WebHID API
The WebHID API exposes selected human interface devices to web pages, creating a browser boundary for agents, peripherals, and physical controls.
Definition
The WebHID API is a Web Platform Incubator Community Group specification for browser access to devices that support the Human Interface Device protocol. The specification describes HID as both a device category and a bidirectional protocol between a host and a device. It began with USB devices and is now also implemented over other protocols, including Bluetooth.
WebHID is for devices and device features that ordinary high-level web APIs do not cover: alternative keyboards, specialized controllers, unusual gamepads, headset controls, foot pedals, lab panels, assistive switches, classroom hardware, and other peripherals whose useful controls are described by HID reports. It is not the same as keyboard events, the Gamepad API, WebUSB, or Web Serial, although a single physical device may sit near several of those categories.
MDN lists the core interfaces as HID, HIDDevice, HIDInputReportEvent, and HIDConnectionEvent. The governance question is simple: what happens when a web page, and therefore a browser agent, can exchange low-level reports with a local input or output device?
Snapshot
- Core capability: a supporting browser can let a selected origin open a selected HID interface and exchange input, output, and feature reports.
- Primary boundary:
requestDevice()is chooser-based, requires transient user activation, and can be narrowed with vendor ID, product ID, usage page, usage, and exclusion filters. - Policy boundary: the
hidPermissions Policy feature has a default allowlist ofself; embedded third-party frames need deliberate delegation. - Availability: MDN marks WebHID as limited availability and experimental, so deployment claims should name the browser and date rather than imply broad interoperable support.
- Governance concern: HID reports can read sensors, change lights or controls, update settings, or reach firmware paths that the browser cannot semantically understand.
Current Context
At this June 25, 2026 review, WebHID remains an incubator specification rather than a W3C Recommendation. The WICG draft was published as a Draft Community Group Report on September 13, 2024 and says it is not a W3C Standard or on the W3C Standards Track.
MDN marks WebHID and the hid Permissions Policy directive as limited availability and experimental. It also notes that WebHID is available in Web Workers except Shared Web Workers in supporting browsers. Chrome documents the API for uncommon HID devices and exposes user-facing settings for websites that connect to USB, Serial, or HID devices.
Chrome's user help is unusually direct about the stakes: users should grant device access only to trusted sites, and a paired site can access device information and may be able to reprogram the device. For governance, that means WebHID should be treated as hardware access even when it appears inside an ordinary web page.
Mechanism
The API is reached through navigator.hid, with related exposure on worker navigators in supporting contexts. A page asks for access by calling requestDevice() with device filters. The user agent presents a chooser, and the user grants access to selected devices. The WICG method steps require transient user activation, so the request must be connected to an actual user interaction. After permission is granted, getDevices() can list devices already available to the site.
Filters can include vendorId, productId, usagePage, and usage; the draft also defines exclusionFilters so a site can hide known-bad or unsupported devices from the chooser. Filters narrow what appears in the prompt. They do not prove that a selected device is safe, authentic, correctly labeled, or appropriate for a user's physical environment.
HID communication is organized around reports and report descriptors. Chrome's documentation describes input reports as data sent from the device to the application, output reports as data sent from the application to the device, and feature reports as device-specific data that may move either way. That makes WebHID more specific than ordinary keyboard events. It can expose LED control, rumble, configuration state, sensors, buttons, audio controls, foot switches, and other report-level behaviors that high-level browser APIs may hide.
An HIDDevice can be opened and closed, can receive input reports, and can send output or feature reports. The draft also defines forget(), which gives a page a way to release a previously granted permission. A governance review should care about all four states: selected, open, active report exchange, and forgotten or revoked.
Permissions Policy is part of the boundary. MDN says the hid directive controls whether a document may use WebHID, and the default allowlist is self. Cross-origin frames should therefore receive HID access only by deliberate delegation, not as a side effect of being embedded in a page that also hosts a device control panel.
Agent Context
For AI Browsers and Computer Use, WebHID is another place where a model can move from interface text into device state. An agent may configure a keypad, test a controller, read a sensor, operate a headset button surface, or drive an exotic input panel. It may also misread a prompt, accept a device it cannot identify, or generate report data that a human never meant to send.
The risk is not that HID devices are suspicious by default. The risk is that HID devices often sit close to the user's body, workflow, or physical environment. A foot pedal, assistive switch, game controller, scanner, headset, or custom lab controller is not just an abstract peripheral. It is part of how a person acts. Agentic automation around that channel should make authority visible.
Agent systems should therefore treat WebHID prompts as physical-device prompts, not generic browser permission banners. A model should not be allowed to choose devices, approve report-writing, or continue after unexpected connect/disconnect events without a policy layer that understands the device class and the human's intent.
Governance Use
A governance review should treat WebHID as hardware authority. Record the top-level origin, frame origin, Permissions Policy, selected device, vendor and product identifiers when available, usage page, usage, report IDs, report direction, user gesture, permission state, and whether the page sends output or feature reports. If a model is involved, record the prompt, generated report data, tool calls, human confirmation path, and whether any device action was irreversible or persistent.
Organizations should separate device configuration surfaces from untrusted content. A support portal, controller setup page, accessibility-device tool, classroom device portal, or factory diagnostic page should not casually share an origin with advertising scripts, model-generated previews, unreviewed plugins, or third-party widgets. If the same browser profile is used by an agent, the review should also ask whether granted HID permissions survive across tasks.
Enterprise policy should prefer allowlists over broad trust. Approved origins, permitted vendor/product IDs, permitted usage pages, and allowed report directions should be documented before deployment. For high-risk workflows, output and feature reports should require human confirmation or a deterministic allowlist outside the model.
Limits
The WICG specification's security section warns that HID peripherals can expose powerful functions: sensors, stored private information, writable settings, and firmware-update paths. It also notes that access can be abused to damage a device or corrupt data on it. The WebHID blocklist and user prompt reduce risk, but they cannot interpret every device-specific report.
The browser usually cannot know whether a report turns on a harmless light, changes a safety setting, mutes a microphone, changes calibration, writes to persistent memory, or starts a firmware-update path. Device makers and deployers still need firmware signing where appropriate, anti-rollback protections, safe defaults, clear reset paths, command allowlists, physical safety checks, and logs that distinguish device input from web-page output.
Chrome adds practical mitigations by inspecting top-level collection usages and blocking protected usages such as generic keyboard and mouse behavior, and by blocking security-sensitive devices such as FIDO HID devices. Those mitigations are important, but they are not a general proof that every accessible report is safe for arbitrary automation.
Failure Modes
Chooser confusion. A user or agent selects a similarly named device, a composite device, or a device whose physical context is not visible in the browser UI.
Report opacity. A payload is syntactically valid HID data but semantically dangerous for the device, such as a persistent setting, diagnostic mode, calibration change, or firmware action.
Cross-origin delegation error. A first-party page delegates hid access to an embedded widget, support tool, or untrusted frame that should not hold hardware authority.
Permission persistence. A later session reuses previously granted device access after the user, device, task, or physical environment has changed.
Assistive-device harm. An accessibility switch, foot pedal, or custom controller is disrupted in a way that affects the user's work, mobility, communication, or care routine.
Agent overreach. A model treats report-writing as a normal form submission and sends bytes without understanding the physical consequence or needing fresh human confirmation.
Review Record
- Origin: record top-level origin, frame origin, secure-context state, browser, browser version, and effective Permissions Policy for
hid. - Chooser event: record transient user activation, filters, exclusion filters, selected device label, whether the user canceled or connected, and any enterprise policy override.
- Device: record product name, vendor ID, product ID, usage page, usage, top-level collection, interface count, and whether the device or report appears on a blocklist.
- Reports: record input, output, and feature report IDs, payload categories, report direction, persistence effects, safety class, and whether a deterministic allowlist approved the report.
- Agents: record model instructions, generated bytes, tool calls, approval state, physical-device context shown to the user, refusal or pause events, and revocation path.
- Retention: preserve enough metadata for audit while avoiding unnecessary storage of raw sensor streams, private device data, credentials, or full report payloads.
Source Discipline
Claims about the API shape, chooser flow, filters, reports, blocklist, and Permissions Policy integration should cite the WICG WebHID specification. Claims about browser support, secure-context status, worker exposure, and interface names should cite current browser documentation, because MDN currently marks WebHID as limited availability and experimental.
Claims about Chrome behavior should separate developer documentation, user-facing Chrome Help, Chrome Enterprise policy pages, and implementation source. A permission prompt is evidence of user-mediated access, not evidence that the connected device is safe for arbitrary commands.
Spiralist Reading
Spiralism reads WebHID as a reminder that "interface" is sometimes literal. The hand, switch, controller, sensor, and indicator light become part of the web session. When an agent acts there, the record should preserve the chain from language to report to device behavior. The humane boundary is not no hardware; it is named hardware, narrow permission, reversible action, and a user who still knows what is listening.
Open Questions
- How should browsers represent composite HID devices so users understand which logical interface a site will access?
- Which HID report classes should be read-only, write-blocked, or human-confirmed by default in agentic browser sessions?
- How should assistive-device workflows balance convenience, privacy, and protection against accidental report writes?
- Can device makers publish machine-readable report safety metadata without exposing attack instructions or locking out repair and education?
- How should enterprise browsers expire or partition HID permissions between human browsing and AI-agent sessions?
Related Pages
- WebUSB API
- Web Serial API
- Web Bluetooth API
- Local Network Access
- Permissions API
- Permissions Policy
- Content Security Policy
- AI Browsers and Computer Use
- AI Agent Sandboxing
- AI Audit Trails
- AI in Operational Technology
- Capability-Based Security
- Vision-Language-Action Models
Sources
- WICG, WebHID API, Draft Community Group Report, September 13, 2024; reviewed June 25, 2026.
- MDN Web Docs, WebHID API, reviewed June 25, 2026.
- MDN Web Docs, HID: requestDevice() method and HID: getDevices() method, reviewed June 25, 2026.
- MDN Web Docs, Permissions-Policy: hid directive, reviewed June 25, 2026.
- Chrome for Developers, Connect to uncommon HID devices, last updated September 15, 2020; reviewed June 25, 2026.
- Google Chrome Help, Connect a website to a USB, Serial, or HID device, reviewed June 25, 2026.