I know this is basic but I am looking for clarity on Tokens. I have read this document but it still leave me wanting:
I am setting up a new organization with a new app under my account. My devices send data to Ubidots using a Particle webhook so I want to create tokens that can be associated with a Particle product (think of 10s to 100s of devices). I don’t think I can have a device API token though as the token is stored in the Particle webhook not in the device’s firmware.
If that makes sense, then Is this is best approach?
- Create an account token for each Particle product and put this into the Particle Webhook
- Create API Tokens for each organization in case we want to query the data in that organization and its resources.
Is there a better / more secure approach? If a token gets compromised, it seems I could generate a new token from my Ubidots Account, delete the compromised one and then update it on the Particle portal without having to change any of the device’s firmware.