API Access Token for Single Sheet

Brent Taira
Brent Taira
edited 06/14/22 in Add Ons and Integrations

Hi,

I would like to generate an API Access Token for a single sheet.  Currently, if I provide my API Access Token in a script for others to use, they can use it to access all of my sheets (and those shared with me).

Please let me know how to do this.

Thanks,

Brent

Tags:
· Share on FacebookShare on Twitter

Comments

  • J. Craig Williams
    J. Craig Williams ✭✭✭✭✭✭

    I create a special user and share the only the sheets need for the API.

    Since I use gmail, I can have multiple email addresses going to the same inbox.

    The API token can be generated by a non-licensed user.

    Craig

    · Share on FacebookShare on Twitter
  • Brent Taira
    Brent Taira

    Thanks Craig.

    Unfortunately, my company does not allow me to share a sheet with an "external" user so I can't use this as a work around.

    I could move the sheet to my external account and share it from there, but that would be against the security policy.

    Other thoughts?

    Thanks,

    Brent

    · Share on FacebookShare on Twitter
  • J. Craig Williams
    J. Craig Williams ✭✭✭✭✭✭

    At my previous company, we were using SSO with Smartsheet.

    I created a user (not a SysAdmin!)

    api_01@mycompany.com

    I had IT forward any emails to me.

    I would log in as that user to set the token only once. After that I only needed to log in if something was wrong (it never was)

    I would share sheets or workspaces as need to the 'user'.

    I don't give access tokens to other people. If they need to access something, they should create their own token.

    IT was happy  because this is MORE secure than not having the user.

    Craig

     

     

    · Share on FacebookShare on Twitter
  • SmartSheetUser
    SmartSheetUser

    In order for the token to work doesn't the token creator need to be the owner of the sheet?

    · Share on FacebookShare on Twitter
  • Brent Taira
    Brent Taira

    The token will work if you have visibility to that sheet.  You do not need to be the owner. 

    You may have restrictions on what you can do to the sheet as a viewer (e.g. cannot add rows or similar).  This can be circumvented by adding the others as editors.

    This is very unsecure as the API token allows access to all of your sheets.

     

    · Share on FacebookShare on Twitter
  • chanmar
    chanmar ✭✭

    Sorry to bring up an old thread - but do you know if this is still the case re: API token can be generated by a non-licensed user? I'm seeing differently and wonder if it's just me or something changed.

    · Share on FacebookShare on Twitter

Categories

Help shape the future of Smartsheet.
Share your ideas and feature requests.

 Watch video