Menu Search Sign up

Surveymonkey API

How to create a new (public) suerveymonkey app?

Login to https://developer.surveymonkey.com via google account

Create a new (public) app

  1. Enter a nick name for your app
  2. Enter the OAuth redirect URL for your app
  3. Select the scopes of your app (view surveys, view responses, view response details, create/modify responses)
  4. Note down client ID, secret, and access token for your app 

OAuth 2.0 Flow

Step 1: Direct user to SurveyMonkey’s OAuth authorization page

Your app should send the user whose SurveyMonkey account you wish to access to a specially crafted Oauth link, and ask them to authorize any required scopes.

The OAuth link should be https://api.surveymonkey.com/oauth/authorize with urlencoded parameters: redirect_uri, client_id, and response_type.

response_type will always be set to the value "code"
client_id the unique SurveyMonkey client id you got when registering your app
redirect_uri URL encoded OAuth redirect URI you registered for your app

Step 2: User authorization generates short-lived code

Once the user makes their choice whether to authorize access or not, SurveyMonkey will generate a 302 redirect sending their browser to your redirect URI along with a short-lived code included as a query parameter. Your app needs to use that code to make another API request before it expires (5 minutes). 

If user authorized access, this is how the 302 redirect request will look like (https://www.myapp.com/oauth2callback is your registered OAuth redirect URL): https://www.myapp.com/oauth2callback?code=SHORTLIVEDCODE

If userdenied access, this is how the 302 redirect request will look like (https://www.myapp.com/oauth2callback is your registered OAuth redirect URL): https://www.myapp.com/oauth2callback?error_description=Resource+owner+canceled+the+request&error=access_denied`

Step 3: Exchanging for a long-lived access token

Create a form-encoded HTTP POST request to https://api.surveymonkey.com/oauth/token with the following encoded form fields: client_id, client_secret, code (from step 2 above), redirect_uri and grant_type. The grant type must be set to “authorization_code”.

If successful, the access token will be returned encoded as JSON in the response body of your POST request. The key will be "access_token" and the value can be passed to our API as an HTTP header in the format Authorization: bearer YOUR_ACCESS_TOKEN. The value of the header must be “bearer” followed by a single space and then your access token.