Add SmartThings to Your Authorization Server

important

Your existing cloud must support OAuth 2.0, including the authorization code flow and multiple redirect URIs in order to use SmartThings Schema.

We strongly encourage the use of an OAuth 2.0 provider or library.

Begin by generating an OAuth2 authorization server from your cloud that supports the following SmartThings redirect URIs:

• https://c2c-us.smartthings.com/oauth/callback (United States)
• https://c2c-eu.smartthings.com/oauth/callback (European Union)
• https://c2c-ap.smartthings.com/oauth/callback (Asia-Pacific)

After creating your OAuth2 authorization server, you should have the following information:

• Client ID or client_id
  • A unique public string used to ID your cloud.
• Client secret or client_secret
  • Used to authenticate with the Access Token URL. This is combined with the Client ID to identify the request.
• OAuth URL or authorization_url
  • The authorization URL provided by your OAuth application.
• OAuth scope or scopes
  • Specified the OAuth scopes required for your cloud to communicate with the SmartThings cloud.
• Token refresh URL or token_url
  • The refresh URL provided by your OAuth application.
• Alert notification email
  • An email address used to inform you if errors are identified on the SmartThings platform.

Keep this info in a secure place - you will need the above information when registering your Schema App in a later step.

important

During the account linking flow, if user credentials have been cached, you must display an authorization page to the user that explicitly requires the user to tap on an authorization button to proceed with the cloud-to-cloud account linking flow.

To accomplish this, user credentials should be cached for a short duration (we recommend 60 minutes). This should be paired with an authorization page explicitly stating that SmartThings is requesting access to user data from your platform (the "partner"). The authorization page must have an Allow or Authorize button that must be tapped by the user in order to proceed with the account linking flow; an optional Cancel button allows the user to cancel the authorization flow.

Alternatively, prompt the user to re-login every time the authorization URL is called.

Next, learn how to create and register your Schema App.