help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorization Header Errors

‎07-10-2014 10:02

‎07-10-2014 10:02

Hi, I'm trying to issue the following request which seems completely in-line with the API docs:

 

POST /oauth/access_token HTTP/1.1

Host: api.fitbit.com

Authorization: OAuth oauth_consumer_key="cc67ee9e1533462ca7f2ffde6aa41300",

oauth_token="48ba7e3ce619bf38e155e3482ec59759",

oauth_verifier="epqlig2jcvohlv16l9ec3ujp13",

oauth_signature_method="HMAC-SHA1",

oauth_signature="w52OZgcHyjYFI14jx3SxaCIW3c4%3D",

oauth_timestamp="1405010464",

oauth_nonce="A79D3475-183C-434C-8FEA-5DEFE96109DE",

oauth_version="1.0"

 

However I get back the following:

 

{"errors":[{"errorType":"oauth","fieldName":"n/a","message":"No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed"}],"success":false}

 

Can you tell me what I'm doing wrong? Tried this a million different ways and the APIs are not cooperating.

 

Best Answer
0 Votes
3 REPLIES 3

‎07-10-2014 11:27

‎07-10-2014 11:27

How are you making your request?

Although you're seying your passong quthorization and everything looks good, the fact that it responds with "No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed" means Authorization header from you.

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎07-10-2014 11:28

In response to ibahdanau

‎07-10-2014 11:28

The problem was that the signature didn't match; I forgot to add the verifier into the signature body. The error message was just a generic message. Might want to consider adding a special error if the sig doesn't match.

Best Answer
0 Votes

‎07-10-2014 11:31 - edited ‎07-10-2014 11:32

In response to NerveGas

‎07-10-2014 11:31 - edited ‎07-10-2014 11:32

When you pass invalid signature it returns to you different error that states that your signarure is incorrect.

 

Could you please reproduce behaviour with CURL and sopy and paste your CURL?

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes