help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Personal APP Intraday- API client is not authorized by Fitbit to access the resource requested

ANSWERED

‎02-13-2023 16:41

‎02-13-2023 16:41

We are using Inspire 3 Fitbits for a clinical study. I have created a Personal App to download the data from Fitbits. When I try to get Active Zone Minutes, Breathing Rate, and SPO2 Intraday data the access is denied with 403 API client not authorized by Fitbit to access the resource requested. I am able to get Activity, Heart Rate, and HRV Intraday data without any issues. 

I was wondering if I am doing something wrong or if it is an API issue as described here.  

 

As an example, I am writing to this topic for AZM: 'https://api.fitbit.com/1/user/-/activities/active-zone-minutes/date/[date]/1d/1min.json'

 

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎03-10-2023 11:53

In response to hamedrd

‎03-10-2023 11:53

@hamedrd Apologies for the delayed response. Did you figure out the issue?

 

If not, I recommend checking to see if you requested the following scopes in your authorization URL:

  • oxygen_saturation
  • respiratory_rate

You'll need to include these scopes into your Authorize URL in order to consent to share the data to your application.

 

You should be seeing AZM data returned with that endpoint if you consented to share activity data to your application. Could you post your cURL request when you fetch AZM data (hide your access token)? I want to see the endpoint you're calling, and the headers you used. Also provide me with the JSON response containing the error code and error message.

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎02-17-2023 00:19

‎02-17-2023 00:19

Hi @hamedrd,

 

Welcome to the forums!

 

Since you mentioned that you're working with 3 devices, the "Personal" application type will not meet your project needs. The "Personal" application type grants immediate access to the intraday data for the owner of the account only. The error you see is expected behavior when you try to fetch data from users other than the owner of the account.

 

You'll need to switch your application type to "Server" or "Client" to access data from more than one user. Additionally, you'll need to submit an Intraday Access Request form in order to obtain intraday access for your application.

 

I hope this helps. Let me know if you have any additional questions.

Best Answer
0 Votes

‎02-17-2023 09:39

In response to JohnFitbit

‎02-17-2023 09:39

Hi @JohnFitbit

Thanks for your response! Currently, I am using only one Fitbit Device and the model is "Inspire 3". I am trying to get the data from only one device and I am the owner of the account that I created the personal app for. So, I don't think your response applies to my issue. I should have access to the owner's intraday data without an Access Request according to the documentation.

As I mentioned, I can get Activity, Heart Rate, and HRV intraday data without any issues. The access is denied only for SPO2, BR, and AZM. I am using the same authorization method for all of these data the only difference would be the URL I am using. 

As an example, I am writing to this topic for AZM: 'https://api.fitbit.com/1/user/-/activities/active-zone-minutes/date/[date]/1d/1min.json' (I have replaced [date] with appropriate date)

I would appreciate it if you can answer based on these clarifications. 

Best Answer
0 Votes

‎03-10-2023 11:53

In response to hamedrd

‎03-10-2023 11:53

@hamedrd Apologies for the delayed response. Did you figure out the issue?

 

If not, I recommend checking to see if you requested the following scopes in your authorization URL:

  • oxygen_saturation
  • respiratory_rate

You'll need to include these scopes into your Authorize URL in order to consent to share the data to your application.

 

You should be seeing AZM data returned with that endpoint if you consented to share activity data to your application. Could you post your cURL request when you fetch AZM data (hide your access token)? I want to see the endpoint you're calling, and the headers you used. Also provide me with the JSON response containing the error code and error message.

Best Answer
0 Votes

‎03-17-2023 14:35

In response to JohnFitbit

‎03-17-2023 14:35

@JohnFitbit  Thanks for your reply! it resolved the BR and SPO2 problems. I am still struggling with the AZM. I am using the python suggested package by Fitbit for the authentication and getting the data. I am able to get all the data except AZM intraday. I am using the same authentication and request methods for getting AZM and other data.

 

Here is my authentication URL:

https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=xxxx&redirect_uri=http%3A%2F%2F...', 'xxx'

 

and this is the URL I use to request AZM intraday ([date] was inserted as yyyy-mm-dd, I am not able to post dates): https://api.fitbit.com/1/user/-/activities/active-zone-minutes/date/[date]/1d/1min.json

Best Answer
0 Votes

‎03-28-2023 00:04

In response to hamedrd

‎03-28-2023 00:04

@hamedrd I'm going to create a case with you in our support CRM and continue to investigate the AZM issues you're having there. Is the email that you have on your profile a good contact to reach you at?

Best Answer
0 Votes