Goal
- Explain Bearer token usage for device-related endpoints.
- Share safe handling tips for Bearer tokens.
- Document internal access controls for docs.
Bearer Token Usage
All device endpoints require a Bearer token in the HTTP header:
Authorization: Bearer <token>Applicable to: device create/list/deploy/qr/disconnect/delete and send message.
Good Practices (Bearer Token)
- Store Bearer tokens in secrets manager, not in code or chat.
- Rotate tokens when staff roles change; remove unused tokens.
- Restrict access by role; avoid sharing tokens across tenants/apps.
- Use HTTPS only; never send Bearer tokens over plaintext channels.