Hi,
Developer i.e. particle build access_token is a fixed one and does not change all too often right ?
Anyway, you are advising to create an cliendID + secret per application type (android, ios, webapp etc). And to generate an access_token that is used to request then things from each application separately with own access_tokens.
It seems from your examples that you assume the access_tokens to be long lasting and in you example its 90 days but can be changed allthough which is good.
The problem i see in this is -> If i want to generate an access_token on each request made towards particle to ask for some event data thus short lasting accesstokens, i need to expose my username and supersecretpassword each time i want to regenerate the access_token for the client in use.
I want short lasting access_tokens to get better security while exchanging sensitive data between particle and our application.
Is there a way to regenerate an access_token without exposing my username + password ?
And if not, how would you tackle my issue ? -> is it safe enough to expose username and password each time in a HTTPS request between azure and particle cloud ?
