help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Grabbing steps via PHP script, dropping into mysql (oauth 1 to oauth 2)

‎07-30-2016 23:19 - edited ‎07-31-2016 01:04

‎07-30-2016 23:19 - edited ‎07-31-2016 01:04

All,

 

So, the time has come to finally update my Oauth1 script, but I'm a bit confused by something. 

 

All I do is daily, I have a script run on my webserver that grabs my step count from the previous day, then adds that to a mysql database. Fine, right? Only, I'm confused why I even NEED to use oauth for this since I've set my step data to "Anyone" in Privacy. So I would think an un-authed api call should be able to retreive this... and maybe It can, I'm just using the wrong URL.

 

I hate that I have to update my script from oauth1 when all I'm doing is reading data. I could see disabling stuff like sets, deletes with oauth1 since it's not overly secure... but reads? Who cares?!

 

Anyway, any help would be greatly appriciated. I'm also a bit concerned about the language in one of the documents saying the authorization code can't be embedded... it's a script! It never checks anything but my own step count. BTW, I'm using PHP, and I wrote about my whole process here: http://www.staze.org/retrieving-steps-data-fitbit-api/

 

Thanks for any help! 

Best Answer
Labels:
5 REPLIES 5

‎08-02-2016 15:42

‎08-02-2016 15:42

All API requests require a user access token, even if you set your data privacy settings to "anyone". This is an important security requirement.

 

You need to:

  1. Obtain a user access token. This is done by completing an OAuth 2.0 authorization flow. I suggest the Authorization Code Grant Flow since you have a server-side script.
  2. Use that access token to access data. You can use any HTTP request library. To make a request using an OAuth 2.0 access token, add an Authorization header with a value of "Bearer yourAccessTokenHere". See Making Requests.
  3. When the access token expires, you can refresh it to get a new one. See Refreshing Tokens.

 

staze wrote:

 

I'm also a bit concerned about the language in one of the documents saying the authorization code can't be embedded... it's a script!

If you're creating a PHP server application access via your Web browser, this requirement doesn't apply to you. The requirement to not embed the Fitbit OAuth 2.0 authorization flow is for native applications that might use an embedded browser.

Best Answer
0 Votes

‎08-02-2016 16:00

In response to JeremiahFitbit

‎08-02-2016 16:00

Gotcha. I'll give these a shot and post back. 

 

Only other question would be, do I really need to refresh or just grab a new access token since it's only once a day? 

 

Thanks! 

Best Answer
0 Votes

‎08-02-2016 16:45

In response to staze

‎08-02-2016 16:45

Once you've authorized your app, your app should refresh the access token instead of going through the OAuth 2.0 authorization flow again.

 

The access token lasts 8 hours, but you can refresh it anytime after it expires (such as the next day).

Best Answer
0 Votes

‎07-15-2017 09:43

In response to staze

‎07-15-2017 09:43

Hello Staze,

Were you able to upgrade your code to OAUTH 2?

 

Best Answer
0 Votes

‎07-17-2017 09:10

In response to Kaantayla

‎07-17-2017 09:10

Hi there,

 

I did not. I gave up for the longest time, then switched to using IFTTT. It pulls from fitbit daily, then does a webservices query to a page I set up that grabs the values and dumps into an SQL database. 

 

Works pretty well. 

Best Answer
0 Votes