Access tokens, types and where to use each one?

Hi! Currently I’m building a web app to interact with a Photon board through the Particle API. The app just listents for an event and prints the result using console.log(). I’m using my user access token (the one found in the Web IDE) and everything works fine, however I was wondering if I can use the client access token (client secret) instead. I’ve created a custom client from the Particle Console with no specific scope (full permissions) but when I set this token in my app it shows this error:
{"error":"invalid_token","error_description":"The access token provided is invalid."}

After several readings of the Autenthication tutorial and Cloud API / Particle API JS references I’m still a bit confused.

So, as far as I understand that there are at least three kinds of tokens:

  • User tokens
  • Client tokens
  • Customer tokens

Can someone please explain wich actions can be performed with those different tokens and how can I solve the issue with my app? Thank you!

The client secret is not an access token. You can use the client ID and client secret to generate a bearer token, however.

This describes how to do it for products, but it’s actually the same for a user account bearer token:


This is exactly what I was looking for! Thank you very much!

Tested it and works like a charm!