Why are customers created through the API not listed in the console.particle.io

It’s confused me a number times to try and create a customer and check that it shows up in the web UI only to remember that I read somewhere on the site that a customer created by the API does not show up int he Web UI?

1 Like

Hello,

Sorry for the confusion, do you happen to remember where you saw this on the site? I am going to ping @Dave who might be able to help you with this.

Kyle

1 Like

Hi @incorvia,

Good question! I’ve chatted with our team about this one as well. Right now that page only shows customer accounts who have claimed your product, but it doesn’t show customer accounts without devices. My understanding is we’re hoping to revise this behavior sometime in the near future. (CC @jeiden)

Thanks,
David

3 Likes

Thanks so much for getting that fixed up. Certainly is confusing :smile:

2 Likes

@Dave,

Greeting, based on your post, would it be safe to assume that customers can also claim their device with CLI which would then populate them in my customer area?

Thank you

Hi @MaverickIdeas,

Yes I believe that’s correct. If your customer logs into the CLI using their customer account and claims their device that way, it should show in your customer area.

Thanks,
David

@Dave,

Thank you for getting back to me. That is a bit of a relief as I’ve been beating my head against the wall for a couple days now about this, I can’t seem to get a customer to populate in the customer area. So, now I am beginning to think there might be a bug, as I did exactly that (logged into CLI with user credentials and added photon, which had (produce ####) in the description of “particle device serial identify” and still no success. Do you have any suggestions that I may try?

Thank you

Hi @MaverickIdeas,

Want to DM me with your product number, and the device that you’re trying to claim / and get to show up in your console?

Thanks,
David

1 Like

Im in a similar situation in that Im developing an ios app using 2 leg auth. In building out, I found what this poster noted that the users are not listed in console. Im also finding that trying to delete the shadow user (with no devices) from particle that it responds that the “Customer not found”, even thou I can validate and get an access token for that customer.

var options = {
    url: 'https://api.particle.io/v1/products/****/customers/' + email,
    method: 'DELETE',
    form: {"access_token": "'" + access + "'"}
};

These are my Node request options. Im looking to find out if this is intentional, a bug or if I am just plain doing it incorrectly.

Any guidance is appreciated.

Customers won’t show up in the console until they have successfully claimed a device. They exist in a half-created state of limbo, but it’s not really a problem in most cases.

It’s possible to delete these half-created customers using the API if you know the email addresses.

https://docs.particle.io/reference/api/#delete-a-customer

curl -X DELETE "https://api.particle.io/v1/products/1319/customers/customer16@company.com" -d access_token=dffbab69277fefd3558933ee9d17c55454d2ca28

(that’s not the real access token, by the way)

Note that you must use product bearer token to do this, as described here:

I tested this and it works with both fully created customers and the half-created shadow customers who have not claimed a device yet.

There’s a minor change you can make in your server code flow that eliminates half-created customers as a problem. It’s a good idea to do this regardless because I think you’d run into a problem if the user claimed a second device and you didn’t do this.

Normally you’d create a customer like this:

curl -X POST -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d email=customer16@company.com -d no_password=true https://api.particle.io/v1/products/1319/customers

If that fails because the customer already exists, you should instead create a customer bearer token:

curl -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d grant_type=client_credentials -d scope=customer=customer16@company.com https://api.particle.io/oauth/token

The access_token you get back from this is basically the same as you’d get back from creating a customer. You can pass it to the mobile apps for generating a claim code there, or use it to directly create a claim code.

Rick

Hey Rick, thanks for your reply. There must be something in my request thats incorrect. I am pretty much following the procedure you outline.

I create the product customer on completion of creating the customer in my system with:

curl -X POST -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d email=customer16@company.com -d no_password=true https://api.particle.io/v1/products/1319/customers

getting back a bearer token.

If Im just generally logging in with an already created product customer I generate a token with:

curl -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d grant_type=client_credentials -d scope=customer=customer16@company.com https://api.particle.io/oauth/token

I can log the token in the ios app with:

print("Access \(SparkCloud.sharedInstance().accessToken!)")

It is that token that Im using to call the delete and I am using the call that you suggest. So only thing that I can figure is that Im not forming my Node.js request properly. Which wouldnt surprise me as Im still learning all there is to know about API requests in different languages.

Thanks again

No, you have to delete the customer with a product-scoped access token. In curl, the request to create one looks like this:

curl https://api.particle.io/oauth/token -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d grant_type=client_credentials 

It’s similar, but note that it’s not scoped to a particular customer.

That made a ton of sense, however, for some unbelievable reason I am still getting “404 Customer not found”. I have no doubt that I have something twisted up, but I am using the product bearer access token now with this as my node request options:

var email = event.headers.email;
var access = event.headers.access;
var dataString = 'access_token=' + access;
var options = {
    url: 'https://api.particle.io/v1/products/****/customers/' + email,
    method: 'DELETE',
    body: dataString
};

When I log the url and the dataString it looks just like what I think it should look like.

Im going to keep on keeping on, but if anybody sees something that jumps out at them, please let me know.

Thanks

1 Like

EDIT AGAIN: Nope, still not working.

EDIT: Actually I may have found my issue, which was an error on my side, however could I ask as a feature request that the Particle cloud devs consider displaying created but unassigned customers in the console. That would have saved me a heap of grief and would be much less confusing as is demonstrated by the number of people having questions about these half-created customers on the forums.

ORIGINAL:
Did you ever find an answer to this?

I think I’m having the same problem.

I’ve created a customer on the product. It doesn’t show up as the customer isn’t associated with any devices which is ok (albeit confusing). I created it using this endpoint “POST /v1/products/:productIdOrSlug/customers” using an oAuth client created with “create_customer” scope inside the product. When I try to create it again I get a “customer_exists” error so I assume it’s really there.

Now I want to delete the customer.
I’ve tried quite a few things in my own code and as a test then tried curl from the command line using:
curl -X DELETE “https://api.particle.io/v1/products/DDDD/customers/actual@email.here” -d access_token=XXXXXXXX
using an access token I created with grant_type=client_credentials as Rick describes above but I get back an error “Customer not found” the same way Pete describes.

Anyone have any suggestions/comments?

Make sure the access token is a product bearer token, not a shadow customer impersonation token.

For example:

curl https://api.particle.io/oauth/token -u "tempmon06-3459:460edfd8d70742dd1f1e75c3d5cac5973351465d" -d grant_type=client_credentials 

This is the token created using the oAuth client ID and secret, but not an email. A customer can’t self delete itself using their own token.

Hi Rick.

Yeah that’s what I’m doing thanks to your notes here:

So, my whole workflow:

  1. Created product (via console)
  2. Created oAuth client inside product with full permissions (A) (via console)
  3. Created oAuth client inside product with “create customer” permissions (B) (via console)
  4. Used oAuth client (A) to create product access token © with grant_type “client_credentials” (as per your notes)
  5. Used oAuth client (B) to create customer and saved customer token (D) (https://docs.particle.io/reference/api/#create-a-customer---client-credentials)
  6. Used product token © to delete customer using email address (https://docs.particle.io/reference/api/#delete-a-customer)

So step 6 is failing saying “Customer not found”, but in reality I’m just assuming an actual customer exists because I can’t see if the customer record is actually there. I have tried to redo step 5 and it errors with “customer_exists”… so… ?

So further investigation has shown that when I first try to create a customer as described in my above post, I get a response:
{"ok":false,"code":400,"error":{"name":"OAuth2Error","message":"No valid scopes","stack":"Error: No valid scopes\n [munch...]
And then on subsequent attempts I start getting the customer_exists I noted in my post:
{"ok":false,"code":400,"error":"customer_exists"}

In my step 5 where I first try to create the customer I’m passing POST parameters:

	$params["email"] = $email;
	$params["no_password"] = true;
	$params["productIdOrSlug"] = $product;
	$params["grant_type"] = 'client_credentials';

I’m passing the productIdOrSlug parameter even though no other SDKs appear to, just because the Cloud SDK doc says it’s required, and I’m passing the grant_type parameter even though it’s not in the Cloud SDK docs because I’ve noticed that the JS and iOS SDKs do it (I didn’t do this originally but this change didn’t fix my issue).

I have seen elsewhere in these forums other posts where people mention this “No valid scope” problem trying to create customers but I didn’t find any post where anyone had a solution although a few said that it effectively just magically started working which is not ideal…

Does anyone know what might be going on here?
There MUST be other people doing 2-legged authentication that have run into this exact issue…

I assume you want to hit this endpoint.

The productIdOrSlug is not in the POST data. It goes into the URL an is:

POST /v1/products/:productIdOrSlug/customers

If your product ID was 1234, it would be:

POST /v1/products/1234/customers

You probably don’t want to set the grant_type either when creating a customer.

This document explains step by step the tokens you need to successfully create a two-legged customer:

1 Like

Hi Rick.
Thanks for your reply, but if you see my previous post (1 up from my latest post that you’re replying to), you’ll see that I am already following your document on creating tokens.

And I only added in the productIdOrSlug and grant_type in a vain hope that they would fix this issue which they did not.

My actual request is:

POST /v1/products/1234/customers HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Host: api.particle.io
Accept: */*
Content-Length: 62
Content-Type: application/x-www-form-urlencoded

email=shadow-customer-test0%40blahblah.com&no_password=1

I’ve sanitised this output a little e.g. replaced our product code with 1234 and the Authorization header.
And that’s after following the steps I had above.

That should work, with a few caveats:

The email address can’t be associated with an existing customer or a Particle account. It has to have never been seen by the Particle API before.

Make sure the oAuth client ID and client secret you’re passing in the authorization header are for a full permissions scope. You cannot use a create customer access oAuth client to create a two-legged shadow customer.

2 Likes