> ## Documentation Index
> Fetch the complete documentation index at: https://lava.so/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Exchange CLI auth code

> Exchange a one-time authorization code for wallet and secret key credentials. The code is generated when a user authorizes CLI access through the browser. Codes expire after 60 seconds and can only be used once.



## OpenAPI

````yaml /openapi.json post /auth/callback
openapi: 3.0.0
info:
  title: Lava API
  description: >-
    Lava API enables businesses to implement usage-based billing for AI
    services. This API allows tracking, managing, and billing for third-party AI
    API usage through a forwarding system.
  version: 1.0.0
  contact:
    name: Lava support
    url: https://www.lava.so/contact
servers:
  - url: https://api.lava.so/v1/
    description: Lava API v1
security: []
tags:
  - name: Authentication
  - name: Core Endpoints
  - name: Models
  - name: Services
  - name: Requests
  - name: Wallet
  - name: Payment Methods
  - name: Spend Keys
  - name: Usage
  - name: Checkout Sessions
  - name: Customers
  - name: Plans
  - name: Subscriptions
  - name: Meters
  - name: Webhooks
  - name: Secret Keys
  - name: Credit Bundles
  - name: Gateway Settings
  - name: Skills
  - name: News Data
  - name: Search
  - name: Enrich
paths:
  /auth/callback:
    post:
      tags:
        - Authentication
      summary: Exchange CLI auth code
      description: >-
        Exchange a one-time authorization code for wallet and secret key
        credentials. The code is generated when a user authorizes CLI access
        through the browser. Codes expire after 60 seconds and can only be used
        once.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CliAuthCallbackRequest'
      responses:
        '200':
          description: Authorization successful. Returns secret key credentials.
          headers:
            Cache-Control:
              schema:
                type: string
                example: no-store
              description: Response is never cached
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CliAuthCallbackResponse'
        '400':
          description: Invalid or expired authorization code
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security: []
components:
  schemas:
    CliAuthCallbackRequest:
      type: object
      properties:
        code:
          type: string
          description: One-time authorization code received from the browser callback
      required:
        - code
    CliAuthCallbackResponse:
      type: object
      properties:
        wallet_id:
          type: string
          description: Wallet ID associated with the key
        secret_key_id:
          type: string
          description: Unique identifier for the created secret key
        secret_key:
          type: string
          description: Full secret key value (lava_sk_*). Store securely.
        merchant_id:
          type: string
          description: Merchant ID associated with the keys
      required:
        - wallet_id
        - secret_key_id
        - secret_key
        - merchant_id
    Error:
      type: object
      properties:
        error:
          type: object
          properties:
            message:
              type: string
              description: Human-readable error message describing what went wrong
              example: Invalid authentication credentials
            code:
              type: string
              description: Machine-readable error code describing what went wrong
              example: forward_token_json_invalid
            status:
              type: integer
              description: HTTP status code of the error
              example: 400
            issues:
              type: array
              items:
                type: object
                properties:
                  path:
                    type: array
                    items:
                      type: string
                    description: Path to the field that caused the validation error
                  message:
                    type: string
                    description: Error message describing the validation issue
                required:
                  - path
                  - message
              description: >-
                Optional array of specific validation issues with their paths
                and messages
              example:
                - path:
                    - model
                  message: 'Missing required field: model'
                - path:
                    - messages
                    - '0'
                    - content
                  message: Invalid message content format
          required:
            - message
            - code
            - status
      required:
        - error

````