Reference / Users

explicitly trust/untrust one of a user's devices (Item 19). A trusted device suppresses risk-based step-up for that fingerprint. Emits `device.trust_changed`. Requires `users:write`.

PATCH /v1/users/{id}/devices/{device_id}
Secret API key operationId: set_device_trust

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Path parameters

  • id string<uuid> required

    User id

  • device_id string<uuid> required

    Device id

Request body · required

  • trusted boolean required

Responses

200 Updated device
{
  "data": {
    "first_seen_at": "2026-01-15T09:30:00Z",
    "id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
    "label": "string",
    "last_country": "string",
    "last_ip": "string",
    "last_seen_at": "2026-01-15T09:30:00Z",
    "trusted": false
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
404 No such device

Request

curl -X PATCH "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/devices/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f" \
  -H "Content-Type: application/json" \
  -d '{
  "trusted": false
}'

Try it

live request
PATCH http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/devices/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f

Path parameters

Request body

application/json