Resolved. May have been spamming it.

did you do anything to resolve? ive been getting the same issue as you and waited over 24 hours to see if my initial spamming resloved. i still get the same error even with the correct client_id and client_secret.

A few questions to help get moving in the right direction:

1. How are you getting your access token? They expire after a few hours so if you are using an old one it may cause that error.
2. How are you issuing requests to the API? Are you using your own code, a library, postman, the swagger playground, or something else?
3. Are you getting the same error response as the original question (invalid access token)?

There isn’t really any spam protection other than the API rate limit. As long as you are under that, your API requests won’t be blocked.

Hey ​@ActivityFix,

I read in detail, the documnet provided in: https://developers.strava.com/docs/getting-started/#oauth

I realized that the refresh token provided in the Strava UI under Settings/My API Application, returns an access_token that has a limited scope so I could not read my activities from the https://www.strava.com/api/v3/activities’ endpoint (altought client_id and client_secret were correct). 

So, I followed the instructions under section D to generate a refresh token that generates an access_token with the correct activity scopes. After following those instructions, everything worked fine!

But to answer your questions:

1. Originally generated through auth endpoint using the client_id, client_secret, and refresh_token provided in the UI. Now, a new refresh token was created based on the docs, to apply the correct scopes. 
2. I was issuing requests primarly with my own code and then the Swagger Playground/Postman for testing
   1. https://github.com/jairus-m/dagster-dlt
3. With the refresh_token based on the proper authentication/scoping, an access_token is created that no longer returns 401 Unauthorized errors