Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

Smartsheet MCP Server
for AI Agents

Production-ready Smartsheet MCP server with 78 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
Smartsheet logo
Smartsheet MCP Server
Built by StackOne StackOne

Coverage

78 Agent Actions

Create, read, update, and delete across Smartsheet — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Smartsheet MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Smartsheet tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Smartsheet call.

Tools Discovery →

What is the Smartsheet MCP Server?

A Smartsheet MCP server lets AI agents read and write Smartsheet data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Smartsheet MCP server ships with 78 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Smartsheet MCP Tools and Actions

Every action from Smartsheet's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Contacts

  • List Contacts

    Retrieve a paginated list of the authenticated user's Smartsheet contacts via GET /contacts

  • Get Contact

    Retrieve a specific contact's details by ID via GET /contacts/{contactId}

Dashboards

  • List Dashboards

    Retrieve a paginated list of all dashboards (sights) accessible to the user via GET /sights

  • Get Dashboard

    Retrieve a dashboard's full configuration and widgets via GET /sights/{sightId}

Discussions

  • Create Discussion

    Start a new discussion thread on a sheet via POST /sheets/{sheetId}/discussions

  • List Discussions

    Retrieve a paginated list of all discussions on a sheet via GET /sheets/{sheetId}/discussions

Folders

  • Copy Folder

    Duplicate a folder and its contents to a destination folder or workspace via POST /folders/{folderId}/copy

  • Update Folder

    Rename a folder via PUT /folders/{folderId}

  • Move Folder

    Move a folder to a different folder or workspace via POST /folders/{folderId}/move

  • Delete Folder

    Permanently delete a folder and all its contents via DELETE /folders/{folderId}

Groups

  • Create Group

    Create a new group in the organization via POST /groups, optionally seeding it with initial members by email

  • List Groups

    Retrieve a paginated list of all groups in the organization via GET /groups, useful for auditing group membership and managing access control

  • Get Group

    Retrieve a specific group and its full member list via GET /groups/{groupId}

  • Update Group

    Update a group's name, description, or transfer ownership via PUT /groups/{groupId}

  • Delete Group

    Permanently delete a group from the organization via DELETE /groups/{groupId}

Group Members

  • Add Group Members

    Add one or more members to an existing group via POST /groups/{groupId}/members

  • Delete Group Member

    Remove a specific member from a group via DELETE /groups/{groupId}/members/{userId}

Reports

  • List Reports

    Retrieve a paginated list of all reports accessible to the user via GET /reports

  • Get Report

    Retrieve a report's data and configuration via GET /reports/{reportId}

Sheets

  • Import Sheet

    Create a new sheet by importing data from a CSV or XLSX file via POST /sheets/import

  • Copy Sheet

    Create a copy of a sheet to a specified folder or workspace via POST /sheets/{sheetId}/copy

  • Search Sheet

    Search for text within a specific sheet via GET /search/sheets/{sheetId}

  • List Sheets

    Retrieve a paginated list of all sheets accessible to the authenticated user via GET /sheets

  • Get Sheet

    Retrieve a full sheet including rows, columns, and cell data via GET /sheets/{sheetId}, with extensive filtering and include options

  • Move Sheet

    Move a sheet to a different folder or workspace via POST /sheets/{sheetId}/move

  • Update Sheet

    Update a sheet's name, project settings, or user-level display settings via PUT /sheets/{sheetId}

  • Delete Sheet

    Permanently delete a sheet and all its data via DELETE /sheets/{sheetId}

Columns

  • Add Columns

    Add one or more columns to a sheet via POST /sheets/{sheetId}/columns, supporting bulk insertion in a single request

  • List Columns

    Retrieve all column definitions for a sheet via GET /sheets/{sheetId}/columns, including type, title, and configuration

  • Get Column

    Retrieve a single column's definition by ID via GET /sheets/{sheetId}/columns/{columnId}

  • Update Column

    Update a column's title, type, position, or configuration via PUT /sheets/{sheetId}/columns/{columnId}

  • Delete Column

    Permanently delete a column and all its cell data from a sheet via DELETE /sheets/{sheetId}/columns/{columnId}

Rows

  • Add Rows

    Add one or more rows with cell data to a sheet via POST /sheets/{sheetId}/rows, with flexible positioning control

  • Get Row

    Retrieve a specific row and its cell data from a sheet via GET /sheets/{sheetId}/rows/{rowId}

  • Update Rows

    Update cell values, row positions, or expand/collapse state for one or more rows via PUT /sheets/{sheetId}/rows

  • Delete Rows

    Delete one or more rows from a sheet via DELETE /sheets/{sheetId}/rows, using comma-separated row IDs as a query parameter

Users

  • Add User

    Add a new user to the Smartsheet organization via POST /users, requiring System Admin permissions

  • List Users

    Retrieve a paginated list of all users in the Smartsheet organization via GET /users, with optional filtering by email and seat type

  • Get User

    Retrieve a specific user's profile by their numeric user ID via GET /users/{userId}

  • Update User

    Update a user's role assignments or profile attributes via PUT /users/{userId}, requiring System Admin permissions

  • Remove User

    Permanently remove a user from the Smartsheet organization via DELETE /users/{userId}, with optional asset transfer

Webhooks

  • Create Webhook

    Create a new webhook subscription via POST /webhooks, targeting a specific sheet or other scoped object

  • List Webhooks

    Retrieve a paginated list of all webhooks owned by the authenticated user via GET /webhooks

  • Get Webhook

    Retrieve a specific webhook's configuration and status via GET /webhooks/{webhookId}

  • Update Webhook

    Update a webhook's enabled state, event subscriptions, or custom headers via PUT /webhooks/{webhookId}

  • Delete Webhook

    Permanently delete a webhook via DELETE /webhooks/{webhookId}, immediately stopping all callbacks

Workspaces

  • Create Workspace

    Create a new workspace via POST /workspaces to organize sheets, reports, and dashboards

  • Copy Workspace

    Duplicate a workspace and its contents via POST /workspaces/{workspaceId}/copy, with control over which elements are included

  • List Workspaces

    Retrieve a paginated list of all workspaces accessible to the authenticated user via GET /workspaces

  • Get Workspace

    Retrieve a workspace and its contents by ID via GET /workspaces/{workspaceId} (deprecated, prefer workspace metadata and children endpoints)

  • Update Workspace

    Rename a workspace via PUT /workspaces/{workspaceId}

  • Delete Workspace

    Permanently delete a workspace and all its contents via DELETE /workspaces/{workspaceId}

Other (26)

  • Add URL Attachment To Sheet

    Attach a URL to a sheet via POST /sheets/{sheetId}/attachments

  • Create Folder (Deprecated Path)

    (DEPRECATED path, sunsetting June 2026) Create a new subfolder within an existing folder via POST /folders/{folderId}/folders

  • Create Sheet (Deprecated)

    (DEPRECATED) Create a new sheet from scratch or from a template in the user's Sheets folder (Home) via POST /sheets. The Sheets folder is being replaced by workspaces.

  • Create Sheet In Workspace

    Create a new sheet in a workspace via POST /workspaces/{workspaceId}/sheets, either from scratch with column definitions or from a template

  • Create Folder In Workspace

    Create a new top-level folder in a workspace via POST /workspaces/{workspaceId}/folders

  • List Attachments

    Retrieve a paginated list of all attachments on a sheet via GET /sheets/{sheetId}/attachments

  • List Automation Rules

    Retrieve all automation rules on a sheet via GET /sheets/{sheetId}/automationrules

  • List Cross-sheet References

    Retrieve all cross-sheet references on a sheet via GET /sheets/{sheetId}/crosssheetreferences

  • List Events

    Retrieve an audit trail of events in the organization via GET /events

  • List Favorites

    Retrieve the authenticated user's favorited items via GET /favorites

  • List Personal Folders

    Retrieve a paginated list of top-level personal folders from the user's Home via GET /folders/personal

  • Get Folder (Deprecated)

    (DEPRECATED, sunsetting June 2026) Retrieve a folder and its contents by ID via GET /folders/{folderId}. Use get_folder_metadata and list_folder_children instead.

  • Get Folder Metadata

    Retrieve folder metadata (name, dates, permalink) via GET /folders/{folderId}/metadata

  • List Folder Children

    List immediate child resources of a folder (sheets, reports, dashboards, subfolders, templates) via GET /folders/{folderId}/children

  • Get Folder Path

    Retrieve the hierarchical path to a folder via GET /folders/{folderId}/path

  • List Proofs

    Retrieve all proofs on a sheet via GET /sheets/{sheetId}/proofs

  • Search Everything

    Search for text across all accessible sheets, reports, and dashboards via GET /search

  • List Sheet Shares (Deprecated)

    (DEPRECATED) Retrieve a paginated list of sharing permissions on a sheet via GET /sheets/{sheetId}/shares

  • List Templates (Deprecated)

    (DEPRECATED) Retrieve a paginated list of user-created templates via GET /templates. Use list_folder_children or workspace children with childrenResourceTypes=sheets,templates instead.

  • Get Current User

    Retrieve the profile of the currently authenticated user via GET /users/me, useful for verifying credentials and obtaining the caller's account context

  • List Alternate Emails

    Retrieve a user's alternate email addresses via GET /users/{userId}/alternateemails

  • List Workspace Folders

    Retrieve top-level folders in a workspace via GET /workspaces/{workspaceId}/folders (deprecated, use workspace children endpoint instead)

  • Share Sheet (Deprecated)

    (DEPRECATED) Share a sheet with users or groups via POST /sheets/{sheetId}/shares

  • Deactivate User

    Deactivate a user via POST /users/{userId}/deactivate, blocking all Smartsheet access while preserving their data and permissions

  • Reactivate User

    Reactivate a previously deactivated user via POST /users/{userId}/reactivate, restoring full Smartsheet access

  • Reset Webhook Shared Secret

    Reset a webhook's shared secret via POST /webhooks/{webhookId}/resetSharedSecret

Set Up Your Smartsheet MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Smartsheet in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Project Management MCP Servers

Azure DevOps

185+ actions

Linear

138+ actions

Bitbucket

134+ actions

Jira

134+ actions

Confluence

133+ actions

Trello

133+ actions

Asana

126+ actions

All Project Management MCP Servers →

Smartsheet MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

Smartsheet MCP Server FAQ

Smartsheet MCP server vs direct API integration — what's the difference?
A Smartsheet MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Smartsheet. A Smartsheet MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Smartsheet at runtime. StackOne provides both.
How does Smartsheet authentication work for AI agents?
Smartsheet authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Smartsheet account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Smartsheet MCP tools vulnerable to prompt injection?
Yes — Smartsheet MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Smartsheet agent and how do I avoid it?
Context bloat happens when Smartsheet tool schemas and API responses eat your Smartsheet agent's memory, preventing it from reasoning effectively. A single Smartsheet query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Smartsheet agent can access?
Yes — you can limit which actions your Smartsheet agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Smartsheet MCP server?
Yes — you can create custom agent actions for your Smartsheet MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Smartsheet's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Smartsheet MCP server?
Skip a Smartsheet MCP server if your integration is purely software-to-software — direct Smartsheet API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Smartsheet actions at runtime.
What AI frameworks and AI clients does the StackOne Smartsheet MCP server support?
The StackOne Smartsheet MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo