Using OAuth

Use OAuth to enable other users to access their own data.

Create an App

For this step you need a developer account. You can follow the procedure below to register an app and obtain the OAuth client credentials, the client Id and client secret:

1. Log into your Smartsheet developer account and click Account -> Developer Tools -> Create New App.
2. Enter a name, description, and other information to be displayed to users when they log in to grant permissions to your app.

3. If you are making a desktop application, set the Redirect URL to http://localhost:33333 or a different port number of your choice.

   If you are making a Web application, set the Redirect URL to a page on your Web app you would like the user to be returned to after they have authorized your application.

Authenticate to Smartsheet from a Desktop Application

After setting the following connection properties, you are ready to connect:

• OAuthClientId: Set this to the App client id in your app settings.
• OAuthClientSecret: Set this to the App secret in your app settings.
• CallbackURL: Set this to the App redirect URL in your app settings.
• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.

When you connect the driver opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.
2. Refreshes the access token when it expires.
3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

Authenticate to Smartsheet from a Web Application

To obtain the access token, set the following connection properties:

• OAuthClientId: Set this to the App client id in your app settings.
• OAuthClientSecret: Set this to the App secret in your app settings.

When connecting via a Web application, or if the driver is not authorized to open a browser window, you need to exchange a verifier code for the OAuthAccessToken:

1. Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
2. Log in and authorize the application. You are redirected back to the callback URL.
3. Extract the verifier code from the "code" query string parameter of the CallbackURL and call GetOAuthAccessToken.

To make requests to Smartsheet, set OAuthAccessToken. When the access token expires, call RefreshOAuthAccessToken. Given a refresh token as input, it returns a valid OAuth access token.