API Access Token for Single Sheet

Hi,

I would like to generate an API Access Token for a single sheet. Currently, if I provide my API Access Token in a script for others to use, they can use it to access all of my sheets (and those shared with me).

Please let me know how to do this.

Thanks,

Brent

Find more posts tagged with

Integrations

Product Development

Project Management

Enhancement Request

Comments

J. Craig Williams

I create a special user and share the only the sheets need for the API.

Since I use gmail, I can have multiple email addresses going to the same inbox.

The API token can be generated by a non-licensed user.

Craig

Brent Taira

Thanks Craig.

Unfortunately, my company does not allow me to share a sheet with an "external" user so I can't use this as a work around.

I could move the sheet to my external account and share it from there, but that would be against the security policy.

Other thoughts?

Thanks,

Brent

J. Craig Williams

At my previous company, we were using SSO with Smartsheet.

I created a user (not a SysAdmin!)

api_01@mycompany.com

I had IT forward any emails to me.

I would log in as that user to set the token only once. After that I only needed to log in if something was wrong (it never was)

I would share sheets or workspaces as need to the 'user'.

I don't give access tokens to other people. If they need to access something, they should create their own token.

IT was happy because this is MORE secure than not having the user.

Craig

SmartSheetUser

In order for the token to work doesn't the token creator need to be the owner of the sheet?

Brent Taira

The token will work if you have visibility to that sheet. You do not need to be the owner.

You may have restrictions on what you can do to the sheet as a viewer (e.g. cannot add rows or similar). This can be circumvented by adding the others as editors.

This is very unsecure as the API token allows access to all of your sheets.

chanmar

Sorry to bring up an old thread - but do you know if this is still the case re: API token can be generated by a non-licensed user? I'm seeing differently and wonder if it's just me or something changed.

Sign in to join the conversation!

Quick Links

Trending discussions

Anyone getting JIRA API errors using the connector?
We are using the Jira/Smartsheets connector and got this error: Invalid response from JIRA. statusCode: 410, reasonPhrase: Gone The requested API has been removed. Please migrate to the /rest/api/3/search/jql API. A full migration guideline is available at Looks like the connector needs to be updated. Anyone know anything…
Dirty save - #BLOCKED/Invalid Value issue when using integration until manually save the sheet
Hello everyone, We’re facing a critical issue in one of our Reports. We use integration and it adds values to the sheets. The corrected values don't seem to auto-save. Formulas in sheets first show #BLOCKED/Invalid Value, then if we refresh the sheet - it updates to the correct numbers. The save button is active even…
Smartsheet for Google Drive doesn't seem to be available anymore
Trying to access Smartsheet for Google Drive and it seems it's not available anymore: https://workspace.google.com/marketplace/app/app/46145466229 Also the app is not listed when searching on Google Marketplace.