Skip to main content

Hello everyone. I'm having an issue with retrieving user data.

I decided to create an API that would fetch data from my friends and push a weekly leaderboard to our Telegram channel, showing who ran the most.

So, let me describe the process of creating the application.

1) I registered the application on Strava and obtained all the necessary data to work with their API.
2) I created an Express application and connected it to the Firebase database.
3) Through a Telegram bot, I asked my friend for permission to access their personal information. I used him to test the application architecture. I sent him the following link: https://www.strava.com/oauth/authorize?client_id=${clientID}&redirect_uri=${redirectURI}&response_type=code&scope=read_all. Please note that the scope field includes the read_all parameter.
4) My friend clicked the link and granted permission to share their information with me. At this stage, I stored all the necessary data, including their ID and token, in the database.

Now, let me explain in detail how I obtained the token.

After my friend clicked the link and granted permission to share their data, I receive the user information, including the authorization code. Then, I exchange this authorization code for a token by sending the authorization code in the request body to the following address: https://www.strava.com/oauth/token. In response, I receive the token and store it in the database along with all the necessary user information.

Now, here comes the problem that I haven't been able to solve.

Using Postman, I want to retrieve the entire list of activities for a specific user. In the documentation (https://developers.strava.com/docs/reference/#api-Activities-getLoggedInAthleteActivities), in the "List Athlete Activities" section (getLoggedInAthleteActivities), it is mentioned to send a request in the following format: HTTP GET "https://www.strava.com/api/v3/athlete/activities?before=&after=&page=&per_page=" "Authorization: Bearer [[token]]".

So, that's what I do. I take the user's token from the database and substitute it in the Bearer section. However, I receive the following response:

{"message":"Authorization Error","errors":[{"resource":"AccessToken","field":"activity:read_permission","code":"missing"}]}

This problem confuses me because the error code suggests that the request is correct, but the message indicates that I don't have sufficient permissions. It's puzzling to me because the link users click on includes the scope=read_all parameter.

Perhaps I'm missing something, and I would greatly appreciate any help in resolving this issue.

The permission you need is "activity:read_all" - https://developers.strava.com/docs/authentication/#detailsaboutrequestingaccess

read_all (without activity:) is

read private routes, private segments, and private events for the user


Thank you so much!
I feel embarrassed now. It was a silly mistake.
I corrected the request parameter, and everything is working now.


Reply