General description of the problem

Let’s consider a hypothetical use case for a BSoM402 board:
The requirements of the firmware of this board are to:

• Publish sensor readings to DRF API
• Not interact with the personnel around the B402, as far as bystanders are concerned this device will sit in the corner of a room collecting data 24/7, a data recording device.
• Have the ability for the DRF API to call particle cloud functions on a per device basis on devices within the organization

What’s wrong here?

I have been using an access_token as generated by particle token create on my particle account thus far since the device has been claimed, but as you know once a device becomes a product device it requires some sort of “customer setup”, but for our particular implementation of the product, there is no phase of use where the customer “sets up” the device, they receive it, turn it on, and it’s collecting data.

Expectations vs. reality

There should be some feature of particle products to generate an access_token that provides function calling rights to an external API over the https cloud, one that is the same for all product devices.

Question

Is there a way to do this, create an access token that will provide function calling rights over particle product marked devices, if so is it in the documentation? I cannot find it anywhere.

Customers are not required for product devices. In fact, most cellular products do not use customers. There are two methods that are used:

• Claiming all devices to a single account. This is necessary if the device needs to receive events.
• Leaving the devices unclaimed. This is another option, but the device cannot subscribe to events on device. It can send them, and receive function and variables, but not events.

The API Users feature allows you to create a product-level access token that only has access to specific Particle cloud APIs.

Is there a way to take avenue number two, leaving all devices unclaimed?

The tricky part about this is that without claiming the device, the acces_token cannot be passed as a query param to the particle cloud API since the device isn’t claimed. (ex. https://api.particle.io/v1/devices/{request.query_params.get("coreid")}/version-number) since the device isn’t in “my devices”

Otherwise, I will have to go with the solution of claiming all devices to the same account.
Thank you for the response @rickkas7 !

You need to use the product devices route instead of the developer devices route:

GET /v1/products/:productId/devices/:deviceId

Perfect, thank you, will an access_token from any particle account within the organization grant access to calling functions on the devices?

Yes, though there is also a product bearer token that grants access to that product only:

https://docs.particle.io/tutorials/device-cloud/cloud-api/#product-bearer-token-authentication-products-

And the API users I mentioned earlier, which allows access to a specific product and allows you to set which APIs can be called with that token.