I’m creating a web server-based application for a Particle powered product. This will use Two-Legged authentication.
In the process described in the documentation, there’s a step I don’t understand - creating a scoped access token.
First your OAuth client is created (one-time). Then, to create a customer, there’s a POST to https://api.particle.io/v1/products//customers to create the customer.
After that, the documentation (Tutorials > Device Cloud > Authentication) shows a POST to https://api.particle.io/v1/products/:productIdOrSlug/device_claims to create a claim code for the device.
But, in searching the forum and also in the Authentication article there’s a reference to creating a scoped access token as a step between creating the customer and creating the claim code? Is this right?
I can’t seem to find more information about what this is, what it does, and, if it’s absolutely necessary. It would seem that after you create the customer, you should just need a claim code?
…or, is this the access token needed for the customer to interact with the Particle Cloud? But it looks like the customer creation endpoint returns that?
Can someone elaborate?