Skip to guide content

Smartsheet View Admin

Admin guide

This guide is organized around the real builder tabs and control names so you can configure views without guessing what each section does.

How to use this admin

Smartsheet is still the source of truth. This app controls how live Smartsheet data is presented, filtered, branded, and optionally edited by contributors.

Main workflow

  1. Create a Smartsheet source.
  2. Create a view connected to that source.
  3. Configure setup, fields, filters, editing, and branding.
  4. Preview the output.
  5. Publish when the page looks right.

Before you start

  • SMARTSHEET_API_TOKEN must be valid.
  • DATABASE_URL must point to your production database on Railway or any other non-durable host. Local file mode is fine only for local/dev work.
  • If contributor editing is enabled, CONTRIBUTOR_SESSION_SECRET must be set.
  • If you use Supabase, backend-owned public tables must keep RLS enabled and the current app role must still have the generated access policy.

Important password note

Contributor passwords are stored as one-way hashes. Admins cannot view them. If someone forgets a password, use a reset link from the Contributors area instead.

Admin session cookies

Admin sign-in uses stateless, signed httpOnly cookies. Set a dedicated SMARTSHEETS_VIEW_ADMIN_SESSION_SECRET in production.

  • Rotate the secret to log every admin out immediately after an incident or suspected cookie leak.
  • If the secret is unset, the app derives signing material from the bootstrap username and password — changing the password then invalidates all admin sessions.
  • On hosts with multiple environments, configure the secret per environment so Preview and Production behave predictably.