I used a PAT for years (4?) and suddenly I was kicked off. It states you are grandfathered in but in my case that wasn’t true. So My new ones are being kicked off every 24 hours. Any way to get my old one back or get back into the good graces of samsung?? I’m running Home assistant and this is troubling. I may remove everything from SmartThings and ditch it, which would be too bad
Hi, @Davefromcamp
I’ve heard this from another user (CC: @dhaustin) and would like to get more info to report it to the engineering team:
- The details of the request you’re sending. You mentioned you’re using HA but do you know in which request it fails? Do you get a specific error like 401?
- If you remember the date and time when you made this attempt please share it with us so we can look for it in the server logs. Remember to include your timezone, for example: On January 10th at 17:20 GMT-6
- Please open support access to your account so we can get your User ID and search for you in the logs.
- Go to the SmartThings Web (my.smartthings.com)
- Log in to your Samsung Account
- Select Menu (⋮) and choose Settings
- Toggle on Account Data Access
- Select the time period and confirm - In this step, please select “Until turned off”, once the team finishes, we’ll let you know so you can disable it again.
Hi, I have the same issue. Home Assistant needed to refresh Smarthings integration after introduction version HA 2025.x. I did it, but new PAT expires after 24 hours, which is unusable. I didn’t understood why Samsung decided to change it in this way as this way of authentication was pretty simple and safe. The advice to switch from PAT to OAuth2 is nice, but I’m afraid that HA community maintaining the integration will not fix the issue quickly. So I have troubles to control my heating during winter. Is there any way how to obtain the PAT for longer time? Thanks.
Same issue here!
I started working with the API last week and created my first PAT. What I want to do is fetching the status of my washer every 60s from my local SmartHome system. In the meantime I have created four tokens, each stopped working after 24h.
Here is an example request and response:
--- Request ---
curl -H "Authorization: Bearer <PAT>" https://api.smartthings.com/v1/devices/<Device-ID>/components/main/capabilities/washerOperatingState/status
--- Response ---
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty</center>
</body>
</html>
Changes were introduced to PAT’s and new tokens created after mid-Dec are only valid for 24 hours. Tokens created prior the change date were supposed to keep working.
Changes were introduced to PAT’s and new tokens created after mid-Dec are only valid for 24 hours. Tokens created prior the change date were supposed to keep working.
I know but my old one slipped through the “grandfathered in” window which is driving me crazy. Why I want to be in the club again! I like smartthings a lot, but this new PAT token every 24 hours is not sustainable
Thank you for the reply!!
To answer your questions:
- I’m unsure, Just every 24 hours I need to re-add the SmartThings integration, get a new PAT, and import my devices
- every day as stated above, if there is a way to get more specific data let me know and I can follow steps well
- Support access is granted
Thank you for any help you can provide.
I have also been hit by this issue. I had a PAT that I had been using with Home Assistant for a long time and it stopped working when the ST team made this change. Several devices attached to my ST hub that had been working well prior suddenly went missing. Something made me think there was an authorization problem and unaware of the 24 hour PAT expiration for new tokens, I went ahead deleted my old PAT and created a new one. That worked for a day but then my devices disappeared from HA again. I knew something was up and came here looking for answers.
These are access control devices I am dealing with, and going without my automations and renewing my PAT every day is clearly not sustainable. Honestly, I don’t expect ST developers to care about HA users, and I don’t expect a quick fix from HA developers. I would really just like to have a long lived token like I had before, but I doubt that is going to happen. So I went from being content with my ST setup a couple weeks ago to looking at leaving the platform entirely. And from what I read on this forum, quite a few others are probably thinking along the same lines.
Exactly the same thing happened to me (deleted the old one because I thought there is something wrong with it). I don’t understand why old PAT is OK and the new ones are just for 24 hours. The fact the old ones are still working means the door isn’t closed yet. Therefore why not letting us choose between a short living token to non expiring ones like you have before?
I’m not an HA user, but from the outside looking in might I suggest the question to ask is why the SmartThings integration needs to be reinstalled every day for some users? That should be all the PAT is needed for as the integration is a SmartApp. Is HA losing the existing configuration for SmartThings on a restart and if so why? Or is something going so badly wrong refreshing tokens that a complete reinstall is needed, and if so what? If HA is restarting then why is it restarting?
If there are additional integrations that use PATs then fair enough, but why is the core integration having problems, and why are the noise levels so low?
I’m just seeing the possibility that the long-lived PATs were masking issues at the HA end.
Either I’m missing something or it’s not that well thought out. I have a small local SmartHome system that can make web requests and I just want to query the status of my ST devices every few minutes? How can I do that in a sensible way? Hardly with an OAuth integration or SmartApps… But I’m happy to be proven wrong.
Because of the construction of the HA integration the PaT update requires a reinstall of the integration. Yes reinstall. Think a device driver. In most cases reinstall should look like previous so many reinstall an integration on a whim all the time.
Why no noise? Most people who were using the integration used pats trouble free… Until they weren’t. (and see last paragraph)
If you had a grandfathered pat you were great. But guess what happens if you revert a backup. Invalid pat. And suddenly you’re in the 24 hr loop because new pat rules. Pat update all in all takes 10 minutes. And is a process. But we all know dhat that looks like.
So this is basically forcing the person affected to reinstall the connection software to HA every day Graham. Yes horrid construct of the integration but it is what it is.
With dev flow for HA the way it is earliest people could expect a patch is this coming Friday if someone builds an oauth version (by Friday, good luck)
Here’s the other part you don’t know. Ha deploys new builds first week of the month.
This months build includes significant updates to zigbee and betas in the backup tools.
There were some… Issues. And a lot of people needed to roll back a zigbee update and… Blammo. Whole bunch of invalid PaT. They started showing on the HA community right after. It impacts anyone who needs to reconfigure thier st integration beyond rename device and can impact them without thier intervention if an external factor requires a restoration from backup.
As an HA user (perhaps ‘dabbler’ would be a better term), I might be able to provide some insight based on my own experience with the Home Assistant SmartThings integration, with the usual disclaimer that I am only relating my experience, and not claiming any particular expertise.
While I’ve never had an issue with the Home Assistant SmartThings integration failing after a restart, it frequently, if not always, fails when a backup created by Home Assistant is restored. Unfortunately, the error message after a restore can be misleading to the user:
Error: pysmartthings.errors.APIInvalidGrant: Invalid refresh token
There is a simple fix for this, but (a) one has to be aware of it, and (2) there’s a bug in the android version of the SmartThings app that requires a workaround. From the HA troubleshooting:
You can fix this by using the SmartThings App to re-grant authorization to the API token you created before.
- Open SmartThings app on your mobile device (not HA).
- Select Routines from bottom.
- Select your Home Assistant automation from the list.
- Select Done, then select Allow.
- Reload your SmartThings integration from Home Assistant Devices panel.
This has always worked for me, but unfortunately it can’t be done in the SmartThings android app as tapping the Home Assistant smartapp there gives you the message:
There was a problem connecting. Try again. If this problem continues, contact Customer Service.
The workaround is simple enough: Instead of using the app, go to my.smartthings.com, click on Automations, then on the Home Assistant smartapp and then follow steps 2 thru 5 above.
I suspect some are being misled by the “Invalid Refresh Token” error in the log and are trying to start over with a new Personal Access Token in Home Assistant, and those ‘new’ PATs are then causing trouble. I’m still running the HA integration with an old PAT without issue.
It would probably be best, given the new PAT limits, if HA switched its integration over to OAuth, following the example of HubiThings Replica in Hubitat. HubiThings does not use or require PATs (with one very minor exception), but it does create and refresh them in accordance within the new limited expiration, and also provides a simple mechanism for retrieving the new PATs at any time for API-related requests from Tasker, webCoRE, etc.).
Not sure if this adds much to the overall discussion, but maybe you’ll see something in all this that would be helpful to others.
Latest in github
The plan looks to be move to OAuth but see in the link above. The last post (joostek) is the code owner. If he’s still designing it’s going to be a bit.
The “smart thing” would be for SmartThings to revert and delay a few months on the PAT 24-hour expiration to keep a user base. I have maybe a week then switching fully to HA as I would think many others will as well. I have a usb zwave and zigbee in my amazon cart and will see by mid week if there is any progress before I pull the trigger
I was hoping that you’d be along to explain it to me. I am still a bit puzzled as the integration seems to be a Webhook SmartApp and I can’t immediately see what could go wrong at the Home Assistant end that couldn’t be fixed after a run of the SmartApp update cycle (which as @bthrock has pointed out has been broken in the mobile app for months) or in the worst case a new SmartApp install cycle. It is hard to see why the PAT has to come into play again.
Because it requires a NEW PAT after the old one gets invalidated and new PAT rules. (24 hr then read only) You cannot access d the old jacked up pat… Im not entirely through how it all works. But its Bork-tacular.
Best part is when HA detects a bad pat it offers tk reset your integration and start over for you.
Thanks for that link, it doesn’t look promising from HA there based on the programmer saying he’s at a loss. Our only hope for a fix is SmartThings changing their policy. SmartThings will lose the HA crowd I’m guessing. As more people need to refresh the ST integration the PAT will expire and cause more headaches
I am not saying this will help everyone or even anyone, but if you do have a Hubitat hub, I updated HubiThings Replica to allow for external applications to REST pull an active working OAuth token. Post is here.