Devices API
Manage authorized devices for CLI and desktop applications.
Endpoints#
| Method | Endpoint | Description |
|---|---|---|
GET | /devices | List authorized devices |
GET | /devices/:id | Get device details |
DELETE | /devices/:id | Revoke device authorization |
POST | /devices/authorize | Start device authorization |
POST | /devices/token | Exchange device code for token |
Device Object#
Loading code block...
List Devices#
Loading code block...
Query Parameters#
| Parameter | Type | Description |
|---|---|---|
type | string | Filter by type: cli, desktop, other |
active | boolean | Only active devices (last 30 days) |
Example Request#
Loading code block...
Response#
Loading code block...
Get Device#
Loading code block...
Example Request#
Loading code block...
Response#
Loading code block...
Revoke Device#
Loading code block...
Example Request#
Loading code block...
Response#
Loading code block...
Note: Revoking a device invalidates all tokens issued to that device.
Start Device Authorization#
Loading code block...
This initiates the device authorization flow for CLI tools.
Request Body#
| Field | Type | Required | Description |
|---|---|---|---|
clientId | string | Yes | Application identifier |
scope | string | No | Requested permission scopes |
deviceInfo | object | No | Device metadata |
Example Request#
Loading code block...
Response#
Loading code block...
Exchange Device Code#
Loading code block...
Poll this endpoint to exchange the device code for an access token.
Request Body#
| Field | Type | Required | Description |
|---|---|---|---|
clientId | string | Yes | Application identifier |
deviceCode | string | Yes | Device code from authorize |
grantType | string | Yes | Must be urn:ietf:params:oauth:grant-type:device_code |
Example Request#
Loading code block...
Pending Response#
Loading code block...
Success Response#
Loading code block...
Rename Device#
Loading code block...
Request Body#
Loading code block...
Response#
Returns the updated device object.
Device Limits by Plan#
| Plan | Max Devices |
|---|---|
| Free | 2 |
| Pro | 5 |
| Team | 20 per user |
| Enterprise | Unlimited |
Activity Tracking#
Each device tracks:
- Sessions: Number of CLI sessions
- Commands: Most used commands
- Projects: Projects accessed
- Location: Approximate location from IP
View activity:
Loading code block...
Loading code block...
Security#
Suspicious Activity Detection#
Bootspring monitors for:
- Logins from new locations
- Multiple failed authentication attempts
- Unusual access patterns
Automatic Revocation#
Devices may be automatically revoked for:
- 90 days of inactivity
- Security policy violations
- Account suspension
Errors#
| Code | Description |
|---|---|
device_not_found | Device doesn't exist |
device_limit_exceeded | Maximum devices reached |
authorization_pending | User hasn't authorized yet |
expired_token | Device code expired |
access_denied | User denied authorization |
slow_down | Polling too frequently |