help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Web API - User Data - 401 - "Request is missing required authentication credential"

ANSWERED

‎07-23-2024 07:13

‎07-23-2024 07:13

Hi There.

Starting on 7/19/2023, we started getting 401 errors for a large percentage of our requests for user data, with this error message:

{ "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED" } }

I am able to replicate the issue in Postman as well, where I am clearly sending the bearer token.


Example: https://api.fitbit.com/1/user/53F54D/activities/date/xxxx-xx-xx.json

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎08-26-2024 12:09

In response to Jeff_New_Ocean

‎08-26-2024 12:09

Hi @Jeff_New_Ocean and @DSGTeam 

I want to let you know that we have fixed the "expired_token" error.   We have reverted the error back to the syntax.

{
  "success": false,
  "errors": [
    {
      "errorType": "expired_token",
      "message": "Access token expired: <access_token>. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
    }
  ]
}

 

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

View best answer in original post

Best Answer
19 REPLIES 19

‎07-23-2024 11:58

‎07-23-2024 11:58

Thanks for reporting this, @Jeff_New_Ocean 

We've seen some variations of this problem but haven't found a solution yet.   Let me research and get back to you.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-23-2024 12:05

In response to Gordon-C

‎07-23-2024 12:05

Hi @Jeff_New_Ocean 

I need a little more information from you.

  1. Does this problem happen with only this user or multiple users?   
  2. Does it happen just with the Get Daily Activity Summary endpoint or all endpoints?   
  3. Does the error happen every time you execute the endpoint or sporadically?   
  4. Is the problem happening today?
Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-23-2024 14:18 - edited ‎07-23-2024 14:38

In response to Gordon-C

‎07-23-2024 14:18 - edited ‎07-23-2024 14:38

Thanks @Gordon-C for getting back.

  1. It's happening across the user population.
  2. It's happening across multiple user data retrieval endpoints. I have examples on activities, sleep, and foods.
  3. It is sporadic. Trying to determine if it's always happening for the same users, or inconsistently. But from my Postman testing, it seems to be consistent for the same user.
  4. It is happening today.

 

Best Answer
0 Votes

‎07-24-2024 14:27

In response to Jeff_New_Ocean

‎07-24-2024 14:27

Hi @Jeff_New_Ocean 

I've been able to perform some investigation on this problem and sent it to our engineering team for further investigation.   I'll let you know what I find out.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-25-2024 06:33

In response to Gordon-C

‎07-25-2024 06:33

Thanks @Gordon-C ! 👍

Best Answer
0 Votes

‎07-25-2024 10:36

In response to Gordon-C

‎07-25-2024 10:36

I would like an update on this as well, we are experiencing the same since 7/23. 

Best Answer
0 Votes

‎07-25-2024 12:40

In response to Jeff_New_Ocean

‎07-25-2024 12:40

Hi @Jeff_New_Ocean 

Our engineering team is still looking into your specific problem.   We've confirmed the 401 errors are not related to the current maintenance efforts being performed.  However, they did notice a spike of errors occurring 5:00 UTC every day.   Are you observing the same pattern?   Can you tell me if your application is doing anything specific at this time, such as running a cron job to query user data?

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-25-2024 12:42

In response to DSGTeam

‎07-25-2024 12:42

Hi @DSGTeam 

I need a little more information from you.

  1. Does this problem happen with only with a single user or multiple users?   
  2. Does it happen just with a specific endpoint or all endpoints?   
  3. Does the error happen every time you execute the endpoint or sporadically?   
  4. I'm assuming the answer is yes, but would you confirm if the problem is still happening today?
Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-25-2024 13:32

In response to Gordon-C

‎07-25-2024 13:32

@Gordon-C 

  1. Most of our users sporadically
  2. activities
  3. sporadically
  4. yes it is happening today.

Could this have something to do with the authentication changes you guys are making with google?

 

Best Answer
0 Votes

‎07-26-2024 06:15

In response to DSGTeam

‎07-26-2024 06:15

@Gordon-C confirming that we are still seeing the behavior as I described above today.

Thanks

Best Answer

‎07-26-2024 07:35 - edited ‎07-26-2024 07:48

In response to Jeff_New_Ocean

‎07-26-2024 07:35 - edited ‎07-26-2024 07:48

@Gordon-C I was able to reproduce this on my personal account. I did a fresh authentication yesterday and it synced fine but later in the day, it started kicking the same error. This clued me into the fact that is has to be something with tokens. Today I manually updated my tokens by calling the post on https://api.fitbit.com/oauth2/token and once i had updated tokens, I made the call to get activities and now it works again. I am assuming that it will start failing again once the token expires.
Please note, this is being done from a service that we have not made changes to in a couple years so something must have changed on the fitbit side. 

Best Answer
0 Votes

‎07-29-2024 08:00

In response to DSGTeam

‎07-29-2024 08:00

@Gordon-C or @Jeff_New_Ocean, anything new on this? This is affecting a lot of our users and we need to get it resolved. I have not thought of any workarounds or fixes. Really could use some help. 

Best Answer
0 Votes

‎07-29-2024 10:30

In response to DSGTeam

‎07-29-2024 10:30

@Jeff_New_Ocean I think i figured it out. We are keying off of an error type of "expired_token". We are still getting 401 errors but the structure and message has changed. 
It used to look something like 
{"success":false,"errors":[{"errorType":"expired_token","message":"Access token expired: eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIyMjlMTlYiLCJzdWIiOiI1M1M3UlAiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJzY29wZXMiOiJyYWN0IHJzZXQgcnBybyIsImV4cCI6MTcyMjAzMjI4NSwiaWF0IjoxNzIyMDAzNDg1fQ.Rsh2uy-5BBTTKKY20IOxEKphMuvTMO1wiZ_nqKCqJBY. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}]}

Now it looks like 

{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}





 

Best Answer

‎07-30-2024 05:53

In response to DSGTeam

‎07-30-2024 05:53

@DSGTeam let me check that out. I'm still seeing the behavior today. We do refresh the token on a 401 error, so this may explain why it seems intermittent.

@Gordon-C, if you could confirm this change in behavior, that would be comforting.

Best Answer
0 Votes

‎08-01-2024 12:54

In response to Jeff_New_Ocean

‎08-01-2024 12:54

Yes...I'm confirming the behavior.   I don't think the error should have changed.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎08-02-2024 09:34

In response to Gordon-C

‎08-02-2024 09:34

Hi @Jeff_New_Ocean and @DSGTeam 

Thank you for reporting this problem.   I don't believe the error message should have changed.  I have a reproducible for our engineering team and have asked them to look into the problem.   I hope to have any update next week.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer

‎08-15-2024 07:20

In response to Gordon-C

‎08-15-2024 07:20

Hi @Gordon-C, checking in if there was any update on this. Thanks!

Best Answer
0 Votes

‎08-26-2024 12:09

In response to Jeff_New_Ocean

‎08-26-2024 12:09

Hi @Jeff_New_Ocean and @DSGTeam 

I want to let you know that we have fixed the "expired_token" error.   We have reverted the error back to the syntax.

{
  "success": false,
  "errors": [
    {
      "errorType": "expired_token",
      "message": "Access token expired: <access_token>. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
    }
  ]
}

 

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer

‎08-28-2024 05:52

In response to Gordon-C

‎08-28-2024 05:52

Thanks @Gordon-C for this fix!

Best Answer
0 Votes