07-15-2014 12:03
07-15-2014 12:03
I am trying to call API method GetActivities with <UserID> and got error "Invalid consumer key". i double checked the key, it is correct. I am not sure why i got this error. am i missing anything else here?? GET Method: http://api.fitbit.com/1/user/<userid>/activities/date/2014-07-14.json. And passed request header as "Authorization: OAuth outh_consumer_key="<Consumer Key>"
i red from documentation that we no need to pass either token or any other OAuth parameters. so i didn't pass anything else except consumer key. Any help would be really appreciated.
07-15-2014 13:01
07-15-2014 13:01
The error probably says "Invalid consumer key or signature" or something similar.
You need to sign your request properly, please read this for more details: https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API .
Check out for [GET /
1
/user/-/activities/date/
2010
-
04
-
02
.json
] request on this page for example.
07-15-2014 14:21
07-15-2014 14:21
I tried with OAuth signature. still getting error. I believe Client (Consumer) Secret key is Oauth_Signature parameter value?
Get URL - http://api.fitbit.com/1/user/2SWR5H/activities/date/2014-07-14.json
Request Header: Authorization: OAuth realm="Example", oauth_consumer_key="<consumer key>", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1405458665", oauth_nonce="7d8f3e47", oauth_signature="<secret key that i got from while register application>"
Response:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-UA-Compatible: IE=edge,chrome=1
WWW-Authenticate: OAuth realm="http%3A%2F%2Fapi003-g4.prod.dal05.fitbit.com"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Content-Language: en
Content-Length: 144
Vary: Accept-Encoding
Date: Tue, 15 Jul 2014 21:14:53 GMT
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Connection: Keep-Alive
Set-Cookie: JSESSIONID=F64703C707F40293E326A317677DC1E5.fitbit1; Path=/
{"errors":[{"errorType":"oauth","fieldName":"oauth_signature","message":"Invalid signature: <secret key>"}],"success":false}
any idea why i am getting this??
07-15-2014 14:27
07-15-2014 14:27
Nope client(consumer) key and oauth_signature are two completely different things.
Please read https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API for more details.
in short you should be sending out both: client(consumer) key and signature as parameters.
Signature is a string value that is generated based on request parameters: http://tools.ietf.org/html/rfc5849#section-3.4
07-15-2014 14:28
07-15-2014 14:28
You should consider using an existing OAuth client thats available for your language:
This will save you a lot of time and headache with the OAuth request and signing process.
07-16-2014 12:47
07-16-2014 12:47
let me explain what i am trying to do here,
I want to generate Chart in my application based on Activity data of fitbit user. So i thought of using FitBit Resource Access API (REST endpoints) here. I want to override the FitBit user OAuth authentication page since my application doesn't know any of FitBit users credentials except <UserId>. I gone through the documenation https://wiki.fitbit.com/display/API/API-Get-Activities and it looks like i can get activity data by passing <UserId> in URL like "/1/user/228TQ4/activities/date/2010-02-25.json". So I tried calling this URL with appropriate consumer key, but it didn't work. Is there any other way to acheive this requirement?
07-16-2014 13:29
07-16-2014 13:29
The only way you can get the data is using fitbit API with requires you to go througha valid oauth 1.0a flow.
The oauth 1.0a flow requires fitbit user in what info you're interested in to grant access to your application so you can get access token and access token secret.
Please copy and paste here the request you're trying to make including all the headers.
07-16-2014 13:56
07-16-2014 13:56
I am using fitbit.net api library. Here is the code, here is url for fitbit.net library https://github.com/aarondcoleman/Fitbit.NET/
publicActionResult GetActivity()
{
string ConsumerKey = ConfigurationManager.AppSettings["FitbitConsumerKey"]; //Consumer Key that i got while registring applicaitonstring ConsumerSecret = ConfigurationManager.AppSettings["FitbitConsumerSecret"];//Secret Key that i got while registring applicaiton
Fitbit.Api.
Authenticator authenticator = new Fitbit.Api.Authenticator(ConsumerKey,
ConsumerSecret,
"http://api.fitbit.com/oauth/request_token",
"http://api.fitbit.com/oauth/access_token",
"http://api.fitbit.com/oauth/authorize");
RequestToken token = authenticator.GetRequestToken();
FitbitClient fbClient = newFitbitClient(ConsumerKey, ConsumerSecret, token.Token, token.Secret);
Activity act = fbClient.GetDayActivity(newDateTime(2013, 7, 14));
//print act here
}
07-16-2014 14:04
07-16-2014 14:04
Where are you getting token.Token, token.Secret from?
Please confirm that you did access_token request and got back valid access token and access token secret.
Also pleace paste the request you're making including all the headers.
Also paste here the response you're getting back.
07-16-2014 15:07
07-16-2014 15:07
Here is the entire source code i downloaded from FitBit.Net API library. I tried to tweak few things on this code to override few steps in oAuth authentication flow that I explained below,
source code url - https://github.com/aarondcoleman/Fitbit.NET
to answer to your question first, here is the method that gets me token.Token and token.Secret. you can also see this method if you downloaded code from above url.
public RequestToken GetRequestToken(string callback) { client.Authenticator = OAuth1Authenticator.ForRequestToken(this.ConsumerKey, this.ConsumerSecret, callback); var request = new RestRequest("oauth/request_token", Method.POST); var response = client.Execute(request); var qs = HttpUtility.ParseQueryString(response.Content); RequestToken token = new RequestToken(); token.Token = qs["oauth_token"]; token.Secret = qs["oauth_token_secret"]; if (response.StatusCode != System.Net.HttpStatusCode.OK) throw new Exception("Request Token Step Failed"); return token; }
If you run the downloaded code as is (SampleWebMVC project), it's working fine. because it's complaince with oAuth flow. What i want to do is ridoff the "api.fitbit.com" user authentication step from oAuth authentication flow as my applicaiton don't maintain users credentials except user id. so, here is tweaked code,
public ActionResult Authorize() { string ConsumerKey = ConfigurationManager.AppSettings["FitbitConsumerKey"]; //Consumer Key that i got while registring applicaiton string ConsumerSecret = ConfigurationManager.AppSettings["FitbitConsumerSecret"];//Secret Key that i got while registring applicaiton Fitbit.Api.Authenticator authenticator = new Fitbit.Api.Authenticator(ConsumerKey, ConsumerSecret, "http://api.fitbit.com/oauth/request_token", "http://api.fitbit.com/oauth/access_token", "http://api.fitbit.com/oauth/authorize"); RequestToken token = authenticator.GetRequestToken(); AuthCredential creden = authenticator.ProcessApprovedAuthCallback(token); FitbitClient fbClient = new FitbitClient(ConsumerKey, ConsumerSecret, creden.AuthToken, creden.AuthTokenSecret); Activity act = fbClient.GetDayActivity(new DateTime(2013, 7, 14)); //print act here }
when i execute this code, line "authenticator.ProcessApprovedAuthCallback(token);" returns unAuthorized error. I guess its just because i don't have value in Token.Verifier yet since i am not redirecting application to api.fitbi.com for user authentication. Token.Verifier is returned by api.fitbit.com server while executing callback function. That's what you could see in the original downloaded code.
So, Again my question here is how would i override the "api.fitbit.com" authentication page?? i want to access users fitbit data with registered application consumer key and secret key along with fitbit users user id.
If it's not possible to access fitbit user's data without user's entire credentials (user id and password), Is there a REST method call to do this authentication instead redirecting my application to api.fitibit.com page?
Hope this makes clear about the requirement. Please let me know If need to know anything else.
Thanks
07-16-2014 15:17
07-16-2014 15:17
There is no way to override it since we have to respect Fitbit user's authority and oauh 1.0a flow.
You won't be ever able to get user's data without having fitbit user authorizing access for your app to read his data on fitbit.com authorization page.
07-17-2014 07:48
07-17-2014 07:48
Fine. Is there a REST method to authorize fitbit user?
07-17-2014 07:55 - edited 07-17-2014 07:56
07-17-2014 07:55 - edited 07-17-2014 07:56
There is no rest method where user can authorize your app to use his data. The only place where user can do it is https://api.fitbit.com//oauth/authorize?oauth_token=<temp_access_token>
where <temp_access_token> is a valid temp_access_token that you'll get at request_token step.
07-17-2014 08:29
07-17-2014 08:29
Thank you Ibahdanau!