Multiple customers controlling the same device

I wanted to check whether it is possible in the Particle Cloud API for multiple customers to be able to control the same device? I am making a smart home appliance and I want to make it possible for multiple people in the household to have their own account (setup with us using Firebase auth) and for them all to be able to control the smart appliance. I guess what I’m asking is whether I should just make the shadow customer related to the device itself and then I can share the access token and device ID with all users who I want to be able to control the device from their smartphones. I’m open to different ideas for how to implement this.

You should probably implement an API on your own server that is using Firebase Auth that manages all requests. This server will have a product token that allows access to all devices in the product. Then your server can associate which mobile app user has access to which devices rather than trying to manage shadow customer tokens.

1 Like

So it sounds like we do want the our smart appliance to be a Particle product so that we can update all the fleet firmware at once, so that we can have both me and my coworker are able to control aspects of the account and test and send out new firmware, and so that we can have one unique product access token that controls any device that is part of the Particle product. Then in our app we should only use the WiFi connection steps of the Particle Photon Setup Library (we use the P1) and leave the device unclaimed. Then in order to call Particle functions we could use the product access token in the app to make the calls directly for the particular garden in question.

It might be a little hard for us (we’re two people, one full-time) to completely set up our own API, but Firebase makes it easy to do customer authentication and then FlutterFlow (which we’re using for the mobile app development) makes it easy to make API calls directly from the app. We would also manually include the iOS and Android Photon Setup Library SDK in the code output of FlutterFlow just for the purpose of WiFI connection, but not authentication with the Particle Cloud. So the above is the solution I’m thinking of right now. Maybe in the future we can set up our own API, but I think in the meantime it would be ok to have the product access token be embedded in the mobile app and used to make Particle function calls directly from each user’s app. Let me know what you think about this.

Hi,
A resource I come back to very often is this:

What you say here:

sounds like a big security risk. Somebody with the right skills and wrong intentions could intercept the messages the app sends and get access to your product access key, hence controlling your whole fleet.

Cheers,
Gustavo.

1 Like