Oauth Scope


(Dsshap) #1

Hey Everyone,

I was messing around with the api this weekend and stumbled onto a question that i wasnt able to find the answer to.

I oauthed successfully using scope=app. Then I tried to hit this api call: https://graph.api.smartthings.com/api/accounts, to get my account info. As some of you may have experienced, the current accesss_token is out of the scope of account info.

Usually in oauth, we are able to define multiple scopes in an access_token ( scope=app,account). I attempted [account, accounts] but with no success. Is it possible to include the accounts api in my current access_token scope/ what is the current term?

  • I know i can include “basic auth” in the api call. But the idea is to not do that.

(Col Hack) #2

Here’s a message from the desk of Jeff Hagins (@hagins), CTO of SmartThings:

So here’s the deal. The “Core” SmartThings API is not authorized for use or accessible to general SmartThings developers. The Core API is only for authorized SmartThings partners. This is because the Core API provides full unrestricted access to the “Physical Graph” for a specific user (using OAUTH2).

The integration approach for general SmartThings developers is to write a SmartApp that exposes it’s own APIs. This approach ensure that the SmartApp has it’s own unique Security Context (determined by the user at the time of installation).

Reference: http://build.smartthings.com/forums/topic/using-the-smartthings-api/


(Dsshap) #3

Thank you for the explanation.

I sent you a private message as a follow up.


(Col Hack) #4

@dsshap, I see no PM from you. The message board sw they use is lame. It shows I have 20 notifications but I cannot see any.


(Adam Clark) #5

Would you guys be able to provide a scope that pertains to just he Web IDE? I’d love to send an authorized request to the WEB IDE from my local IDE. I’d love to be able to save/compile and publish from my local box rather than have to copy and paste from my editor to yours.