That’s not an expected use case. Among other things, customers don’t have access to the product endpoints that would initiate a fleet upgrade. And device fleets are not divided by customer so that will also be an issue.
You can do this by creating your own secure API and/or web app, sort of a portal for your customers so you can make API calls on behalf of your customers and update their fleet of devices, but there’s no way to do that with the console or Particle Cloud API directly.
Typically the product creator is entirely responsible for deciding when to upgrade devices. The device itself can also have a say in whether to upgrade now or later.
Yes, you could push all of the logic for whether to get an update or not into the device code. But I’m not really sure this is any easier.
You’d need to notify every customer device that they should update, probably by a function call, or maybe an event subscription, but you still need to keep track of any devices that are offline or not responding when you request it, and keep retrying the request. So you’d need to have server code anyway.
In order to use that flash a device API endpoint, you need to use a token for the user who claimed the device. If you have it, you can use that endpoint.
There is no equivalent product endpoint for flashing devices, because products manage firmware releases through the firmware release process, not by flashing individual binaries. Except for developer devices, and for those you use the non-product endpoint with a token for the developer who claimed the device.
Just to clarify - I would not be able to use the device API endpoint on a device that is claimed by a customer even through I have their token, correct?
Currently in the console I’m able to do navigate to the Product → Devices → select a Device that is claimed by a customer → Edit → Change firmware version and select Flash Now. There is no API equivalent do to that correct?
If you want to lock and flash a specific device by API, you need a product level bearer token, not the customer token, and that product token would be able to change any device’s version.
Because customers are not expected to control their own code versions, there’s no facility for doing that using a customer token.
This is why you’d need a server or cloud function in front of the Particle API if you want to do it from a customer token, to make sure the customer token only modifies their own devices because it needs to use a full product token under the hood.