Remove Access Token

It is not a good idea to send back with the access token with the device representation. It opens more vulnerabilities. Find a way to send back the websocket notification without that being applied. Maybe with a unique generated ID. 
