help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to remove user's subscription without their OAuth tokens?

‎01-14-2016 10:08

‎01-14-2016 10:08

So I've found myself in a situation where a user has an active subscription for my application, but I no longer have a record in my database of this user or their OAuth tokens. My application is receiving this user's subscribed notifications from Fitbit, but my application doesn't know what to do with it. I also can't remove this subscription, because I need the user's OAuth tokens to do so.

 

How can I remove this subscription for this single user?

Best Answer
8 REPLIES 8

‎01-14-2016 17:30 - edited ‎01-14-2016 17:31

‎01-14-2016 17:30 - edited ‎01-14-2016 17:31

That is indeed a predicament. Can you ask the person to revoke access to your app in their Fitbit settings at https://www.fitbit.com/user/profile/apps ?

 

If not, contact us privately with your client id and the user id.

Best Answer
0 Votes

‎01-06-2019 19:29

In response to JeremiahFitbit

‎01-06-2019 19:29

I'm in a similar situation, but I have thousands of these users due to years of the application, not removing subscriptions before revoking the users connection to our app. Is this something we should contact you about? 

Best Answer

‎01-07-2019 09:49

In response to JustinCoded

‎01-07-2019 09:49

Hi @JustinCoded

 

Is your application revoking the token or are the Fitbit users revoking access to your application?  Would you please describe the steps taken to reproduce the scenario where you're still receiving notifications for revoked users?   We can try to work with you on addressing this problem.

 

 

 

 

 

 

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎02-07-2019 04:26

In response to Gordon-C

‎02-07-2019 04:26

In our case, I think various issues caused the refresh token to be revoked from your end, or the users are revoking them from the Fitbit Settings Page as far as I can tell. There may be cases as well were we got out of sync with the tokens due to distributed processing before we got our locks functioning 100% either way we have notifications coming in that we cannot resolve, because we no longer have a valid refresh token to resolve them with. 

 

The simplest solution to me is to have an API call that will allow us as a company, with our client id and secret to unsubscribe users from our notification endpoint.

Best Answer

‎02-11-2019 13:43

In response to JustinCoded

‎02-11-2019 13:43

Would you please private message me several of the user ids where you have an invalid refresh token?  I can do some investigation on our side.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎08-12-2019 18:40

In response to Gordon-C

‎08-12-2019 18:40

We have a very similar situation. User accounts may have been removed from our system; however, their Fitbit access may not have been revoked.

So we continue to receive ping notifications on their behalf but no way of discontinuing/revoking them because we no longer have their access or refresh tokens.

For example, just today we have received 253k pings with 71k coming from users not longer in our system.

Any suggestions?  Thanks much!

Best Answer
0 Votes

‎08-13-2019 11:52

In response to caryland

‎08-13-2019 11:52

Hi @caryland 

 

To stop receiving webhook notifications, your application or the Fitbit user would need to revoke access with sharing data.   When user accounts are removed from your system, does your application revoke access to their user's access token or refresh token?

 

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎08-20-2019 15:20

In response to Gordon-C

‎08-20-2019 15:20

We do attempt to revoke access when a user leaves our system, but over the years we've amassed many that fell through the holes.  We'd like to be able to clean these up.

Best Answer