# opensoul devices
Manage device pairing requests and device-scoped tokens.
# Commands
# opensoul devices list
List pending pairing requests and paired devices.
opensoul devices list
opensoul devices list --json# opensoul devices approve <requestId>
Approve a pending device pairing request.
opensoul devices approve <requestId># opensoul devices reject <requestId>
Reject a pending device pairing request.
opensoul devices reject <requestId># opensoul devices rotate --device <id> --role <role> [--scope <scope...>]
Rotate a device token for a specific role (optionally updating scopes).
opensoul devices rotate --device <deviceId> --role operator --scope operator.read --scope operator.write# opensoul devices revoke --device <id> --role <role>
Revoke a device token for a specific role.
opensoul devices revoke --device <deviceId> --role node# Common options
--url <url>: Gateway WebSocket URL (defaults togateway.remote.urlwhen configured).--token <token>: Gateway token (if required).--password <password>: Gateway password (password auth).--timeout <ms>: RPC timeout.--json: JSON output (recommended for scripting).
Note: when you set --url, the CLI does not fall back to config or environment credentials. Pass --token or --password explicitly. Missing explicit credentials is an error.
# Notes
- Token rotation returns a new token (sensitive). Treat it like a secret.
- These commands require
operator.pairing(oroperator.admin) scope.