diff --git a/src/pretix/api/auth/devicesecurity.py b/src/pretix/api/auth/devicesecurity.py
index d725d082e..6a0be502e 100644
--- a/src/pretix/api/auth/devicesecurity.py
+++ b/src/pretix/api/auth/devicesecurity.py
@@ -22,8 +22,8 @@ class PretixScanSecurityProfile(AllowListSecurityProfile):
     verbose_name = _('pretixSCAN')
     allowlist = (
         ('GET', 'api-v1:version'),
-        ('GET', 'api-v1:device.update'),
-        ('GET', 'api-v1:device.revoke'),
+        ('POST', 'api-v1:device.update'),
+        ('POST', 'api-v1:device.revoke'),
         ('GET', 'api-v1:event-list'),
         ('GET', 'api-v1:event-detail'),
         ('GET', 'api-v1:subevent-list'),
@@ -48,8 +48,8 @@ class PretixScanNoSyncSecurityProfile(AllowListSecurityProfile):
     verbose_name = _('pretixSCAN (kiosk mode, online only)')
     allowlist = (
         ('GET', 'api-v1:version'),
-        ('GET', 'api-v1:device.update'),
-        ('GET', 'api-v1:device.revoke'),
+        ('POST', 'api-v1:device.update'),
+        ('POST', 'api-v1:device.revoke'),
         ('GET', 'api-v1:event-list'),
         ('GET', 'api-v1:event-detail'),
         ('GET', 'api-v1:subevent-list'),
@@ -72,8 +72,8 @@ class PretixPosSecurityProfile(AllowListSecurityProfile):
     verbose_name = _('pretixPOS')
     allowlist = (
         ('GET', 'api-v1:version'),
-        ('GET', 'api-v1:device.update'),
-        ('GET', 'api-v1:device.revoke'),
+        ('POST', 'api-v1:device.update'),
+        ('POST', 'api-v1:device.revoke'),
         ('GET', 'api-v1:event-list'),
         ('GET', 'api-v1:event-detail'),
         ('GET', 'api-v1:subevent-list'),