Hello,

I have a backend application which is fetching the daily steps data from list of registered users who made their activites data public. 

This operation involves obtaining an access token and then using this access token for web api calls for all users.

Until 21th Sep this worked fine, but since then 403 error is returned with error type: "insufficient_permissions".

This is the error and example request:

curl -i -H "Authorization: Bearer <TOKEN>" https://api.fitbit.com/1/user/4PHMZY/activities/steps/date/2016-09-23/2016-09-22.json
HTTP/1.1 200 Connection established

HTTP/2 403
date: Fri, 23 Sep 2016 09:58:28 GMT
content-type: application/json;charset=utf-8
cache-control: no-cache, private
fitbit-rate-limit-limit: 150
fitbit-rate-limit-remaining: 148
fitbit-rate-limit-reset: 92
content-language: en
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
server: cloudflare-nginx
cf-ray: 2e6d2368fa1e59e4-VIE

{"errors":[{"errorType":"insufficient_permissions","message":"API client is not authorized by the resource owner to access the resource requested. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

Has there been any changes which would disable fetching of public data through WEB API?

Thanks,

Marko