Installation of the Command-Line Client

RAW includes a command-line client (CLI) that allows the execution of queries and other operations on a RAW server from the shell.


  • Python 3 (Python 3.5 or later). If running on a Windows machine without administrator privileges, consider using Anaconda.

  • pip (if not already installed, Anaconda comes with pip.)

  • RAW Python API: refer to the Installation of the Python API


Please go to the RAW frontend downloads web page by clicking: Settings >> Install.

there click on the download link for your corresponding operative system (Windows, Linux or MacOS).

To install open a terminal where you downloaded the file and run the following command:

$ pip3 install <downloaded file> --user

For usage instructions, run rawcli --help.

Alternatively, it is possible to use virtualenv to install the client in an isolated environment, e.g:

$ virtualenv rawcli
$ source rawcli/bin/activate
$ pip3 install <downloaded file>


The rawcli tool will look for a configuration called raw.ini in the following locations in order:

  1. Environment variable: RAW_CLIENT_CONFIG_FILE

  2. <current directory>/raw.ini

  3. <user home directory>/.raw.ini

Alternatively, it is possible to specify a configuration file by using the -c option.

$ rawcli -c <config> ...

The following is an example of a simple configuration, where the RAW server is running on localhost in unsafe mode:

executor_url = http://localhost:54321
creds_url = http://localhost:54322
auth = basic
disable_tls_cert_verification = false

access_token = token

If using a TLS connection (e.g., when the connection between the client and the RAW services is proxied using TLS), it is possible to disable verification of the TLS certificate by setting disable_tls_cert_verification to true. This is useful in cases where the system is using self-signed certificates or certificates that were issued with a different name than the endpoint used to access the RAW servers.

If RAW is using Auth0 for user management and authentication, use the following configuration (the missing values will be provided).

executor_url = <EXECUTOR-ADDRESS>
auth = auth0

domain =
audience =

auth_type = client_credentials
client_id = <AUTH0 CLIENT ID>
client_secret = <AUTH0 CLIENT SECRET>


Before calling the RAW, the RAW clients needs to obtain a valid OAuth access token. The access token is obtained directly from the Authentication Provider (e.g. Auth0) and then stored locally in disk. This token will then be used by the ARW client to authenticate the user with RAW.

There are two ways to obtain the access token: interactive and non-interactive login. The following sections describe each mechanism. You can obtain ready-to-use configuration files for either of the authentication mechanisms by going to the Frontend -> Settings -> Authentication page.

Interactive login

This should be preferred when the client is running on a machine with a browser.

The user must first run rawcli login to launch a browser and authenticate directly with the OAuth2 provider (using the Authorization Code OAuth2 flow). The OAuth2 provider will respond with an access token with a limited validity (e.g. 24h). Once the validity is expired, the user can run rawcli login again to obtain a new token.

Here is an example of a Python client configuration file set to use interactive login:

provider = auth0
domain =
audience =
grant_type = authorization_code
client_id = <AUTH0 CLIENT ID>
client_secret = <AUTH0 CLIENT SECRET>

Non-Interactive login

This configuration is for services that use RAW non-interactively. It uses the client credentials authentication flow of OAuth2.

Contrary to the configuration for interactive clients, this process does not require any intervention from the user (namely, no browser-based authentication) so it is suitable for batch jobs.

provider = auth0
domain =
audience =
grant_type = client_credentials
client_id = <AUTH0 CLIENT ID>
client_secret = <AUTH0 CLIENT SECRET>


To following commands can be used to test the installation:

  • rawcli -c raw.ini version handled by the RAW Executor.

  • rawcli -c raw.ini rdmbs-list handled by the RAW Creds.

For further instructions, refer to Using the Command-Line Client.