Introducing API Users

We’re pleased to announce the launch of a new feature that will allow you to better implement the security principle of least privilege - API users.

Mike Sheward article author avatarMike ShewardJuly 22, 2021
Introducing API Users

The best security features are those that allow you to better implement battle-tested fundamental security best practices. We’re confident that our latest feature, launching today, fits this description perfectly.

API users are a special kind of user account you can add to your Particle product or organization. Unlike regular Particle user accounts, which are designed primarily for ‘human’ users, an API User is perfect for a machine-to-machine interaction with the Particle Device Cloud, such as in a script, or your server-side code.

API users are given granular access to Particle API. By assigning them specific API scopes, you’re ensuring they only have the ability to perform the functions they need to, and nothing more. This is somewhat different from regular user accounts, which inherit scopes based on their account role.

Here is what you need to know about an API user:

  • An API user can be scoped to an organization or a product.
  • An API user can only have one valid access token associated with it at any one time.
  • If an API user’s privileges change – the associated access token will change as well, to prevent ‘scope creep.’
  • Currently, API users are created, updated and deleted via the REST API, and are visible in the console in either the product team or organization team view.
  • API users cannot log into the console, administer users, receive emails, or generally do other things that are reserved for humans.
A view of API users in Particle

API response after creating an API user

A view of API user in the Particle Device Cloud Console

An API user as viewed in the Particle Device Cloud Console

Further reading:

The Particle Device Cloud API documentation has been updated with full details of how to create, update and delete an API user. 

See: https://docs.particle.io/reference/device-cloud/api/#api-users for more information.