Question about OA Access of web service

When I create an OAuth smartApp it gives me the ClientID and secret. When I install the app it gives me the API key and URL. I assumed that since this was MY account, it was allowing me to skip the process of approving the devices via IFTTT screen. It seems that is not true.

Real question - When I install a SmartApp and recieve the API key and URL, do I still need to use the ClientID and secret to login to approve which devices can be accessed ? I did get it to work by doing it the long way, but need to know if I always need to do it.

By API Key do you mean the endpoint URL that you get from https://graph.api.smartthings.com/api/smartapps/endpoints:

[
    {
        "oauthClient" : {
            "clientId" : "12345678-1234-5678-1234-123456789012",
            "authorizedGrantTypes" : "authorization_code"
        },
        "url" : "/api/smartapps/installations/87654321-4321-8765-4321-9876543219876"
    }
]

The URL with /api/smartapps/installations/somekey is a reference to the instance of your SmartApp. Normally, you would need to use the OAuth workflow to authorize access to this endpoint (using the Client ID and Client Secret). You can also use createAccessToken() like @625alex does with SmartTiles to create an authorization token that can be used instead of the traditional OAuth workflow [reference].

I guess the short answer is yes, you always have to authenticate some way and approve which devices can be accessed by the SmartApp.

2 Likes

When I “install” the app in the IDE and select the switches, it returns BOTH an API Token and the Endpoint URL (which is all I ever need to pass for all subsequent request) after I install. I was hoping that because I am logged into IDE as the owner of the account, it was authenticating me (since the authentication process is how you usually get the API Token and Endpoint URL in the first place)

I know that I can pass my clientID and secret, log into SmartThings (which takes you to the form to grant permissions.) But didn’t want to do all that if it is not necessary. That is the only way that seems to work. Need to look at the reference you supplied.