Thanks @jeiden
If I understand you correctly, I suppose the case would be that any function call, variable requests etc. would be made via our wrapped API, and then called using a single non-expiring access token on our backend. Or are you suggesting that a ‘master’ access token to access all product devices is potentially not possible?
One more question I had which has been asked before but not formally answered, is it ok to ‘create’ a shadow customer using a UUID instead of email?