Changes To Personal Access Tokens (PAT)

But didn’t they say that all of these “eternal” PAT will be deleted on a near future?
The new ones yes, 24h.
But I think I read that the old “eternal” will be deleted some day…

If not, great! No problems for me.

Well, the only official information is this post and it just says: “As of now we’re not making any changes to existing PATs”. That certainly doesn’t exclude an eventual shutdown in the middle or long term so it’s indeed good to look for workarounds anyway.

deleted by author

So this totally kills iOS shortcuts, which does not support OAuth. @SmartThings what is your solution for iOS automations now? Your app does not provide anything for Shortcut support.

This is a disaster. I just deleted the old API access token and generated new one to discover this post. OMG, Samsung @smartthings, what are you doing? All my smarthome integrations are gone. I have aircon and 85inch TV. The only reason why I chose Samsung over other competitors was this. Please roll back this nonsense, please!!!

Please listen to the community. Rollback this nonsense.

Will you fix it? or we need to move to some different platform?

I have to say that is is pretty pathetic that the PAT maintenance page hasn’t been updated to acknowledge these changes. Indeed as well as a particularly irritating lack of white space after a full stop in the blurb at the top, it doesn’t even have the correct links for the API reference.

Would the idea of a refreshable PAT be ridiculous?

I’m an end user and not a developer and depend on SmartThings and Home Assistant to work together. Currently (01/23/2025) they do not as the PAT expires daily, dropping SmartThings devices and requiring me to regenerate the token. The idea to use Oauth might be good going forward but, the current expiration after 24 hours of the PAT which has been used for years in the Home Assistant/SmartThings integration without a replacement mechanism in place has caused confusion and alienation in your user base for at least 1 user (me). This expiration has not been transparent and the disruption that it has caused is just what contributes to the instability and bad PR of all home automation providers/installations. I’m currently looking for work-arounds to this particular pain; please advise.

As posted earlier, the developers at Home Assistant are aware of the issue and working on a fix to resolve the issue.

I think it is incredibly dumb to not move away from SmartThings as soon as possible, Samsung has shown how much they DESPISE their users here.

It’s been a month of SmartThings being broken, by purpose mind you, and Samsung hasn’t said a word. Despicable behavior.

I created an account for this platform just to state my discontent about this issue. I bought € 15.000+ Samsung air conditioning for my whole house. This change is short of insanity.

Hola,
Me acabo de crear una cuenta con el único propósito de escribir aquí mi indignación y decepción que tengo con todo este asunto.

Llevo semanas volviéndole loco, intentando encontrar que había pasado para que la mitad de mis equipos electronicos de la casa hubieran dejado de enviar información a HA.

No habéis avisado previamente!
Y después de un mes, la comunidad sigue sin solucion?

Por este tipo de cosas se deja de comprar vuestra marca.

Un saludo

[Google] Translation to English:

Hello,
I just created an account with the sole purpose of writing here my indignation and disappointment that I have with this whole matter.

I’ve been driving him crazy for weeks, trying to find out what had happened for half of my electronic equipment at home to stop sending information to HA.

You didn’t give us advance notice!
And after a month, the community still has no solution?

Because of this type of things, people stop buying your brand.

Greetings

As most of the folks here, I have a lot of samsung equipment connected to @homeassistant
In the last month, I had to re-authenticate every day to keep the integration with home assistant alive. Eagerly waiting for a solution…
I see a lot of replies on the initial post but nothing for SmartThings on any of them. Are you guys taking this seriously ? Could we potentially get a workaround for the time being with a longer lasting token (a week, a month) ?

If you are only working with the scopes that a LOCATION OAuth-In app allows you, then the PAT changes can be made almost a non-issue. You don’t need a server. You don’t really need an app as such. Once you’ve got your tokens you can use them just like a PAT and all you may need is an extra API call to refresh your tokens if the access token is more than twenty-four hours old (and you need to do a refresh at least once every thirty days). See here for an example.

It is where you are using the PAT for stuff at the user level rather than an individual location level that you run into issues. Things like capabilities, profiles, drivers, channels and apps are things that belong to users. They aren’t part of Locations. There is a USER_LEVEL principal type for OAuth-In but I can’t get that to play nicely yet.

PATs come in handy for the one-off remote setup of the SmartThings end of the apps, both Webhook and OAuth-In. In theory the SmartThings end doesn’t need to be touched again, but in practice there can be a need to locate or regenerate IDs if something unfortunate happens at the remote end. So a PAT would be needed again. That seems to be where HA has the problem because it expects to be able to do that sort of thing as an everyday routine. It maybe that it is that expectation that needs addressing.

Agree, hope @SmartThings can provide some help to address this issue? Can’t have the auth everyday!

I lost patience and ordered HA Zigbee USB dongle and will migrate my iot devices to this. They really do everything to not buy Samsung anymore (I have S23+, TV, Q990D soundbar, washing machine)

It seems that USER_LEVEL is more of an internal thing at the moment so I am spitting in the wind to keep trying.

So, basically, we can’t get the same level of access using OAuth that we could formerly get using PATs. That’s seems pretty broken and means that I can’t convert the API Browser+ from using PATs to using OAuth @nayelyz @SmartThings @jody.albritton