30

I am having trouble accessing all athlete activities (my own) from the url in Strava's api documentation.

I am able to get my own year-to-date stats:

https://www.strava.com/api/v3/athletes/XXXXXXXX/stats?access_token=ACCESSTOKEN

I am able to get my profile information:

https://www.strava.com/api/v3/athlete?access_token=ACCESSTOKEN

But when I try to get all my activities:

https://www.strava.com/api/v3/athlete/activities?access_token=ACCESSTOKEN

I receive the following error:

{
    "message": "Authorization Error",
    "errors": [
        {
            "resource": "AccessToken",
             "field": "activity:read_permission",
             "code": "missing"
        }
    ]
}

Do I need to include my client ID or secret key somewhere in the url? I am logged in and so do not understand why I cannot access my own information. Please advise

tezzo
  • 10,858
  • 1
  • 25
  • 48
mhanley00
  • 639
  • 1
  • 7
  • 11
  • if this is a recent problem please note that 4 days ago they changed authentication process: https://developers.strava.com/docs/oauth-updates/. how do you obtained your ACCESS_TOKEN? – tezzo Oct 19 '18 at 07:56

3 Answers3

38

On October 15, 2018 Strava enhanched the authorization process introducing new list of scopes.

Are you using the access token you find on https://www.strava.com/settings/api?

This token has scope:read that maybe is not enough to do what you want (i.e. are your activities public or private?).

If you need a new token with different scopes you have to follow these steps.

STEP 1: redirect the user to Strava's authorization page:

https://www.strava.com/oauth/authorize?
    client_id=YOUR_CLIENT_ID&
    redirect_uri=YOUR_CALLBACK_DOMAIN&
    response_type=code&
    scope=YOUR_SCOPE

STEP 2: read code parameter from response:

http://YOUR_CALLBACK_DOMAIN/?
    state=&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    scope=YOUR_SCOPE

STEP 3: ask for a new access token using a POST containing the authorization code; you'll find the new access_token in the JSON response.

https://www.strava.com/oauth/token?
    client_id=YOUR_CLIENT_ID&
    client_secret=YOUR_CLIENT_SECRET&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    grant_type=authorization_code

You can find client ID, client secret and callback domain in your application page.

You can find the list of new scopes in this documentation.

If you are the only person that use your application you can manually do the first 2 steps using a browser and http://localhost as callback domain.

tezzo
  • 10,858
  • 1
  • 25
  • 48
  • Thank you tezzo! I will play around with this more and may have more questions for you. – mhanley00 Oct 23 '18 at 17:09
  • As tezzo mentioned you can do steps 1 and 2 in the browser. I successfully used postman (HTTP client) to create my POST request for step 3, which returned access and refresh tokens. – Roy Oct 29 '18 at 18:29
  • I was able to create the token with the `scope:read_all` and I'm able to get my clubs (`/api/v3/athlete/clubs`), but asking for an athletes activities is giving me the same auth error... is this because I'm not using a forever token? – SebastienPattyn Jan 02 '19 at 13:14
  • Sorry @SebastienPattyn but I don't know: I've always used Strava API to only read my activities so I don't know the minimum scope/authorization to read other athletes activities. – tezzo Jan 02 '19 at 15:24
  • @tezzo when I try to use http://localhost in step 1, the browser says "localhost refused to connect." – franchyze923 Feb 07 '19 at 20:56
  • @fpolig01 I can't test it now. what redirect_uri are you using? simply localhost or localhost with http://? have you tried both? – tezzo Feb 08 '19 at 07:48
  • @tezzo Thanks, I got it working. The code I was looking for was in the web address on the web page that displayed localhost. Thanks for the help! – franchyze923 Feb 08 '19 at 13:38
  • @tezzo I have another question. I've obtained a forever token so I’m fine for now but moving forward how would I do this process on a webpage with JavaScript? Right now, I'm manually doing steps 1/2 in the browser and using postman for step 3. Once I get the auth code I hard code it in my website using fetch(). If I need to automate this client side/in a webpage how would I go about doing that? The only way I currently know how to get the code from step1 is to type that URL into the browser, click authorize and then copy the auth code that is in the web address. Thank you! – franchyze923 Feb 08 '19 at 19:42
  • check any oauth tutorial. basically you have to create a callback domain that automatically performs step 2/3 and pass the token to your app. – tezzo Feb 11 '19 at 07:43
  • @SebastienPattyn what scope did you end up using to view your own public activities? 'read' ? – Brian Daneshgar Oct 16 '19 at 17:58
13

I don't have enough points to comment, but I have done exactly this recently!

In order to make it work you have to set scope=activity:read (instead of 'scope=read') in Step 1.

Ben Personick
  • 3,074
  • 1
  • 22
  • 29
Chris Hughes
  • 185
  • 2
  • 7
  • Good catch! I followed the current [oauth example](https://github.com/strava/go.strava/blob/master/examples/oauth_example.go) and had to update the generated redirect url from `scope=public` to `scope=activity:read` – SethYes Jul 12 '20 at 20:55
  • Awesome! Helped me a lot – Yegor Vasiliev Jun 08 '21 at 14:05
2

Strava api access... This short youtube video walks you thru the steps. https://www.youtube.com/watch?v=sgscChKfGyg and here is a text file on github that has the corresponding links. https://github.com/franchyze923/Code_From_Tutorials/blob/master/Strava_Api/request_links.txt

/// get a new access token because it changes. Step 3 in the text file
        var value = new Dictionary<string, string>
         {
            { "client_id", "abc" },
            { "client_secret", "defg" },
            { "refresh_token", "highlmnop" },
            { "grant_type", "refresh_token" }
         };

        var content = new FormUrlEncodedContent(value);
        var result = await client.PostAsync("https://www.strava.com/oauth/token", content);
        string resultContent = await result.Content.ReadAsStringAsync();
        var stravaDetails = JsonConvert.DeserializeObject<StravaRoot>(resultContent);
        // end get new access token


 public class StravaRoot
    {
        public string token_type { get; set; }
        public string access_token { get; set; }
        public int expires_at { get; set; }
        public int expires_in { get; set; }
        public string refresh_token { get; set; }
    }
Flood Techs
  • 167
  • 2