Getting "invalid_client" while first time calling API

127 views
Skip to first unread message

NR

unread,
Jul 23, 2019, 4:27:11 PM7/23/19
to FatSecret Platform API
Hi ,

I have been trying to call the very first API after I received, ID and Key and I get this "invalid_client" error
Here is my curl request

curl -u CUSTOMER_ID:CUSTOMER_SECRET -d "grant_type=client_credentials&scope=basic" -X POST https://oauth.fatsecret.com/connect/token 

{"error":"invalid_client"}

I would really appreciate if anyone has seen this and help me resolve. It seems like the server is missing a configuration to validate me as a client with the given credentials! Whom should I connect with?

Thanks,
Nutan 

Abdulmalik Wada

unread,
Aug 10, 2022, 5:33:40 AMAug 10
to FatSecret Platform API
Hello, Please were you able to solve this? If yes, can you walk me through it? currently struggling with this. 

Thanks, 
Abdulmalik

seba...@fatsecret.com

unread,
Aug 10, 2022, 5:35:28 AMAug 10
to FatSecret Platform API
Hi guys,

Please find attached a few screenshots from Postman in particular regarding Authorization.

Kind regards,
The FatSecret Platform API Team

E459A5ADE11B402DB36C4CDC5810BE8D.png
05EEB4A7A68A4659BFF2D455C8F072AC.png
image.png

Kevin Nguyen

unread,
Nov 22, 2022, 10:30:22 AM (9 days ago) Nov 22
to FatSecret Platform API
I'm able to get it working with Request API on JS, it looks like this:

Screenshot 2022-11-22 084748.png

I would say you need the content-type in the header set like mine. Hopefully this helps you a bit even if it's a bit late.

seba...@fatsecret.com

unread,
Nov 22, 2022, 10:34:04 AM (9 days ago) Nov 22
to FatSecret Platform API
Dear all,

Further to the IP related questions:

To better secure OAuth 2.0 we implemented IP Restrictions.
This restrictions 'white list' IP Addresses for a given client Key/Secret.

We block requests to FatSecret API for a Key/Secret if the source IP is not white listed.Before releasing IP ranges we allowed only 15 specific IP addressesThe new 'ranges' allows users to white list up to 15 ranges of IP addresses.

Example: 0.0.0.0/0 => is a range that allows any IPV4 https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

For Mobile apps we would recommend using an API proxy server to avoid Mobile Apps communicating directly with FatSecret APIs.

This proxy should be responsible for:

-          Manage the validity / renewal of your OAuth 2.0 access tokens
-          Forward any FatSecret related requests to FatSecret APIs
 
We would like to ask you to avoid having your client’s credentials part of your Mobile App source code / configuration.


Kind regards,
The FatSecret Platform API Team

Reply all
Reply to author
Forward
0 new messages