Friday, July 15, 2011

Ruby, oAuth and BodyMedia

I am very pleased to bring to you today the very first Human System Debugging guest post!  

Miriam works with me at the CREATE Lab at CMU and is, among many other things, the guru I call on when I'm in over my head trying to do things in Ruby on Rails.  I am honored that she joined me in figuring out how to take this next big step in developing our ability to access data from self-quantification devices, and am very pleased that she chose to share this experience with the Human System Debugging community.

  -- Anne, Human System Debugger

Recently, Anne and I spent some time figuring out how to connect to BodyMedia's FIT Data API using the ruby-oauth gem. We ran into some confusing snafu's, so I figured I'd blog about it for posterity, in case someone out there runs into similar problems.

Here is BodyMedia's super-duper straightforward and uncomplicated explanatory diagram:

I'm going to walk you through how we navigated this graph.

Step 1

First you must sign up with BodyMedia and apply for a Consumer Key and Consumer Secret. Information on doing that can be found here.

Step 2

You can now use your key/secret pair to generate a Request Token:

Step 3

Now we must get the user's authorization. Using our API_KEY and API_SECRET, we can construct the following URL:

Following this link, we get to a page that looks like this:

Anne signed in with her BodyMedia credentials and we got redirected to localhost.

Step 4

Now we can exchange our Request Token for an Access Token, which we will use to make requests (yeah, that confused me)

Step 5

Finally, we can use the Access Token to make requests, like so:

Two important things to note here:
  1. You have to pass a full URI to make your request and that the domain is different than the one you used to get your tokens
  2. You must pass your API_Key in the GET, even though it is also being sent by the oauth gem in the header

These two points had us stuck for a while!

So there you have it. Hope someone out there can avoid a headache..


  1. Great post, nice diagrams and explainations!

  2. I tried this, but when I call get_request_token it returns a request_token with a nil token and secret. I was sure to replace "API_KEY" and "API_SECRET" with my BodyMedia key and shared secret respectively. Any ideas what I might be doing wrong?

    1. Never mind, it started working magically today. Thanks for posting this!

  3. This comment has been removed by a blog administrator.