Solved: Introspect endpoint always returning 401

dby4 · ‎03-19-2019

Hello,

Every time I reach out to the introspect endpoint I am getting a 401.

below is the code that I am using, the access token is an old access token from about a week ago, but I would expect a false or a 0 not a 401.

                string strURL = "https://api.fitbit.com/oauth2/introspect";

                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(strURL);
                request.Method = "POST";
                request.Headers["Authorization"] = "Bearer " + objAccessToken.access_token;
                request.Accept = "application/json";
                request.ContentType = "application/x-www-form-urlencoded";
                
                WebResponse myResponse;
                myResponse = request.GetResponse();

What am I doing wrong?

Thank you!

Dave

Gordon-C · ‎03-19-2019

Hi @dby4 ,

We updated the Introspect endpoint and changed the syntax last year. to represent the new version. Please read the documentation on the new syntax and let me know if you have any questions.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

View best answer in original post

Gordon-C · ‎03-19-2019

Hi @dby4 ,

We updated the Introspect endpoint and changed the syntax last year. to represent the new version. Please read the documentation on the new syntax and let me know if you have any questions.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

kazy28 · ‎09-02-2019

Hello, I am having the same issue at this very moment with the current introspect specs and endpoint.

If I submit a valid token, the call does indeed respond with the json structure described in the docs but, when I submit an invalid token, it does not, it just responds with a 401 Unauthorized code.

Am i missing the whole point of this endpoint? (pun not intended). I believe it's supposed to return the state of the token, regardless of what that token is, so if i submit anything other than a valid active token, shouldn't it return

{
    "active":false
}

as stated in the aforementioned docs?

I'm developing a Client app, using Implicit Grant Flow.

Thanks!

Gordon-C · ‎09-03-2019

Hi @kazy28

If you're getting a 401 Unauthorized error, then the bearer token you are supplying in Authorization header is not valid. The "token" to test is a body parameter to the introspect endpoint. You should receive the response "active : false" for invalid tokens whether they are bad, refresh tokens or expired..

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

kazy28 · ‎09-03-2019

Thank you for your help.

I'm sorry, I really thought the token to be "tested" via the introspect endpoint was the same token I use for every request to the API (the token I got in the consent process via oauth).

If this means that the token I'm supposed to attach to the Authorization header on every request to the API is NOT the same as the token I can "test" with introspect, well, I really didn't know that. I'm sorry but where does it say so in the docs, could you please explain the difference between the two, or at least provide me with some resources to read about it. Also, what's the use of introspecting a token I'm not using for my requests?

Thanks again!

ps: I made a mistake and misinformed you the last time, I'm actually developing a Personal app. Sorry 🙂

Gordon-C · ‎09-04-2019

Hi @kazy28

That's great feedback. We're actively working on updating our endpoint documentation. I'll include your suggestions with the Introspect endpoint.

Thank you

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

kazy28 · ‎09-07-2019

That's great to hear!

I'm sorry to bother you again but lately I seem to be getting errors from some requests that are not documented (the errors) in the API's docs. For instance, if I try https://api.fitbit.com/1/user/-/activities/heart/date/2011-01-01/2019-09-07.json, I would get a status 400 Bad request response which, among other info, includes an error message that reads:

The number of days between time series start and end dates cannot exceed MAX.

Now, that's the type of information I, as a developer, would expect to be included in the doc's like, what/where is MAX, can I set it myself? etc.

Also, the docs for that specific endpoint state that

"If you specify earlier dates in the request, the response will retrieve only data since the user's join date or the first log entry date for the requested collection."

which is why I don't know why I'm getting a bad request error, instead of the API just ignoring any dates before "...the user's join date or the first log entry date for the requested collection."

Anyways, I'm so very grateful for your help, I'm using your API for my thesis and would very much appreciate it if you could give me some pointers on where to go when these issues arise. Do you have a repository, in GitHub maybe, where I could also look for answers and maybe give something to the Fitbit community myself.

Thank you

Gordon-C · ‎09-09-2019

Hi @kazy28

That error message means the distance between the start date and end date is too large. I'll see what was can do to improve the error text and get it added to our documentation. The maximum date range is about 1000 days. Try shortening the date range for your query to see if that resolves the problem. If you require getting data between 2011 - 2019, you'll need to execute the endpoint multiple times and adjust your date range accordingly.

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

pécé · ‎11-07-2019

Hello Gordon !

I'm getting the same result : tested token on introspect endpoint always return active: false. I know the token is ok as I can reach endpoints without getting 401 responses.

What's wrong in the following request ?

POST https://api.fitbit.com/1.1/oauth2/introspect
Authorization: Bearer <VALID_TOKEN>

token=<VALID_TOKEN>

Gordon-C · ‎11-07-2019

Hi @pécé

Would you please private message me the exact syntax you're using including the headers, their values and the token you're trying to return the status?

Thanks!

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

pécé · ‎11-07-2019

Hi Gordon,

How can I private message you ?

pécé · ‎11-07-2019

test

*Pierre-Charles BERTINEAU*

*Technical lead*

Gordon-C · ‎11-08-2019

Hi @pécé

I created a case for this problem and sent you an email. Please reply to the email with the information requested.

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Introspect endpoint always returning 401

dby4

Gordon-C

Gordon-C

kazy28

Gordon-C

kazy28

Gordon-C

kazy28

Gordon-C

pécé

Gordon-C

pécé

pécé

Gordon-C