Authorization Header Errors

NerveGas · ‎07-10-2014

Hi, I'm trying to issue the following request which seems completely in-line with the API docs:

POST /oauth/access_token HTTP/1.1

Host: api.fitbit.com

Authorization: OAuth oauth_consumer_key="cc67ee9e1533462ca7f2ffde6aa41300",

oauth_token="48ba7e3ce619bf38e155e3482ec59759",

oauth_verifier="epqlig2jcvohlv16l9ec3ujp13",

oauth_signature_method="HMAC-SHA1",

oauth_signature="w52OZgcHyjYFI14jx3SxaCIW3c4%3D",

oauth_timestamp="1405010464",

oauth_nonce="A79D3475-183C-434C-8FEA-5DEFE96109DE",

oauth_version="1.0"

However I get back the following:

{"errors":[{"errorType":"oauth","fieldName":"n/a","message":"No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed"}],"success":false}

Can you tell me what I'm doing wrong? Tried this a million different ways and the APIs are not cooperating.

ibahdanau · ‎07-10-2014

How are you making your request?

Although you're seying your passong quthorization and everything looks good, the fact that it responds with "No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed" means Authorization header from you.

Ivan Bahdanau
Senior Software Developer at Fitbit

NerveGas · ‎07-10-2014

The problem was that the signature didn't match; I forgot to add the verifier into the signature body. The error message was just a generic message. Might want to consider adding a special error if the sig doesn't match.

ibahdanau · ‎07-10-2014

When you pass invalid signature it returns to you different error that states that your signarure is incorrect.

Could you please reproduce behaviour with CURL and sopy and paste your CURL?

Ivan Bahdanau
Senior Software Developer at Fitbit

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Authorization Header Errors

NerveGas

ibahdanau

NerveGas

ibahdanau