Permissions and Security Settings
Security settings define what an API client is allowed to do.
Permissions
| Permission | Type | Purpose |
|---|---|---|
device:read | Read-only | List devices, get device detail, list device type definitions, and get command results |
device:control | Command write | Includes all device:read query permissions and allows operation commands to be sent to devices |
device:config | Config write | Includes all device:read query permissions and allows device configuration to be changed |
device:manage | Management | Includes all device:read query permissions and allows devices to be added, removed, and have their passwords changed |
Use the minimum permissions required by the integration.
For example:
| Integration Type | Recommended Permissions |
|---|---|
| Monitoring or inventory sync | device:read |
| Device operation integration | device:control |
| Device configuration integration | device:config |
| Device management integration | device:manage |
| Full control integration | device:control, device:config |
Access Boundaries
- All endpoints can only access devices that belong to your account
device:manageenables device ownership management through the REST API — adding devices, removing devices, and changing device passwords- If a client has valid authentication but lacks the required permission, REST APIs return
403 AUTH_SCOPE_DENIED - If authentication is missing, invalid, or expired, REST APIs return
401