01-31-2019 07:36
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-31-2019 07:36
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
We have been using Fitbit API since 4 years and we are into a situation where more than 2000+ user Refresh token has become invalid starting from 23 Jan 2019. We cannot get all the 2000+ user to Authenticate Fitbit to our Web service as we do not store their email id Or contact info.
We are Syncing the Fitbit user activity and nutrition data by specific time interval on our server. It was working fine until that day and stopped syncing the data. When checked we are receiving the invalid refresh token error message. We need a quick solution for getting the new refresh token for further data sync and reporting.
We are on oAuth 2.0 protocol implemented.
02-18-2019 08:22
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-18-2019 08:22
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
Hum, and I was thinking that I was alone on this, but it seems more people are being affected by the same situation.
@FitbitCould you please give it a look?
02-19-2019 10:59
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-19-2019 10:59
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@shashi and @catteneo22, would you please private message me a couple of user ids that you're having trouble with the refresh tokens? I'll do some investigation on our side.
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-25-2019 06:32
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-25-2019 06:32
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi
Basically we would be providing trackers to our players to monitor their activities.. So we would like players to authorize our application in order to track their activities.. I need help in these cases
1. How can i get list of users who authorized my application?
2. How can i get activities of all users who authorized my application?
3. Each time do i need to save refresh access token to access my user's activities or can i have any permanent token?
Hoping for your support..
Regards,
Ananthan

05-16-2019 10:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

05-16-2019 10:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Having a similar issue and sent Gordon a PM as he requested above from the OP. Should I open a new issue?

05-17-2019 15:50
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



05-17-2019 15:50
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @Kevin_H
Thank you for sending me the additional information. I'll research the problem and get back to you.
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

05-29-2019 13:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



05-29-2019 13:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @Kevin_H
Thank you letting me know the problem correlated with a system loss on your end.
Best regards,
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

05-30-2019 09:10 - edited 05-30-2019 09:15
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

05-30-2019 09:10 - edited 05-30-2019 09:15
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
For the benefit of anyone else who might be helped by knowing how I messed up, it was following an event that required restoring the DB from backup, and the restored tokens had been refreshed in the meantime. Of course, in the spirit of classic programmer blame deflection, it's a pity the Fitbit elected to return a new refresh token on every refresh (OAuth2 spec says it's optional). This actually has a significant side effect in that it limits recoverability in the (vanishingly rare) case where the refresh request makes it to Fitbit but the response gets lost.

