StartDeviceAuthorization - AWS IAM Identity Center


Initiates device authorization by requesting a pair of verification codes from the authorization service.

Request Syntax

POST /device_authorization HTTP/1.1 Content-type: application/json { "clientId": "string", "clientSecret": "string", "startUrl": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


The unique identifier string for the client that is registered with IAM Identity Center. This value should come from the persisted result of the RegisterClient API operation.

Type: String

Required: Yes


A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation.

Type: String

Required: Yes


The URL for the AWS access portal. For more information, see Using the AWS access portal in the IAM Identity Center User Guide.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "deviceCode": "string", "expiresIn": number, "interval": number, "userCode": "string", "verificationUri": "string", "verificationUriComplete": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The short-lived code that is used by the device when polling for a session token.

Type: String


Indicates the number of seconds in which the verification code will become invalid.

Type: Integer


Indicates the number of seconds the client must wait between attempts when polling for a session.

Type: Integer


A one-time user verification code. This is needed to authorize an in-use device.

Type: String


The URI of the verification page that takes the userCode to authorize the device.

Type: String


An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code.

Type: String


For information about the errors that are common to all actions, see Common Errors.


Indicates that an error from the service occurred while trying to process a request.

HTTP Status Code: 500


Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.

HTTP Status Code: 401


Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.

HTTP Status Code: 400


Indicates that the client is making the request too frequently and is more than the service can handle.

HTTP Status Code: 400


Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: