To get a token for Strava API calls requiring OAuth, you'll need to follow these steps:
1. Register Your Application:
- Visit the Strava developer portal: https://developers.strava.com/
- Create a developer account and register your application.
- During registration, you'll receive a Client ID and Client Secret. These are essential for obtaining access tokens.
2. User Authorization:
- Redirect the user to Strava's authorization endpoint using the following URL structure:
https://www.strava.com/oauth/authorize?client_id=[YOUR_CLIENT_ID]&response_type=code&redirect_uri=[YOUR_REDIRECT_URI]&approval_prompt=force&scope=[SCOPES]
Replace the placeholders with your values:
[YOUR_CLIENT_ID]
: Your application's Client ID obtained during registration.[YOUR_REDIRECT_URI]
: The URL in your application where Strava will redirect the user after authorization. This URL needs to be registered in your Strava developer settings.[SCOPES]
: A comma-separated list of permissions your application needs. Refer to the Strava API documentation for available scopes (https://developers.strava.com/docs/reference/). Example:activity:read_all
3. Exchange Authorization Code for Access Token:
- After successful user authorization, Strava will redirect the user back to your
[REDIRECT_URI]
with an authorization code in the URL parameters. - Use this authorization code to obtain an access token by making a POST request to the following endpoint:
https://www.strava.com/oauth/token
Request Body:
grant_type=authorization_code
client_id=[YOUR_CLIENT_ID]
client_secret=[YOUR_CLIENT_SECRET]
code=[AUTHORIZATION_CODE]
redirect_uri=[YOUR_REDIRECT_URI]
- Replace the placeholders again with your values:
[YOUR_CLIENT_ID]
and[YOUR_CLIENT_SECRET]
: Your application credentials.[AUTHORIZATION_CODE]
: The authorization code received in the redirect URL after user authorization.[YOUR_REDIRECT_URI]
: The same redirect URI used in step 2.
4. Handle Response:
- Strava's response will be a JSON object containing the access token, refresh token (optional), and access token expiration time.
- Store the access token securely and use it for authorized Strava API calls.
5. Refresh Token (Optional):
- Access tokens typically have limited expiry times.
- The response might also include a refresh token. You can use this refresh token to obtain a new access token when the current one expires, avoiding the need for user re-authorization.
Additional Resources:
- Strava Authentication Documentation: https://developers.strava.com/docs/authentication/