I have a .NET Core Windows (Worker) Service that needs to connect to Smartsheet, and I'm wondering if it's possible to implement OAuth when there's no user interface?
The Smartsheet OAuth flow requires a callback URI that the user is forwarded to once they authenticate, but my service doesn't have an interface or a live user...in this case the user that needs to authenticate is the service itself.
Can I programmatically go through the OAuth flow from a service like this?
Using OAuth:
Technically, you could use OAuth in this scenario -- but only after you've obtained the initial access token manually -- for example, by using a combination of the browser and an API tool like Postman to complete the OAuth flow that generates the initial token. The process would be something like this:
Manually construct the URL for Request an Authorization Code and paste it into the address of the browser.
When prompted by the browser, choose to Allow Access.
When the browser redirects to the redirect URL (specified for the app in Smartsheet), manually capture (e.g., write down || save) the query string parameters / values in the response URL.
Using Postman or similar tool, issue a Request Access Token request (hint: one of the required input parameters is the authorization code you obtained in the previous step).
A successful response from calling the Request Access Token operation will include an access_token you can use to access Smartsheet via API, as well as a refresh_token that you'll need to refresh the token before it expires (in expires_in amount of time -- approximately 7 days).
NOTE: You must programmatically refresh the access token before it expires (using the Refresh an Access Token operation). As long as you keep programmatically refreshing each new token before it expires, you won't ever have to do anything manually again. However, if a token ever expires -- the only way to generate a new one would be to complete the manual steps I've described above.
Using Raw Token Requests:
That all said though, it'd be much simpler for the scenario you've described (standalone service connecting to Smartsheet) to not use OAuth and instead use just a raw token request. To do this, complete the following steps:
Using the Smartsheet web UI, create a new user within your Smartsheet account that will be used by the Windows service to access Smartsheet.
Using the Smartsheet web UI, grant that new user the appropriate level of access to any objects (e.g., workspaces, sheets, reports, etc.) that it'll need to access.
Login to the Smartsheet web UI as the new user, and follow the instructions within the Raw Token Requests section of the API docs to generate a new access token. This access token 'belongs' to this user account in Smartsheet -- any API requests that specify this token will be considered to have been issued by this user in Smartsheet.