POST /v1/products/:productIdOrSlug/customers failing

I am trying to create a new customer using:
/v1/products/:productIdOrSlug/customers

I have replaced “:productIdOrSlug” with my product id
I have used applied Basic HTTP Authorization using “client_id:cleint_secret”

I have tried this in code from my mobile app, using Postman and on the following link:
https://docs.particle.io/tutorials/device-cloud/cloud-api/

All techniques have resulted in:
{“error”:“invalid_scope”,“error_description”:“Permission denied”,“code”:400}

Note that https://api.particle.io/oauth/token works using my “client_id:cleint_secret” combination.

Any ideas?

You can only use the client ID and secret to authenticate the oAuth APIs.

That generates a product bearer token that you use to authenticate other APIs, such as create customer.

This tutorial shows how customer claiming works. Just scroll down a little and it shows how to get the access token and use it for create customers.

https://docs.particle.io/tutorials/device-cloud/cloud-api/#customer-claiming

From the link you sent, see the attached image.
Has this API been deprecated?

If you didn’t start from the beginning of the tutorial you might not have all of the fields filled in, now that I think about it. You might have to start farther up than the starting link I sent.

So, each section does not stand independently.
If I use this to create a bearer token:

and apply the bearer token in Postman, I get the same results.


Is the oAuth client Two-Legged Auth (Server)? That will be necessary to use the API in the way the tutorial uses it.

Are you able to use the token for any other commands like list product devices?

The customer email could be the issue. if the customer email already exists as a Particle account email or as an existing customer you won’t be able to create the customer.

I was able to create a customer with my account and token, so the APIs are still theoretically working. You may need to create a support ticket.

“Is the oAuth client Two-Legged Auth (Server)?” are there multiple servers to hit?
I only know: https://api.particle.io

Also, I get “Permission denied” for every attempt.

There’s only one server, however if you have an oAuth client of type SimpleAuth you can’t create two-legged customers using the API that way. You need to use the implicit grant option, instead.

Sorry, I should have asked that first, as that does use the client ID and secret in the basic auth header, however it’s rare that you ever need to use that method because it’s really only necessary if you are using the Device Setup SDK, and then you don’t make any API calls at all - the SDK does.

The other potential issue is that the oAuth client must be the one in the product. You cannot use the oAuth client created in your account to access a product API even if your account has access to that product.

I am using SimpleAuth.

I am building a mobile app and at this stage I am trying to stay serverless.

The origin of this path is the “access token” in my, in development, mobile app expired. This forced me to recognize that my app needs to get and refresh “access tokens” for each new customer.

Am I going down the wrong path?

I have created every type of client all with the same results.

Found the problem!

The website ALLOWS you to create clients that are NOT associated with your project. None of the clients I created were associated with the APP I am building hence the “Permission denied”

Hope this helps someone else.