Issue with the bearer token

So the admin of our Smartsheet service sent me a bearer token to use the api to pull data into our Oracle Database. I get the following error.

{

 "errorCode" : 1004,

 "message" : "You are not authorized to perform this action.",

 "refId" : "1jd95h909du6u"

}

Now this bearer token works using cURL calls from the server, and it works in Postman. But when I adapt it to plsql (which I've done a lot with other apis) I get that error.

Any advice on what to try next?

Answers

  • Genevieve P.
    Genevieve P. Employee Admin

    Hi @JasonA.wec

    The PL-SQL query language shouldn't affect authentication. Can I confirm that you are sending the Header Authorization Bearer <api token> with your PL-SQL call?

    If so, is it possible that the action you're looking to take is not one that this account can perform (ex. is not shared to the sheet with the right permissions)?

    You noted that the token works in Postman, but does the action work as well? Could you test the action directly in the UI to see if you get an error there?

    Cheers!

    Genevieve

  • So yes. I am using the List Sheets api. The token is tied to an Admin account so should not be a permission issue

    https://api.smartsheet.com/2.0/sheets
    

    I am passing the token header as well.

    In both CURL and Postman I get a successful response with a listing of sheets.My plsql package does this action with stripe and several other apis out there the same method. So i'm not sure what might be wrong in this case.

    Does that "refId" in the error code mean anything to your people?

  • Genevieve P.
    Genevieve P. Employee Admin

    Hi @JasonA.wec

    Good to know, thank you for this additional information. I haven't personally tried to do a REST API call from PL-SQL... but I found this other thread that talks about access control list which may be relevant:  https://asktom.oracle.com/pls/apex/asktom.search%3Ftag%3Drest-api-from-plsql

    If this hasn't helped, I would suggest reaching out to Smartsheet Support with full screen captures and your code so they can review this with you in a private channel.

    Cheers,

    Genevieve

  • Yeah I'm pretty well versed in calling REST apis from pl/sql and like I said this should have worked.


    Is there anything to that refId from the error code that can be used to troubleshoot the issue?

  • Genevieve P.
    Genevieve P. Employee Admin

    Hi @JasonA.wec

    The error you're seeing is the error if the auth header isn't passed at all; the refId won't speak to anything more than that. Support will be able to help further if you can provide them with the code and more details (screen captures, account email address, etc).

    Thanks!

    Genevieve