Hi everyone,
I'm currently running into an issue when trying to get a request token from FatSecret's API using OAuth 1.0a — the API always returns an invalid signature error, and I can't seem to figure out why.
I'm using the consumer_key and consumer_secret provided in my developer account (I've double-checked them via console.log and they are correct). I'm generating the signature using the oauth-1.0a library in Node.js, with HMAC-SHA1 as the signature method. Here's the relevant snippet:
const oauth = new OAuth({
consumer: {
key: process.env.CONSUMER_KEY,
secret: process.env.CONSUMER_SECRET,
},
signature_method: 'HMAC-SHA1',
hash_function(base_string, key) {
return crypto
.createHmac('sha1', key)
.update(base_string)
.digest('base64');
},
});
I'm calling http://authentication.fatsecret.com/oauth/request_token and have tried both GET (with all OAuth params in the query string) and POST (with the OAuth params in the Authorization header). Both attempts return the same invalid signature error.
The OAuth parameters like oauth_nonce, oauth_timestamp, oauth_signature_method, etc., are being auto-generated by the library. I’ve also tried placing oauth_callback in the body and in the query string.
Everything seems correct at first glance — is there something specific to FatSecret’s implementation I might be missing? Could it be related to how the base string is built or how the signature is being generated?
Any help would be greatly appreciated.
Thanks!
Dinis Pereira