication, auth_type is "api_key" and the token fields are replaced by an api_key field.
Environment variable overrides
You can supply credentials via environment variables instead of the credentials file. Slo checks these before reading the file:
| Variable | Provider |
|---|---|
SLO_OPENAI_API_KEY | OpenAI |
SLO_ANTHROPIC_API_KEY | Anthropic |
SLO_KIMI_FOR_CODING_API_KEY | Kimi For Coding |
Two additional variables control where Slo looks for the credentials file:
| Variable | Effect |
|---|---|
SLO_AUTH_FILE | Full path to the credentials file (overrides the default location) |
SLO_HOME | Base directory (default: ~/.slo). Changes the default credentials path to $SLO_HOME/global/authentication.json |
Anthropic legacy fallback: If no Anthropic credentials are found in the Slo file or environment, Slo also checks ~/.claude/.credentials.json (written by the Claude desktop app).
Re-authenticating
To switch providers or refresh credentials:
- From within Slo: type
/authat any time. The authentication modal opens and you can choose a new provider or re-enter credentials. - Manually: delete
~/.slo/global/authentication.json. Slo will prompt you to authenticate on the next launch.
There is no slo auth CLI command — re-authentication is handled entirely inside the TUI via /auth.