Ábyrg verslunFyrirtækiAldursskírteiniVefþjónustaAlgengar spurningar
Vefþjónusta

Devices

Read and manage devices registered to your tenant. Devices are either linked through the dashboard wallet flow (origin: "link") or created through this API (origin: "api").

Note: API-created devices are audit devices — they identify a point of sale (POS terminal, till, kiosk) so that verification transactions can be attributed to it. They do not authenticate on their own; pass the device's id as deviceId in the verification endpoints to attribute transactions to it.

GET/api/v1/devices

List all devices registered to your tenant. Supports filtering, sorting, and pagination.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires devices:read scope

Query Parameters

locationIdstringOptional

Filter devices assigned to a specific location

namestringOptional

Filter by device name (substring match)

originstringOptional

Filter by origin: "link" (wallet-linked) | "api" (API-created)

sortBystringOptional

"name" | "createdAt" | "updatedAt"

sortOrderstringOptional

"asc" | "desc"

limitnumberOptional

Page size. When provided, the response includes nextCursor and hasMore

cursorstringOptional

Pagination cursor from a previous response

Response

{
  "data": [
    {
      "id": "dev_abc123",
      "name": "Store Scanner 1",
      "status": "active",
      "origin": "link",
      "createdAt": "2024-01-15T10:00:00.000Z"
    },
    {
      "id": "dev_def456",
      "name": "POS Till 2",
      "status": "active",
      "origin": "api",
      "externalId": "POS-2",
      "createdAt": "2024-02-01T09:00:00.000Z"
    }
  ]
}
POST/api/v1/devices

Create an api-origin audit device. Use the returned id as deviceId in the verification endpoints to attribute transactions to this device. Bearer auth only — device (DPoP) callers cannot create devices.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires devices:write scope

Content-TypestringRequired

application/json

Request Body

namestringRequired

Display name for the device (1–100 characters)

externalIdstringOptional

Your own identifier for this device (e.g. POS terminal ID). Must be unique within your tenant — a duplicate returns 409 Conflict

locationIdsstring[]Optional

List of location IDs to assign the device to

Examples

cURL

curl -X POST https://abyrgverslun.is/api/v1/devices \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "POS Till 2",
    "externalId": "POS-2",
    "locationIds": ["loc_xyz"]
  }'

Response

// 201 Created
{
  "data": {
    "id": "dev_def456",
    "name": "POS Till 2",
    "status": "active",
    "origin": "api",
    "externalId": "POS-2",
    "locationIds": ["loc_xyz"],
    "createdAt": "2024-02-01T09:00:00.000Z"
  }
}

// 409 Conflict — externalId already in use
{ "error": "A device with this externalId already exists" }
GET/api/v1/devices/:id

Retrieve a single device by ID.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires devices:read scope

Response

{
  "data": {
    "id": "dev_abc123",
    "name": "Store Scanner 1",
    "status": "active",
    "origin": "link",
    "locationIds": ["loc_xyz"],
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}
GET/api/v1/devices/me

Retrieve the calling device's own record. Only available to device (DPoP) callers — service clients get 403.

Headers

AuthorizationstringRequired

DPoP <access_token> — requires devices:read scope

DPoPstringRequired

DPoP proof JWT

Response

{
  "data": {
    "id": "dev_abc123",
    "name": "Store Scanner 1",
    "status": "active",
    "origin": "link",
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}
PATCH/api/v1/devices/:id

Update device properties. All fields are optional.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires devices:write scope

Content-TypestringRequired

application/json

Request Body

namestringOptional

Display name for the device

locationIdstringOptional

Location ID to assign the device to

Response

{
  "data": {
    "id": "dev_abc123",
    "name": "Store Scanner 1",
    "status": "active",
    "origin": "link",
    "locationIds": ["loc_xyz"],
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}
DELETE/api/v1/devices/:id

Delete a device (soft delete). The device no longer appears in lists and can no longer be used for verification attribution.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires devices:write scope

Response

{ "deleted": true }