Skip to main content
POST
/
v1
/
auth
/
device
/
token
curl -X POST https://api.v2.dealmachine.com/v1/auth/device/token \
  -H "Content-Type: application/json" \
  -d '{
    "device_code": "a1b2c3d4e5f6...",
    "client_id": "dealmachine-next-cli"
  }'

{
  "api_key": "dm_sk_live_VMgXKyJQ7qTt9SHpoDYgHOXo...",
  "key_id": "key_abc123def456",
  "organization": {
    "id": 1,
    "name": "My Company",
    "slug": "my-company"
  }
}
Poll for the result of a device authorization. Call this endpoint repeatedly (respecting the interval) until the user approves, denies, or the code expires. No authentication required. This is a public endpoint. 
curl -X POST https://api.v2.dealmachine.com/v1/auth/device/token \
  -H "Content-Type: application/json" \
  -d '{
    "device_code": "a1b2c3d4e5f6...",
    "client_id": "dealmachine-next-cli"
  }'

{
  "api_key": "dm_sk_live_VMgXKyJQ7qTt9SHpoDYgHOXo...",
  "key_id": "key_abc123def456",
  "organization": {
    "id": 1,
    "name": "My Company",
    "slug": "my-company"
  }
}

Request Body

FieldTypeRequiredDescription
device_codestringYesDevice code from /auth/device/code response
client_idstringYesMust match the original request’s client_id

Polling Behavior

Response CodeMeaningAction
authorization_pendingUser hasn’t acted yetWait interval seconds and retry
slow_downPolling too fastIncrease interval by 5 seconds
access_deniedUser deniedStop polling, show error
expired_tokenCode expiredStop polling, start new flow
The API key is returned only once. After the first successful poll, the raw key is cleared from the server. If you lose it, the user must re-authorize.

Success Response Fields

FieldTypeDescription
api_keystringThe API key (dm_sk_live_xxx)
key_idstringKey identifier for management
organization.idnumberOrganization ID
organization.namestringOrganization name
organization.slugstringOrganization URL slug