Invalid signature : oauth signature

718 views
Skip to first unread message

CharuhasVidwans

unread,
Sep 17, 2012, 5:37:42 AM9/17/12
to fatsecret-p...@googlegroups.com
Hi,

I am trying to use REST APIs for fatsecret in Android application.
I am getting "Invalid signature : oauth signature" error. I am trying to call food.get function through REST api.

My function which calculates the signature is:

 private String ComputeSha(String s, String keyVal) throws 
   UnsupportedEncodingException, NoSuchAlgorithmException, 
   InvalidKeyException { 

                
               Mac mac = Mac.getInstance("HmacSHA1"); 
                        SecretKeySpec key = new SecretKeySpec((keyVal).getBytes(), 
    "HmacSHA1"); 
               mac.init(key);
               byte[] bytes = mac.doFinal(s.getBytes()); 

              
               return new String(Base64.encode(bytes,0)); 

               } 

My base string is (when POST method used) :

POST&http%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api&food_id%3D33691%26method%3Dfood.get%26oauth_consumer_key%xxxxxx%26oauth_nonce%3D1358986070%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1347873420%26oauth_version%3D1.0

key used : "consumer key&"

I am consistently getting invalid signature error.

Output received is:

<?xml version="1.0" encoding="utf-8" ?>
<code>8</code>
<message>Invalid signature: oauth_signature 'O53sUmirpasamNVVIsuwsbyuyEI=
09-17 15:05:00.885: E/response--->(12420): '</message>
</error>

Can anybody help?

Thanks,
Charuhas Vidwans.

Alexandre Pari

unread,
Dec 16, 2012, 5:43:26 AM12/16/12
to fatsecret-p...@googlegroups.com
Do you find the solution, because I have the same problem... ?

Jeremiah Stephenson

unread,
Feb 3, 2013, 6:27:36 PM2/3/13
to fatsecret-p...@googlegroups.com

Most likely both of you are doing it mostly correct.  I had the same problem until today when I found the solution.  FatSecret has a jar file on their website that can be found within the download links on this page: http://platform.fatsecret.com/api/Default.aspx?screen=res.  When you open that file, look for the FatSecret jar file.  If you open the jar file, you will find a FatSecretAPI.java file.  If you open that up you see a bunch of code that is very useful in solving any authentication errors.  The part that helped me the most was using the Base64Util class that they have within that java file.  All I needed to do was copy that into my code and use that to encode my signature base string rather than using Android.util.Base64.  
Reply all
Reply to author
Forward
0 new messages