01-19-2016 00:56 - edited 01-19-2016 00:58
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-19-2016 00:56 - edited 01-19-2016 00:58
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Fitbit api returns 403(forbidden) for profile call. The all scopes are requested when I call the authorize(https://www.fitbit.com/oauth2/authorize) call.
Below request returns 403.
https://api.fitbit.com/1/user/-/profile.json?access_token=XXXXX
Belows are returned JSON.
{"errors":[{"errorType":"insufficient_scope","message":"This application does not have permission to access profile data. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
[Request Header]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Authorization: Basic XXXXX
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: __cfduid=XXXXX
[Response Header]
version: HTTP/1.1
status: 403 Forbidden
server: cloudflare-nginx
date: Tue, 19 Jan 2016 08:42:42 GMT
content-type: application/json;charset=UTF-8
cache-control: no-cache, private
content-language: en
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-ray: 26713f67c8531273-ICN
01-19-2016 01:44
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-19-2016 01:44
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Solved. Authorization must be Bearer {access token};
please refer the Fitbit doc.

03-16-2016 20:42 - edited 03-16-2016 20:51
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

03-16-2016 20:42 - edited 03-16-2016 20:51
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hello. I am trying to integrate an web application with the fitbit server. I have a java client to connect with the fitbit server. This client are using HttpClient from Apache. When i have the token, and i try to get a resource from the fitbit server, the service response is this:
success = false
errors = [{"errorType":"insufficient_scope","message":"This application does not have permission to access profile data. Visit https:\/\/dev.fitbit.com\/docs\/oauth2 for more information on the Fitbit Web API authorization process."}]
This is an segment of code:
HttpClient client = HttpClientBuilder.create().build();
HttpPost post = new HttpPost("https:\/\/api.fitbit.com\/1\/user/###GST\/profile.json");
post.addHeader("Authorization", "Bearer " + "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTgxMDIxMTcsInNjb3BlcyI6IiIsImF1ZCI6IjIyN0dTVCIsImlzcyI6IkZpdGJpdCIsInR5cCI6ImNsaWVudF9hY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTgwOTg1MTd9.I1m2LSxVW064-MD-gGu-BP9rf8Y2TFJDRWWLQjcfb30TOKEN RECUPERADO: eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTgxMDIxMTcsInNjb3BlcyI6IiIsImF1ZCI6IjIyN0dTVCIsImlzcyI6IkZpdGJpdCIsInR5cCI6ImNsaWVudF9hY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTgwOTg1MTd9.I1m2LSxVW064-MD-gGu-BP9rf8Y2TFJDRWWLQjcfb30");
List<BasicNameValuePair> parametersBody = new ArrayList<BasicNameValuePair>();
parametersBody.add(new BasicNameValuePair("scope", "activity nutrition heartrate location profile settings sleep social weight"));
post.setEntity(new UrlEncodedFormEntity(parametersBody, HTTP.UTF_8));
HttpResponse respuesta = client.execute(post);
int statusCode = respuesta.getStatusLine().getStatusCode();
System.out.println("statusCode=" + statusCode);
..
I hav doubt around of the URL format that i used to get the resource.
Is "https:\/\/api.fitbit.com\/1\/user\/###GST\/profile.json an correct format?"
Where i can to find an list of URL formats. I have an fitbit flex and i want to view my information from my own server
Anybody know how to connect to fitbit from java, some recomendation?
Thanks

08-17-2018 08:19 - edited 08-17-2018 08:19
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-17-2018 08:19 - edited 08-17-2018 08:19
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Please @donets could you post your code? I tried
val request = Request.Builder()
.url(url)
.header("Authorization", "Bearer " + accessToken)
.addHeader("Accept-Language", "en_GB")
.build()
val call = client.newCall(request)
and I still get the error 403 invalid scope not authorised for Profile data. Thanks

08-17-2018 09:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-17-2018 09:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi, I found the solution, I was targetting the wrong endpoint. I needed heart rate data from the user and should have been using
val url: String = "https://api.fitbit.com/1/user/-/activities/heart/date/today/1d.json"
but I was using
val url: String = "https://api.fitbit.com/1/user/-/profile.json"

