help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pull UserID and Token

‎08-20-2020 07:34

‎08-20-2020 07:34

Hi,

 

I am currently trying to create a hyperlink that will include my app clientID and client secret to pull back a logged in userID and token to be included in a WordPress contact form. Can anyone advise on the best way to achieve this? I have read through the Fitbit WebAPI information but and tutorials but there is little information that I can find on how to achieve this and there doesn't seem to be any available plugins that carry out this process.

 

The API user data pull will be completed manually at a later date via python. The time parameter for the authorisation is 12 months.

 

Thanks

Best Answer
Labels:
0 Votes
1 REPLY 1

‎08-24-2020 10:52

‎08-24-2020 10:52

Hi @NickUK_1973 

 

We don't recommend posting your client secret publicly because that will introduce vulnerabilities in the security of your application.  I'm going to assume that your application will not have a server component to exchange the authorization code for an access token and refresh token.  My recommendation is to look at the Implicit grant flow authorization process: https://dev.fitbit.com/build/reference/web-api/oauth2/#implicit-grant-flow

 

An example URL would be

https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=22942C&redirect_uri=https%3A%2...

 

After consent has occurred by the Fitbit user, the user will be redirected back to your application based on the redirect_uri specified.  Your application (or python script) will need to use the provided token to query the user's data.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes