Hi @jeiden - is this one for you?
Using the API to create a shadow customer (two legged auth) using:
POST /v1/orgs/:orgSlug/customers
Returns the access and refresh tokens.
How do I delete (a growing list) of test users?
How to I review a customers tokens once created?
Thank you
Yep, myself and/or @bryce are the people who can help with product creation . As for your questions:
We do not currently have an API endpoint or UI for deleting customers. This would need to be thought through, as it would be potentially damaging if a customer who had claimed a device was deleted. This would immediately disrupt the customer’s ability to interact with their device. Can you tell me a bit more about why you would like to delete customers?
There is also currently no endpoint for reviewing a list of customer tokens. I think it would be a good idea to build moving forward, but for now you will need to store the access token (and the refresh token) you receive from the POST request in your own database to use for later. This way, you can grab the access token whenever your app needs it. If the token is expired, use the refresh token to get a new access token, or you can generate a scoped access token for a customer using the API. Can you tell me a bit more about why you’d want a list of customer tokens as well?
Both of your questions are spot on and potentially great improvements for the future. I’d like a bit more context on why you’d need #1 and #2, and we can work on putting it in our product roadmap if it makes sense to do so.
Hi @jeiden
Thanks for your reply. The queries are around:
You are correct - outside of testing you may not want to delete customer - but perhaps this should be up to the service creator to decide. I can see that eventually when I want to display my list of real users I will also see my test users as well, potentially skewing stats and polluting lists.
I have same problems as @Kevin with listing and deleting customers.
About this problem:
You can always generate new credentials.
curl -u <organisation_id>:<organisation_secret> -d grant_type=client_credentials -d scope=customer=<user@email.com> https://api.particle.io/oauth/token
You will get fresh tokens. I think you can do it each time you user will login.
@1chef In your experience does this actually revoke the old customer-scoped access token? We have tried unclaiming a device via the online console.particle.io portal, and then reclaiming it via the Create Customer Scoped Access Token => Claim Device with Customer Access Token process as a means of disabling old access tokens but find that the old access tokens still work to communicate with the device (at least if the customer email address is the same as it was prior to unclaiming it in the first place).
Given this finding, it appears we cannot revoke access tokens to devices, unless the “Remove device” procedure undoes something the Unclaim Device option does not on the online device management portal. We suspect we might be missing something though as this function feels fairly fundamental.
Does anyone know a concrete procedure for revoking customer-scoped access tokens?
I am in the same situation. I saved one of the access tokens for one of the customer emails but when i try it with curl I get
{“error”:“invalid_scope”,“error_description”:“Customers are not allowed to access product and organization endpoints”}
I just need to delete customers for testing the onboarding process.
A customer cannot delete themselves using the API. You need to use a product bearer token to delete a customer from a product.
Yes that worked thank you!