Creates a new session for FatSecret JavaScript API users and returns the script session key for a nominated user. Either the user_id or the oauth_token can be used to nominate the user.

A session is used to log in a user. The script session key is added as a fatsecret_session_key query parameter in the URL or written as a fatsecret_session_key cookie in the user's browser to begin using the session (depending on the cookie parameter).



Name Type Description
oauth_consumer_key String Your API key when you registered as a developer
oauth_signature_method String The method used to generate the signature (only HMAC-SHA1 is supported)
oauth_timestamp Int The date and time, expressed in the number of seconds since January 1, 1970 00:00:00 GMT. The timestamp value must be a positive integer and must be equal or greater than the timestamp used in previous requests
oauth_nonce String A randomly generated string for a request that can be combined with the timestamp to produce a unique value
oauth_version String MUST be "1.0"
oauth_signature String The signature, a consistent reproducible concatenation of the request elements into a single string. The string is used as an input in hashing or signing algorithms.
method String MUST be "profile.request_script_session_key"
oauth_token String The key of the profile to use. You must specify either oauth_token or user_id.
user_id String The (optional) user_ID specified in profile.create. You must specify either oauth_token or user_id.


Name Type Description
format String The desired response format. Valid reponse formats are "xml" or "json" (default value is "xml").
expires Int The number of minutes before a session is expired after it is first started (default value is 30). Set this to 0 to never expire the session.
consume_within Int The number of minutes to start using a session after it is first issued (default value is 1). This number cannot be less than 1 and greater than 60.
permitted_referrer_regex String A domain restriction for the session. E.G. if this is set to then the session will only work on this domain.
cookie Boolean The desired session_key format (default value is "false"). If "false" then the session_key needs to be appended to the URL as a fatsecret_session_key query parameter. If "true" then the session_key needs to be written as a fatsecret_session_key cookie.


The profile element returned contains the session key to be used in the FatSecret JavaScript API to log in a user.

This is appended to the URL as a fatsecret_session_key query parameter if cookie is "false" or written to a fatsecret_session_key cookie if the cookie is true.

Example Return XML

<?xml version="1.0" encoding="utf-8" ?>
<profile xmlns="" xmlns:xsi="" xsi:schemaLocation="">

Example Return JSON

{ "profile": {"session_key": "022c4e44ec6e48e8a23e59739eaa71f9" }}

Error Code

Code Description
2 Missing required oauth parameter: "<detail>"
3 Unsupported oauth parameter: "<detail>"
4 Invalid signature method: "<detail>"
5 Invalid consumer key: "<detail>"
6 Invalid/expired timestamp: "<detail>"
7 Invalid/used nonce: "<detail>"
8 Invalid signature: "<detail>"
9 Invalid access token: "<detail>"
101 Missing required parameter: "<detail>"
106 Invalid ID: "<detail>"
107 Value out of range: "<detail>"
FatSecret Sites
For Developers

For Professionals

For Everyone

FatSecret Platform API


About FatSecret

© 2022 FatSecret. All rights reserved.