Documentation

CLI

Install and use the OrbitKit CLI to manage apps, privacy policies, deploys, and more from the terminal.

The OrbitKit CLI wraps the REST API for use in terminals and CI/CD pipelines. It uses API key authentication via environment variables — no credentials are stored on disk.

npm install -g @orbitkit-io/cli

Requires Node.js 22 or later.

Quick start

# Set your API key (get one from the dashboard → Settings → API Keys)
export ORBITKIT_API_KEY=ok_...

# Verify your key works
orbitkit whoami

# Set a default app ID (optional — avoids passing it to every command)
export ORBITKIT_APP_ID=your-app-id

# Deploy your site
orbitkit deploy

Environment variables

Variable Required Description
ORBITKIT_API_KEY Yes API key (ok_...) from the dashboard
ORBITKIT_APP_ID No Default app ID when [appId] is omitted
ORBITKIT_API_ENDPOINT No API base URL (default: https://api.orbitkit.io)
NO_COLOR No Disable colored output (no-color.org)

Global options

Option Description
--json Output as JSON (for scripting and piping to jq)
--debug Enable debug output (HTTP requests, response codes)
-V, --version Print version
-h, --help Display help

Commands

Account

orbitkit whoami

Display the authenticated user’s email, name, app count, and subscription status. Useful for verifying your API key is valid.

App management

# List all apps
orbitkit apps list

# Create a new app
orbitkit apps create "My Weather App"

# Delete an app (prompts for confirmation)
orbitkit apps delete <appId>

Deploy

# Deploy site to production
orbitkit deploy [appId]

# Show deploy history
orbitkit deploy-history [appId]

Deploy renders all configured pages (privacy policy, support, deletion, privacy labels, TestFlight, AASA) and publishes them. Requires an active subscription.

Privacy policy

# Print current policy data
orbitkit policy get [appId]

# Upload policy from a JSON file
orbitkit policy set [appId] policy.json

The JSON file should match the OrbitKit policy schema.

Site configuration

# Print site config
orbitkit site get [appId]

# Update name, description, or slug
orbitkit site update [appId] --name "New Name" --slug "new-slug"

# Upload app icon (PNG or JPEG, max 2 MB)
orbitkit site icon [appId] icon.png

Custom domains

# Configure a custom domain
orbitkit site domain set [appId] privacy.myapp.com

# Check DNS/SSL status
orbitkit site domain status [appId]

# Remove custom domain
orbitkit site domain remove [appId]

After setting a domain, configure a CNAME record at your DNS provider:

privacy.myapp.com → sites.orbitkit.io

Support page

orbitkit support get [appId]
orbitkit support set [appId] support.json

Data deletion page

orbitkit deletion get [appId]
orbitkit deletion set [appId] deletion.json

AASA (Apple App Site Association)

orbitkit aasa get [appId]
orbitkit aasa set [appId] aasa.json

Configures Universal Links, App Clips, Passkeys, and Handoff.

Smart App Banner

orbitkit banner get [appId]
orbitkit banner set [appId] banner.json

Well-known files

orbitkit well-known upload [appId] apple-developer-merchantid-domain-association

Uploads Apple verification files for Sign in with Apple, Apple Pay, or Apple Wallet. The file name is auto-detected from the path.

TestFlight page

orbitkit testflight get [appId]
orbitkit testflight set [appId] testflight.json

Example testflight.json:

{
  "enabled": true,
  "testFlightUrl": "https://testflight.apple.com/join/AbCdEf",
  "feedbackEmail": "beta@myapp.com",
  "betaDescription": "Test the new photo filters",
  "requirements": "iOS 17.0+, iPhone only"
}

JSON output

All commands support --json for scripting:

# Get an app ID
orbitkit --json apps list | jq '.[0].appId'

# Get the deployed URL
SITE_URL=$(orbitkit --json deploy | jq -r '.url')

CI/CD usage

The CLI works in any CI/CD environment that has Node.js 22+. No installation step is required — use npx to run it directly:

env:
  ORBITKIT_API_KEY: $
  ORBITKIT_APP_ID: $

steps:
  - run: npx @orbitkit-io/cli policy set privacy-policy.json
  - run: npx @orbitkit-io/cli deploy

For simpler deploy-only workflows, use the OrbitKit Deploy GitHub Action instead. To manage OrbitKit from AI tools like Claude or Cursor, use the MCP Server.

Xcode build phase script

The CLI includes a script that validates your AASA configuration against your Xcode project’s entitlements at build time.

Setup

  1. In Xcode, go to your target’s Build Phases
  2. Click +New Run Script Phase
  3. Set the script to:
if command -v npx &>/dev/null; then
  npx @orbitkit-io/cli validate-aasa 2>&1
fi

Or use the standalone script included with the CLI:

"${SRCROOT}/scripts/validate-aasa.sh"
  1. Add ORBITKIT_API_KEY and ORBITKIT_APP_ID to your Xcode build settings or scheme environment variables

What it checks

The script reads your app’s .entitlements file and compares the com.apple.developer.associated-domains entries against your OrbitKit AASA configuration. It reports warnings in the Xcode Issue Navigator if:

  • Your entitlements include applinks: but your AASA doesn’t have a matching Universal Links app ID
  • Your entitlements include webcredentials: but your AASA doesn’t have a matching Passkeys app ID
  • Your entitlements include appclips: but no App Clip IDs are configured

This catches AASA mismatches at build time rather than discovering them when Universal Links fail in production.

Exit codes

Code Meaning
0 Success
1 General error (server error, network failure)
2 Validation error (invalid input, missing argument, bad file)
3 Authentication error (missing or invalid API key)
130 Interrupted (Ctrl+C)

Security

  • No stored credentials — authentication is via the ORBITKIT_API_KEY environment variable only
  • Key masking — the API key is never printed in full (displayed as ok_BRTRKF...XXHCG)
  • Secret scanning — the ok_ prefix enables GitHub secret scanning auto-detection

Man page

A comprehensive man page is included. After global installation:

man orbitkit