Authenticating With SmartThings

All of the information I used to communicate with the SmartThings REST API came from the documentation here. If you are having trouble following my steps, please take a look at that documentation, since maybe something has changed.(

According to the documentation, the process of communicating with the API is:

  1. Request an authorization code.
  2. Use the code to request an access token.
  3. Get the endpoint URI for the SmartApp.
  4. Make REST calls to the SmartApp using the endpoint URI.

Today I’ll be focusing on steps 1 and 2. I just want to get access to the API now, and I’ll start communicating later.

SmartThings uses OAuth to authenticate any external systems which contact it. Whenever we communicate with SmartThings, we need to provide a token which will be used to verify our authorization.

Step 1:

To obtain the authorization code, I opened a web page and navigated to

Before actually going to that link I needed to replace a couple things. The section YOUR-SMARTAPP-CLIENT-ID”\ with the client id is replaced with the client id of the app I created in the last blog. Also YOUR-SERVER-URI needed to be replaced with the redirect uri that was specified in the smart app we created.

With this url, I was taken to a SmartThings page where I needed to give authorization. After selecting my location, I clicked on the Authorize button. My browser was then redirected to my redirect URI, and the authorization code was included in the URL: http://localhost:4567/oauth/callback?code=NGJP1p. We’ll have to be quick with it though, it expires in 24 hours.

Step 2:

Next I took the authorization code and asked for a token. To do that I sent a POST call to

Here we needed to replace YOUR_CODE with the authorization code we just received, YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the values which were generated for your SmartApp, and the YOUR_REDIRECT_URI that you set in your SmartApp.

When I made the call, I got a response like this:
 “access_token”: “XXXXXXXXXXXX”,
 “expires_in”: 1576799999,
 “token_type”: “bearer”

Here we have the token in the access_token field. The expires_in value is in seconds, which tells us that the access token will expire in 50 years.

Now with that token, I can start making rest calls to actually read the sensor data.

Recent Content

link to Baby Dimmer Control

Baby Dimmer Control

Manage your Baby’s dimmer   This little app will help control the dimmer switch in your baby’s nursery, or any other dimmer switch. Perhaps late at night you don’t want the light at 100% brightness. This app will take care of that by allowing you to specify a time and what level to set the […]
link to Garage Door Monitor

Garage Door Monitor

Here’s a little app which will monitor your garage doors and alert you if they remain open for longer than you would like. It’s always a terrible feeling when you realize that you left the garage door open all evening, or throughout the heat of the day. You can also specify some motion sensors which […]