Confused about API and access levels

Hassan Rachid

Hello,

I am trying to perform a workflow where I:

1. Make a request to list all sheets
   1. For this step, I am using this endpoint: `https://api.smartsheet.com/2.0/sheets?includeAll=true`
2. Choose a sheet
3. Make a second request to get more information about that sheet using the sheet id from the first step
   1. For this step, I am using this endpoint: `https://api.smartsheet.com/2.0/sheets/{{sheetId}}?include=rowPermaLink,objectValue&level=2`

For some sheets this works fine. However, there are many sheets that are listed in step one that provide a 404 in step three. When I navigate to the permalink provided for those that fail, I am told that I need to request access.

So I guess my questions are:

1. Is it expected that these additional sheets that I do not have access to show up in the response to list sheets?
2. If so, how can I tell the difference between sheets I have access to and ones that I don't? As far as I can tell, there is nothing that distinguishes between them in the response. The access level for both is EDITOR_SHARE
3. If not, what am I doing wrong?

Isaac A.

Hi @Hassan Rachid!

You might be hitting an expected behavior with the Smartsheet API. It is expected that the "List Sheets" operation (GET /sheets) can return sheets to which you may not have full access. When you then try to retrieve detailed information about those specific sheets using "Get Sheet" (GET /sheets/{sheetId}), and you lack sufficient permissions, this will result in a 404 error.

The key to understanding this lies in the accessLevel field returned in the "List Sheets" response. To distinguish between sheets you have access to and those you don't, you should examine this accessLevel for each sheet.

As per our documentation for List Sheets, the response includes an accessLevel for each sheet. The Get Sheet operation also has an accessApiLevel query parameter that allows for COMMENTER access for inputs and return values, with VIEWER as the default.

If the accessLevel for a sheet is VIEWER or COMMENTER, it means you might not have sufficient permissions to retrieve all details of that sheet. This is why you could encounter a 404 error when attempting to use "Get Sheet" with a higher level of access implied by your request (e.g., when requesting rowPermalink or objectValue). An accessLevel of "VIEWER" means you can see the sheet in the list, but you might not be able to retrieve its full details.

To ensure you only attempt to retrieve detailed information for sheets you have sufficient access to, you should check the accessLevel returned in the "List Sheets" response. If the accessLevel is "EDITOR_SHARE" or "ADMIN", you should be able to retrieve more detailed information. If it's "VIEWER" or "COMMENTER", you might encounter a 404 or a permissions error when trying to get full sheet details.

Here are all the relevant references from our API Docs:

• List Sheets
• HTTP And REST
• Get Sheet
• Getting Started -- Make Your First Request
• Search Sheet

Please double-check your permissions according to the information provided above. I highly recommend using Postman to test your calls, as it's a very effective troubleshooting tool. You can include screenshots of your calls for us to test, just make sure to blur any sensitive information.

However, since this is fundamentally a matter of permissions, if you've checked the information above and you're still having trouble, our Support Team has the appropriate tools to check your permissions on the backend through a private channel. In case you contact our Support Team, please make sure to include as much detail as you can, including Sheet IDs and screenshots of the API calls giving errors.

I hope this helps!

Cheers,
Isaac.

Hassan Rachid

Hi @Isaac A.

Thanks for the thorough response. The sheets I am getting a 404 on do have the "EDITOR_SHARE" accessLevel. This is an example.

Here is a response from the list sheets endpoint

But when I navigate to or try to use the get sheet by id endpoint, I get access denied / 404

Isaac A.

Hey @Hassan Rachid!

Thank you for sharing the screenshots. I've tested but I'm unable to reproduce the error. See screenshot:

With this being said, I highly recommend contacting our Support Team, Please make sure to include as much detail as you can, including Sheet IDs and screenshots of the API calls giving errors. When you find a solution, please post it back here, so other users can find it for reference in the future.

Cheers,
Isaac.

Hassan Rachid

@Isaac A.

Yeah it works normally for some sheets with that access level but not others. I'll reach out to support, thanks