cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

The Hub is now in read-only mode as we make improvements to the Hub experience. More information is available here.

Permissions Error - please help!

samgozinsky
Mt. Kenya

A little bit of a programming noob here, so forgive my ignorance!

I am trying to pull down my strava activities through a get request in python. I have gone ahead and authorized the API etc. with my app. The first time that i set up the authorization, I believe I gave a read only scope (rather than the read_all permissions needed for the type of data that I want). I went ahead re-authorizing, this time careful to include read_all in the URL- but I'm still having issues. 

 payload = {
    'client_id': client_id,
    'client_secret': client_secret,
    'refresh_token': refresh_token,
    'grant_type': "refresh_token",
    'f': 'json'
}


res = requests.post(auth_url, data=payload, verify=False)

print("On a run to get the token...\n")


auth_token_app = res.json()['access_token']

print('Token is:')
print(auth_token_app) 

I'm able to get an access token with the above code, and have tested this out with both the original refresh token I had stored down and the new one, which I believe is specific to the type of read-all permission that I need. I'm able to pull down my high-level stats at this URL:

"https://www.strava.com/api/v3/athletes/#myathletetokenhere/stats"
 
using this request and the token from the above code^
 
header = {'Authorization': 'Bearer ' + auth_token_app} athlete_dataset = requests.get(athlete_url, headers=header).json()
 
However, when I try to grab my recent activities with this snippet below, I get this error:

{'message': 'Authorization Error', 'errors': [{'resource': 'AccessToken', 'field': 'activity:read_permission', 'code': 'missing'}]}

 

header = {'Authorization': 'Bearer ' + auth_token_app}

url = 'https://www.strava.com/api/v3/athlete/activities'
param = {'per_page':200, 'page':1}

athlete_dataset = requests.get(url, headers=header, params=param).json()

Any idea what's going on here? my strava API page shows a token with 'read' permission by the way- but the token I'm getting from the first block of code above doesn't match this one- so I had figured it might be the separate read_all authorized token that I've been looking for

 

1 ACCEPTED SOLUTION

ActivityFix
Superuser
Superuser

The error message says you are missing the "activity:read" permission. From what you've explained it seems like you only granted access to "read" and "read_all" -- see: https://developers.strava.com/docs/authentication/#detailsaboutrequestingaccess for a list of all the permission flags.

With read and read_all you can get public and private profile data which includes the high level athlete stats.

To read activity data, you will need activity:read and possibly activity:read_all depending on whether you only need public or also want private activities.

View solution in original post

6 REPLIES 6

ActivityFix
Superuser
Superuser

The error message says you are missing the "activity:read" permission. From what you've explained it seems like you only granted access to "read" and "read_all" -- see: https://developers.strava.com/docs/authentication/#detailsaboutrequestingaccess for a list of all the permission flags.

With read and read_all you can get public and private profile data which includes the high level athlete stats.

To read activity data, you will need activity:read and possibly activity:read_all depending on whether you only need public or also want private activities.

I have a similar problem that keeps on recurring:

  1. After the initial authorization I can obtain a working access token. This allows me to read activity lists, activities, data streams, ...
  2. When the access token is expired, I can use the refresh token to get a new access token. This works as it should I guess.
  3. When trying to access data with a renewed access token, the permission scopes seem to change and I get the "activity:read_permission" error.

I follow the steps indicated in the guide so its very confusing what is causing this

I'm coming late to this party. I am trying to use a strava-api GitHub repo to grab just my own my activity data (why can't I just download it as CSV from strava.com???), but get a permission denied error. Looking at my settings/api page, I see that I have client id, access token, refresh token and stated limits. The refresh token appears to have a limited scope (just "read"). This thread suggests I also need "read_all". How do I set that?

You can try following the instructions here - https://developers.strava.com/docs/getting-started/#oauth - and update the scopes requested in the initial URL. You'll want the scope "activity:read_all"

If you want a dump of all of your activity data, you can go to https://www.strava.com/account and scroll down to "Download or Delete Your Account" - click the get started button and ONLY do step 2 to request an archive of your data. I don't know what format the data comes in, but I'm sure whatever it is you can find a way to convert between what you get and what you want. It may be easier than trying to get some code you didn't write to work.

Thanks. The oauth instructions with the addition of activity:read_all did the trick.

Thank you so much! I'm pretty sure this was it! I just needed to get the refresh token from the URL again but with including activity:read_all in the URL that i pasted into my browser. Thanks again for the help!