help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fitbit sending Access Denied response

‎08-11-2015 08:29

‎08-11-2015 08:29

I'm seeing a bunch of junk in the response body that I normally extract a token and secret from (see below).  Saw a bunch of these between 2015-08-11 13:17:34.655 and 2015-08-11 14:23:13.672

 

Anyone else running into this?

 

<!DOCTYPE html>

<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->

<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->

<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->

<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->

<head>

<title>Access denied | www.fitbit.com used CloudFlare to restrict access</title>

<meta charset="UTF-8" />

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />

<meta name="robots" content="noindex, nofollow" />

<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />

<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />

<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->

<style type="text/css">body{margin:0;padding:0}</style>

<!--[if lte IE 9]><script type="text/javascript" src="/cdn-cgi/scripts/jquery.min.js"></script><![endif]-->

<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->

<script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script>

</head>

<body>

  <div id="cf-wrapper">

    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>

    <div id="cf-error-details" class="cf-error-details-wrapper">

      <div class="cf-wrapper cf-header cf-error-overview">

        <h1>

          <span class="cf-error-type" data-translate="error">Error</span>

          <span class="cf-error-code">1010</span>

Best Answer
0 Votes
5 REPLIES 5

‎08-11-2015 09:47

‎08-11-2015 09:47

Could you please provide the API endpoint you were trying to reach?

Best Answer
0 Votes

‎08-11-2015 10:12

In response to SunsetRunner

‎08-11-2015 10:12

I'm now also seeing the original error I posted and this one:

"The owner of this website (www.fitbit.com) has banned your access based on your browser's signature (2145826857780f33-ua21)"

 

 

Best Answer
0 Votes

‎08-11-2015 10:55

In response to petro

‎08-11-2015 10:55

Reiterating what @SunsetRunner said: Could you please provide the API endpoint you were trying to reach?

Best Answer
0 Votes

‎08-11-2015 11:11

In response to JeremiahFitbit

‎08-11-2015 11:11

It seems to be related to hitting the endpoint that normally gave us the OAuth redirect url.  I'm digging to verify that now but that is what looks to be the problem.

Best Answer
0 Votes

‎08-11-2015 11:36

In response to petro

‎08-11-2015 11:36

If you're using OAuth 1.0a, be sure that only user-facing URLs are using www subdomain. Your app should always be communicating with api subdomain.

 

OAuth 1.0a: Temporary Credentials (Request Token) URL:

https://api.fitbit.com/oauth/request_token

 

OAuth 1.0a: Token Credentials (Access Token) URL:

https://api.fitbit.com/oauth/access_token


OAuth 1.0a: Authorize URL:
https://www.fitbit.com/oauth/authorize

Best Answer
0 Votes