BaihuBaihu
CLI

gateway

HTTP API server with pairing authentication

usage

baihu gateway

starts the webhook/API server. binds to 127.0.0.1:3000 by default.

pairing

on first connect, the gateway prints a 6-digit OTP to the terminal. send it via:

curl -X POST http://localhost:3000/pair \
  -H "X-Pairing-Code: 123456"

response includes a bearer token for all subsequent requests:

curl http://localhost:3000/api/chat \
  -H "Authorization: Bearer bh_..." \
  -H "Content-Type: application/json" \
  -d '{"message": "hello"}'

security

  • binds to localhost only by default
  • refuses 0.0.0.0 unless a tunnel is configured
  • 5 wrong pairing attempts triggers 5-minute lockout
  • constant-time comparison prevents timing attacks
  • bearer tokens use bh_ prefix

configuration

[gateway]
port = 3000
auto_pair = false

On this page