help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Invalidate Signature with retrofit

‎10-14-2014 09:34

‎10-14-2014 09:34

I am using retrofit api to make network calls on Android. I am getting invalid signature error

{"errors":[{"errorType":"oauth","fieldName":"oauth_signature","message":"Invalid signature: VVhu8YSABOQy6ce/VsUYQ5fClOk="}],"success":false}

.my signature and base url matches with the one generated by fitbit debug tool. I am trying to add header like this

 

request.addHeader("Authorization","OAuth"+
" "+"oauth_consumer_key"+"=\"84890ef561084252b44400a403861203\""+","+
"oauth_signature"+"=\""+signature+"\""+","+
"oauth_nonce"+"=\""+nonce+"\""+","+
"oauth_signature_method"+"=\"HMAC-SHA1\""+","+
"oauth_timestamp"+"=\""+System.currentTimeMillis()/1000+"\""+","+
"oauth_version"+"=\"1.0\""); 

retrofit log

HTTP GET http://api.fitbit.com/1/user/2VQXH4/profile.json
Authorization: OAuth oauth_consumer_key="84890ef561084252b44400a403861203",oauth_signature="VVhu8YSABOQy6ce/VsUYQ5fClOk=",oauth_nonce="4",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1413302886",oauth_version="1.0"

 

 

the equivalent WORKING curl is

curl -api.fitbit.com/1/user/2VQXH4/profile.json' -H 'Authorization: OAuth oauth_consumer_key="84890ef561000252b44400a403861203", oauth_nonce="4", oauth_signature="VVhu8YSABOQy6ce%2FVsUYQ5fClOk%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1413302886", oauth_token="6a70036760c7444d01579ddd2fb3a0db", oauth_version="1.0"'

 any help where I am going wrong

 

Best Answer
Labels:
0 Votes
4 REPLIES 4

‎10-14-2014 10:50

‎10-14-2014 10:50

got it working missed token in header

Best Answer
0 Votes

‎10-14-2014 11:25 - edited ‎10-14-2014 11:25

In response to shazmomin

‎10-14-2014 11:25 - edited ‎10-14-2014 11:25

Great. 

Please don't forget to request for a new access token and secret now!

For future I suggest never post on a public forum you keys or secrets.

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎10-14-2014 12:03

In response to ibahdanau

‎10-14-2014 12:03

No they were not my original tokens!! I changed them lol, thanks though 🙂

Best Answer
0 Votes

‎01-28-2018 21:34 - edited ‎06-10-2018 23:30

‎01-28-2018 21:34 - edited ‎06-10-2018 23:30

It is very easy. you can read it from https://abhiandroid.com/programming/retrofit for further information and will be able to fic your problem.

Best Answer
0 Votes