Okx Cex Auth
Authenticate the OKX trade CLI via OAuth device flow before running portfolio, trade, earn, or bot commands.
Overview
okx-cex-auth is an agent skill for the Build phase that sets up and refreshes OKX CLI OAuth credentials via device flow.
Install
npx skills add https://github.com/okx/agent-skills --skill okx-cex-authWhat is this skill?
- OAuth 2.0 device-flow login for global and EEA OKX sites
- Handles session expiry, 401/auth errors, and re-authentication prompts
- Guides install, update, remove, and status checks for the okx-auth binary
- Pairs with okx-cex-trade, portfolio, earn, and bot skills after first-time auth
- Explicitly excludes unauthenticated market-data use (okx-cex-market)
- Supports global and EEA OKX sites
- Metadata version 1.3.2 with @okx_ai/okx-trade-cli npm install
Adoption & trust: 2.7k installs on skills.sh; 134 GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You want OKX trade or portfolio CLI commands to run but the agent keeps failing with not authenticated, expired session, or missing okx-auth.
Who is it for?
Solo builders who already use or plan to use the OKX npm CLI with agent-driven trading or portfolio automation.
Skip if: Read-only OKX market snapshots without login, or builders who will not install the okx / okx-auth binaries locally.
When should I use this skill?
Login/sign in/connect OKX account, first-time OKX CLI setup, auth binary install/update/remove, or any OKX CLI auth error before trade/portfolio/earn/bot.
What do I get? / Deliverables
After device login or binary install steps, the okx CLI holds a valid session so okx-cex-trade, portfolio, earn, and bot skills can run authenticated calls.
- Authenticated OKX CLI session
- Resolved auth/login status
- Installed or updated okx-auth binary when requested
Recommended Skills
Journey fit
OKX account linking is a build-time integration step that must complete before any authenticated CEX CLI workflows. Credential setup and session refresh are external exchange integrations, not market-data or trading logic itself.
How it compares
Authentication setup skill for the OKX CLI—not a market-data query pack or a strategy bot by itself.
Common Questions / FAQ
Who is okx-cex-auth for?
Indie developers and traders who automate OKX through the official okx CLI inside coding agents and need a repeatable login and re-auth ritual.
When should I use okx-cex-auth?
Use it during Build integrations before the first trade/portfolio command, when login or install/update/remove auth is requested, or when any OKX CLI call returns auth errors; skip for pure market-data queries handled by okx-cex-market.
Is okx-cex-auth safe to install?
It orchestrates real exchange OAuth and local token storage—review the Security Audits panel on this page and only authorize accounts you control.
Workflow Chain
Then invoke: okx cex trade
SKILL.md
READMESKILL.md - Okx Cex Auth
# OKX CEX Authentication OAuth 2.0 device flow authentication for OKX CLI. Guides first-time setup, re-authentication after session expiry, and logout. ## Supported Sites | Site | Region | URL | | -------- | ----------------------- | --------------- | | `global` | Global | `www.okx.com` | | `eea` | EEA | `my.okx.com` | | `us` | US | `app.okx.com` | Site is a separate dimension from auth method. Both API-key and OAuth paths require a site. Once selected, a site is persisted: - **API-key users**: `profile.site` in `~/.okx/config.toml` (written by `okx config init`). - **OAuth users**: saved inside the `okx-auth` binary state the first time `okx auth login --site <X>` succeeds, and returned by `okx auth status --json` as the `site` field. There is **no `okx config set-site` command** — site cannot be persisted independently of an auth attempt. For OAuth flows, the agent must remember the user's choice within the conversation and pass `--site <X>` on `okx auth login`. ## Prerequisites Install `okx` CLI if not already installed: ```bash npm install -g @okx_ai/okx-trade-cli ``` ## Step 0: Pre-flight Check (MANDATORY) **Unconditional rule — do NOT skip Step 0 under any circumstances.** Even if a prior skill (preflight, okx-cex-portfolio, etc.) already ran `auth status` and passed you a conclusion like "user is not_logged_in, go log in" — **you MUST re-run the two commands below yourself and walk Steps 0.1 → 0.2 → 0.3 in order**. Upstream tool output does not substitute for your own pre-flight. The single most common failure mode for this skill is an agent that reads an upstream "not authenticated" signal, skips Step 0.1 site selection, and calls `okx auth login` with a silently-defaulted site. Run both in parallel: ```bash okx config show --json okx auth status --json ``` Then apply the following three checks **in strict order** — each step short-circuits the rest. ### Step 0.1 — Site check (independent of auth mode) A site is considered already selected if **either** is true: - `config show --json` has any profile with a non-empty `site` field, OR - `auth status --json` returns a non-empty `site` field **AND** `status` is `logged_in` or `pending`. > ⚠ When `status` is `not_logged_in`, the `site` field from `auth status --json` is a **default placeholder** (typically `"global"`) that the auth binary emits regardless of user choice — it does NOT mean the user ever picked a site. Treat it as absent. If **neither** condition above holds, site has never been chosen. You MUST ask the user to pick one before any login attempt by echoing the following menu verbatim (Chinese), and wait for their reply: > 您需要选择要连接的 OKX 站点: > 1) Global (www.okx.com) > 2) EEA (my.okx.com) > 3) US (app.okx.com) Map the reply (`1`/`2`/`3` or `global`/`eea`/`us`) to the correspondi