2

I'm having problems with Get New Access Token for Postman and SmartSheet.

All URLS are prefixed with https:// but StackOverflow would not allow that.

Callback URL:   www.getpostman.com/oauth2/callback]
Token Name:     Test
Auth URL:       app.smartsheet.com
Access Token URL:  app.smartsheet.com/token
Client ID:  used the one provided when registering my app with SmartSheet
Client Secret: used the one provided when registering my app with SmartSheet
Scope: blank
Grant Type: [Authorization Code]

When I click Request Token it takes me to the SmartSheet Login. After I login and close the SmartSheet browser I get Could not complete OAuth 2.0 Login.

Ulf Gjerdingen
  • 1,414
  • 3
  • 16
  • 20
David Gilmore
  • 21
  • 1
  • 3

2 Answers2

3

Looking at your example the Auth URL is incorrect. That should be 

https://app.smartsheet.com/b/authorize

Also, the Access Token URL should be

https://api.smartsheet.com/2.0/token

The Smartsheet OAuth2 flow also requires a Scope, so it can't be left blank in spite of what Postman says.

More information on all of this can be found in the documentation: http://smartsheet-platform.github.io/api-docs/#oauth-flow

It is important to note that with all of this set correctly setting this up in Postman still won't work. This is due to the fact that the Smartsheet process of obtaining and refreshing the token Smartsheet requires clients to hash the authorization code (with a pipe and the app secret, using SHA256) rather than sending it in clear text. This is arguably non-standard, but is still within the OAuth2 spec. More information on this process is at the documentation I referenced above.

Unfortunately, it does not look like Postman supports these types of deviations from "vanilla" OAuth2. Depending on what you are trying to accomplish, you will either have to go though the steps of the process manually, or stand up a third-party app in a hosting environment. If you are simply looking to generate a token, this approach http://smartsheet-platform.github.io/api-docs/#direct-api-access may work for you instead.

avioing
  • 640
  • 6
  • 15
daveskull81
  • 627
  • 4
  • 7
1

If you are trying to test in Postman the Direct API approach works. http://smartsheet-platform.github.io/api-docs/#direct-api-access

Step 1) Go to your actual smartsheet "https":"//app.smartsheet.com/b/home" and under Account>Personal Settings>API Access -- Generate a token (copy it you wont be able to copy after you close)

Step 2) Get the url for your sheet. Right click on the sheet name tab and select Properties. Copy the the Sheet ID (ie 123456). Add it to the end of the url: "https":"//api.smartsheet.com/2.0/sheets/123456"

Step 3)The most confusing one in my opinion. In Postman select No Authorization. Then go and update the header with "Bearer 0da6cf0d848266b4cd32a6151b1". You have to have the word Bearer and the randomly generated string of numbers is from Step 1.

Then send the get request and you get your sheet back in json format.

Denica
  • 11
  • 1