Create device with SmartThings API

I have just created a smartapp (webhook) and I would like to add virtual devices.
The smartapp sends the device events to my server.

I have already managed to add device profiles.
POST to (Bearer : authToken of smartapp)

    "name": "Light Profile",
    "components": [{
        "id": "main",
        "capabilities": [{
            "id": "switch"
        "categories": [{
            "name": "Switch",
            "categoryType": "manufacturer"

As well as the validation :
POST to (Bearer : authToken of smartapp)

     "deviceProfileStatus": "PUBLISHED"

But I can’t install any device :
I have applied this though:

POST to (Bearer : authToken of smartapp)

    "label": "Light",
    "roomId": "ROOM_ID",
    "locationId": "LOCATION_ID",
    "app": {
        "profileId": "PROFILE_ID",
        "installedAppId": "INSTALLED_APP_ID"

It only returns a 403 error

Thank you for your help

Welcome to the SmartThings Community, @ylan!

Did you whitelisted the scope i:deviceprofiles:* in the SmartApp project? In the API reference it says it’s required to install a device: API | SmartThings Developers

Also, when you install the SmartApp, you need to make sure that scope is included in the SmartApp’s response. The 403 error means the Access Token you have doesn’t allow the action of that request.
Also, I haven’t created devices using a SmartApp project, it was something possible for a deprecated option in the Developer Workspace called “SmartApp Connector”. Now, for Cloud-Connected devices, it is suggested the usage of an ST Schema Connector.

Thank you nayelyz,

I did put the i:deviceprofiles:* scope on the SmartApp :

The token I get is from an UPDATE lifecycle of the SmartApp

However, I always get a 403 error without any other message

ok, when you select them in the Developer Workspace, you’re only whitelisting them, but you need to use them in the SmartApp itself in special cases like this.

I guess you’re not using the SmartApp SDK, right?

I made a test and I was able to install the device using the same config I used for a SmartApp Connector (sample here) and I see the scopes we included in the SmartApp definition appear in the response to the CONFIGURATION/INITIALIZE lifecycle:

  "statusCode": 200,
  "configurationData": {
    "initialize": {
      "id": "smartApp connector",
      "firstPageId": "mainPage",
      "permissions": [
      "disableCustomDisplayName": true,
      "disableRemoveApp": false

And the INSTALL request:

  "lifecycle": "INSTALL",
  "executionId": "...",
  "appId": "...",
  "locale": "en",
  "version": "0.1.0",
  "client": {...},
  "installData": {
    "authToken": "...",
    "refreshToken": "...",
    "installedApp": {
      "installedAppId": "...",
      "locationId": "...",
      "config": {
        "deviceLabel": [
            "valueType": "STRING",
            "stringConfig": {
              "value": "Testd"
      "permissions": [

Also, when you authorize the installation, you can see the permissions included:

1 Like