CODEWITHSUNDEEP
restoauthfitbit
Kalyan
Kalyan

Reputation: 99

Getting Invalid signature error while invoking FITBIT rest API

I have registered in FITBIT. I am making a request to fitbit api(POST /oauth/request_token) with consumer key. I have referred https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API

My request is: POST /request_token HTTP/1.1 Host: oauth Authorization: OAuth realm="https:/api.fitbit.com/oauth/request_token",oauth_consumer_key="XXXXXXXXXXXX",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1399958922",oauth_nonce="H8xxW0",oauth_version="1.0",oauth_signature="80M1tag6%2FYk2JV%2FQdQ%2BucxxDrLA%3D" Cache-Control: no-cache

I am getting invalid signature error with below json object:

{
    "errors": [
        {
            "errorType": "oauth",
            "fieldName": "oauth_signature",
            "message": "Invalid signature: 80M1tag6/Yk2JV/QdQ+ucxxDrLA="
        }
    ],
    "success": false }

We have Consumer Key and Consumer Secret Key. Don't have Token Secret at this stage. please give me a solution to get this API working.

Thanks, Kalyan

Upvotes: 1

Views: 1235

Answers (1)

sallamander
sallamander

Reputation: 1

Like WestDiscGolf mentioned, you need to make sure that your callback URL matches the callback URL in the application you are writing. Usually when you sign up for a developer account to access API's, they ask for a callback URL, and the callback URL has to match what you put in when you request an access token.

If you're getting an invalid signature error, though, then the callback URL probably isn't the issue. You need to make sure that the signature matches exactly what they specify in the API documentation. Signatures can be tricky, and there are a number of libraries that are available to help with that. I use Java primarily, and for Java the Scribe library is great (https://github.com/fernandezpablo85/scribe-java).

Upvotes: 0

Related Questions