Smartsheet app authorization

msexton
msexton
edited 02/22/22 in API & Developers

Greetings,

Looking for a little guidance. I would like to develop an app that sends data to a sheet through HTTP.

I have used the Python SDK with a raw token in the past but now I need a more secure solution and figured creating a 3rd part app is the way to go.

I am having trouble with the workflow. Whilst following the documentation, I created my app and got my client id/secret and the next step being authorization,

i send a GET request to https://app.smartsheet.com/b/authorize , with header

client_id:*******************

response_type:code

scope:READ_SHEETS


and it returns


To further add to my confusion is that the docs say the next step is for the user to authorize my app to access their account, but what user I haven't specified any user anywhere?


Could anyone clarify this workflow for me? thanks kindly.

Tags:

Answers

  • Hi @msexton

    It sounds like you may need help in regards to Access Scopes, see the 4th step in Setting Up OAuth2.0 with your app: https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/First-Steps

    Your scope is set to READ_SHEETS but you may want to try WRITE_SHEETS instead, to enable your app to make updates to the Smartsheet sheet.


    To access a user's Smartsheet data (or your Smartsheet account), your application must explicitly ask the user (the Smartsheet account holder) for permission.

    You do this by using access scopes, which enable your app to communicate to the user (the Smartsheet account holder) what type of operations it is performing.


    The Request an Authorization Code section of the Documentation has a picture example of what the "user" (Smartsheet account holder) will see when being asked to authorize your app to make updates to their sheets/account.

    I hope that helps!

    Cheers,

    Genevieve

    Join us for Jumpstart 2025 with Community on 23 January (in two time zones)! 🎉 Register here.

  • natebi
    natebi ✭✭
    edited 06/28/23

    Hi Folks,

    Is it not possible to incorporate some type of smartsheet authentication layer within the Python SDK?

    To allow some form of dynamic secret variable for users - without having to ref a hard coded a personal secret.

    For example a web app, first landing on this:

    https://app.smartsheet.com/b/authorize?response_type=code&client_id={data["client_id"]}&scope=READ_SHEETS&state=NAME_REPORT
    

    Then - once they select 'accept' - they get access to the web app including options for selecting all the available smartheet sheets to perform some action against?

    kind regards,

  • Bortyk
    Bortyk ✭✭

    Hi.

    smartsheet.tokens.getAccessToken(options)
    

    Why doesn't it work? Writes that this is not a function.

    //npm smartsheet

  • Hey @natebi

    Would you be able to clarify your specific scenario and request/actions a little more?

    The API docs have a workflow diagram that may be helpful for you to review in regards to the OAuth flow, see: https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/OAuth-Flow

    You may also want to check out StackOverflow with the tag [Smartsheet-API] to connect with other developers.

    Cheers,

    Genevieve

    Join us for Jumpstart 2025 with Community on 23 January (in two time zones)! 🎉 Register here.

  • Hi @Bortyk

    It would also be helpful to have more context of your request as well - what is it you're looking to accomplish?

    Here's the documentation for Token Methods during an OAuth flow: https://smartsheet.redoc.ly/tag/token

    Here's the documentation regarding Access Tokens in general: https://smartsheet.redoc.ly/#section/API-Basics/Authentication-and-Access-Tokens

    Cheers,

    Genevieve

    Join us for Jumpstart 2025 with Community on 23 January (in two time zones)! 🎉 Register here.

  • natebi
    natebi ✭✭

    @Genevieve P. Yep no problem,

    I am building a poc web app solution to solve a reporting gap we have. The web app concept connects directly to Smartsheet for users to log-in (using the in-house authentication) and select the smartsheet sheet from a list of their sheets to input it into a fixed report/dashboard template that is sent to the body of an email. Two parts of this are challenging:

    1. Getting the list of all the sheets that the user would normally see - there seems to be a limited access because list_sheets() isn't showing all the sheets I have visibility of normally.
    2. Allowing for a dynamic log-in so if users would only see what they are privy to - as if logging into smartsheet.

    It's quite an undertaking, but if Smartsheet allowed dashboards to be sent to the body of an email that would solve the problem.

    Kind regards,

  • Bortyk
    Bortyk ✭✭

    Hi! I got an access token. Then I created a smartsheetClient on the server.

    But how to create and where to store each new smartsheetClient for each new authorized user?


    Something like that?

    NODE.js


    const user1SmartsheetClient = smartsheet.createClient({

    accessToken: 'USER1_ACCESS_TOKEN'

    });


    const user2SmartsheetClient = smartsheet.createClient({

    accessToken: 'USER2_ACCESS_TOKEN'

    });

  • Hey @natebi

    Apologies for the delay!

    1) List Sheets has a default pageSize of 100. Is it possible you're seeing limited data due to the page number and page size identified in the request?

    https://smartsheet.redoc.ly/tag/sheets#operation/list-sheets

    2) The OAuth flow should enable your application to access data on behalf of a user. https://smartsheet.redoc.ly/#section/OAuth-Walkthrough/OAuth-Flow


    In regards to sending Dashboards via email, please feel free to vote on this Product Idea to send your feedback to the Product team: Send Dashboard via email - manually and automated workflow

    I know this is something they are actively thinking about and working on - you can read more in this blog post by Ben.

    Cheers,

    Genevieve

    Join us for Jumpstart 2025 with Community on 23 January (in two time zones)! 🎉 Register here.