Search code examples
javaandroidweb-servicesoauthsignpost

Yelp v2 API from Android using SignPost oauth libs says Signature Invalid

Trying to call from an android client, using the signpost oauth libs. I generated new APIv2 keys, but didn't seem to make a difference. The error I'm getting looks like:

{"error":{"text":"Signature was 
invalid","id":"INVALID_SIGNATURE","description":"Invalid signature. 
Expected signature base string: GET&http%3A%2F%2Fapi.yelp.com 
%2Fv2%2Fsearch&category_filter%3Drestaurants%2520food%26limit%3D10%26ll 
%3D37.422005%252C-122.084095%26oauth_consumer_key 
%3DPbSjw9p08To_XXXXXXXXZg%26oauth_nonce 
%3D-81097XXXXXXXX560239%26oauth_signature_method%3DHMAC- 
SHA1%26oauth_timestamp%3D129XXXX091%26oauth_token 
%3DARfbDXXXXXXXXlBHARTgygLkcMw9h8eW%26oauth_version%3D1.0%26offset 
%3D0%26radius_filter%3D300%26sort%3D0"}}

I double checked, and all my token and secret values exactly match what's in the manage API screen. Code currently looks like this: 

if (location != null) { 
        String lat = Double.toString(location.getLatitude()); 
        String lng = Double.toString(location.getLongitude()); 
        String category = "restaurants+food"; 
        String radius = "300"; 
        String limit = "10"; 
        String offset = "0"; 
        String sort = "0"; 
        try { 
                String query = String.format("http://api.yelp.com/v2/search?ll=%s, 
%s&category_filter=%s&radius_filter=%s&limit=%s&offset=%s&sort=%s", 
                                URLEncoder.encode(lat, ENCODING_SCHEME), 
                                URLEncoder.encode(lng, ENCODING_SCHEME), 
                                category, 
                                URLEncoder.encode(radius, ENCODING_SCHEME), 
                                URLEncoder.encode(limit, ENCODING_SCHEME), 
                                URLEncoder.encode(offset, ENCODING_SCHEME), 
                                URLEncoder.encode(sort, ENCODING_SCHEME)); 
                OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, 
CONSUMER_SECRET); 
                consumer.setTokenWithSecret(TOKEN, TOKEN_SECRET); 
                consumer.setMessageSigner(new HmacSha1MessageSigner()); 
                consumer.setSendEmptyTokens(true); 
                consumer.setSigningStrategy(new QueryStringSigningStrategy()); 
                String signedQuery = consumer.sign(query); 
                Log.i(getClass().getName(), signedQuery); 
                HttpGet request = new HttpGet(signedQuery); 
                HttpClient httpClient = new DefaultHttpClient(); 
                HttpResponse response = (HttpResponse) httpClient.execute(request); 
                HttpEntity entity = response.getEntity(); 
                String jsonResult = EntityUtils.toString(entity); 
                Log.i(getClass().getName(), jsonResult);
Solution

  • Just found the issue. You should add the MessageSigner BEFORE setting the TokenSecret, otherwise it's null and everything gets signed badly