Smartsheet supports connections via the following authentication methods:

• Using the Personal Access Token

• Using OAuth

Personal Access Token

Use the personal token to test and to access your own data. To obtain the personal token, follow the steps below:

1. Log into Smartsheet.

2. Click Account and select Personal Settings.

3. Click API Access and use the form to generate new access tokens or manage existing access tokens.

Set the AuthScheme to PersonalAccessToken. You can then set the PersonalAccessToken to the token you generated.

OAuth

Smartsheet uses the OAuth authentication standard. To use it, you'll need to set the AuthScheme to OAuth. To authenticate using OAuth, you will need to register an app to obtain the OAuthClientId, OAuthClientSecret, and CallbackURL connection properties.

However, to access your own account or for testing purposes you can instead set the PersonalAccessToken connection property to the Personal Access Token you get when you create an application.

Create an App

For this step you need a developer account. You can follow the procedure below to register an app and obtain the OAuth client credentials, the client Id and client secret:

1. Log into your Smartsheet developer account and click Account -> Developer Tools -> Create New App.

2. Enter a name, description, and other information to be displayed to users when they log in to grant permissions to your app.

3. If you are making a desktop application, set the Redirect URL to http://localhost:33333 or a different port number of your choice.

   If you are making a Web application, set the Redirect URL to a page on your Web app you would like the user to be returned to after they have authorized your application.

Authenticate to Smartsheet

After setting the following connection properties, you are ready to connect:

• OAuthClientId: Set this to the App client id in your app settings.

• OAuthClientSecret: Set this to the App secret in your app settings.

• CallbackURL: Set this to the App redirect URL in your app settings.

• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.

When you connect the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.

2. Refreshes the access token when it expires.

3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.