As noted above, if you use the magic auto-registration method you must first flash your device with a special provision key that is unique to you (the fleet owner) but is not unique per device. In fact, it is identical (by design) on all of your devices after they come off the factory line.
Once you have WiFi credentials configured and the device can connect to to web, then a POST to the mDash /customer endpoint must be made with this special provision key.
Once this happens, then mDash automagically replaces this special key with a unique pub key on the device and in your customer object. This pub key will be associated with your device from that point forward.
I may not have this 100% accurate (as it’s not publicly documented) but you should get the jist.
Hope this helps,