Problem with access token in Strava API v3 GET all athlete activities

问题

I am having trouble accessing all athlete activities (my own) from the url in Strava's api documentation.

I am able to get my own year-to-date stats:

https://www.strava.com/api/v3/athletes/XXXXXXXX/stats?access_token=ACCESSTOKEN

I am able to get my profile information:

https://www.strava.com/api/v3/athlete?access_token=ACCESSTOKEN

But when I try to get all my activities:

https://www.strava.com/api/v3/athlete/activities?access_token=ACCESSTOKEN

I receive the following error:

{
    "message": "Authorization Error",
    "errors": [
        {
            "resource": "AccessToken",
             "field": "activity:read_permission",
             "code": "missing"
        }
    ]
}

Do I need to include my client ID or secret key somewhere in the url? I am logged in and so do not understand why I cannot access my own information. Please advise🙏

回答1:

On October 15, 2018 Strava enhanched the authorization process introducing new list of scopes.

Are you using the access token you find on https://www.strava.com/settings/api?

This token has scope:read that maybe is not enough to do what you want (i.e. are your activities public or private?).

If you need a new token with different scopes you have to follow these steps.

STEP 1: redirect the user to Strava's authorization page:

https://www.strava.com/oauth/authorize?
    client_id=YOUR_CLIENT_ID&
    redirect_uri=YOUR_CALLBACK_DOMAIN&
    response_type=code&
    scope=YOUR_SCOPE

STEP 2: read code parameter from response:

http://YOUR_CALLBACK_DOMAIN/?
    state=&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    scope=YOUR_SCOPE

STEP 3: ask for a new access token using a POST containing the authorization code; you'll find the new access_token in the JSON response.

https://www.strava.com/oauth/token?
    client_id=YOUR_CLIENT_ID&
    client_secret=YOUR_CLIENT_SECRET&
    code=AUTHORIZATION_CODE_FROM_STRAVA&
    grant_type=authorization_code

You can find client ID, client secret and callback domain in your application page.

You can find the list of new scopes in this documentation.

If you are the only person that use your application you can manually do the first 2 steps using a browser and http://localhost as callback domain.

回答2:

I don't have enough points to comment, but I have done exactly this recently!

In order to make it work you have to set scope=activity:read (instead of 'scope=read') in Step 1.

来源：https://stackoverflow.com/questions/52880434/problem-with-access-token-in-strava-api-v3-get-all-athlete-activities