I’m investigating use case when device have to download/upload concrete file from/to Pantaris storage. Base on documentaion, using access token for device is only one suitable approach for that. But such token as I see doesn’t have any protection from downloading all data available at project storage and also have rich access to project REST API. I’d rather expect something like Azure Storage SAS token where only concrete operation allow for user in limited scope. In case of having single token for everything if token is compromised, it would lead to loosing private customer data.
Could you please give me a hint what the workflow is intended for such use case? Are you going to implement SAS tokens mechanism?