Signature Invalid
8 views
Skip to first unread message
Intelligent Life
Dec 7, 2025, 9:37:57 PM (4 days ago) Dec 7
to fatsecret Platform API
Hi, I am trying to get nutricional information about a product. I developt these code in PHP but I can´t find the way to return a correct Oauth Signature. I don´t know if the problem is that the sequence of codifications is incorrect. If anybody can help me I would appreciate it.
Thank you.
// --- VARIABLES ---
$url = 'https://platform.fatsecret.com/rest/food/v5?';
$timestamp = time();
$nonce = bin2hex(random_bytes(16));
// --- PARÁMETROS OAUTH PARA EL BODY ---
$oauth_params = [
'food_id' => urlencode($_POST['id_ingrediente']),
'format' => 'json',
'method' => 'food.get',
'oauth_consumer_key' => CONSUMER_KEY,
'oauth_nonce' => $nonce,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $timestamp,
'oauth_version' => '1.0'
];
$param_string = http_build_query($oauth_params, '', '&', PHP_QUERY_RFC3986);
// --- CREAR BASE STRING PARA FIRMA ---
$method = 'POST';
$base_string = rawurlencode($method) . '&' . rawurlencode('https%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api') . '&' . rawurlencode($param_string);
// --- CLAVE DE FIRMA ---
$signing_key = rawurlencode(CONSUMER_SECRET) .'&';
// --- GENERAR OAUTH_SIGNATURE ---
$oauth_signature = base64_encode(hash_hmac('sha1', $base_string, $signing_key, true));
//echo $oauth_signature;
// --- AGREGAR LA FIRMA A LOS PARÁMETROS ---
$oauth_params['oauth_signature'] = $oauth_signature;
//Ordenamos por orden alfabético:
ksort($oauth_params);
// --- CONSTRUIR HEADER AUTHORIZATION (opcional) ---
$auth_header = 'Authorization: OAuth ';
$header_parts = [];
foreach ($oauth_params as $k => $v) {
$header_parts[] = $k . '="' . rawurlencode($v) . '"';
}
$auth_header .= implode(', ', $header_parts);
echo $auth_header;
// --- BODY POST CON EL RESTO DE PARÁMETROS ---
$post_body = http_build_query($oauth_params, '', '&', PHP_QUERY_RFC3986);
//echo $auth_header;
// --- CURL ---
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => $post_body, // NECESARIO
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded',
$auth_header
),
]);
seba...@fatsecret.com
Dec 7, 2025, 9:43:20 PM (4 days ago) Dec 7
to fatsecret Platform API
Hi there,
Please note: Access to food.get.v5 requires Premier or Premier Free access.
$signing_key = rawurlencode(CONSUMER_SECRET) . '&';
$oauth_signature = base64_encode(hash_hmac('sha1', $base_string, $signing_key, true));
$auth_header = 'Authorization: OAuth ';
$header_parts = [];
}
$auth_header .= implode(', ', $header_parts);
Thanks for reaching out and sharing your implementation.
The issue you're facing likely relates to the OAuth 1.0 signature base string construction and parameter encoding. Here are a few key adjustments to ensure proper signing:
-
Use the exact URL https://platform.fatsecret.com/rest/server.api in your signature base string, without double encoding.
-
Exclude oauth_signature from the parameters when generating the signature.
-
Only include OAuth-related keys (those beginning with oauth_) in the Authorization header.
-
All other request parameters like food_id, method, and format should be sent in the POST body.
Please note: Access to food.get.v5 requires Premier or Premier Free access.
<?php
// --- SET YOUR CONSUMER CREDENTIALS ---
define('CONSUMER_KEY', 'your_consumer_key');
define('CONSUMER_SECRET', 'your_consumer_secret');
// --- ENDPOINT & REQUEST-SPECIFIC PARAMETERS ---
$api_url = 'https://platform.fatsecret.com/rest/server.api';
$method = 'food.get';
$food_id = '33691'; // Example food ID
$format = 'json';
// --- OAUTH PARAMETERS ---
$oauth_params = [
'oauth_consumer_key' => CONSUMER_KEY,
'oauth_nonce' => bin2hex(random_bytes(16)),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_version' => '1.0'
];
// --- API PARAMETERS ---
$api_params = [
'method' => $method,
'food_id' => $food_id,
'format' => $format
];
// --- COMBINE ALL PARAMETERS FOR SIGNATURE ---
$all_params = array_merge($oauth_params, $api_params);
ksort($all_params); // Sort alphabetically
// --- CREATE PARAMETER STRING ---
$encoded_params = [];
foreach ($all_params as $key => $value) {
$encoded_params[] = rawurlencode($key) . '=' . rawurlencode($value);
}
$param_string = implode('&', $encoded_params);
// --- CREATE SIGNATURE BASE STRING ---
$base_string = 'POST&' . rawurlencode($api_url) . '&' . rawurlencode($param_string);
// --- CREATE SIGNING KEY ---
// --- SET YOUR CONSUMER CREDENTIALS ---
define('CONSUMER_KEY', 'your_consumer_key');
define('CONSUMER_SECRET', 'your_consumer_secret');
// --- ENDPOINT & REQUEST-SPECIFIC PARAMETERS ---
$api_url = 'https://platform.fatsecret.com/rest/server.api';
$method = 'food.get';
$food_id = '33691'; // Example food ID
$format = 'json';
// --- OAUTH PARAMETERS ---
$oauth_params = [
'oauth_consumer_key' => CONSUMER_KEY,
'oauth_nonce' => bin2hex(random_bytes(16)),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_version' => '1.0'
];
// --- API PARAMETERS ---
$api_params = [
'method' => $method,
'food_id' => $food_id,
'format' => $format
];
// --- COMBINE ALL PARAMETERS FOR SIGNATURE ---
$all_params = array_merge($oauth_params, $api_params);
ksort($all_params); // Sort alphabetically
// --- CREATE PARAMETER STRING ---
$encoded_params = [];
foreach ($all_params as $key => $value) {
$encoded_params[] = rawurlencode($key) . '=' . rawurlencode($value);
}
$param_string = implode('&', $encoded_params);
// --- CREATE SIGNATURE BASE STRING ---
$base_string = 'POST&' . rawurlencode($api_url) . '&' . rawurlencode($param_string);
// --- CREATE SIGNING KEY ---
$signing_key = rawurlencode(CONSUMER_SECRET) . '&';
// --- GENERATE SIGNATURE ---
$oauth_signature = base64_encode(hash_hmac('sha1', $base_string, $signing_key, true));
// --- ADD SIGNATURE TO OAUTH PARAMS ---
$oauth_params['oauth_signature'] = $oauth_signature;
// --- BUILD AUTHORIZATION HEADER (OAUTH PARAMS ONLY) ---
$oauth_params['oauth_signature'] = $oauth_signature;
// --- BUILD AUTHORIZATION HEADER (OAUTH PARAMS ONLY) ---
$auth_header = 'Authorization: OAuth ';
$header_parts = [];
foreach ($oauth_params as $key => $value) {
$header_parts[] = rawurlencode($key) . '="' . rawurlencode($value) . '"';
$header_parts[] = rawurlencode($key) . '="' . rawurlencode($value) . '"';
}
$auth_header .= implode(', ', $header_parts);
// --- PREPARE POST BODY WITH API-SPECIFIC PARAMETERS ---
$post_body = http_build_query($api_params, '', '&', PHP_QUERY_RFC3986);
// --- EXECUTE CURL REQUEST ---
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $api_url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $post_body,
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
$auth_header
]
]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($response === false) {
echo 'Curl error: ' . curl_error($ch);
} else {
echo "HTTP Code: $http_code\n";
echo "Response:\n$response";
}
curl_close($ch);
Note:
$post_body = http_build_query($api_params, '', '&', PHP_QUERY_RFC3986);
// --- EXECUTE CURL REQUEST ---
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $api_url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $post_body,
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
$auth_header
]
]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($response === false) {
echo 'Curl error: ' . curl_error($ch);
} else {
echo "HTTP Code: $http_code\n";
echo "Response:\n$response";
}
curl_close($ch);
Note:
Replace 'your_consumer_key' and 'your_consumer_secret' with your actual fatsecret Platform API credentials.
-
You can change food_id dynamically based on user input.
Reply all
Reply to author
Forward
0 new messages