Login/Register
Problem with access token in Strava API v3 GET all athlete activities
Asked Answered
javascriptnode.jsajaxstrava
P

3

31

I am having trouble accessing all athlete activities (my own) from the url in Strava's api documentation.

I am able to get my own year-to-date stats:

https://www.strava.com/api/v3/athletes/XXXXXXXX/stats?access_token=ACCESSTOKEN

I am able to get my profile information:

https://www.strava.com/api/v3/athlete?access_token=ACCESSTOKEN

But when I try to get all my activities:

https://www.strava.com/api/v3/athlete/activities?access_token=ACCESSTOKEN

I receive the following error:

{
    "message": "Authorization Error",
    "errors": [
        {
            "resource": "AccessToken",
             "field": "activity:read_permission",
             "code": "missing"
        }
    ]
}

Do I need to include my client ID or secret key somewhere in the url? I am logged in and so do not understand why I cannot access my own information. Please adviseπŸ™

Partain answered 18/10, 2018 at 18:33 Comment(1)
if this is a recent problem please note that 4 days ago they changed authentication process: developers.strava.com/docs/oauth-updates. how do you obtained your ACCESS_TOKEN? – Oto
O
39

On October 15, 2018 Strava enhanched the authorization process introducing new list of scopes.

Are you using the access token you find on https://www.strava.com/settings/api?

This token has scope:read that maybe is not enough to do what you want (i.e. are your activities public or private?).

If you need a new token with different scopes you have to follow these steps.

STEP 1: redirect the user to Strava's authorization page:

https://www.strava.com/oauth/authorize?
    client_id=YOUR_CLIENT_ID&
    redirect_uri=YOUR_CALLBACK_DOMAIN&
    response_type=code&
    scope=YOUR_SCOPE

STEP 2: read code parameter from response:

http://YOUR_CALLBACK_DOMAIN/?
    state=&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    scope=YOUR_SCOPE

STEP 3: ask for a new access token using a POST containing the authorization code; you'll find the new access_token in the JSON response.

https://www.strava.com/oauth/token?
    client_id=YOUR_CLIENT_ID&
    client_secret=YOUR_CLIENT_SECRET&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    grant_type=authorization_code

You can find client ID, client secret and callback domain in your application page.

You can find the list of new scopes in this documentation.

If you are the only person that use your application you can manually do the first 2 steps using a browser and http://localhost as callback domain.

Oto answered 19/10, 2018 at 8:34 Comment(10)
Thank you tezzo! I will play around with this more and may have more questions for you. – Partain
As tezzo mentioned you can do steps 1 and 2 in the browser. I successfully used postman (HTTP client) to create my POST request for step 3, which returned access and refresh tokens. – Nollie
I was able to create the token with the scope:read_all and I'm able to get my clubs (/api/v3/athlete/clubs), but asking for an athletes activities is giving me the same auth error... is this because I'm not using a forever token? – Romanticist
Sorry @Romanticist but I don't know: I've always used Strava API to only read my activities so I don't know the minimum scope/authorization to read other athletes activities. – Oto
@Oto when I try to use localhost in step 1, the browser says "localhost refused to connect." – Celinacelinda
@fpolig01 I can't test it now. what redirect_uri are you using? simply localhost or localhost with http://? have you tried both? – Oto
@Oto Thanks, I got it working. The code I was looking for was in the web address on the web page that displayed localhost. Thanks for the help! – Celinacelinda
@Oto I have another question. I've obtained a forever token so I’m fine for now but moving forward how would I do this process on a webpage with JavaScript? Right now, I'm manually doing steps 1/2 in the browser and using postman for step 3. Once I get the auth code I hard code it in my website using fetch(). If I need to automate this client side/in a webpage how would I go about doing that? The only way I currently know how to get the code from step1 is to type that URL into the browser, click authorize and then copy the auth code that is in the web address. Thank you! – Celinacelinda
check any oauth tutorial. basically you have to create a callback domain that automatically performs step 2/3 and pass the token to your app. – Oto
@Romanticist what scope did you end up using to view your own public activities? 'read' ? – Partnership
C
13

I don't have enough points to comment, but I have done exactly this recently!

In order to make it work you have to set scope=activity:read (instead of 'scope=read') in Step 1.

Cultivate answered 23/10, 2019 at 17:41 Comment(2)
Good catch! I followed the current oauth example and had to update the generated redirect url from scope=public to scope=activity:read – Lorentz
Awesome! Helped me a lot – Isochor
L
2

Strava api access... This short youtube video walks you thru the steps. https://www.youtube.com/watch?v=sgscChKfGyg and here is a text file on github that has the corresponding links. https://github.com/franchyze923/Code_From_Tutorials/blob/master/Strava_Api/request_links.txt

/// get a new access token because it changes. Step 3 in the text file
        var value = new Dictionary<string, string>
         {
            { "client_id", "abc" },
            { "client_secret", "defg" },
            { "refresh_token", "highlmnop" },
            { "grant_type", "refresh_token" }
         };

        var content = new FormUrlEncodedContent(value);
        var result = await client.PostAsync("https://www.strava.com/oauth/token", content);
        string resultContent = await result.Content.ReadAsStringAsync();
        var stravaDetails = JsonConvert.DeserializeObject<StravaRoot>(resultContent);
        // end get new access token


 public class StravaRoot
    {
        public string token_type { get; set; }
        public string access_token { get; set; }
        public int expires_at { get; set; }
        public int expires_in { get; set; }
        public string refresh_token { get; set; }
    }
Lidia answered 15/4, 2021 at 23:16 Comment(0)

© 2022 - 2024 β€” McMap. All rights reserved.