Skip to main content

Authorization and Permissions

All SmartThings resources are protected with OAuth 2.0 Bearer Tokens sent on the request as an Authorization: Bearer <TOKEN> header, and operations require specific OAuth scopes that specify the exact permissions authorized by the user.

Personal Access Tokens

Personal access tokens (PATs) are used to interact with the API for non-SmartApp use cases. They can be created and managed on the personal access tokens page.

When creating a PAT, select the specific permissions that should be granted to the token. These permissions define the OAuth2 scopes for the personal access token. A PAT is valid for 24 hours from the creation date.

note

PATs created prior to 30 December 2024 may have an expiration date of up to 50 years from the creation date, as specified when the token was created.

If your integration requires generating new PATs for ongoing access, we recommend you refactor your integration to use an OAuth flow to eliminate the need to issue new PATs.

To generate a Personal Access Token for your Samsung account:

  1. Visit https://account.smartthings.com/tokens.
  2. Sign in with your Samsung account to be taken to the "Personal Access Tokens" page.
  3. Tap the “Generate new token” button, taking you to a “New Access Token” page.
  4. Provide a name for the new token.
  5. Select any functionality you wish to authorize for the token in the “Authorized Scopes” section.
  6. Tap the “Generate Token” button when ready, and you’ll return to the “Personal access tokens” page.
  7. Copy the newly generated token and keep it in a secure place. This is your only opportunity to retrieve the newly generated token value.