Authorization and Permissions
All SmartThings resources are protected with OAuth 2.0 Bearer Tokens sent on the request as an
Authorization: Bearer <TOKEN> header, and operations require specific OAuth scopes that specify the exact permissions authorized by the user.
#Personal Access Tokens
Personal access tokens (PATs) are used to interact with the API for non-SmartApp use cases. They can be created and managed on the personal access tokens page.
When creating a PAT, select the specific permissions that should be granted to the token. These permissions define the OAuth2 scopes for the personal access token. A PAT is valid for 50 years from the creation date.
To generate a Personal Access Token for your Samsung account:
- Visit https://account.smartthings.com/tokens.
- Sign in with your Samsung account to be taken to the "Personal Access Tokens" page.
- Tap the “Generate new token” button, taking you to a “New Access Token” page.
- Provide a name for the new token.
- Select any functionality you wish to authorize for the token in the “Authorized Scopes” section.
- Tap the “Generate Token” button when ready, and you’ll return to the “Personal access tokens” page.
- Copy the newly generated token and keep it in a secure place. This is your only opportunity to retrieve the newly generated token value.