3rd Party Apps

Christopher Alfaro
Christopher Alfaro ✭✭
in API & Developers

How can I let my application know who is accessing the application before it has an actual Smartsheet access token? If I understand correctly the first time the user uses the authorize link it generates the token and we can use that initially. The second time the user accesses the web app they are going through the direct link and not authorizing again. How can I get and use the token they previously received during the authentication (assuming it is not expired).


My assumption is we need to get the user name or id and compare that to a list of users/tokens. Again how can I get the user name without having a token?


Any help appreciated, let me know if the above makes sense.

Fairly new to web based applications, using C# / ASP.NET.

· Share on FacebookShare on Twitter

Answers

  • Genevieve P.
    Genevieve P. Employee Admin

    Hi @Christopher Alfaro

    It sounds like you're building an application that you want to access Smartsheet. In this case, apps connect to Smartsheet using OAuth 2.0 to authenticate and authorize users.This is the Smartsheet API documentation for setting up your OAuth flow:

    This flow could identify the username and token, and your app database would show this (see the documentation above).

    However, if you are talking about using the API directly, then Smartsheet does not allow enquiring a user's password (or access token).

    Cheers,

    Genevieve

    · Share on FacebookShare on Twitter
  • Christopher Alfaro
    Christopher Alfaro ✭✭

    @Genevieve Thanks for the reply.

    I don't want to access the API directly, I want to prevent the Smartsheet user from having to "Allow" the application each time they want to access it.

    The first time they access the application and go through oAuth, Smartsheet registers the application and sends a code to retrieve a token. How does one set up the oAuth and or Application to remember which users have already consented access?

    · Share on FacebookShare on Twitter
  • Genevieve P.
    Genevieve P. Employee Admin

    Hi @Christopher Alfaro

    Thank you for clarifying! Access tokens expire after 7 days so they will need to approve the application once a week. (See: OAuth Flow - Access Tokens)

    For security reasons, this currently isn't able to be configured or changed, but please let our Product team know about your feedback by filling in this form here.

    Thanks!

    Genevieve

    · Share on FacebookShare on Twitter

Categories