How to use access_token? (api.smartsheet.com/2.0/token)

Bortyk

Node.js

How to use access_token?

I'm making a request:

axios.post('https://api.smartsheet.com/2.0/token')...

response:

{

access_token: 'xxx',

token_type: 'bearer',

refresh_token: 'xxx',

expires_in: 604799

}

var smartsheet = client.createClient({

accessToken: 'xxx',

logLevel: 'info',

});

But the result is always the same:

statusCode: 403,

errorCode: 1004,

message: 'You are not authorized to perform this action.',

refId: 'cdx056'

Why is that? Why is the access Token incorrect?

Find more posts tagged with

Accepted answers

Genevieve P.

Hey @Bortyk

An Access Token will only provide you with the same permissions and access that the account has in the Smartsheet UI.

For example, if you're trying to Edit a sheet through the API, you'll need to have at least Editor permissions on that sheet in the UI.

I would suggest making sure that the account you're using to access the API has the correct permissions on each item and also in the account as well (e.g. if it needs to be a System Admin for the plan or not).

Cheers,

Genevieve

All comments

Bortyk

All I've realized now is that this token doesn't have enough access rights to make requests. All I managed to do was get data about myself using the smartsheet_client code

.Users.get_current_user()

How do I get more rights? How exactly should this be prescribed and where?

Hamza1

Hi @Bortyk,

The error message you're getting usually occurs when the Authentication header is set incorrectly- the bearer may not have been added to the header value or there isn’t a space between Bearer and the access token.

More information on this is outlined in the following Smartsheet API documentations:

The complete list of error codes for Smartsheet API- see your error code listed there
The resolution of these errors

To generate a new access token:

On the left Navigation Bar, select Account.
Select Apps & Integrations.
In the Personal Settings form, select API Access.
In the API Access tab, select Generate new access token.
You can also revoke existing tokens in this tab.

More information on this is outlined in the Help article here. Additionally, there is a community of developers that can be a great resource for troubleshooting issues regarding your use case.

Thanks,

Hamza

Bortyk

All I've realized now is that this token doesn't have enough access rights to make requests. All I managed to do was get data about myself using the smartsheet_client code

.Users.get_current_user()

How do I get more rights? How exactly shosduld this be prescribed and where?

Need use SCOPE

app.get('/auth2', (req, res) => {
  const authUrl = 'https://app.smartsheet.com/b/authorize';
  const params = {
    response_type: 'code',
    client_id: 'xxxxxxxx', // CLIENT_ID
    scope: 'ADMIN_SHEETS ADMIN_USERS READ_SHEETS READ_USERS READ_CONTACTS WRITE_SHEETS'
  };
  const url = authUrl + '?' + new URLSearchParams(params);
  res.redirect(url)
});

Genevieve P.

Hey @Bortyk

An Access Token will only provide you with the same permissions and access that the account has in the Smartsheet UI.

For example, if you're trying to Edit a sheet through the API, you'll need to have at least Editor permissions on that sheet in the UI.

Cheers,

Genevieve

Sign in to join the conversation!

Quick Links

Component react.discussion.discussions had an error.

ref must be one of: categoryID, siteSectionID, category, category/categoryID, category/name, category/description, category/url, category/allowedDiscussionTypes, locale, siteSection, siteSection/basePath, siteSection/contentLocale, siteSection/sectionGroup, siteSection/sectionID, siteSection/name, siteSection/description, siteSection/apps, siteSection/attributes, layoutViewType, discussionID, commentID, page, sort, discussion, discussion/name, tags, breadcrumbs, discussionApiParams, serverDraftID, serverDraft.