I run an AirBnB with multiple units. I am trying to create an automation through OpenClaw to check calendar for someone moving in and then start the HVAC in that unit. The calendar part is simple. The problem I’ve run into and can’t see to crack is… a PAT works for only a day or so. I need either OAuth or an API… Smartthings doesn’t seem want to give me either no matter what I do.
Wondering if anyone here has been able to get an OAuth or API without going through process of registering as a developer and actually creating an app (which I assume would need to be approved).
Hi, @559guy
You can use the same account where you created the PAT to log in when using the SmartThings CLI.
Below, you’ll find the instructions to create this type of app. You can also use a valid PAT for the app creation only by using the flag --token=
The option to create OAuth integrations cannot be found in the Developer Workspace.
You need to use the SmartThings CLI to create this type of app
Command: smartthings apps:create
---->The type you need to select is “OAuth-In App”
----> Target URL is the link where you want to receive the subscription events
----> These scopes are the permissions whitelisted from your app, if you use a scope in the “authorize URL” not included in your app’s scopes, you’ll get an error
-----> Add redirect URI because that’s where you’ll receive the authorization code once the user authorizes access to your app.3. 4.
Then, you need to start the OAuth 2.0 process which consists on:
Show the authorization page to the user by using this URL: https://api.smartthings.com/oauth/authorize?client_id=clientId_from_app&response_type=code&redirect_uri=redirect_uri_from_app&scope=scopes_from_whitelisted_inApp
Once the user authorizes access to your app, it’ll redirect you to the “Redirect URI” you configured with the Authorization Code.
You’ll exchange this code for an Access Token. This is an example of that request: curl -X POST "https://api.smartthings.com/oauth/token" -u "clientId_from_app":"clientSecret_from_app" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id=clientId_from_app&code=codeReceived&redirect_uri=redirect_uri_from_app"
The Access Token you get expires in 24 hours.
The Refresh Token expires in 29 days if not used. We suggest you refresh the token before this time, otherwise, you’ll lose the Refresh token and the User will need to re-authorize.
NOTE: Remember the OAuth integration has alimit of 500 installations by default. Each time a user authorizes access to one of his/her locations, it will count as 1 installation. This means, if a user has 3 locations and authorizes access to each of them, he/she will use 3 installations.
To refresh the Access Token, you need to use the same endpoint but the grant_type is different, here’s an example about this:
Registering a targetURL isn’t mandatory in this type of application, but if you want to create subscriptions using its installedAppId, you need to include a value for it.
Once you have finished creating the app, you will receive a POST request with a confirmation URL, which you need to copy and paste into your browser or make a GET request using it. This is to “verify” the app so it can receive requests with the subscription events.