Solved: Invalid authorization header format

oalders · ‎05-14-2016

I can't get past this error. I have checked all the docs and the code looks fine. The error I'm getting is

{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header format. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

The request looks like:

-- Client >>> Server (https://api.fitbit.com/oauth2/token)
POST /oauth2/token HTTP/1.1\x0d
Accept-Encoding: gzip\x0d
Content-Length: 162\x0d
Host: api.fitbit.com\x0d
User-Agent: Mojolicious::Plugin::Web::Auth/0.12\x0d
Content-Type: application/x-www-form-urlencoded\x0d
Authorization: Basic [client secret here]\x0d
\x0d
client_id=[client id here]&code=91b038f1593f78460d98024954b2b75dbbb9b15e&grant_type=authorization_code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8088%2Fauth%2Ffitbit%2Fcallback
-- Client >>> Server (https://api.fitbit.com/oauth2/token)

-- Client <<< Server (https://api.fitbit.com/oauth2/token)
HTTP/1.1 401 Unauthorized\x0d
Date: Sun, 15 May 2016 02:49:36 GMT\x0d
Content-Type: application/json;charset=utf-8\x0d
Transfer-Encoding: chunked\x0d
Connection: keep-alive\x0d
Cache-control: no-cache, private\x0d
WWW-Authenticate: Basic realm="api.fitbit.com"\x0d
Content-Language: en-CA\x0d
Content-Encoding: gzip\x0d
Vary: Accept-Encoding\x0d
X-Frame-Options: SAMEORIGIN\x0d
Server: cloudflare-nginx\x0d
CF-RAY: 2a33471333b910cf-ORD\x0d

I've checked and double-checked the secret and id. They look to be correct. Is this request somehow malformed?

Thanks,

Olaf

JeremiahFitbit · ‎05-16-2016

The Authorization header must be set to Basic followed by a space, then the Base64 encoded string of your application's client id and secret concatenated with a colon. For example, the Base64 encoded string, Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client secret".

View best answer in original post

JeremiahFitbit · ‎05-16-2016

The Authorization header must be set to Basic followed by a space, then the Base64 encoded string of your application's client id and secret concatenated with a colon. For example, the Base64 encoded string, Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client secret".

AnFit · ‎02-09-2017

I've done the same and trying it on Postman(rest client) but still getting same error
{
"errors": [
    {
      "errorType": "invalid_client",
      "message": "Invalid authorization header. Client id invalid. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
    }
],
"success": false
}

in app its responding like:
BasicNetwork.performRequest: Unexpected response code 401 for https://api.fitbit.com/1/user/-/activities/apiSubscriptions.json

oalders · ‎02-09-2017

You might want to double check your headers. If you get an extra line break in there somewhere, it leads to confusing error messages.

AnFit · ‎02-09-2017

Hi,Thanks for revert firstly.I have doubly checked the headers,but no luck.Do we need to add
X-Fitbit-Subscriber-Id request header?

AnFit · ‎02-10-2017

Hi I am able to solve that issue,it was due to incorrect header
which should be like :
Authorization(key) Bearer access_token

and second While adding subscription we need to replace that "-" from url with userID(not mentioned in docs 😐 ) from user bean and subscriptionID can also be the same as userID.and url will be:
https://api.fitbit.com/1/user/(encodedId)/activites/apiSubscriptions/(encodedId).json

Thanks

Navindas · ‎01-30-2018

@AnFit I am also getting the same problem so would you like to tell me in detail that how do you solve that problem.

Thanks.

dhaval-p · ‎07-24-2018

How to get access token in android ?

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Invalid authorization header format

oalders

JeremiahFitbit

JeremiahFitbit

AnFit

oalders

AnFit

AnFit

Navindas

dhaval-p