Implementing bearer authentication

Lev · December 29, 2022, 7:05pm

Hi all,

I’m working on creating SmartApp in C#.
Looking for info on the authentication interaction - pretty much looking to implement from scratch.
Based on my understanding from here (Lifecycles | SmartThings Developers), at the INSTALL phase, the authentication tokens are received:

“authToken”: “string”,
“refreshToken”: “string”,

Is this authToken the token to use with the Bearer header?
Trying to follow the directions here: (OAuth Integrations | SmartThings Developers)
And then based on this last link, do I refresh the bearer token by posting to the authentication server with the PAT? Or what is the sequence of events/requests to get the token refreshed?
And that needs to happen every 24 hours or so?

Thanks for any help/insight
@jody.albritton @nayelyz

nayelyz · December 29, 2022, 9:00pm

Hi, @Lev

Some Community devs have shared their experience on something similar, see below:

In the OAuth framework you get an Access Token and a Refresh Token, the first is used as authorization in the requests and it expires in 24hrs, the other helps you get new Access tokens.

Lev · January 9, 2023, 3:20pm

Hi @nayelyz ,

Thanks for your response.
I’ve followed these posts and instructions, and have tried to implement the refresh token to get a new token using the logic in Adam Green’s post:

$ch = curl_init( “https://auth-global.api.smartthings.com/oauth/token” );
curl_setopt( $ch, CURLOPT_FAILONERROR, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array( “Content-Type: application/x-www-form-urlencoded”, "Authorization: Basic " . base64_encode( “{$clientId}:{$clientSecret}” ) ) );
curl_setopt( $ch, CURLOPT_POSTFIELDS, “grant_type=refresh_token&client_id={$id}&refresh_token={$refreshtoken}” );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
$post = curl_exec( $ch );
curl_close($ch);

I set a “Content-Type” header to “application/x-www-form-urlencoded”
I set the “Authentication” header to "Basic " + the base64 encoded version of clientId:clientsecret
I use the URL post fields:
grant_type=refresh_token
client_id={$id} //(which I assume is the same client ID as above)
refresh_token={$refreshtoken}
I send a GET request to “https://auth-global.api.smartthings.com/oauth/token” with the above, but don’t seem to get the expected response.

I tried creating that request also with Postman (timed it right after the installation of the App just to be able to use an updated refreshtoken), and the return is again not what I would expect.

Would it be possible to help me construct the appropriate refresh token request or point me in the right direction?

Thanks again

Lev · January 9, 2023, 4:53pm

Thanks again, with help from @orangebucket I was able to realize the misstep - it’s a POST, not a GET.

Topic		Replies	Views
How to update the authToken? Writing SmartApps	5	673	January 9, 2023
How to get Access Token to Access APIs (2025) Support	8	376	April 21, 2025
Using refresh_token to refresh the API access_token Support oauth	7	1690	March 4, 2022
How can users obtain a token to access the SmartThings API using the OAuth2 method? Support	4	543	October 22, 2024
Not Receiving Authorization Code in App of Type WEBHOOK_SMART_APP Writing SmartApps	16	647	April 3, 2024

Implementing bearer authentication

Related topics