Calling smartapp endpoint from IFTTT /OAuth

(Aud) #1


I wrote a smartapp with an endpoint which I’m trying to invoke via IFTTT Maker channel. I’m struggling with constructing URL which Maker could call with consistent success.

URL from simulator, like, works for some time but then becomes invalid.

Documentation says OAuth is required, but it’s a separate request to get token and it expires in 24 hrs. And Maker only allows 1 call, unless I missed something.

Is there a way to construct a permanent URL which would be good for external calls indefinitely?


( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy; NOT a SmartThings Employee.) #2

For now, you still can use createAccessToken()

(Aud) #3

Thanks tgauchat.

The document you linked to is about creating authorization page for the 3rd party app.

I wonder if there is a way to manually assemble the URL. Something like:{app id}/doSomething?access_token={access token}

Where you get {app id} from ____ page in IDE and you get {access token} from ___ place in the IDE.


( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy; NOT a SmartThings Employee.) #4


  1. Publish the SmartApp “for me”.
  2. Install it using SmartThings Mobile App using Marketplace (star :star2: tab), SmartApps, + My Apps.
  3. Login to the IDE and look under Locations, SmartApps.
  4. Click on the installed SmartApp instance and its AppID will be the long UUID unlabeled in the very bottom left corner, and the Access Token will be in the list of State variables (if you created one in your installed() method by calling createAccessToken()).

Or you could use a dynamic preference page to output the and state.access_token.

(Aud) #5

Thanks tgauchat, it works great!

Now I got wondering what you meant by “for now, you still can”. Is this yet another feature which Smartthings is going to take away from us?

( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy; NOT a SmartThings Employee.) #6

The use of access_token in a URL is not recommended except in a secure server process (i.e., It was intended for callbacks to SmartThings for cloud-to-cloud REST-API based devices).

Your IFTTT example is testing the limits of the intended use case. The access_token is long lived and considered should be considered extremely confidential; the OAuth2 standard recommends making it very short-lived and using a “refresh token” & refresh process to change it frequently. A server can handle the refresh process easily and securely. IFTTT cannot.

(Kevin) #7

Is there a “simple” complete example of using callbacks, the doc’s seemed kind of incomplete to me. Need something for my Arduino device to notify hub of new data. Thanks!

( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy; NOT a SmartThings Employee.) #8


I’d have to search the Forum and the GitHub archives; but, yes, it ought to be simpler.

My #1 suggestion: Lookup the recent ESP2866 (? – doh… I can’t even remember the chip number!) as what probably is an excellent example.

I’m presuming you are using LAN or WiFi with the Arduino, not the ThingShield (ZigBee based)?

The Docs are worth reading so you can understand the official architecture and pieces, but you don’t need all the complexity described

I’ll update this post if I find the ESP example I refer to above…


But at first glance the above appears to be a one-direction to the LAN device.

Not sure how to get responses from back from the LAN device, but that may be buried in code for Hue and Hue (Connect).

Or, expose your device to the web, and then you can use a “graph.api” path with access_token.

Let me know where take the convo from here. Go PM if you want… though I’d appreciate a bit of tutorial / consulting fee for custom one:one work.