API error: "Your device's clock is off by more than 12 hours"

Question

API error: "Your device's clock is off by more than 12 hours"

Closed this issue 7 years ago · 4 comments

Hello!

I'm having trouble using the API. Here's what I did:

copy the ruby script as it is in the docs and fill in my consumer key and secret
run it, clicked "Get code"
copy the auth token from the url
curl -XGET "https://secure.splitwise.com/api/v3.0/get_current_user" -H "Authorization: Bearer THE_TOKEN"

This results in:

{"error":"Your device's clock is off by more than 12 hours, and the server has rejected your request. Please correct the time on your device and try again."}

Adding the -v flag tu curl I see the following:

> GET /api/v3.0/get_current_user HTTP/1.1
> Host: secure.splitwise.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: Bearer THE_TOKEN
>
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< Server: nginx
< Date: Sat, 04 Aug 2018 18:01:07 GMT
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000
< Content-Disposition: inline; filename="response.json"
< Cache-Control: no-cache
< X-Request-Id: 9fef17ed-318e-4aa6-b4f2-b21d19e16bf3
< X-Runtime: 0.008373
< Via: 1.1 vegur

Am I doing something wrong?

Answer 1 · 2018-08-07T17:08:50.000Z

Hmmm, this means you're hitting the OAuth 1 paths, which isn't what your request is supposed to do. We'll need to look into this.

Answer 2 · 2018-08-23T05:35:18.000Z

@juanedi Hi Juanedi Am facing the same issue in Salesforce can you tell me incase if you sorted out the issue. It would be helpful. And anyone Who knows the solution please share

Thanks

Answer 3 · 2018-08-23T15:14:35.000Z

Hey y'all! Sorry for the slow response, but we found the issue and we're fixing it now.

Issue 1: The error message that we were returning ("Your device's clock is off...") was incorrect due to a bug in Splitwise's server code. We should have been returning this error message: "Invalid API Request: you are not logged in". We're updating our server so that it returns the correct error message in the future.

Issue 2: Our instructions weren't clear enough about how to find the bearer token correctly. When using our sample code to obtain a Bearer token, you should NOT copy the token from the URL – that token is just an authorization code, and not an actual Bearer token. I've updated the instructions for ruby--oauth2 to print the Bearer token more clearly to the console, and added comments to help guide future developers. You can find the updated code sample here.

Hope that helps! 🙂

Answer 4 · 2018-08-23T15:19:13.000Z

Cool, thanks for the explanation and for improving the docs! :-D