I'm using my own account as user, so i know that i dont revoke the access...
I dont get it, why can i access once but no more.

Can more application access to the same user data? I'm using WP, android and desktop sync application with my account.

I'm using this string to acces the data:
https://api.fitbit.com/1/user/2SNG7Q/activities/date/2014-12-20.json   
I think its ok.

Please try to use your client key, client key secret and token credentials at this page: https://dev.fitbit.com/apps/oauthtutorialpage

and see if you can make a request.

Hi,

I am working on an app that gets fitbit user details from the repo. I dont want the fitbit device user to authorise my app more than once. When the user authorises, i save the acess token and secret in database and later try to create the request. Thats where i fail. I am using java. in case you have the issue, can you share some idea on it, even if your code is developed in other language.

Thanks

goswamisantanu

Actually, it seems i dont have a fully working sollution.

I moved the authentication to the MVC5 site, so i can access the data with the stored keys now, but i got webexcepcion 401 sometimes.
Currently, I'm working  on jawbone authentication (and i'm facing the same problem with that), if that work i will move back to fitbit.

what error do you get?

Hi,

I am not able to generate oauth_signature.

any idea how to do it. what i understand it is generated from "consumersecret & accesstokensecret" and then some base64 encoding. thats where i get stuck.. on which jars to import, etc.

Thank you,

goswamisantanu

I dont recommend to manually make an oauth sign, but if you reaaaaaly want to (its in c#, but you will know the flow 😉 😞

var epoch = (int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds;

string oauth_nonce = "freeubi";  //random string
string oauth_signature_method = "HMAC-SHA1";
string consumer_key= "-"; //your consumer key

HMACSHA1 coder = new HMACSHA1();
coder.Key = Encoding.UTF8.GetBytes("&" + currentUser.Fitbit_oauthSecret);  //the utf8 is important!!!

string Signature_Base_String= "GET&https%3A%2F%2Fapi.fitbit.com%2F1%2Fuser%2F"+fitbit_encoded_userid+"%2Fprofile.json&oauth_consumer_key%3D"+consumer_key+ " %26oauth_nonce%3Dfreeubi%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D" + epoch.ToString("0") + "%26oauth_version%3D1.0";  //this is the string to access the user data

var output = coder.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Signature_Base_String));  // also utf8!!!
string signature = Convert.ToBase64String(output, 0, output.Length);  //but this is base64

its working on windowsphone, but just right after the authentication.

Hi,

1. in the fitbit debug tool, the "base string" contains the permanent access token as auth_token parameter along with the parameters you mentioned. ( I am able to create the base string as you suggested along with the auth_token parameter)

2. The signed with value consists of client secret & permanent access secret.

3. The signature contains a string thats ends with a equals sign (=). I am unable to create that as i am looking for a class that works similar to HMACSHA1 in your code.

4. After you get the signature, how do you send the request.

Please share your thoughts on these.

goswamisantanu

Hi,

1. in the fitbit debug tool, the "base string" contains the permanent access token as auth_token parameter along with the parameters you mentioned. ( I am able to create the base string as you suggested along with the auth_token parameter)

2. The signed with value consists of client secret & permanent access secret.

3. The signature contains a string thats ends with a equals sign (=). I am unable to create that as i am looking for a class that works similar to HMACSHA1 in your code.

4. After you get the signature, how do you send the request.

Please share your thoughts on these.

goswamisantanu

Hi,

I tried many things since I last spoke to you. I create a base_String = GET&https%3A%2F%2Fapi.fitbit.com%2F1%2Fuser%2F36VRGQ%2Factivities%2Fdate%2F2015-02-25.json&oauth_consumer_key%3D"+consumer_key+"%26oauth_nonce%3D1428313966%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1428313966%26oauth_token%3D"+auth_token+"%26oauth_version%3D1.0

I generate the auth_signature using scribe in my java code as:

HMACSha1SignatureService hmacService = new HMACSha1SignatureService();

auth_signature = hmacService.getSignature(baseString, clientSecret, auth_secret);

and the outcome looks good.

the curl command is 

C:/work/curl-7.33.0-win64-nossl/curl.exe -X GET -i 

 -H 'Authorization:OAuth oauth_consumer_key="155a7cd4b77743bea5a4a2b7ba4dcc39", oauth_nonce="1428313966", oauth_signature="Kj8X2hC73SIMVjLeBfd3SPoTKJo%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1428313966" oauth_token="87516ad3440b46d77e0aff66b89f8651", oauth_version="1.0"' 

https://api.fitbit.com/1/user/36VRGQ/activities/date/2015-02-25.json

This is exactly like that is shown in the fitbit page: https://dev.fitbit.com/apps/oauthtutorialpage

but this do not execute. 

Q1. is it any error in my variables.

Q2. I am running this on curl installed on my windows OS laptop. do i need to run it on linuc to make it work ?

Q3. I think i need to pass base_string, clientSecret, auth_secret to generate the auth_signature. am I correct ?

Please respond. I need to get data for mulitple fitbit users who have approved my app already

Thanks

goswamisantanu

What message are you getting back?

Hi,

As I said in my last mail, no message is returned in this case. The execution just stops with this italicised statements below.

curlcmd as string parameter: C:/work/curl-7.33.0-win64-nossl/curl.exe -X GET -i
-H 'Authorization: OAuth oauth_consumer_key="155a7cd4b77743bea5a4a2b7ba4dcc39", oauth_nonce="1428384960", oauth_signature="sb0a58DUlVSTiFC5n24wE6Z2Q1g%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1428384960" oauth_token="4f026121f3dbe8cf7f58fee6fcb1bafb", oauth_version="1.0"'
https://api.fitbit.com/1/user/35B2Z5/activities/date/2015-02-25.json
process waitfor 1
input size: null
the output is:

Not sure what stops it from excuting or at least return a error message.

today i will stream the curl command to a .cmd file in windows and execute it from there. hope i move forward.

goswamisantanu

Hi,

I aam getting the error

{"errors":[{"errorType":"oauth","fieldName":"n/a","message":"No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed"}],"success":false}

now. 

The base string, auth-token, client_secret are still same. 

goswamisantanu

Send the bearer token also...

i am sorry but can you point me to the bearer token 🙂

which one is that pls.

goswamisantanu

Hi Ivan,

Thanks for clearing the doubt on the bearer token.

In last 2 months, I have executed requests 100+ times on the Fitbit API debug page successfully. When I run my java code, opens this url in the browser http://d8l8102.in.nam.ad.pwcinternal.com:8080/FBApp/fitbitApiAuthExample. This asks the user to click 'Deny' or 'Allow'.  Once allowed the jsp displays activity for a date and his user profile (thats how I coded them). I store user's entityid, permanent access token and permanent access token secret in database, 

I want my app to be approved by as many users for whom I can get fitbit repository data at regular intervals for analytics (until the user revokes my app). I want to achieve by creating the curl command as displayed in the Fitbit API debug page. But I am getting the error shared in my last message. 

You suggested using http libraries to make requests from code, can you please suggest me any particular library for java.

Thanks in advance,

goswamisantanu

Hi Ivan,

I think I have solved my problem. 

Thanks a lot

goswamisantanu