0

I am trying to connect Garmin with my app. I have authToken and verifier but when I call https://connectapi.garmin.com/oauth-service/oauth/access_token API I get "invalid nonce and timestamp response. This is code below to make my signature header

        var parameter = OAuthSwift.Parameters()
        parameter = ["oauth_verifier": "HGJNBBHJ", "oauth_token": "d9209df0-044e-4872-817e-51caa0b38edb"]

        let oauthswift = OAuth1Swift(
            consumerKey:    "********",
            consumerSecret: "********"
        )

this is the code to make header

let head = oauthswift.client.credential.makeHeaders(URL(string: "https://connectapi.garmin.com/oauth-service/oauth/access_token")!, method: .POST, parameters: parameter)

this is the header I got.

["Authorization": "OAuth oauth_consumer_key=\"********\", oauth_nonce=\"01C7E0DF\", oauth_signature=\"uAZhDpkU3REnm%2Fs%2BEbEK9KPT3wM%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1585117527\", oauth_token=\"d9209df0-044e-4872-817e-51caa0b38edb\", oauth_verifier=\"NvyJlPDlzY\", oauth_version=\"1.0\""]

but when I call https://connectapi.garmin.com/oauth-service/oauth/access_token I get invalid nonce and timestamp error in response.

anyone who can help me out?

Awais Shahid
  • 1
  • 1

2 Answers2

0

@Awais Shahid you need to update oauth_nonce & oauth_timestamp for each api call. So if it is used once and when you try to use same oauth_nonce & oauth_timestamp second time even for same api it will throw this error.

Jay Thakkar
  • 1,392
  • 10
  • 19
0

The signing of the https://connectapi.garmin.com/oauth-service/oauth/access_token request is different from the one of https://connectapi.garmin.com/oauth-service/oauth/request_token.

For the request token request you need to sign the signature base string with : Consumer Secret, including trailing '&' character(ex: asdfpoqw912349234&)

For access token request you need to sign the signature base string with: Consumer Secret and Request Token Secret, separated with '&' character ( ex: 21304-8hfgdiouy84&012384nlsfdao793492). The request token secret is returned but the request token call.

bruno55
  • 21
  • 5