Approve a pending device-authorization grant
Requires Firebase JWT (`[Authorize]`) — only a signed-in user can mint an API key for themselves via this path. Addressed by the short userCode the browser carried; the secret device code never reaches the dashboard. The route's `{tenant}` segment is enforced by `TenantMiddleware`: the signed-in user must have access to it.
Authorization
Bearer JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
The short user code from the URL the client opened.
The tenant identifier
Required echo of the preset the approval page displayed. Cross-checked against the preset the client requested at create time — a missing or different echo 400s; the minted key's scopes come from the stored request, never from this body.
REQUIRED echo of the preset the approval page displayed — one of
observer, operator, developer, maintainer,
admin. The minted key's scopes come from the preset the client
requested at create time (stored on the grant); this echo is
cross-checked against it and any mismatch — including a missing
echo — 400s, so the user can't approve an access level they weren't
shown.
Response Body
curl -X POST "https://api.fruxon.com/v1/tenants/string/deviceAuthorizations/string:approve" \ -H "Content-Type: application/json" \ -d '{}'{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}