Hi Spike, thanks for the feedback. We genuinely appreciate it as it helps us improve our app and better serve our customers.
First, we want to clarify that our app offers secure connection options for Smartsheet via OAuth. It is not necessary to publish Smartsheet with a public URL as our app also offers a specialized read-only “integral table” view that does not require a public link to share data. Furthermore, the 'published' URLs Smartsheet creates contain a long secret, which is really hard to guess. So even though the URL is technically published and the data is accessible to anyone who knows the URL, it is going to be practically impossible for external attackers to brute-force or otherwise get a hold of outside of improper handling. Please note though, that some organization policies might still forbid the use of these kinds of URLs.
We want to reassure you that we only keep the minimal necessary data to retrieve the table data when someone accesses the page in Confluence. All Smartsheet data is protected by Smartsheet’s security measures, and Confluence data is safeguarded by Atlassian. Our app strictly follows Atlassian’s highest marketplace security standards by being part of the bug bounty and Cloud Fortified programs to further attest to our commitment to security.
We’d love to learn more about your use case, answer any additional questions, and address any misunderstandings. If you’re open to it, we’d be happy to schedule a call to explore how we can best meet your needs or implement improvements. Please feel free to reach out to our support team (https://calendly.com/resolution-support) any time if there’s anything we can do to help. We value your input and hope we can work together to find a solution that fits your organization’s requirements!
Best, Fredi