Device keys are returned from POST /children/{childID}/devices and should be stored securely in the iOS Keychain. They provide access only to the device-specific endpoints:
GET /device/policy -- Fetch compiled policy for this device
POST /device/report -- Submit activity reports
POST /device/ack -- Acknowledge policy version
Scopes Reference
API keys and tokens are scoped to control access. The following scopes are available:
Scope
Description
families:read
List and view family details
families:write
Create, update, and delete families
children:read
List and view children and their policies
children:write
Create, update, and delete children
policies:read
View policies and rules
policies:write
Create, update, delete policies and rules
enforcement:read
View enforcement jobs and results
enforcement:write
Trigger enforcement and retry jobs
compliance:read
View platform connections
compliance:write
Connect and disconnect platforms
webhooks:manage
Create, update, delete, and test webhooks
Error Responses
All authentication failures return 401 Unauthorized:
json
{ "error": "unauthorized", "message": "Invalid or expired access token"}
Insufficient permissions return 403 Forbidden:
json
{ "error": "forbidden", "message": "API key does not have the required scope: enforcement:write"}