Smartsheet app authorization
Greetings,
Looking for a little guidance. I would like to develop an app that sends data to a sheet through HTTP.
I have used the Python SDK with a raw token in the past but now I need a more secure solution and figured creating a 3rd part app is the way to go.
I am having trouble with the workflow. Whilst following the documentation, I created my app and got my client id/secret and the next step being authorization,
i send a GET request to https://app.smartsheet.com/b/authorize , with header
client_id:*******************
response_type:code
scope:READ_SHEETS
and it returns
To further add to my confusion is that the docs say the next step is for the user to authorize my app to access their account, but what user I haven't specified any user anywhere?
Could anyone clarify this workflow for me? thanks kindly.
Answers
-
Hi @msexton
It sounds like you may need help in regards to Access Scopes, see the 4th step in Setting Up OAuth2.0 with your app: https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/First-Steps
Your scope is set to READ_SHEETS but you may want to try WRITE_SHEETS instead, to enable your app to make updates to the Smartsheet sheet.
To access a user's Smartsheet data (or your Smartsheet account), your application must explicitly ask the user (the Smartsheet account holder) for permission.
You do this by using access scopes, which enable your app to communicate to the user (the Smartsheet account holder) what type of operations it is performing.
The Request an Authorization Code section of the Documentation has a picture example of what the "user" (Smartsheet account holder) will see when being asked to authorize your app to make updates to their sheets/account.
I hope that helps!
Cheers,
Genevieve
-
Hi Folks,
Is it not possible to incorporate some type of smartsheet authentication layer within the Python SDK?
To allow some form of dynamic secret variable for users - without having to ref a hard coded a personal secret.
For example a web app, first landing on this:
https://app.smartsheet.com/b/authorize?response_type=code&client_id={data["client_id"]}&scope=READ_SHEETS&state=NAME_REPORTThen - once they select 'accept' - they get access to the web app including options for selecting all the available smartheet sheets to perform some action against?
kind regards,
-
Hi.
smartsheet.tokens.getAccessToken(options)
Why doesn't it work? Writes that this is not a function.
//npm smartsheet
-
Hey @natebi
Would you be able to clarify your specific scenario and request/actions a little more?
The API docs have a workflow diagram that may be helpful for you to review in regards to the OAuth flow, see: https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/OAuth-Flow
You may also want to check out StackOverflow with the tag [Smartsheet-API] to connect with other developers.
Cheers,
Genevieve
-
Hi @Bortyk
It would also be helpful to have more context of your request as well - what is it you're looking to accomplish?
Here's the documentation for Token Methods during an OAuth flow: https://smartsheet.redoc.ly/tag/token
Here's the documentation regarding Access Tokens in general: https://smartsheet.redoc.ly/#section/API-Basics/Authentication-and-Access-Tokens
Cheers,
Genevieve
-
@Genevieve P. Yep no problem,
I am building a poc web app solution to solve a reporting gap we have. The web app concept connects directly to Smartsheet for users to log-in (using the in-house authentication) and select the smartsheet sheet from a list of their sheets to input it into a fixed report/dashboard template that is sent to the body of an email. Two parts of this are challenging:
- Getting the list of all the sheets that the user would normally see - there seems to be a limited access because list_sheets() isn't showing all the sheets I have visibility of normally.
- Allowing for a dynamic log-in so if users would only see what they are privy to - as if logging into smartsheet.
It's quite an undertaking, but if Smartsheet allowed dashboards to be sent to the body of an email that would solve the problem.
Kind regards,
-
Hi! I got an access token. Then I created a smartsheetClient on the server.
But how to create and where to store each new smartsheetClient for each new authorized user?
Something like that?
NODE.js
const user1SmartsheetClient = smartsheet.createClient({
accessToken: 'USER1_ACCESS_TOKEN'
});
const user2SmartsheetClient = smartsheet.createClient({
accessToken: 'USER2_ACCESS_TOKEN'
});
-
Hey @natebi
Apologies for the delay!
1) List Sheets has a default pageSize of 100. Is it possible you're seeing limited data due to the page number and page size identified in the request?
https://smartsheet.redoc.ly/tag/sheets#operation/list-sheets
2) The OAuth flow should enable your application to access data on behalf of a user. https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/OAuth-Flow
In regards to sending Dashboards via email, please feel free to vote on this Product Idea to send your feedback to the Product team: Send Dashboard via email - manually and automated workflow
I know this is something they are actively thinking about and working on - you can read more in this blog post by Ben.
Cheers,
Genevieve
