Skip to content

Security and tokens#

WiFi access is token-based. A token authorizes a host application to connect to a specific Enody host over the local network.

Pairing model#

There are two common paths:

  • USB-authenticated setup with enody wifi-setup.
  • WiFi token generation with physical device approval using enody wifi-generate-token or the Rust WifiConnection pairing helpers.

The public SDK verifies generated tokens by reconnecting and checking that the host identifier matches the token host.

Store tokens carefully#

The CLI writes saved tokens to the local Enody token store. Rust applications load the same store through TokenStore:

let store = TokenStore::load()?;
let tokens = store.tokens();

The token store file still contains authorization data. Treat it as a local credential.

Use one token per host#

TokenStore.upsert() replaces an existing token for the same host identifier. This keeps saved-token discovery unambiguous when a device is re-paired.

Public protocol details#

Public SDK APIs expose the token and WiFi connection workflows needed by host applications. Private firmware implementation details are intentionally outside these docs.