Skip Device Activation
Skip device activation when the user chooses not to save the device.
Description
The Skip Device Activation endpoint allows users to decline device activation during the MFA verification flow. When a user completes MFA verification and receives an activation token but chooses not to trust the device, this endpoint can be called to properly handle the activation token without creating a trusted device entry.
This endpoint is part of the Trusted Devices API workflow and provides a clean way to handle the activation token when users prefer not to save device trust. Unlike simply ignoring the token, calling this endpoint ensures proper cleanup and audit logging.
Use Cases
- Privacy Preference: Users who prefer not to save device trust for privacy reasons
- Shared Devices: Skipping activation on shared or public devices
- Temporary Access: Users accessing from temporary or borrowed devices
- Security Preference: Users who prefer to always complete MFA verification
Workflow Context
This endpoint is used in the following authentication workflow:
- User logs in with credentials via Login
- User completes MFA Verification
- MFA verification response includes an
activation_token - User chooses not to "remember this device"
- User calls this endpoint to skip activation (optional but recommended)
- Future logins from this device will require full MFA verification
Prerequisites
- User must be authenticated with a valid access token
- User must have completed MFA verification and received an activation token
- Activation token must be valid and not expired (5-minute window)
Endpoint
POST /api/v1/devices/skip
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
Content-Type | Yes | application/json |
Request Body
{
"activation_token": "token_received_from_mfa_verify"
}
Parameters
| Field | Type | Required | Description |
|---|---|---|---|
activation_token | string | Yes | Activation token received from MFA verification response. This token is generated when MFA verification is successful. The token expires after 5 minutes for security purposes. |
Response
Success (200)
{
"success": true,
"data": {
"skipped": true
},
"message": "Device activation skipped"
}
Features
- Clean Token Handling: Properly processes the activation token without creating device trust
- Audit Logging: Records the skip action for security monitoring and user preference tracking
- No Device Trust: Ensures no trusted device entry is created, maintaining full MFA protection
- Token Expiration: Activation token is marked as processed and expires naturally
- User Choice: Respects user preference to not save device trust
Important Notes
- Optional but Recommended: While skipping activation is optional, calling this endpoint ensures proper cleanup and audit logging
- No Impact on Future Logins: Skipping activation means future logins from this device will always require MFA verification
- Token Expiration: If the activation token expires (5 minutes), this endpoint will return an error. The token cannot be skipped after expiration
Example
curl -X POST https://api.rivergen.com/api/v1/devices/skip \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"activation_token": "abc123def456"
}'
Related Endpoints
- Activate Device - Activate device instead if you change your mind
- List Devices - View trusted devices (will not include skipped devices)
- MFA Verify - Complete MFA verification to receive activation token (prerequisite)
See Also
- Trusted Devices API Overview - Complete guide to device management and workflows
- Authentication Concepts - Understanding authentication and token management
- MFA API Overview - Multi-factor authentication setup and management
- Error Handling - Understanding API error responses