Get started with the command line

Tiger Data supplies a clean, programmatic control layer for Tiger Cloud. This includes REST APIs and CLI commands that enable humans, machines, and AI agents to easily provision, configure, and manage Tiger Cloud services programmatically.

Tiger CLI

Tiger CLI is a command-line interface that you use to manage Tiger Cloud resources including VPCs, services, read replicas, and related infrastructure. Tiger CLI calls Tiger REST API to communicate with Tiger Cloud.

This page shows you how to install and set up secure authentication for Tiger CLI, then create your first service.

Prerequisites for this tutorial

To follow these steps, you'll need:

• A Tiger Cloud account.

Install and configure Tiger CLI

1. Install Tiger CLI

   Use the terminal to install the CLI:

   Debian

   curl -s https://packagecloud.io/install/repositories/timescale/tiger-cli/script.deb.sh | sudo os=any dist=any bash
   sudo apt-get install tiger-cli

   Ubuntu

   curl -s https://packagecloud.io/install/repositories/timescale/tiger-cli/script.deb.sh | sudo os=any dist=any bash
   sudo apt-get install tiger-cli

   Red Hat

   curl -s https://packagecloud.io/install/repositories/timescale/tiger-cli/script.rpm.sh | sudo os=rpm_any dist=rpm_any bash
   sudo yum install tiger-cli

   Fedora

   curl -s https://packagecloud.io/install/repositories/timescale/tiger-cli/script.rpm.sh | sudo os=rpm_any dist=rpm_any bash
   sudo yum install tiger-cli

   MacOS

   brew install --cask timescale/tap/tiger-cli

   Windows PowerShell

   irm https://cli.tigerdata.com/install.ps1 | iex

   x-platform

   curl -fsSL https://cli.tigerdata.com | sh

2. Set up API credentials

   1. Log Tiger CLI into your Tiger Cloud account:

      tiger auth login

      Tiger CLI opens Console in your browser. Log in, then click Authorize. You can have a maximum of 10 active client credentials. If you get an error, open credentials and delete an unused credential.

   2. Select a Tiger Cloud project:

      Auth URL is: https://console.cloud.tigerdata.com/oauth/authorize?client_id=lotsOfURLstuff
      Opening browser for authentication...
      Select a project:
      
      > 1. Tiger Project (tgrproject)
      2. YourCompany (Company wide project) (cpnproject)
      3. YourCompany Department (dptproject)
      
      Use ↑/↓ arrows or number keys to navigate, enter to select, q to quit

      If only one project is associated with your account, this step is not shown. Where possible, Tiger CLI stores your authentication information in the system keychain/credential manager. If that fails, the credentials are stored in ~/.config/tiger/credentials with restricted file permissions (600). By default, Tiger CLI stores your configuration in ~/.config/tiger/config.yaml.

3. Test your authenticated connection to Tiger Cloud by listing services

   tiger service list

   This call returns something like:

   • No services:

     🏜️  No services found! Your project is looking a bit empty.
     🚀 Ready to get started? Create your first service with: tiger service create

   • One or more services:

     ┌────────────┬─────────────────────┬────────┬─────────────┬──────────────┬──────────────────┐
     │ SERVICE ID │        NAME         │ STATUS │    TYPE     │    REGION    │     CREATED      │
     ├────────────┼─────────────────────┼────────┼─────────────┼──────────────┼──────────────────┤
     │ tgrservice │ tiger-agent-service │ READY  │ TIMESCALEDB │ eu-central-1 │ 2025-09-25 16:09 │
     └────────────┴─────────────────────┴────────┴─────────────┴──────────────┴──────────────────┘

Create your first Tiger Cloud service

Create a new Tiger Cloud service using Tiger CLI:

1. Submit a service creation request

   By default, Tiger CLI creates a service with 0.5 CPU and 2 GB memory with the time-series capability

   tiger service create

   To control the service configuration, use the service create flags. For example, to create a free service, call tiger service create --memory shared --cpu shared.

   Note

   Free services are currently in beta.

   Free services with shared CPU/memory are only available in the us-east-1 region. Standard services can be created in any available AWS or Azure region using the --region flag.

   Tiger Cloud creates a Development environment for you. That is, no delete protection, high-availability, spooling or read replication. You see something like:

    🚀 Creating service 'db-11111' (auto-generated name)...
    ✅ Service creation request accepted!
    📋 Service ID: tgrservice
    🔐 Password saved to system keyring for automatic authentication
    🎯 Set service 'tgrservice' as default service.
    ⏳ Waiting for service to be ready (wait timeout: 30m0s)...
    🎉 Service is ready and running!
   🔌 Run 'tiger db connect' to connect to your new service
   ┌───────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────┐
   │     PROPERTY      │                                              VALUE                                               │
   ├───────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────┤
   │ Service ID        │ tgrservice                                                                                       │
   │ Name              │ db-11111                                                                                         │
   │ Status            │ READY                                                                                            │
   │ Type              │ TIMESCALEDB                                                                                      │
   │ Region            │ us-east-1                                                                                        │
   │ CPU               │ 0.5 cores (500m)                                                                                 │
   │ Memory            │ 2 GB                                                                                             │
   │ Direct Endpoint   │ tgrservice.tgrproject.tsdb.cloud.timescale.com:39004                                             │
   │ Created           │ 2025-10-20 20:33:46 UTC                                                                          │
   │ Connection String │ postgresql://tsdbadmin@tgrservice.tgrproject.tsdb.cloud.timescale.com:0007/tsdb?sslmode=require │
   │ Console URL       │ https://console.cloud.tigerdata.com/dashboard/services/tgrservice                                │
   └───────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────┘

   This service is set as default by the CLI.

2. Check the CLI configuration

   tiger config show

   You see something like:

   api_url:     https://console.cloud.tigerdata.com/public/api/v1
   console_url: https://console.cloud.tigerdata.com
   gateway_url: https://console.cloud.tigerdata.com/api
   docs_mcp:       true
   docs_mcp_url:   https://mcp.tigerdata.com/docs
   project_id:  tgrproject
   service_id:  tgrservice
   output:      table
   analytics:   true
   password_storage: keyring
   debug:       false
   config_dir:  /Users/<username>/.config/tiger

And that is it, you are ready to use Tiger CLI to manage your services in Tiger Cloud.

For the full list of commands, configuration parameters, and global flags, see the Tiger CLI reference.

Tiger REST API

Tiger REST API is a comprehensive RESTful API you use to manage Tiger Cloud resources including VPCs, services, and read replicas.

This page shows you how to set up secure authentication for the Tiger REST API and create your first service.

Prerequisites for this tutorial

To follow these steps, you'll need:

• A Tiger Cloud account.

• curl installed.

Configure secure authentication

Tiger REST API uses HTTP Basic Authentication with access keys and secret keys. All API requests must include proper authentication headers.

1. Set up API credentials

   1. In Tiger Console copy your project ID and store it securely using an environment variable:

      export TIGERDATA_PROJECT_ID="your-project-id"

   2. In Tiger Console create your client credentials and store them securely using environment variables:

      export TIGERDATA_ACCESS_KEY="Public key"
      export TIGERDATA_SECRET_KEY="Secret key"

2. Configure the API endpoint

   Set the base URL in your environment:

   export API_BASE_URL="https://console.cloud.tigerdata.com/public/api/v1"

3. Test your authenticated connection to Tiger REST API by listing the services in the current Tiger Cloud project

    curl -X GET "${API_BASE_URL}/projects/${TIGERDATA_PROJECT_ID}/services" \
      -u "${TIGERDATA_ACCESS_KEY}:${TIGERDATA_SECRET_KEY}" \
      -H "Content-Type: application/json"

   This call returns something like:

   • No services:

     []%

   • One or more services:

     [{"service_id":"tgrservice","project_id":"tgrproject","name":"tiger-eon",
     "region_code":"us-east-1","service_type":"TIMESCALEDB",
     "created":"2025-10-20T12:21:28.216172Z","paused":false,"status":"READY",
     "resources":[{"id":"104977","spec":{"cpu_millis":500,"memory_gbs":2,"volume_type":""}}],
     "metadata":{"environment":"DEV"},
     "endpoint":{"host":"tgrservice.tgrproject.tsdb.cloud.timescale.com","port":11111}}]

Create your first Tiger Cloud service

Create a new service using the Tiger REST API:

1. Create a service using the POST endpoint

   curl -X POST "${API_BASE_URL}/projects/${TIGERDATA_PROJECT_ID}/services" \
     -u "${TIGERDATA_ACCESS_KEY}:${TIGERDATA_SECRET_KEY}" \
     -H "Content-Type: application/json" \
     -d '{
        "name": "my-first-service",
        "addons": ["time-series"],
        "region_code": "us-east-1",
        "replica_count": 1,
        "cpu_millis": "1000",
        "memory_gbs": "4"
        }'

   Tiger Cloud creates a Development environment for you. That is, no delete protection, high-availability, spooling or read replication. You see something like:

    {"service_id":"tgrservice","project_id":"tgrproject","name":"my-first-service",
    "region_code":"us-east-1","service_type":"TIMESCALEDB",
    "created":"2025-10-20T22:29:33.052075713Z","paused":false,"status":"QUEUED",
    "resources":[{"id":"105120","spec":{"cpu_millis":1000,"memory_gbs":4,"volume_type":""}}],
    "metadata":{"environment":"PROD"},
    "endpoint":{"host":"tgrservice.tgrproject.tsdb.cloud.timescale.com","port":00001},
    "initial_password":"notTellingYou",
    "ha_replicas":{"sync_replica_count":0,"replica_count":1}}

2. Save service_id from the response to a variable:

   # Extract service_id from the JSON response
   export SERVICE_ID="service_id-from-response"

3. Check the configuration for the service

    curl -X GET "${API_BASE_URL}/projects/${TIGERDATA_PROJECT_ID}/services/${SERVICE_ID}" \
      -u "${TIGERDATA_ACCESS_KEY}:${TIGERDATA_SECRET_KEY}" \
      -H "Content-Type: application/json"

   You see something like:

    {"service_id":"tgrservice","project_id":"tgrproject","name":"my-first-service",
    "region_code":"us-east-1","service_type":"TIMESCALEDB",
    "created":"2025-10-20T22:29:33.052075Z","paused":false,"status":"READY",
    "resources":[{"id":"105120","spec":{"cpu_millis":1000,"memory_gbs":4,"volume_type":""}}],
    "metadata":{"environment":"DEV"},
    "endpoint":{"host":"tgrservice.tgrproject.tsdb.cloud.timescale.com","port":11111},
    "ha_replicas":{"sync_replica_count":0,"replica_count":1}}

And that is it, you are ready to use the Tiger REST API to manage your services in Tiger Cloud.

Security best practices

Follow these security guidelines when working with the Tiger REST API:

• Credential management

  • Store API credentials as environment variables, not in code
  • Use credential rotation policies for production environments
  • Never commit credentials to version control systems

• Network security

  • Use HTTPS endpoints exclusively for API communication
  • Implement proper certificate validation in your HTTP clients

• Data protection

  • Use secure storage for service connection strings and passwords
  • Implement proper backup and recovery procedures for created services
  • Follow data residency requirements for your region