Skip to content

eliahq/elia-cli

BranchesTags

Repository files navigation

Elia CLI

Official command-line interface for Elia Pay.

A terminal UI for managing cards, transactions, and accounts. Supports both sandbox (free, simulator-driven) and live environments.

Install

npm install -g @eliahq/cli
# or
bun add -g @eliahq/cli

Or run without installing:

npx @eliahq/cli
# or
bunx @eliahq/cli

Requires Node.js 20+ at runtime (the binary uses #!/usr/bin/env node).

Quick start

elia

The CLI opens a browser window for OAuth login, then drops you into a TUI. Use tab to switch between sandbox and live, s to switch accounts, ? for help, q to quit.

Features

  • Cards — list, view details, create virtual / virtual+physical / single-use cards, suspend, resume, cancel, view PIN.
  • Transactions — list with cursor pagination; in sandbox, simulate authorizations, batch transactions, refunds.
  • Accounts — view details, list members; in sandbox, simulate SEPA funding.
  • Physical card lifecycle (sandbox only) — simulate reception, activation, PIN view.

Simulator features are sandbox-only and hidden from the live menu.

Authentication

The CLI uses OAuth 2.0 Authorization Code with PKCE. Tokens are stored in your OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service).

If your platform's keychain is unavailable, the CLI falls back to a file at ~/.elia/credentials-{env}.json (mode 0600). To force file storage, set ELIA_USE_FILE_STORAGE=1.

Logout (L) revokes the refresh token server-side and clears local credentials.

Environments

Environment API host Auth host
sandbox sandbox.eliapay.com login-sandbox.eliapay.com
live app.eliapay.com login.eliapay.com

tab toggles between them.

Security

  • Tokens stored in the OS keychain when available; file fallback uses 0600 permissions and atomic writes.
  • OAuth flow uses PKCE (S256) and a random state parameter; the local callback server runs on 127.0.0.1:9876 and accepts a single matched-state callback per flow.
  • Concurrent 401s share a single token-refresh; refresh tokens are rotated on every refresh.
  • Simulator endpoints are blocked client-side in live (defense-in-depth on top of server-side enforcement).
  • Network calls have a 30-second timeout.

Report security issues to security@eliapay.com — see SECURITY.md for details.

Development

git clone https://github.com/eliahq/elia-cli.git
cd elia-cli
npm install
npm run dev          # run from source via tsx
npm run build        # bundle to dist/
npm run typecheck    # tsc --noEmit

License

MIT — see LICENSE.

About

Official command-line interface for Elia Pay — manage cards, transactions, and accounts in sandbox and live.

eliapay.com

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages