Skip to main content
POST
/
v0
/
cli
/
device-codes
Start a CLI sign-in
curl --request POST \
  --url https://api.sumvin.com/v0/cli/device-codes \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_name": "Sumvin CLI on my-laptop"
}
'
{
  "_links": {
    "approval": {
      "href": "/v0/cli/device-codes/x3k9...redacted...q7/approval",
      "method": "POST"
    },
    "poll": {
      "href": "/v0/cli/device-codes/x3k9...redacted...q7"
    },
    "self": {
      "href": "/v0/cli/device-codes/x3k9...redacted...q7"
    }
  },
  "device_code": "x3k9...redacted...q7",
  "expires_in": 600,
  "interval": 5,
  "user_code": "ABCD-EFGH",
  "verification_uri": "https://app.sumvin.com/cli/authorize",
  "verification_uri_complete": "https://app.sumvin.com/cli/authorize?device_code=x3k9...&user_code=ABCD-EFGH"
}

Headers

X-Timestamp-Format
string

Controls how timestamp fields are serialized in JSON response bodies.

Default (header omitted or any other value): epoch milliseconds as integers. iso8601: UTC ISO 8601 strings of the form YYYY-MM-DDTHH:MM:SSZ.

Example: with X-Timestamp-Format: iso8601, the field value 1704067200000 becomes "2024-01-01T00:00:00Z".

Affected fields (recursively, in dicts and arrays): any field whose name ends in _at, plus the literal field names timestamp, period_start, and period_end. All other fields are passed through unchanged.

Only iso8601 is recognized. Any other value (or omitting the header) yields the default epoch-ms representation; the server does not reject unknown values, so this is documented as an example rather than an enum to keep generated clients permissive.

Example:

"iso8601"

Body

application/json

Body for POST /v0/cli/device-codes.

Both fields are optional, so the body itself is optional — a bare POST starts a sign-in with no client label.

client_name
string | null

Optional human-readable label for the device requesting sign-in.

Maximum string length: 255

Response

Sign-in started

Response to starting a CLI sign-in.

Carries the device code (the CLI's bearer secret for polling and exchange), the short user code the human confirms in the browser, the verification URL, and the polling parameters.

_links
Links · object
required

HAL-style hypermedia links for navigation and available actions.

device_code
string
required

Bearer secret the CLI uses to poll status and exchange for a token.

user_code
string
required

Short code the user confirms in the browser to approve.

verification_uri
string
required

Browser URL where the user approves the sign-in.

verification_uri_complete
string
required

Verification URL pre-filled with the device and user codes for convenience.

expires_in
integer
required

Seconds until the device code expires.

interval
integer
required

Minimum seconds the CLI should wait between status polls.