Do oauth token grants require a paid account? I attempted the following with both a free and trial account.
Sending /token POST as documented results in:
{
"errorCode": 1004,
"message": "You are not authorized to perform this action.",
"refId": "cd9hgzwmdduh"
}
I use these parameters:
grant_type: authorization_code
code: <acquired from step 1. in oauth flow>
hash: <see below>
I acquired the hash parameter with the following commandline operation:
export app_secret=<acquired from developer app profile.>
export code=<code acquired from step 1 in oauth flow.>
echo -n "$app_secret$code" | openssl dgst -sha256
These were my errors that I corrected before successfully achieving Get Access Token endpoint:
When creating the SHA256 hash I forgot to concatenate | in between the app_secret and the code. The correct sha256 hash to send should be:
echo -n "$app_secret|$code" | openssl dgst -sha256
Header should be:
Content-Type:application/x-www-form-urlencoded
Instead of sending as url query parameters, I should send as x-www-form-urlencoded parameters.
Here is a full text of the HTML protocol:
POST /2.0/token HTTP/1.1
Host: api.smartsheet.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=<client_id>&code=<code from step 1 of oauth flow>&hash=<see above>
```