could you please private message me as well?  I am in the exact same situation...also I have questions about the initial "____would like the ability to access the following data in your Fitbit account." page, please send me contact information so I can discuss with you, I'd greatly appreciate it.

Thanks.

Hi BosDev,

Each situation is different.   So, I can determine if a call is necessary, would you please elaborate on what information you need to questions you have?   Please don't include any PII data in the forums.

Thanks!

Gordon

Sure, thanks for the reply.  I have questions on the code generated (active for only 10 minutes) once the fitbit user grants access to their data...we will be running a daily job that will be automatically grabbing user data at night and need to know how to go about this, we need the api to be consistent and reliable, and I just don't see how thats possible with the way you guys have it set up considering we will have lots of users that we would have to coordinate with to get this access and set up the api...seems like a headache.

Please dm me or send an email and I would love to schedule a call with you, I appreciate you helping out.

Hi @BosDev 

I sent you a message earlier this week and haven't heard back.   Here is a quick summary of how the process works based on your scenario.   Once you get the authorization code, you need to exchange it for the access and refresh tokens within 10 minutes.   Each user that consents will have a unique access and refresh token that you will need to store and maintain.   

The access token has a life time of 8 hours and the refresh token never expires.  When you run your daily job, if the access token errors with an expired message, you will use the refresh token to obtain a new access token and refresh token.   You should discard the old access token and refresh token at this time.   Using the new access token, you will attempt to query the user's data again.  The process for refreshing tokens is documented here: https://dev.fitbit.com/build/reference/web-api/developer-guide/best-practices/#Using-Tokens-Effectiv....   Our authorization and refresh token processes follow the OAuth 2.0 spec.   Please explain what you believe is not consistent or reliable.   I'll see if I can address your concerns.

Gordon.