Customers' token refresh error

We have a lot of customers with particle shadow users (made 1+ years ago) where the auth token can no longer be refreshed. This seems to be occurring ever since there was an API change on particle’s side for the customers route to be product-specific, i.e. our customer routes changing from /v1/orgs//customers to /v1/products//customers. There is an error “invalid scope” when attempting to refresh their expired tokens, even though they are listed on the dashboard as customers of the correct product. One solution is for us to manually re-create these shadow users, but this also requires re-claiming their devices, which is a time consuming process for us that has to be done manually with each of our customers.

Is there any other way to “fix” these shadow users, or any method you could apply on your backend?


Hi @csaba - can you provide us with the specific call you are using? (and maybe DM me the Product ID on which you are using it?)

We are using the call detailed under “Generate a customer scoped access token” in the cloud API documentation:

We are using an Authorization header with a product-specific client id and client secret. I’ll send details in a PM. Thanks!