How to pair a new device
TopicFrom the PointSav Documentation
Pairing a device registers it with the platform using machine-based authorization β a cryptographic handshake that binds access to your hardware rather than to a username and password. Once a device is paired, it holds the keys required to establish connections. A device without a pairing has no pathway to the protected resources at all β not access-denied, but structurally unreachable.
For the theory behind this model, see machine-based-auth and pairing-as-permission.
[edit]Prerequisites
- A PointSav account with at least P3 access (see personnel-permissions)
- The
os-consoleapplication installed on the device you are pairing - Network access to the Command endpoint assigned to your account
[edit]Steps
[edit]1. Open the pairing request from os-console
Launch os-console on the new device and navigate to Settings β Devices β Pair this device. The console generates a temporary pairing code β a short, human-readable string that is valid for 10 minutes.
[edit]2. Approve the pairing on a trusted device
On a device already paired to your account (your INPUT-tier daily machine), open os-console and navigate to Settings β Devices β Pending pairings. The new device's pairing code and hardware fingerprint appear here.
Verify that the fingerprint shown on the new device matches the fingerprint shown on your trusted device before approving. This cross-check prevents a rogue device from inserting itself.
[edit]3. Select the pairing type
Choose the access tier for the new device:
| Tier | What it can do |
|---|---|
| INPUT | Full read/write access to your archives and data β use for your daily machine |
| USER | Read-only access β use for shared or secondary devices |
| INTERFACE | Metadata only β use for orchestration and monitoring integrations |
ADMIN pairings require the approval of the system administrator and cannot be self-issued.
[edit]4. Confirm and complete
Approve the pairing from your trusted device. The new device's os-console refreshes automatically and the Totebox session becomes available. The pairing event is recorded to the audit ledger immediately.
[edit]Verify the pairing
On the new device, open os-console and navigate to Settings β Devices β This device. The device status should show Paired with the tier you selected and the timestamp of the pairing event.
Run a test read-operation on any archive to confirm connectivity.
[edit]Revoke a pairing
To remove a device from your account, navigate to Settings β Devices on any paired device, select the target device, and choose Revoke. The revoked device becomes mutually invisible to your resources immediately β no logout or TTL wait is required.
[edit]Key takeaways
- The pairing IS the permission; there is no central access-control list to update
- Always verify the hardware fingerprint cross-check before approving a new pairing
- INPUT pairings grant full read/write access β assign them to machines you control directly
- Revocation is immediate and hardware-level; no session or token expiry needed
[edit]See also
- machine-based-auth β how machine-based authorization works architecturally
- pairing-as-permission β the Object Capability pattern that pairing implements
- personnel-permissions β the four access tiers and what each can do
- open-first-totebox-session β open a session on a newly paired device