URI for requesting a reissue of the accessToken

"I was using the ST Schema module successfully in C2C, but after 24 hours, I received a ‘401 - Unauthorized’ response.

So I’m trying to reissue the accessToken with the refreshToken, but I couldn’t find the URI to access on the smartThings documentation website.
I found the URI through internet searching as ‘POST https://auth-global.api.smartthings.com/oauth/token’ and tested it with ST_CLIENT_ID, ST_CLIENT_SECRET, and the refreshToken received through the connector callbackAuthentication, but I didn’t receive any response data (including errors). What URI and method should I use to renew the accessToken?"

#The following content is what was tested using Postman tools.


I’ve not used Schema Apps but if the process is the same as for Webhook Apps then you have the right URL but …

  • The body Content-Type has to be application/x-www-form-urlencoded which is the bog standard HTML forms format.
  • The request needs an Authorization header with the type Basic and the token being a base64 encode of client_id:client_secret.
  • You don’t need the client_secret in the body.

Similar problem. This worked for me.

Hi @ioticlio

I’m Alejandro from Developer Support Team.

The URL to refresh the access token is provided to you on Grant callback access interaction, you can find more information here reciprocal access token, this is from the documentation When SmartThings receives an access token (obtained in an OAuth integration) from a third party, it sends a callback authentication code as seen below. The third party can use this code to request callback access tokens.

This is an example of the request to refresh an access token:

    "headers": {
        "schema": "st-schema",
        "version": "1.0",
        "interactionType": "refreshAccessTokens",
        "requestId": "abc-123-456"
    "callbackAuthentication": {
        "grantType": "refresh_token",
        "refreshToken": "xxxxxxxxxxx",
        "clientId": "client id given to partner in dev-workspace during app creation",
        "clientSecret": "client secret given to partner in dev-workspace during app creation"

Just as a reference, the URL you used and the info shared above is related to a different type of integration and that URL won’t work for an ST Schema.

1 Like

@AlejandroPadilla Thank you.
Your explanation was very helpful. However, I have taken a similar test before but did not get accurate results, so I had to search for other information. Nonetheless, I reviewed the link you provided and tried again, but encountered some issues. Could you provide me with further assistance?

//SchemaConnector - callbackAccessHandler data

The following is a test I conducted again using Postman, but I was unsure what value to enter for ‘requestId’ in the header, so I put in a random value. The response indicated that the header parameter was successful, but where did I go wrong?


Response Data
“headers”: {
“schema”: “st-schema”,
“version”: “1.0”,
“requestId”: “ea1f5e1c-0cfc-4612-89e4-88756301b677”
“globalError”: {
“errorEnum”: “BAD-REQUEST”,
“detail”: “missing st-schema headers”

//The following image is a screenshot of a test conducted using the Postman tool.

Thank you. After putting a value in the body, it was reissued.

Hi @ioticlio

Only to confirm, Was the problem solved?

I appreciate you, the problem has been resolved. Thank you for your help.^^

2023년 3월 22일 (수) 오전 3:16, Alejandro Padilla Flores via SmartThings Community <notifications@smartthings.discoursemail.com>님이 작성:

1 Like