0

So, I have my web app connected with Foursquare API up and running. It has it's own secret keys and everything. It listens to the incoming push notifications and trying to react on connected users's checkins. So far so good, however, when I'm trying to post something back on user's checkin via one of these:

I got 403 Forbidden error. I know, that I'm messed up something with OAuth tokens but I'm really stuck here and feel a bit puzzled. I try to summarize what's the current status and what I've tried so far:

  1. I Have the App's: clientId, clientSecret, pushSecret
  2. I also connected the Foursquare Account on which the app is creared into my web App, so I get the accessToken, let's name it: appAccessToken
  3. Users are getting registered to my web app, so I get userAccessToken for one of each.

And here we go:

  1. Trying to reply for a user's checkin fails when I'm using appAccessToken. From what I understand, it's like replying on behalf on my App's account, and since that account isn't on the user's "friend list", I get 403.
  2. On the other hand, I'm able to post reply when I use userAccessToken but then, It looks like the user is commenting itself on their own checkins which dosn't have much sense.
  3. I was even so desperate that tried to use clientSecret but no avail...

Can anyone point me out what am I doing wrong here? From what I understand from the Documentation it is, in fact, possible to reply as an App... The only question is, how? :-)

ADi3ek
  • 645
  • 6
  • 18

1 Answers1

0

There's ostensibly no difference between the two "types" of access token you describe: appAccessToken and userAccessToken are really two instances of the same thing (a user's access token), one just happens to be associated with the user account that created the app.

For each check-in you are pushed, you should use that user's access token when making a call to checkins/reply. This will reply to the check-in in the style of our Apps Platform. I think in your second comment, you're using the user's access token to add a post to the check-in, which will make it look like the user is commenting on their own check-in.

octopi
  • 2,004
  • 1
  • 12
  • 16
  • That's correct. When I use **user's that just checked in** access token it works indeed. So let me clarify on what do you mean exactly here by saying: "reply in the style of our Apps Platform". Is it then absolutely desirable behaviour that reply is visible as made by the user itself, only with the small note that it has been done "via app" on the bottom? There's no way, that user which has that created app asociated with is actually making a comments/posts on connected user's checkins? Not a big deal, I guess, just want to be sure that I'm not trying to achieve something that's not possible:) – ADi3ek Apr 25 '13 at 21:38
  • Our "Apps Platform" essentially allows apps to reply to a check-in by sending them a little message after they checked in. This is private and only seen by the user that checked in. There's no way for "apps" to publicly comment on check-ins, and users can only comment on check-ins of those they're friends with. Hope this clarifies some things! – octopi Apr 26 '13 at 00:25