I just want to use Device API but PAT gets expired within 24 hrs. I’m not sure how to achieve this? I have created an API_ONLY app from smarthings cli and From Workspace I created an smartAPP for automation. For both the cases just got Client Id and Client secret but I don’t know how to use them.
OAuth 2 Guide for Automation Connector to be able to control existing devices on smartthings via API
If you just want to use the Devices API as a client like you would do with a PAT then you don’t actually need to mess around with apps on servers. In an attempt to demonstrate the authorization flow of an OAuth-In app without requiring an actual app on a publicly accessible server, I created a post that you might find helpful. It shows how you can get an access token that you can use like a PAT (albeit with a different range of scopes) but you can refresh daily with a single client side request. It is just a matter of storing the client ID, client secret and the latest access and refresh tokens.
If you do want a bidirectional app with SmartThings sending you things like device events then you do have to create either Webhook SmartApps or OAuth-In apps. Webhook SmartApps are reasonably well documented. OAuth-In apps (also known as API_ONLY or API Access apps) are less well documented, but actually their lifecycle is broadly similar, they just don’t have the CONFIGURATION, INSTALL and UPDATE lifecycles and associated data, and you don’t get a five minute access token supplied with incoming events. If you ware into JavaScript / TypeScript then a lot of the heavy lifting has been done for you with SDKs and there a simple example apps.
4 Likes
Thank you @orangebucket for the clear guide.
Do we have any limitations like Rate limit, devices or users capacity by doing this approach?