Auth & Keys

Particle uses OAuth 2 Client-Credentials for all server-to-server calls. Follow the steps below to create credentials and request an access token. Full request/response details live in the Authorization API reference

1. Create a Service Account

1. Reach out to your Particle Health Representative to generate a client ID and client secret.
2. You can also do this yourself if you are using our Management APIs by:
   1. Create a New Service Account using the Create Service Account API
   2. Request credentials using the Create Credentials API using the service account you just created.
   3. Copy the generated client ID and client secret and store them in your secrets manager.

2. Generate a JSON Web Token

Use the client ID and secret with the OAuth 2 client-credentials grant. See the step-by-step parameters and sample request in the Authorization API reference.

Tokens are valid for 60 minutes; request a new token when it expires.

3. Attach the Token

Include the token in an Authorization: Bearer header on every Particle request. Example headers are shown for each endpoint in the API reference.

4. Rotate or Revoke Keys

Rotate keys for your Service Accounts at any time. When creating new credentials via the Management APIs, the old credentials will automatically be expired.

Security Tips

• Store secrets in a dedicated secrets manager (AWS Secrets Manager, Vault, etc.).
• Rotate secrets at least every 90 days.
• Limit outbound traffic so only trusted backend services can reach the auth endpoint.