Jawbone - Get a user's friends basic information from users endpoint

Question

I want to be able to get basic information (same as endpoint /users/@me) from a list of friends that a user have.

I know how to get user's friends list and I have the following result :

{u'data': {u'items': [{u'xid': u'YRGHdmSbTA-ogFiDDnb-Mg'},
                      {u'xid': u'YRGHdmSbTA-1BMiQ65YBrg'},
                      {u'xid': u'YRGHdmSbTA-a4b-G83CeRw'}],
           u'size': 3},
     u'meta': {u'code': 200,
           u'message': u'OK',
           u'time': 1475342269,
           u'user_xid': u'YRGHdmSbTA_U2wilrqpF_Q'}}

So I know that the account with xid-YRGHdmSbTA_U2wilrqpF_Q is having 3 friends with their own xid.

But whenever I am trying to get friend's user information based on their XID I am not authorized to do that :

{
    "data": {},
    "meta": {
        "code": 401,
        "error_detail": "Only the owner of this resource is authorized to make this request.",
        "error_type": "authorization_error",
        "message": "Unauthorized",
        "time": 1475382850,
        "user_xid": "YRGHdmSbTA_U2wilrqpF_Q"
    }
}

It seems like some of the endpoints are ok to query with a friend-xid but some others are not, here's the list that I got (correct me if anything wrong) with the users endpoints I am using :

OK https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/bandevents
OK https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/body_events
OK https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/trends

authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/friends
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/generic_event
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/goal
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/heartrat
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/meal
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/mood
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/move
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/setting
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/sleep
authorization_error https://jawbone.com/nudge/api/v.1.1/users/{friend_xid}/timezone

Questions : Is it mandatory for the friends in question to have allowed my application to query their information (any endpoints)?

Suggestion : If possible that would be great to have at least access to the basic information endpoint to display information of a user's friend even if they have not allowed my app.

Thank you for your feedback.

Answer 1

In order to see the user information for a friend, that friend must also go through the OAuth flow for your app. This is a requirement in that each UP user has to grant your app permission to see certain types of data.

Additionally, the user xid that you pass to an endpoint must match the access token that you have received for an endpoint. If these do not match, then in most cases, you will receive a 401 response.

In instances where you do not receive a 401, you will most likely just receive a response with empty data. If you receive a non-empty response, you should ignore that data as it is not guaranteed to be accurate. In fact, if you have instances where you're getting data for a user you have not put through your OAuth flow, it would be great to review those. Please send details to apisupport@jawbone.com.