Hi,
I’m developing a Garmin watch app that controls Samsung TVs via the SmartThings API. My SmartApp has hit the 20-install limit and new users are receiving max_installs_exceeded errors.
App details:
App Name: Garmin Samsung Remote
App Type: API_ONLY
Could you please increase the maxInstalls limit to 500 (the documented default)?
Thank you very much,
Costin
Tagging @Michael_ST
@Costin_Rosu can you provide the appId?
@Costin_Rosu That app looks to already have a 500 install limit and I’m also not seeing 20 installs of it even if it was at the 20 limit. Do you know the last time you you hit the limit error?
Hi @Michael_ST
Thank you very much for looking into this.
Here are some results from tests I just ran with another “demo” account (as with the original account I can login without any issues):
2026-02-10T08:33:34Z Samsung Auth Server running on port 3005
2026-02-10T09:05:14Z LOGIN: redirecting to Samsung OAuth
2026-02-10T09:06:07Z CALLBACK: received code, exchanging for tokens — SUCCESS
2026-02-10T09:06:07Z CALLBACK: tokens received
2026-02-10T17:03:14Z CALLBACK ERROR: max_installs_exceeded - The app cannot exceed a max of 20 installs
2026-02-10T17:04:23Z CALLBACK ERROR: max_installs_exceeded - The app cannot exceed a max of 20 installs
2026-02-10T17:55:37Z CALLBACK ERROR: max_installs_exceeded - The app cannot exceed a max of 20 installs
2026-02-10T20:37:45Z CALLBACK ERROR: max_installs_exceeded - The app cannot exceed a max of 20 installs
2026-02-10T21:00:59Z CALLBACK: received code, exchanging for tokens — SUCCESS
2026-02-10T21:01:19Z CALLBACK ERROR: access_denied
2026-02-10T21:14:39Z CALLBACK ERROR: max_installs_exceeded - The app cannot exceed a max of 20 installs
Empty installMedadata field:
GET https://api.smartthings.com/v1/apps/634a6ac4-c784-42ba-b652-c2995b8f61f4
Response:
"installMetadata": {} ← maxInstalls is NOT set, defaults to 20
@Costin_Rosu 634a6ac4-c784-42ba-b652-c2995b8f61f4 is a different appId than you provided in your previous message. Is that the app you are using moving forward?
I am so dumb. the right app would be: 87f79e39-94d4-433d-a140-5afef9f49c4f
while I was trying to figure out what app type would I need, I must of missed changing it in the auth server.
however, the WebHook type is not the right one for my project does not seem to support OAuth, I would need an API Only app…but for some reason I cannot find my way into creation such app. is it even possible anymore to have an API Only?
again, thank you so much for your help.
No worries, just wanted to make sure we got the right one working.
For making an API_ONLY typed app today the best way to do it is via the SmartThings CLI. Specifically the apps:create command will create an API_ONLY app by default. So you should be able to run that command and work through the prompts it gives you to get an API app.
Hi, @Costin_Rosu
Jumping in since @Michael_ST was only summoned for the max installs issue, and our team can also help you with your integration:
Command:
smartthings apps:create
---->The type you need to select is “OAuth-In App”
----> Target URL is the link where you want to receive the subscription events
----> These scopes are the permissions whitelisted from your app, if you use a scope in the “authorize URL” not included in your app’s scopes, you’ll get an error
-----> Add redirect URI because that’s where you’ll receive the authorization code once the user authorizes access to your app.3. 4.
You can also use the JSON in this sample as the input for the command.
GitHub - SmartThingsCommunity/api-app-subscription-example-js: Example API Access SmartApp that shows the state and allows control of devices
Then, you need to start the OAuth 2.0 process which consists on:
Show the authorization page to the user by using this URL:
https://api.smartthings.com/oauth/authorize?client_id=clientId_from_app&response_type=code&redirect_uri=redirect_uri_from_app&scope=scopes_from_whitelisted_inApp
Once the user authorizes access to your app, it’ll redirect you to the “Redirect URI” you configured with the Authorization Code.
You’ll exchange this code for an Access Token. This is an example of that request:
curl -X POST "https://api.smartthings.com/oauth/token" -u "clientId_from_app":"clientSecret_from_app" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id=clientId_from_app&code=codeReceived&redirect_uri=redirect_uri_from_app"
The Access Token you get expires in 24 hours.
The Refresh Token expires in 29 days if not used. We suggest you refresh the token before this time, otherwise, you’ll lose the Refresh token and the User will need to re-authorize.
NOTE: Remember the OAuth integration has a limit of 500 installations by default. Each time a user authorizes access to one of his/her locations, it will count as 1 installation. This means, if a user has 3 locations and authorizes access to each of them, he/she will use 3 installations.
grant_type is different, here’s an example about this:curl -X POST “https://api.smartthings.com/oauth/token” -u “clientId_from_app”:“clientSecret_from_app” -H “Content-Type: application/x-www-form-urlencoded” -d “grant_type=refresh_token&client_id=clientId_from_app&refresh_token=latest_refresh_token”
Subscriptions in API_ONLY apps
Registering a targetURL isn’t mandatory in this type of application, but if you want to create subscriptions using its installedAppId, you need to include a value for it.
Note: If you have already created your API_ONLY app but didn’t register a value for it, take a look at this post to know how you must update your app to do so: SmartThings CLI apps:update Type Error (reading ‘url’)
Once you have finished creating the app, you will receive a POST request with a confirmation URL, which you need to copy and paste into your browser or make a GET request using it. This is to “verify” the app so it can receive requests with the subscription events.
Thank you very much @nayelyz and @Michael_ST
Awesome details. So, I have lots more to ding into to make my app work.
As a first time developer in this space, seeing this kind of help and support makes me very happy. Thanks