How to obtain access to WorkSheet Home without following 3-leg OAuth process

edited 12/09/19 in API & Developers


We are using SmartSheet to store multiple sheets that should be created by one person.  This person will share one or more sheets in each of multiple workspaces.

I am writing an application (in C#, hosted on AWS Lambda) that must access each Workspace, and Sheet, and read each Sheet.  I am using the official SmartSheet C# SDK.

The application code seems to work when I execute it manually.  It can access my Sheets in multiple Workspaces, and I only have a Trial/Free account.

When I attempt to execute the code to access another Workspace/Home, it times-out in the DefaultHttpClient.CreateRestRequest()  method call where I am tring to perform a HomeResources.GetHome() request.

Do I need to authorise my application to perform this?  (As described here:

If so, how?  My code is not hosted on a web server - it's not on a web page, so I don't know how it could be authorised by the aforementioned process.

Do I need to do something like described in the following links:


  • Dave.Robinson
    edited 08/01/19

    Ok, so I worked it out.

    Firstly, the OAuth process is necessary only if you want to access SmartSheet with a specific user's credentials.

    And regarding the OAuth 3 leg authorisation, I followed the example located at the following URL...

    ... and I was able to get a token.


    For my use-case, I worked out that I didn't need the OAuth token.


    NOTE:  The OAuth token is only valid for 7 days.  You are required to refresh the token periodically.

  • Dave.Robinson
    edited 08/02/19

    I spoke too soon.  My code is timing out again.  Investigating whether it is AWS that's the cause.  I hope so.

  • dave-inden
    dave-inden ✭✭✭

    Did you ever get this working? As for the Smartsheet side of things it sounds like you won't need to use the OAuth flow to get your requests made. Instead you can generate an access token from within the account that has the correct access to everything and then set that as an environment variable or put it in a config file of some kind to access it. Then you can set the access token when constructing your Smartsheet client. More info on Access Tokens is in the docs.

  • Yes, I got it working.  As I mentioned in my first (2nd?) post, OAuth is not required for this, and having the Accesstoken works fine.

    Using the links I posted I was able to build an OAuth "hack" that allowed me to get access __IF__ I wanted to do things that way.  Any OAuth authenticated access is valid for 7 days though.  And for me, that would be a challenge.