Change to Particle cloud REST interface?

I have a number of apps written in MIT App Inventor 2 that access the Particle cloud using Particle’s REST API. The apps have been running just fine for years now. Suddenly - today - none of them will work. I can’t log in to the Particle cloud - no response. For example, see https://github.com/BobGlicksman/MIT-App-Inventor-Particle-Photon-test.

Did Particle’s API endpoint change? Did the API to login with username and password (to get the user access token) change? I get no response when I try this. Any idea what the problem might be? The apps were working yesterday.

Could it be that you activated two-factor-authentication on the respective account?

You may also want to add some logging to your ai2 project to check what all the intermediate steps of the flow produce and whether they match your expectations.

It seems that my Particle account may no longer have a user access token. The web IDE no longer shows any access token and says that I have to use CLI to generate one. However, when I use curl to:

GET /v1/access_tokens

I do see a user access token listed in the JSON response. So I am a bit confused - do I need to generate one using CLI (as the web IDE settings page says) or do I already have one? Specifically, it is the non-expiring user access token that I am querying for and then using in my apps.

P.S. the Particle logout page has a check box to expire all tokens and I may have inadvertently checked it the other day. Perhaps I caused the problem this way? How do I recover?

If you clicked the box to revoke all of your access tokens, it really does mean all tokens in your account and it’s non-reversible.

You’ll need to create new tokens using the Particle CLI or the API in this case. The Web IDE token is no longer visible.

@rickkas7: thx for the quick reply. Questions:

  1. if all tokens are revoked, why do I see them with API call GET /v1/access_tokens? Id there some way to tell that these tokens are revoked?
  2. if I create a new user token, will it replace the old one in GET /v1/access_tokens or just add another user token to the json response. If the latter, how can I tell which one is the correct one?
  3. is there some way to not return revoked tokens with API call GET /v1/access_tokens?

particle token list will do that for you

You probably have a load of tokens some active and some expired for different purposes.
When you create a new token it does not revoke or replace any other.

1 Like

I used curl and found a list of tokens, including a user access token. I used curl again to list my devices using the user access token found above, and it worked. The rub of it is that my app code does exactly the same thing and it does not work. The apps always worked before and, as far as I can tell, the json responses from curl are the same as they were before. yet the apps suddenly don’t work – all of them!

I can understand that if I accidently revoked all of my tokens than the cached token in the apps won’t work anymore. But the apps have a setup page that gets the user access token using login:password and then uses the access token to get the device list – but this suddenly no longer works.

Why would curl results be different from the app that does the same thing (and always worked before)? Something isn’t making sense here. If I revoked my tokens a few days ago, would curl somehow return the old token list but the app using the same api not return the same tokens? Doesn’t make sense.

I going to see if another person who uses these apps in their own particle account is having the same problem as I am. I’ll report back. I believe that something happened when I inadvertently revoked my tokens but I don’t see what that is.

Hi Bob,

The source files (other than the .ino) in your github repro are not really readable, so it is hard to know what is going wrong.

I had a similar problem in the past with a web page that talked to the Particle cloud API and it turned out that I was using an older version of a javascript library (jquery) that became no longer available after a few years. Switching to a new version of that library made everything work again. The symptom was that data could not be transferred, but the reason was not due to access control, the missing library just caused silent failures.

Could it be something like that?

I’d try to turn on the debug logging for your http request library so that you can see the exact thing going out. Also make sure you are putting the auth token in the HTTP authentication header if at all possible to avoid incompatibilities depending on request type.

If your curl results are different, that’s because the request you are sending isn’t the same as your curl request, so the logging will be needed to figure out where things went wrong.

Oh and make sure you haven’t accidentally hard-coded the token where you think you’re using an environment variable or something.

Thank you, everyone. Just reporting that, for no apparent reason, all of the apps are working fine now. I’m not sure if there was some problem at Particle (authentication server hiccup) or perhaps my running curl tests triggered something … I just don’t know, but everything is suddenly working fine.

Thanks again to everyone for your help.

1 Like