We have our devices distributed among organisations, but now have a closely related team in our own organisation that we would like to grant read-only access to all devices.
I just tried creating a new token for our top level user but it only let me change the name, not the permissions, so I assume it has write permissions too.
It is painful to have to use organisation level read-only keys, both for us to create them and for the other team to have to associate the keys with device labels.
Is there a way we can create a read-only key that works over all organisations?
Device tokens: Which can only have permissions to send or retrieve data.
Organizational tokens: Whose permissions can be customized through the API roles option.
Account tokens: The ones that you created from your Profile and have all the permissions.
Each token as you see has a different purpose and use. We recommend users to use device tokens for sending and retrieving data, as you are looking that users only to have permissions to read, you can modify or create new tokens assigning them only read permissions. Please refer to the following article to learn how to export the devices tokens: