Skip to main content

Authorization and Permissions

All SmartThings resources are protected with OAuth 2.0 Bearer Tokens sent on the request as an Authorization: Bearer <TOKEN> header, and operations require specific OAuth scopes that specify the exact permissions authorized by the user.

Personal Access Tokens

Personal access tokens (PATs) are used to interact with the API for non-SmartApp use cases. They can be created and managed on the personal access tokens page.

When creating a PAT, select the specific permissions that should be granted to the token. These permissions define the OAuth2 scopes for the personal access token. A PAT is valid for 50 years from the creation date.

To generate a Personal Access Token for your Samsung account:

  1. Visit
  2. Sign in with your Samsung account to be taken to the "Personal Access Tokens" page.
  3. Tap the “Generate new token” button, taking you to a “New Access Token” page.
  4. Provide a name for the new token.
  5. Select any functionality you wish to authorize for the token in the “Authorized Scopes” section.
  6. Tap the “Generate Token” button when ready, and you’ll return to the “Personal access tokens” page.
  7. Copy the newly generated token and keep it in a secure place. This is your only opportunity to retrieve the newly generated token value.