10-11-2021 11:45
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

10-11-2021 11:45
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Looking for clarification on these two types of messages, as they have some subtle differences - I may not understand the purpose.
Ref: Notifications of Users Revoking Consent
Ref: Notifications of Deleted Users
Notifications of Users Revoking Consent
This action when done in the Fitbit user settings, revokes tokens and cancels all subscriptions for the user. We are sent one notification message via our subscription endpoint(s).
Example JSON:
{
"collectionType":"userRevokedAccess",
"date":"2021-10-11",
"ownerId":"9MB5F2",
"ownerType":"user",
"subscriptionId":"REV-4f11ed1d5dc94173a60c57a2ab636c90/"
}
Notifications of Deleted Users
This action, when done in the Fitbit user settings (and the user responds to the email) revokes tokens and cancels all subscriptions for the user. We are sent one notification message per subscription via our subscription endpoint(s).
Example JSON:
{
"collectionType":"deleteUser",
"date":"2021-10-11",
"ownerId":"9MBJBN",
"ownerType":"user",
"subscriptionId":"391303303"
}
Questions
If you please, can you confirm the following:
- Both notification types (actions) revoke tokens and cancels all subscriptions for the user.
- We should only get one "userRevokedAccess" notification, but "deleteUser" sends one notification for each subscription for the user.
- Why the difference on this one? Wondering if I should be doing something special for each message on "deleteUser".
- The subscriptionId on the revoke notification is the subscriptionId I provided. Is the subscriptionId on the deleteUser notification the internal Fitbit subscriptionId?
Answered! Go to the Best Answer.
Accepted Solutions
10-15-2021 11:21 - edited 10-15-2021 13:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



10-15-2021 11:21 - edited 10-15-2021 13:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
Hi @Jeff_New_Ocean,
Thanks for the detailed questions, and I'll be happy to clarify.
- Correct, both 'userRevokedAccess' and 'deleteUser' notifications share the same behavior with invalidating all tokens and subscriptions tied to the user. To clarify, you receive a notification for when a user revokes access to your application (userRevokedAccess), and when a Fitbit user deletes their Fitbit account (deleteUser). Sometimes, a user will delete their account before revoking access to your application, and you'd never get the userRevokedAccess notification.
- The team confirmed that you should only be receiving one notification for userRevokedAccess and deleteUser. If this is not the case, could you PM me an example notification for a user which shows otherwise?
- This is a bug and I filed a ticket to address this. Thanks for finding this!
I hope this helps, and thanks for your contribution to the developer community so far!
10-15-2021 11:21 - edited 10-15-2021 13:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



10-15-2021 11:21 - edited 10-15-2021 13:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
Hi @Jeff_New_Ocean,
Thanks for the detailed questions, and I'll be happy to clarify.
- Correct, both 'userRevokedAccess' and 'deleteUser' notifications share the same behavior with invalidating all tokens and subscriptions tied to the user. To clarify, you receive a notification for when a user revokes access to your application (userRevokedAccess), and when a Fitbit user deletes their Fitbit account (deleteUser). Sometimes, a user will delete their account before revoking access to your application, and you'd never get the userRevokedAccess notification.
- The team confirmed that you should only be receiving one notification for userRevokedAccess and deleteUser. If this is not the case, could you PM me an example notification for a user which shows otherwise?
- This is a bug and I filed a ticket to address this. Thanks for finding this!
I hope this helps, and thanks for your contribution to the developer community so far!
10-15-2021
12:39
- last edited on
10-15-2021
13:23
by
JohnFitbit
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

10-15-2021
12:39
- last edited on
10-15-2021
13:23
by
JohnFitbit
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @JohnFitbit
Here's one I just deleted the Fitbit account for:
Client ID: {Redacted}
User EmailAddress: {Redacted}
Fitbit UserId: {Redacted}
Subscriptions: activity nutrition sleep weight
Subscription Notifications Received: (4 separate request to our API)
2021-10-15 19:27 UTC
[
{
"collectionType": "deleteUser",
"date": "2021-10-15",
"ownerId": "{Redacted}",
"ownerType": "user",
"subscriptionId": "391167651"
}
]
[
{
"collectionType": "deleteUser",
"date": "2021-10-15",
"ownerId": "{Redacted}",
"ownerType": "user",
"subscriptionId": "391166627"
}
]
[
{
"collectionType": "deleteUser",
"date": "2021-10-15",
"ownerId": "{Redacted}",
"ownerType": "user",
"subscriptionId": "391169889"
}
]
[
{
"collectionType": "deleteUser",
"date": "2021-10-15",
"ownerId": "{Redacted}",
"ownerType": "user",
"subscriptionId": "391163355"
}
]

10-15-2021 13:26 - edited 10-15-2021 14:03
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



10-15-2021 13:26 - edited 10-15-2021 14:03
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@Jeff_New_Ocean Thanks for sharing an example. I've edited your post to redact the user data as this is considered sensitive data. In the meantime, I'll take a look at the example with the team and see why this is occurring. I'll let you know what I find out after I get more information.
Update: The team confirmed that both 'deleteUser' and 'revokeUserAccess' notifications should send multiple notifications for each active subscription that user had. If you are only seeing one notification sent for 'revokeUserAccess', it's likely that user was not subscribed to all of your subscriptions. Could you test this by authorizing a test account to your application, then ensure that account is subscribed to all of your application's subscriptions, and then revoke afterwards to see if you receive a notification for each subscription tied to that test account?

07-11-2022 01:34
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

07-11-2022 01:34
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi John,
You mentioned that deleteUser notifications being sent with an internal Fitbit subscriptionId is a bug and that you filed a ticket to address it.
Is there any news on this matter? can that ticket be followed some how?
Thanks

