Token Methods

Gets or Refreshes an Access Token

Gets or refreshes an access token, as part of the OAuth process.

query Parameters
client_id
required
string

The client Id you obtained when you registered your app.

client_secret
string

(Optional) Must use either this value or hash. Plain text method for sending this value. For example, client_secret={app_secret}. Encryption occurs at the HTTPS level.

code
string

Authorization code acquired after user selects "Allow" in the Web login UI.

grant_type
required
string
Enum: "authorization_code" "refresh_token"

Must be set to "authorization_code".

hash
string

(Optional) Must use either this value or client_secret. SHA-256 hash of your app secret concatenated with a pipe and the authorization code. For example, hash={SHA_256(app_secret|code)}.

refresh_token
string

refresh_token value that came with the access token.

redirect_url
string

Deprecated. If supplied, must match the redirect URI you registered for your app.

header Parameters
Content-Type
string
Value: "application/x-www-form-urlencoded"

Required for POST and PUT requests. Defines the structure for the response.

Responses

Request samples

curl -i -X POST \
  'https://api.smartsheet.com/tokens?client_id=string&client_secret=string&code=string&grant_type=authorization_code&hash=string&refresh_token=string&redirect_url=string' \
  -H 'Content-Type: application/x-www-form-urlencoded'

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "token_type": "string",
  • "expires_in": 604799,
  • "refresh_token": "string"
}

Revoke Access Token

Revokes the access token used to make this request. The access token is no longer valid, and subsequent API calls made using the token fail.

query Parameters
deleteAllForApiClient
boolean
Default: false

The client Id and user Id is fetched based on the token that is used to make this API call. A value of true deletes all tokens associated to the given client Id and user Id.

header Parameters
Authorization
string
Example: Bearer ll352u9jujauoqz4gstvsae05

API Access Token used to authenticate requests to Smartsheet APIs.

Responses

Request samples

curl -i -X DELETE \
  'https://api.smartsheet.com/tokens?deleteAllForApiClient=false' \
  -H 'Authorization: Bearer ll352u9jujauoqz4gstvsae05'

Response samples

Content type
application/json
{
  • "version": 0,
  • "failedItems": [
    ],
  • "message": "SUCCESS",
  • "resultCode": 0
}
➔ Next to Update Requests Basics