Gets or Refreshes an Access Token
Gets or refreshes an access token, as part of the OAuth process.
query Parameters
| client_id required | string The client Id you obtained when you registered your app. |
| client_secret | string (Optional) Must use either this value or hash. Plain text method for sending this value. For example, client_secret={app_secret}. Encryption occurs at the HTTPS level. |
| code | string Authorization code acquired after user selects "Allow" in the Web login UI. |
| grant_type required | string Enum: "authorization_code" "refresh_token" Must be set to "authorization_code". |
| hash | string (Optional) Must use either this value or client_secret. SHA-256 hash of your app secret concatenated with a pipe and the authorization code. For example, hash={SHA_256(app_secret|code)}. |
| refresh_token | string refresh_token value that came with the access token. |
| redirect_url | string Deprecated. If supplied, must match the redirect URI you registered for your app. |
header Parameters
| Content-Type | string Value: "application/x-www-form-urlencoded" Required for POST and PUT requests. Defines the structure for the response. |
Responses
Request samples
- curl
- Python
- C#
curl -i -X POST \ 'https://api.smartsheet.com/tokens?client_id=string&client_secret=string&code=string&grant_type=authorization_code&hash=string&refresh_token=string&redirect_url=string' \ -H 'Content-Type: application/x-www-form-urlencoded'
Response samples
- 200
- default
{- "access_token": "string",
- "token_type": "string",
- "expires_in": 604799,
- "refresh_token": "string"
}Revoke Access Token
Revokes the access token used to make this request. The access token is no longer valid, and subsequent API calls made using the token fail.
query Parameters
| deleteAllForApiClient | boolean Default: false The client Id and user Id is fetched based on the token that is used to make this API call. A value of true deletes all tokens associated to the given client Id and user Id. |
header Parameters
| Authorization | string Example: Bearer ll352u9jujauoqz4gstvsae05 API Access Token used to authenticate requests to Smartsheet APIs. |
Responses
Request samples
- curl
- Python
- C#
curl -i -X DELETE \ 'https://api.smartsheet.com/tokens?deleteAllForApiClient=false' \ -H 'Authorization: Bearer ll352u9jujauoqz4gstvsae05'
Response samples
- 200
- default
{- "version": 0,
- "failedItems": [
- {
- "rowId": 0,
- "error": {
- "refId": "string",
- "errorCode": 0,
- "message": "string"
}, - "index": 0
}
], - "message": "SUCCESS",
- "resultCode": 0
}