Personal application and refresh tokens

Hugo1 · ‎01-29-2022

I’m trying to use the web api with an app called Shortcuts.
I don't have much experience of api:s, so I used the authorization process from this shortcut to get an access key.

The shortcut I linked uses the “personal” application setting in application settings.

My question is: Will i need to refresh that access token sometime?

I hope you understand what I meant, and sorry for my bad english.

GordonFitbit · ‎02-07-2022

Hi @Hugo1

To answer your question, it really depends on the authorization flow you use. We advertise the authorization code grant flow [with PKCE] because most of our users are building corporate applications and this method provides the most secure access to user data. However, for personal projects where you are querying your own data, the Implicit Grant Flow will be sufficient. This authorization flow doesn't use a refresh token and the access token can last up to 1 year. More information on the Implicit Grant Flow can be found in our documentation at https://dev.fitbit.com/build/reference/web-api/developer-guide/authorization/#Other-Supported-Author...

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Personal application and refresh tokens

Hugo1

GordonFitbit