Users client authentication OAuth not showing Organization products


We are trying to get a list of all products against an Organization using the Oauth two legged authentication using node-js and the particle-js library.
We’ve created an authenticate client key and token against a user in the Sandbox area and would like to then fetch all the products that that user has access too. However when we issue the api call /v1/user/products we only ever get the sandbox products and not the associated Organization products.

If we try /v1/orgs/{myOrg}/products we get an access denied using that client key. However if we generate an access token using the /oauth/token interface and use that token instead then it works.

Is the Authenticate client key only allowed to see the sandbox products? If so how can we get it working for the organization other than making two bespoke calls via https.

When you create an oAuth client, it only has access to that specific area. In a user account, this means the sandbox. In a product, this mean the specific product.

If you create a Particle user-level token (such as you get from particle token create in the Particle CLI), then that token has all of the access the user does, so it can get both the sandbox and all organizations and products that the user has access to from a single token.

You do need to make two API calls to get a list of both sandbox and organization products, but you can do so with a single token.