1. Docs
  2. API Reference
  3. List the identity's active 'remember this device' records

List the identity's active 'remember this device' records

GET/v1/identity/auth/mfa/trusted-devices

Authentication

  • Bearer Token Authorization

    JWT access token

Code samples

cURLJavaScriptPythonGo
curl -X GET "https://api.canopy.dev/v1/identity/auth/mfa/trusted-devices" \
  -H "Authorization: Bearer $CANOPY_TOKEN"

Responses

200 One row per active trusted device, ordered by `last_seen_at` descending. Cookie hashes are not echoed back. 
{
  "items": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "environment_id": "00000000-0000-0000-0000-000000000000",
      "label": "string",
      "ip_address": "string",
      "created_at": "2026-04-20T12:00:00.000Z",
      "last_seen_at": "2026-04-20T12:00:00.000Z",
      "expires_at": "2026-04-20T12:00:00.000Z"
    }
  ]
}

application/json

  • itemsMfaTrustedDeviceResponseDto[]*
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

Returned object

The MfaTrustedDeviceResponseDto object View all properties on this resource
On this page

Related endpoints

GETList enrolled MFA factors for the caller
POSTBegin TOTP factor enrollment
POSTComplete TOTP factor enrollment
POSTBegin WebAuthn factor enrollment
POSTComplete WebAuthn factor enrollment
POSTProve a fresh factor to authorise a sensitive MFA mutation
POSTBegin a WebAuthn-backed step-up ceremony
POSTComplete a WebAuthn step-up ceremony
DELETERemove an enrolled MFA factor
POSTRegenerate the identity's single-use recovery codes
DELETERevoke every trusted device for the caller
DELETERevoke a single trusted device
Canopy