help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Create Webhook Subscriber Endpoint Returning 400 Error (Google Health API)

‎04-22-2026 21:33

‎04-22-2026 21:33

I've been trying to use the webhook subscriptions function of the new Google Health API following the documentation and I was testing the create subscriber endpoint to register a new subscriber with the following request body using Postman:

{
    "endpointUri": "<AWS API Gateway URL>",
    "subscriberConfigs": [
        {
            "dataTypes": ["steps"],
            "subscriptionCreatePolicy": "AUTOMATIC"
        }
    ],
    "endpointAuthorization": {
        "authorization_token": "Bearer R4nd0m5tr1ng123 "
    }
}

I tried putting in the actual authorization token in the field as well, but I keep getting the same response:

{
    "error": {
        "code": 400,
        "message": "Invalid JSON payload received. Unknown name \"authorization_token\" at 'subscriber.endpoint_authorization': Cannot find field.",
        "status": "INVALID_ARGUMENT",
        "details": [
            {
                "@type": "type.googleapis.com/google.rpc.BadRequest",
                "fieldViolations": [
                    {
                        "field": "subscriber.endpoint_authorization",
                        "description": "Invalid JSON payload received. Unknown name \"authorization_token\" at 'subscriber.endpoint_authorization': Cannot find field."
                    }
                ]
            }
        ]
    }
}

Would love some pointers on how to solve this!

Best Answer
Labels:
0 Votes
5 REPLIES 5

‎04-24-2026 14:56

‎04-24-2026 14:56

Hi @nsyifa 

Welcome to the community. We will check it and back to you! 

Best Answer
0 Votes

‎04-27-2026 01:34

‎04-27-2026 01:34

I think the "authorization_token" param is suppose to be "secret".

{
    "endpointUri": "<AWS API Gateway URL>",
    "subscriberConfigs": [
        {
            "dataTypes": ["steps"],
            "subscriptionCreatePolicy": "AUTOMATIC"
        }
    ],
    "endpointAuthorization": {
        "secret": "Bearer R4nd0m5tr1ng123 "
    }
}

My body is validated this way, however I get a 403 error after that myself 

Best Answer
0 Votes

‎05-01-2026 15:06

In response to shapelink

‎05-01-2026 15:06

Hi @nsyifa 

Thanks for sharing your question. 

The error you're encountering is because the example you followed was based on a previous beta version of the API. This was changed in our latest release. 

To fix this, you can find the updated technical details in our reference documentation here: EndpointAuthorization Reference. We will go through and update the example and documentation to reflect this change. Please let us know if this helps you resolve the issues!

 

Best Answer
0 Votes

‎05-04-2026 18:21

In response to DorisFitbit

‎05-04-2026 18:21

Hi @shapelink 

Thank you for your patience. 

For clarification, you changed the endpointAuthorization "authorization_token" to "secret".  Are you able to verify your subscriber now?  Can you tell me what you are doing when you get the 403 error?

Best Answer
0 Votes

‎05-04-2026 18:22

In response to GordonFitbit

‎05-04-2026 18:22

Hi @nsyifa 

After changing endpointAuthorization "authorization_token" to "secret", are you able to verify your subscriber?

Best Answer
0 Votes