help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Invalid authorization header format

ANSWERED

‎05-14-2016 20:01

‎05-14-2016 20:01

I can't get past this error.  I have checked all the docs and the code looks fine. The error I'm getting is

 

{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header format. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

The request looks like:

 

-- Client >>> Server (https://api.fitbit.com/oauth2/token)
POST /oauth2/token HTTP/1.1\x0d
Accept-Encoding: gzip\x0d
Content-Length: 162\x0d
Host: api.fitbit.com\x0d
User-Agent: Mojolicious::Plugin::Web::Auth/0.12\x0d
Content-Type: application/x-www-form-urlencoded\x0d
Authorization: Basic [client secret here]\x0d
\x0d
client_id=[client id here]&code=91b038f1593f78460d98024954b2b75dbbb9b15e&grant_type=authorization_code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8088%2Fauth%2Ffitbit%2Fcallback
-- Client >>> Server (https://api.fitbit.com/oauth2/token)

-- Client <<< Server (https://api.fitbit.com/oauth2/token)
HTTP/1.1 401 Unauthorized\x0d
Date: Sun, 15 May 2016 02:49:36 GMT\x0d
Content-Type: application/json;charset=utf-8\x0d
Transfer-Encoding: chunked\x0d
Connection: keep-alive\x0d
Cache-control: no-cache, private\x0d
WWW-Authenticate: Basic realm="api.fitbit.com"\x0d
Content-Language: en-CA\x0d
Content-Encoding: gzip\x0d
Vary: Accept-Encoding\x0d
X-Frame-Options: SAMEORIGIN\x0d
Server: cloudflare-nginx\x0d
CF-RAY: 2a33471333b910cf-ORD\x0d

 

I've checked and double-checked the secret and id. They look to be correct. Is this request somehow malformed?

 

Thanks,

 

Olaf

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎05-16-2016 08:39

‎05-16-2016 08:39

The Authorization header must be set to Basic followed by a space, then the Base64 encoded string of your application's client id and secret concatenated with a colon. For example, the Base64 encoded string, Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client secret".

View best answer in original post

Best Answer
7 REPLIES 7

‎05-16-2016 08:39

‎05-16-2016 08:39

The Authorization header must be set to Basic followed by a space, then the Base64 encoded string of your application's client id and secret concatenated with a colon. For example, the Base64 encoded string, Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client secret".

Best Answer

‎02-09-2017 02:26 - edited ‎02-09-2017 02:41

In response to JeremiahFitbit

‎02-09-2017 02:26 - edited ‎02-09-2017 02:41

I've done the same and trying it on Postman(rest client) but still getting same error
{
  "errors": [
    {
      "errorType": "invalid_client",
      "message": "Invalid authorization header. Client id invalid. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
    }
  ],
  "success": false
}

 

 

in app its responding like:
BasicNetwork.performRequest: Unexpected response code 401 for https://api.fitbit.com/1/user/-/activities/apiSubscriptions.json

Best Answer
0 Votes

‎02-09-2017 07:47

In response to AnFit

‎02-09-2017 07:47

You might want to double check your headers.  If you get an extra line break in there somewhere, it leads to confusing error messages.

Best Answer

‎02-09-2017 23:33

In response to oalders

‎02-09-2017 23:33

Hi,Thanks for revert firstly.I  have doubly checked the headers,but no luck.Do we need to add
X-Fitbit-Subscriber-Id request header?

Best Answer
0 Votes

‎02-10-2017 02:13 - edited ‎02-10-2017 02:14

In response to AnFit

‎02-10-2017 02:13 - edited ‎02-10-2017 02:14

Hi I am able to solve that issue,it was due to incorrect header
which should be like :
Authorization(key)  Bearer access_token

and second While adding subscription we need to replace that "-" from url with userID(not mentioned in docs 😐 ) from user bean and subscriptionID can also be the same as userID.and url will be:
https://api.fitbit.com/1/user/(encodedId)/activites/apiSubscriptions/(encodedId).json

Thanks

Best Answer
0 Votes

‎01-30-2018 03:15

In response to AnFit

‎01-30-2018 03:15

@AnFit I am also getting the same problem so would you like to tell me in detail that how do you solve that problem.

Thanks.

Best Answer
0 Votes

‎07-24-2018 06:27

In response to JeremiahFitbit

‎07-24-2018 06:27

How to get access token in android ?

Best Answer
0 Votes