`openclaw devices`¶

Manage device pairing requests and device-scoped tokens.

Commands¶

`openclaw devices list`¶

List pending pairing requests and paired devices.

openclaw devices list
openclaw devices list --json

`openclaw devices approve <requestId>`¶

Approve a pending device pairing request.

openclaw devices approve <requestId>

`openclaw devices reject <requestId>`¶

Reject a pending device pairing request.

openclaw devices reject <requestId>

`openclaw devices rotate --device <id> --role <role> [--scope <scope...>]`¶

Rotate a device token for a specific role (optionally updating scopes).

openclaw devices rotate --device <deviceId> --role operator --scope operator.read --scope operator.write

`openclaw devices revoke --device <id> --role <role>`¶

Revoke a device token for a specific role.

openclaw devices revoke --device <deviceId> --role node

Common options¶

--url <url>: Gateway WebSocket URL (defaults to gateway.remote.url when configured).
--token <token>: Gateway token (if required).
--password <password>: Gateway password (password auth).
--timeout <ms>: RPC timeout.
--json: JSON output (recommended for scripting).

Note: when you set --url, the CLI does not fall back to config or environment credentials. Pass --token or --password explicitly. Missing explicit credentials is an error.

Notes¶

Token rotation returns a new token (sensitive). Treat it like a secret.
These commands require operator.pairing (or operator.admin) scope.

openclaw devices¶

Commands¶

openclaw devices list¶

openclaw devices approve <requestId>¶

openclaw devices reject <requestId>¶

openclaw devices rotate --device <id> --role <role> [--scope <scope...>]¶

openclaw devices revoke --device <id> --role <role>¶