Gets or Refreshes an Access Token
Gets or refreshes an access token, as part of the OAuth process.
query Parameters
| client_id required | string The client Id you obtained when you registered your app. |
| client_secret | string (Optional) Must use either this value or hash. Plain text method for sending this value. For example, client_secret={app_secret}. Encryption occurs at the HTTPS level. |
| code | string Authorization code acquired after user selects "Allow" in the Web login UI. |
| grant_type required | string Must be set to "authorization_code". |
| hash | string (Optional) Must use either this value or client_secret. SHA-256 hash of your app secret concatenated with a pipe and the authorization code. For example, hash={SHA_256(app_secret|code)}. |
| refresh_token | string refresh_token value that came with the access token. |
| redirect_url | string Deprecated. If supplied, must match the redirect URI you registered for your app. |
header Parameters
| Content-Type | string Required for POST and PUT requests. Defines the structure for the response. |
Responses
Request samples
- cURL
- C#
- Node.js
- Ruby
- Python
// Sample 1: Get access token // Option 1: Use a hash curl https://api.smartsheet.com/2.0/token \ -d 'grant_type=authorization_code&code={your_code}&client_id={your_client_id}&hash={SHA_256(app_secret|code)}' \ -X POST // Option 2: Use plain text curl https://api.smartsheet.com/2.0/token \ -d 'grant_type=authorization_code&code={your_code}&client_id={your_client_id}&client_secret={app_secret}' \ -X POST // Sample 2: Refresh access token // Option 1: Use a hash curl https://api.smartsheet.com/2.0/token \ -d 'grant_type=refresh_token&refresh_token={your_refresh_token}&client_id={your_client_id}&hash={SHA_256(app_secret|refresh_token)}' \ -X POST // Option 2: Use plain text curl https://api.smartsheet.com/2.0/token \ -d 'grant_type=refresh_token&refresh_token={your_refresh_token}&client_id={your_client_id}&client_secret={app_secret}' \ -X POST
Response samples
- 200
- default
{- "access_token": "string",
- "token_type": "string",
- "expires_in": 604799,
- "refresh_token": "string"
}Revoke Access Token
Revokes the access token used to make this request. The access token is no longer valid, and subsequent API calls made using the token fail.
query Parameters
| deleteAllForApiClient | boolean Default: false The client Id and user Id is fetched based on the token that is used to make this API call. A value of true deletes all tokens associated to the given client Id and user Id. |
header Parameters
| Authorization | string API Access Token used to authenticate requests to Smartsheet APIs. Example: Bearer ll352u9jujauoqz4gstvsae05 |
Responses
Request samples
- cURL
- C#
- Java
- Node.js
- Python
- Ruby
curl https://api.smartsheet.com/2.0/token \ -H "Authorization: Bearer ll352u9jujauoqz4gstvsae05" \ -X DELETE
Response samples
- 200
- default
{- "version": 0,
- "failedItems": [
- {
- "rowId": 0,
- "error": {
- "refId": "string",
- "errorCode": 0,
- "message": "string"
}, - "index": 0
}
], - "message": "SUCCESS",
- "resultCode": 0
}