Overview Devices are apps and tools that connect directly to your Alfred — like Obsidian on your laptop or a mobile app. Device pairing lets you control which devices have access.
How it works
A device requests to pair
A client app initiates a pairing request with your Alfred.
Review the request
The request appears as “pending” in your dashboard or via the API.
Approve or reject
Approve to grant access, or reject to discard the request.
Device connects
Approved devices receive credentials and can interact with your vault.
Managing devices from the dashboard Go to your Alfred Black dashboard and navigate to the Devices page to:
View pending requests — See devices waiting for approvalApprove or reject — Grant or deny access to each deviceSee paired devices — View all currently connected devicesRemove devices — Revoke access from previously paired devices
Managing devices via the API List all devices See both pending and paired devices:
curl -s /api/v1/devices \ -H "Authorization: Bearer alf_your_key_here" | jq .
Approve a device Approve a pending pairing request:
curl -X POST /api/v1/devices/req_abc123/approve \ -H "Authorization: Bearer alf_your_key_here"
Reject a device curl -X POST /api/v1/devices/req_abc123/reject \ -H "Authorization: Bearer alf_your_key_here"
The request is permanently discarded. The device must initiate a new pairing request.
Remove a paired device curl -X DELETE /api/v1/devices/dev_xyz789 \ -H "Authorization: Bearer alf_your_key_here"
Removing a device is permanent and revokes access immediately. The device must re-pair to regain access.
Rotate device credentials Regenerate credentials for a specific device:
curl -X POST /api/v1/devices/dev_xyz789/rotate \ -H "Authorization: Bearer alf_your_key_here" \ -H "Content-Type: application/json" \ -d '{"role": "user"}'
Rotate credentials periodically (every 90 days) for security.
Revoke device access Immediately revoke a device’s access:
curl -X POST /api/v1/devices/dev_xyz789/revoke \ -H "Authorization: Bearer alf_your_key_here" \ -H "Content-Type: application/json" \ -d '{"role": "user"}'
Clear all pending requests Remove all pending device requests at once:
curl -X POST /api/v1/devices/clear \ -H "Authorization: Bearer alf_your_key_here"
To clear only pending requests (leaving paired devices intact):
curl -X POST /api/v1/devices/clear \ -H "Authorization: Bearer alf_your_key_here" \ -H "Content-Type: application/json" \ -d '{"pending_only": true}'
Endpoint summary Operation Method Path Identifier List GET /api/v1/devices— Approve POST /api/v1/devices/:requestId/approverequestIdReject POST /api/v1/devices/:requestId/rejectrequestIdRemove DELETE /api/v1/devices/:deviceIddeviceIdRotate POST /api/v1/devices/:deviceId/rotatedeviceIdRevoke POST /api/v1/devices/:deviceId/revokedeviceIdClear POST /api/v1/devices/clear—
Security Only approve devices you recognize. If you see an unfamiliar pairing request, reject it immediately.
Review pending requests regularly
Remove devices you no longer use
Rotate credentials if you suspect a device may be compromised
Use the revoke endpoint for immediate access removal in emergencies
Devices API Reference Full device endpoint documentation
