Poll a device-code for approval
Alpha
POST
https://api.voxrouter.ai/v1/auth/pollExchange a `device_code` for a `vr_session_*` session token if the user has approved it in the browser. RFC 8628 vocabulary: - `200` with `session_token` — approved, store and use it. - `400 authorization_pending` — keep polling at `interval` seconds. - `404 invalid_device_code` — code never existed. - `410 expired_token` — code expired; restart the flow. Sessions issued here have a 90-day TTL and are revocable via `voxrouter logout`. Tokens identify the user that approved.
bash
curl -X POST https://api.voxrouter.ai/v1/auth/poll \
-H "Authorization: Bearer $VOXROUTER_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"device_code": "string"
}'Headers
AuthorizationstringRequiredBearer token. Send as
Authorization: Bearer pk_....Content-TypestringRequiredMust be
application/json.Body
device_codestringRequiredThe `device_code` from the matching `/v1/auth/device-code`
response.
Response
Session token issued.
json
{
"session_token": "string",
"expires_at": "string",
"user_id": "string"
}session_tokenstringRequiredCLI session token. Use as `Authorization: Bearer <token>`. Format
is `vr_session_*`. Persists across CLI invocations — store in
`~/.voxrouter/config.json` with `chmod 600`.
expires_atstring<date-time>RequiredISO-8601 timestamp at which the session token expires (90 days).
user_idstringRequiredStable identifier of the user that approved the device code.
Errors
Non-2xx responses return a JSON body with a machine-readable error code and an optional details string.
| Status | Meaning |
|---|---|
| 400 | Either `invalid_body` (malformed JSON) or `authorization_pending` (RFC 8628 — keep polling). |
| 404 | Device code is unknown. |
| 410 | Device code expired before approval. |