help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

401 Unauthorized error for OPTIONS preflight requests (April 2025)

‎04-18-2025 16:25 - edited ‎04-19-2025 12:28

‎04-18-2025 16:25 - edited ‎04-19-2025 12:28

My users are reporting errors that just started happening today (April 18) where requests to activities and timeseries APIs like https://api.fitbit.com/1/user/-/activities/date/<date>.json are getting a 401 Unauthorized response (no error message or error details) to the CORS OPTIONS requests. Some other APIs like goals and profile are working.

This breaks functionality for our users since we make requests from the browser rather than a backend server.

Best Answer
Labels:
6 REPLIES 6

‎04-21-2025 11:55

‎04-21-2025 11:55

Hi @jl__ 

I don't see any 401 errors from your application.   Let me reach out to you directly through issue tracker to get some additional information from you.

Best Answer

‎05-02-2025 10:25

In response to GordonFitbit

‎05-02-2025 10:25

We're seeing the same issue in our application. Any activity endpoint calls (e.g. https://api.fitbit.com/1/user/-/activities/steps/date/<date>/<date>.json ) are getting rejected with a 401 Unauthorized in the OPTIONS preflight request. I'm not sure how long it has been happening, but it was reported to us yesterday. Was there any progress made on figuring out the issue when you reached out directly to the OP? We are also making requests in the browser and not from a backend server.

Best Answer

‎05-07-2025 18:45 - edited ‎05-07-2025 19:00

‎05-07-2025 18:45 - edited ‎05-07-2025 19:00

I'm also seeing the same issue in our application. Any resolution so far?

In my case we're hitting the `https://api.fitbit.com/1.2/user/-/sleep/list.json` endpoint. We're getting 401 Unauthorized from the OPTIONS pre-flight request. This was previously working (last tested perhaps 1-2 weeks ago) – no changes made to our codebase.

We are also making requests in the browser and not from a backend server, testing in Chrome.

As a note, the introspect endpoint `https://api.fitbit.com/1.1/oauth2/introspect` responds with 200 OK prior.

PressPlay_0-1746669446130.png

And the call works from Postman (where no pre-flight request is sent).

Best Answer
0 Votes

‎05-18-2025 16:51

In response to PressPlay

‎05-18-2025 16:51

Hi, I'm still having this issue. Any help would be appreciated. This is breaking our app for customers.

Best Answer
0 Votes

‎05-19-2025 03:51

In response to PressPlay

‎05-19-2025 03:51

Try https://api.fitbit.com/1/user/-/sleep/list.json .
This worked for me.

Best Answer
0 Votes

‎05-20-2025 18:20

In response to carrotflakes

‎05-20-2025 18:20

Hi @carrotflakes this does work, thanks for the temporary workaround.

I can use this for now however, functionality is still broken because the data from this version of the API has a few differences, namely:

  • Data structure and naming differences.
  • No isMainSleep field.
  • Granular data doesn't show light, REM, and deep sleep.

@GordonFitbit any chance the original issue with the unauthorized preflight be looked into?

Best Answer
0 Votes