explicitly trust/untrust one of a user's devices (Item 19). A trusted device suppresses risk-based step-up for that fingerprint. Emits `device.trust_changed`. Requires `users:write`.
PATCH
Secret API key operationId: set_device_trust/v1/users/{id}/devices/{device_id} Authorization
Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.
Path parameters
idstring<uuid> requiredUser id
device_idstring<uuid> requiredDevice id
Request body · required
trustedboolean required
Responses
200 Updated device
{
"data": {
"first_seen_at": "2026-01-15T09:30:00Z",
"id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
"label": "string",
"last_country": "string",
"last_ip": "string",
"last_seen_at": "2026-01-15T09:30:00Z",
"trusted": false
},
"error": {
"code": "string",
"message": "string"
},
"meta": {
"timestamp": "string"
},
"success": false
} 404 No such device
Request
curl -X PATCH "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/devices/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f" \
-H "Content-Type: application/json" \
-d '{
"trusted": false
}'Try it
live requestPATCH
http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/devices/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f