You’re right, the best approach for large deployments as yours (100+ devices) is having a single token per device. That to avoid request rejection based on the throttling per token and increase your account security.
Following up, Ubidots SW Docs might not be precise enough, but truth is that any Token created through the API using the API Key expires after 6 hours if NOT used, otherwise, it will continue to be valid. This is also mentioned in here.
Furthermore, if a token expires, there are no issues if you continue generating new tokens for each of your devices.
Quick notes to this approach, that is, generating token through the API:
- If you decide to follow this path, it is best if your devices connect to Ubidots using secure connections over TLS, regardless of the protocol you’re using to send data.
- It is important to note that should the API Key be compromised somehow, for example, someone gets its hand in your firmware and hence the API Key, all you devices would also be compromised, so make sure about firmware safety.
With the above in mind, Ubidots is currently working on making each individual device safer and easier to manage in terms of security. To that end, the following features are soon to be released. Please note that, at the moment of writing this reply, said feature are not yet out in production.
Last but not least, reach out to email@example.com and ask to convert a beta tester of the aforementioned functionalities.