External API User Access_Tokens

I have successfully completed the Authorization flow between our service and Smart things and store the users Authorization Tokens in our local database.

I am now successfully sending a web request to our external API from inside a Smart App when a switch is turned on. The idea is for the switch to arm a security camera when turned on. The problem I am having is I do not see the Authorization code being sent anywhere in the request to our external API to identify what user is sending the request to Arm their specific camera(s).

Am I missing something here?

Unless I misunderstand your question, you may be misunderstanding the “direction” of things.

A SmartThings access token (auth token) permits an external service to connect into an instance of the Web Services SmartApp. It has nothing to do with the outbound communication.

If you need to identify a SmartThings SmartApp instance securely, tour external service should issue its own authorization to the SmartApp (for it to store in state[]). Since you are connecting from your web service to the Endpoint instance using a secure SmartThings token for that instance, you can be assured that you are issuing your own unique token to the correct instance.

1 Like

My brain is mush after doing this integration on IFTT, Alexa and Google Assistant. I can only read documentation so much before losing my sanity lol.

Okay so it looks like I am going into this not knowing the actual setup and how the communications between the client and smart app are happening.

I am assuming I need to follow this path:
http://docs.smartthings.com/en/latest/cloud-and-lan-connected-device-types-developers-guide/building-cloud-connected-device-types/building-the-service-manager.html?highlight=createaccesstoken

Yes… Those look like the appropriate and thorough instructions.

Let me know where you get stuck or unclear on something.

Can this be tested in the simulator?

My smart app successfully hits our token end point and gets an auth token but I don’t see a way to test any of this in the simulator.

Maybe.… but The simulator is of very limited utility, frankly: Never trust or rely on the Simulator!

It’s more reliable (even if a bit of hassle) to use plenty of log.debug statements to observe in Live Logging. You can easily “publish for me” and create an instance to run on your mobile.