help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

403 Forbidden for Profile ( insufficient scope )

‎01-19-2016 00:56 - edited ‎01-19-2016 00:58

‎01-19-2016 00:56 - edited ‎01-19-2016 00:58

Fitbit api returns 403(forbidden) for profile call. The all scopes are requested when I call the authorize(https://www.fitbit.com/oauth2/authorize) call.

 

Below request returns 403.

https://api.fitbit.com/1/user/-/profile.json?access_token=XXXXX

 

Belows are returned JSON.

{"errors":[{"errorType":"insufficient_scope","message":"This application does not have permission to access profile data. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

[Request Header]

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36

Authorization: Basic XXXXX

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4

Cookie: __cfduid=XXXXX

 

[Response Header]

version: HTTP/1.1

status: 403 Forbidden

server: cloudflare-nginx

date: Tue, 19 Jan 2016 08:42:42 GMT

content-type: application/json;charset=UTF-8

cache-control: no-cache, private

content-language: en

content-encoding: gzip

vary: Accept-Encoding

x-frame-options: SAMEORIGIN

cf-ray: 26713f67c8531273-ICN

 

Best Answer
Labels:
0 Votes
4 REPLIES 4

‎01-19-2016 01:44

‎01-19-2016 01:44

Solved. Authorization must be Bearer {access token};

 

please refer the Fitbit doc.

 

 

Best Answer
0 Votes

‎03-16-2016 20:42 - edited ‎03-16-2016 20:51

‎03-16-2016 20:42 - edited ‎03-16-2016 20:51

Hello. I am trying to integrate an web application with the fitbit server. I have a java client to connect with the fitbit server. This client are using  HttpClient from Apache. When i have the token, and i try to get a resource from the fitbit server, the service response is this:

 

 success = false
  errors = [{"errorType":"insufficient_scope","message":"This application does not have permission to access profile data. Visit https:\/\/dev.fitbit.com\/docs\/oauth2 for more information on the Fitbit Web API authorization process."}]

 

This is an segment of code:

    HttpClient client = HttpClientBuilder.create().build();
    HttpPost post = new HttpPost("https:\/\/api.fitbit.com\/1\/user/###GST\/profile.json");
    post.addHeader("Authorization", "Bearer " + "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTgxMDIxMTcsInNjb3BlcyI6IiIsImF1ZCI6IjIyN0dTVCIsImlzcyI6IkZpdGJpdCIsInR5cCI6ImNsaWVudF9hY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTgwOTg1MTd9.I1m2LSxVW064-MD-gGu-BP9rf8Y2TFJDRWWLQjcfb30TOKEN RECUPERADO: eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTgxMDIxMTcsInNjb3BlcyI6IiIsImF1ZCI6IjIyN0dTVCIsImlzcyI6IkZpdGJpdCIsInR5cCI6ImNsaWVudF9hY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTgwOTg1MTd9.I1m2LSxVW064-MD-gGu-BP9rf8Y2TFJDRWWLQjcfb30");
    List<BasicNameValuePair> parametersBody = new ArrayList<BasicNameValuePair>();
    parametersBody.add(new BasicNameValuePair("scope", "activity nutrition heartrate location profile settings sleep social weight"));
    post.setEntity(new UrlEncodedFormEntity(parametersBody, HTTP.UTF_8));
    HttpResponse respuesta = client.execute(post);
    int statusCode = respuesta.getStatusLine().getStatusCode();
    System.out.println("statusCode=" + statusCode);
    ..
I hav doubt around of the URL format that i used to get the resource.
Is "https:\/\/api.fitbit.com\/1\/user\/###GST\/profile.json an correct format?"
Where i can to find an list of URL formats. I have an fitbit flex and i want to view my information from my own server

Anybody know how to connect to fitbit from java, some recomendation?
Thanks   

Best Answer
0 Votes

‎08-17-2018 08:19 - edited ‎08-17-2018 08:19

In response to donets

‎08-17-2018 08:19 - edited ‎08-17-2018 08:19

Please @donets could you post your code? I tried 

val request = Request.Builder()
        .url(url)
        .header("Authorization", "Bearer " + accessToken)
        .addHeader("Accept-Language", "en_GB")
        .build()

val call = client.newCall(request)

 and I still get the error 403 invalid scope not authorised for Profile data. Thanks

Best Answer
0 Votes

‎08-17-2018 09:07

In response to Brainuso

‎08-17-2018 09:07

Hi, I found the solution, I was targetting the wrong endpoint. I needed heart rate data from the user and should have been using 

val url: String = "https://api.fitbit.com/1/user/-/activities/heart/date/today/1d.json"

but I was using 

val url: String = "https://api.fitbit.com/1/user/-/profile.json"

 

Best Answer
0 Votes