Devices
Every macOS app installation that signs in to your account becomes a registered device. Devices have their own credentials (separate from your password and from your API keys), and you can list and revoke them at any time.
What's a device
A device is any installation of the MindWiki macOS app you've signed into. When you sign in, the app mints a long-lived device token tied to that machine and stores it locally. The token is what authenticates that device's sync calls — so revoking it cuts that device off from the vault without affecting any other device or AI connection.
Web sessions are not devices in this sense — they're tied to your browser cookies and managed implicitly via the standard login flow.
Where devices are managed
Go to mindwiki.io/account/devices. You'll see a list of every device with an active token, including:
- Device name — typically the Mac's hostname (e.g.
Keaton's MacBook Pro) - Device type —
macos - Created — when the device first signed in
- Last used — most recent sync activity
- Revoke — disconnect this device
When to revoke a device
- You sold or replaced the Mac.
- You signed in to a borrowed or shared Mac and forgot to sign out.
- You suspect a credential was exposed.
- You're cleaning up old installations.
Revoking is immediate. The device's next sync attempt will fail; it will surface a sign-in screen the next time the app runs.
Adding a new device
There's nothing special — install the macOS app on the new Mac, sign in with your account, choose a vault folder, and sync starts. The new device gets its own token automatically.
You can run more than one device at a time. Each writes its own changes; sync merges them through the standard pull/push cycle.
Devices vs. API keys
Don't confuse devices with API keys:
| Device tokens | API keys |
|---|---|
| Issued automatically when you sign in to the macOS app | Minted manually from /account/api-keys |
| Used by the macOS app's sync engine | Used by REST clients and (legacy) MCP clients |
Listed at /account/devices | Listed at /account/api-keys |
| Have read+write authority over your vault | Have only the scopes you select |
Format: mwd_... | Format: mw_... |
Both can be revoked independently.
Sign out from the device itself
The macOS app has a Sign Out option in Settings. Use it when you want to disconnect from the current Mac without going to the web. Signing out revokes the local device token and drops the local auth.
After signing out, the local vault folder remains on disk — your markdown files don't disappear. To re-sync, sign back in (or sign in as a different account).
Auth storage on macOS
Device tokens are stored in a JSON file at:
~/Library/Application Support/io.mindwiki.desktop/auth.jsonThis file is readable only by your macOS user account. The data inside is the device token plus connection metadata. If you ever need to reset everything, deleting this file effectively signs the app out — the next launch will ask you to sign in again.
Where to go next
- Sync Model — how device tokens are used during sync
- API Access — for non-device, non-MCP integrations
- Export & Backup — protect your data independent of any device