I’m a bit clueless about creating Particle tokens for iOS apps I’ve created. Currently, I’m simply providing a means to scramble and unscramble what I believe is the “user” token and providing the scrambled version to customers who are trying to control Particle devices via my iOS app. I’m absolutely sure this is not the right way to do things and I’m pretty darn sure this is highly discouraged.
When I list tokens, I see: “user”, “spark-ide”, “cloud-compile”, “PASSWORD_ONLY”, “PASSWORD_ONLY__ (active)” and “ifttt-5545” tokens. There are lots of the PASSWORD_ONLY flavor and a few others I haven’t listed.
I’m a bit embarrassed that I need to ask this question, but I simply can’t find the documentation that shows me how to better use the tokens. By the way, at this time for development and test systems, users don’t log in. They merely enter the deviceID into a field and the scrambled (user) access_token.
I see that I can create a token and even set one to never expire. However, I don’t see how I might limit what they can do with that token. Any guidance would be greatly appreciated and I suspect I’m not the only user who’s clueless about this issue.