OAuth Authentication - Invalid signature. Node.js

Skip to first unread message


Jan 15, 2023, 9:33:56 PMJan 15
to FatSecret Platform API
Hello there! I'm trying to implement the  OAuth Authentication, but I'm getting the "Invalid signature".
This is my code:

let query = new URLSearchParams({
oauth_consumer_key: "xxx",
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: Math.floor(Date.now() / 1000),
oauth_nonce: 'test',
oauth_version: '1.0',
oauth_callback: 'oob'

const method = 'GET';
const baseUrl = 'https://www.fatsecret.com/oauth/request_token';

const signatureBaseString = `${method}&${encodeURIComponent(baseUrl)}&${encodeURIComponent(query.toString())}`;
console.log('signature_base_string', signatureBaseString);
const secretKey = 'xxx';
const signingKey = `${secretKey}&`;

const oauth_signature = crypto.createHmac('sha1', signingKey).update(signatureBaseString).digest('base64');
let data = 'empty';
try {

const response = await fetch(`${baseUrl}?${query.toString()}&oauth_signature=${oauth_signature}`, {
method: 'GET'
data = await response.text();
} catch (error) {
console.log('There was an error', error);

What can be wrong with this implementation?

Thanks in advance!

Yuri Orlov

May 3, 2023, 6:23:32 PMMay 3
to FatSecret Platform API
I have the same problem. 

Http code 400


May 4, 2023, 2:20:59 AMMay 4
to FatSecret Platform API
Hi guys,
Can you pls double check all calls are made via HTTPS?
Kind regards,
The FatSecret Platform API Team


May 4, 2023, 5:09:51 AMMay 4
to FatSecret Platform API
Hi guys,

Something else that might help:

    On FatSecret REST API - Authentication OAuth 1 https://platform.fatsecret.com/api/Default.aspx?screen=rapiauth1

Delete the spaces around the “&” sign in the string: POST & https%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api & a%3Dfoo%26oauth_consumer_key%3Ddemo%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D12345678%26oauth_version%3D1.0%26z%3Dbar

=> Signature fails if you include spaces around the “&” sign.

=> request_token does not work with POST, only with GET

Kind regards,
The FatSecret Platform API Team

Felipe Coury

May 7, 2023, 7:45:46 PMMay 7
to FatSecret Platform API
I am getting the exact same error and I checked my base string over and over again: no spaces, https confirmed, and still get error 400. Any hints?
Reply all
Reply to author
0 new messages