API Access Token for Single Sheet

Hi,

I would like to generate an API Access Token for a single sheet. Currently, if I provide my API Access Token in a script for others to use, they can use it to access all of my sheets (and those shared with me).

Please let me know how to do this.

Thanks,

Brent

Find more posts tagged with

Integrations

Product Development

Project Management

Enhancement Request

Comments

J. Craig Williams

I create a special user and share the only the sheets need for the API.

Since I use gmail, I can have multiple email addresses going to the same inbox.

The API token can be generated by a non-licensed user.

Craig

Brent Taira

Thanks Craig.

Unfortunately, my company does not allow me to share a sheet with an "external" user so I can't use this as a work around.

I could move the sheet to my external account and share it from there, but that would be against the security policy.

Other thoughts?

Thanks,

Brent

J. Craig Williams

At my previous company, we were using SSO with Smartsheet.

I created a user (not a SysAdmin!)

api_01@mycompany.com

I had IT forward any emails to me.

I would log in as that user to set the token only once. After that I only needed to log in if something was wrong (it never was)

I would share sheets or workspaces as need to the 'user'.

I don't give access tokens to other people. If they need to access something, they should create their own token.

IT was happy because this is MORE secure than not having the user.

Craig

SmartSheetUser

In order for the token to work doesn't the token creator need to be the owner of the sheet?

Brent Taira

The token will work if you have visibility to that sheet. You do not need to be the owner.

You may have restrictions on what you can do to the sheet as a viewer (e.g. cannot add rows or similar). This can be circumvented by adding the others as editors.

This is very unsecure as the API token allows access to all of your sheets.

chanmar

Sorry to bring up an old thread - but do you know if this is still the case re: API token can be generated by a non-licensed user? I'm seeing differently and wonder if it's just me or something changed.

Sign in to join the conversation!

Quick Links

Trending discussions

Onedrive & DocuSign Integration Capabilities
I am in the process of designing our Smartsheets workflow and am trying to better understand the capabilities / limitations of these integrations. Current Process: 1) We receive a PDF (say an invoice). 2)Manually save the file in Onedrive updating the file name. 3) Manually enter the data from the PDF into a SS Form and…
Dynamic View - Loading Issues
Is anyone experiencing issues with Dynamic View showing a bunch of blank flashing rows when loading instead of the normal revolving circle that says loading? As a result, it shows the flashing rows for a bit and then nothing to display despite the fact it should be displaying certain data for users. We have shared groups…
DocuSign Status Column Not Updating Consistently (Non-Mapping Issue)
Hi Smartsheet Community, We’re hoping to tap into the collective expertise here about a DocuSign integration issue. Here’s our setup: •All information is collected via a Smartsheet form. •Based on certain cell values, one of several DocuSign integrations is triggered. •Documents are generated and routed correctly in…