Owner OAuth Client Token not inherited to child products

Hi,

I’ve created an Oauth Client token at the owner level of the console, and have a product. Then when I try and add a device via the REST API to that product, I get a permission denied. It only works if I then create an Oauth Client token at the product level and authenticate against that to add a device to that product/

Is this correct behaviour? If so is it expected that you have a seperate Oauth for each product and have to keep track of each token to then be able to add a device to that product?

Yes, each product has its own set of independent oAuth client credentials so you do need to keep track of them separately.

Many API calls on behalf of a product can be done with a team member access token, which is not necessarily product-specific, however. The easiest way to create one of these is particle token create.