Getting 403 and 406 Errors with Smartthings Rules API and Postman

I am brand new to the Rules API and until yesterday had never heard of Postman or JSON. I was able to successfully use the GET command to retrieve my Location and location ID as well as my total Device list. I have set up an environment in Postman and created variables for my Location and the Dimmer Switch ID that I am using for testing. I have also been able to successfully use the POST command to turn my switch on and off.

As I am ultimately hoping to be able to create a complex routine with this switch, my next step was to create a rule with a corresponding “actions” set. The first thing I tried was to GET a list of the rules from my hub. I’ve also tried creating a naked rule as well as one that just turns on the switch. I keep getting either 403 or 406 errors. I have tried searching for help and did find a couple of forum threads that came close to what I’m dealing with, but have been unable to resolve my problem.

I’ve been using the Postman Smartthings public workspace as a guide for writing my own Postman inquiries. The public workspace has a section for retrieving rules: Retrieve All Rules. I also tried it with adding “/rules” to the GET URL request.

I am using https://api.smartthings.com/v1/rules?ThisLocation={{RulesToken}} to POST my {“name”: “My First Rule”, “actions”: [ ] } test. I’ve played with adding an accept header as well as try it without the “/rules” with no change in the results.

Any help would be appreciated.

Retrieving your Rules can be done with this API call https://api.smartthings.com/v1/rules?locationId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx using your LocationId.

You use the exact same API to create a new Rule only you do a POST and the name of the Rule is part of the body of the request. Here is an example:

{"name":"Foo","actions":[{"every":{"interval":{"value":{"integer":5},"unit":"Minute"},"actions":[{"command":{"devices":["757d033d-0168-4934-b6c8-d270893b08ad"],"commands":[{"component":"main","capability":"partyvoice23922.vtempset","command":"setvTemp","arguments":[{"device":{"devices":["b64a38a7-907d-406a-90f8-c8cf7a0eae86"],"component":"main","capability":"temperatureMeasurement","attribute":"temperature"}}]}]}}]}}]}

And whether you are doing a GET or a POST you need Personal Access Token that is added as a header to the request like this:

KEY NAME               KEY VALUE
Authorization             Bearer xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Keep in mind that as of mid-Dec 2024, all new PAT’s expire after 24 hours.

Thank you for your reply. If I add an Accept Header with the value of “application/vnd.apl+json”, I get the 406 Not Acceptable error. If I delete the Accept Header, I get the 403 Forbidden error, with no body contents.

This is my Get entry: https://api.smartthings.com/v1/rules?ThisLocation={{RulesToken}}

I created the access token earlier today. There must be some other setting requirement that I am not aware of that is preventing my messages from working.

You don’t need an Accept Header. The format of your GET request is not correct. Look at what I posted.

I thought I could use any variable name, but I see that it does need to say locationid. I made that change and tried with both my Rules Token environment variable and with the actual token value… same results. If I do not include an Accept header, I get the 403 forbidden error, with no explanation.

Here is what I just tried: https://api.smartthings.com/v1/rules?locationid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

I do appreciate your help as this has been very frustrating.

locationid is the LocationId you’ll find in the ST Advanced Web App or via the API.

For authorization, you need to supply your Personal Access Token as a header to the request. Here is a screenshot:

Clipboard011529×309 29.1 KB

You create your PAT at Samsung account

I did use the Samsung Token generator.
https://api.smartthings.com/v1/devices/{{BayWindowSw}}?locationid={{MyLocation}} works just fine and provides a complete device listing for my Bay Window Switch. Anything asking for rules gives me the errors.

When you are specifying a query string in an API call, make sure you get the case correct. SmartThings are very keen on camelCase so the key to filter on a location is locationId with the uppercase I and lower case d.

Rules are quite unusual in that they require that you filter on the unique ID for your SmartThings Location in the query string. You can see all your Locations, and the locationId for each, by making an API call to /locations.

The Accept header isn’t usually necessary but if you use it then it should either be:

Accept: application/json

or

Accept: application/vnd.smartthings+json;v=1

If you use the second format do not include the /v1 at the start of the URL path. They are alternative ways of specifying the API version number. You don’t actually need either unless you venture into undocumented places (I do).

Thank you so much!!! I knew it would be something stupid. Changing the locationid to locationId made all the difference.